diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..d4bb2cbb --- /dev/null +++ b/Makefile @@ -0,0 +1,20 @@ +# Minimal makefile for Sphinx documentation +# + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXOPTS ?= +SPHINXBUILD ?= sphinx-build +SOURCEDIR = . +BUILDDIR = _build + +# Put it first so that "make" without argument is like "make help". +help: + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +.PHONY: help Makefile + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/README.md b/README.md new file mode 100644 index 00000000..2b4a96eb --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +View docs generated by this project: https://ansible-galaxy-fortios-docs.readthedocs.io diff --git a/_build/doctrees/environment.pickle b/_build/doctrees/environment.pickle new file mode 100644 index 00000000..a201181e Binary files /dev/null and b/_build/doctrees/environment.pickle differ diff --git a/_build/doctrees/export.doctree b/_build/doctrees/export.doctree new file mode 100644 index 00000000..84c1373b Binary files /dev/null and b/_build/doctrees/export.doctree differ diff --git a/_build/doctrees/fact.doctree b/_build/doctrees/fact.doctree new file mode 100644 index 00000000..5d92605f Binary files /dev/null and b/_build/doctrees/fact.doctree differ diff --git a/_build/doctrees/faq.doctree b/_build/doctrees/faq.doctree new file mode 100644 index 00000000..aa0a36c3 Binary files /dev/null and b/_build/doctrees/faq.doctree differ diff --git a/_build/doctrees/fortios_json_generic.doctree b/_build/doctrees/fortios_json_generic.doctree new file mode 100644 index 00000000..4902b0c8 Binary files /dev/null and b/_build/doctrees/fortios_json_generic.doctree differ diff --git a/_build/doctrees/generic.doctree b/_build/doctrees/generic.doctree new file mode 100644 index 00000000..7b3e7071 Binary files /dev/null and b/_build/doctrees/generic.doctree differ diff --git a/_build/doctrees/help.doctree b/_build/doctrees/help.doctree new file mode 100644 index 00000000..8ad924fe Binary files /dev/null and b/_build/doctrees/help.doctree differ diff --git a/_build/doctrees/index.doctree b/_build/doctrees/index.doctree new file mode 100644 index 00000000..ef1c5b94 Binary files /dev/null and b/_build/doctrees/index.doctree differ diff --git a/_build/doctrees/install.doctree b/_build/doctrees/install.doctree new file mode 100644 index 00000000..09bba86a Binary files /dev/null and b/_build/doctrees/install.doctree differ diff --git a/_build/doctrees/modules.doctree b/_build/doctrees/modules.doctree new file mode 100644 index 00000000..6c4885e6 Binary files /dev/null and b/_build/doctrees/modules.doctree differ diff --git a/_build/doctrees/monitor.doctree b/_build/doctrees/monitor.doctree new file mode 100644 index 00000000..da3d3fb7 Binary files /dev/null and b/_build/doctrees/monitor.doctree differ diff --git a/_build/doctrees/playbook.doctree b/_build/doctrees/playbook.doctree new file mode 100644 index 00000000..bda16ed1 Binary files /dev/null and b/_build/doctrees/playbook.doctree differ diff --git a/_build/doctrees/release.doctree b/_build/doctrees/release.doctree new file mode 100644 index 00000000..a54b2db4 Binary files /dev/null and b/_build/doctrees/release.doctree differ diff --git a/_build/doctrees/version.doctree b/_build/doctrees/version.doctree new file mode 100644 index 00000000..f44873b9 Binary files /dev/null and b/_build/doctrees/version.doctree differ diff --git a/_build/html/.buildinfo b/_build/html/.buildinfo new file mode 100644 index 00000000..36c51741 --- /dev/null +++ b/_build/html/.buildinfo @@ -0,0 +1,4 @@ +# Sphinx build info version 1 +# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. +config: 7ca568bb78bd3d9a6461682b90775f09 +tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/_build/html/_sources/export.rst.txt b/_build/html/_sources/export.rst.txt new file mode 100644 index 00000000..363762c2 --- /dev/null +++ b/_build/html/_sources/export.rst.txt @@ -0,0 +1,13 @@ +Export playbooks +========================================= + +| + +The module gathers FortiOS factss are invoking ``GET`` requests for FortiOS managed objects or procedures and converts the returned facts into a playbook that users can apply directly. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_export_config_playbook.rst \ No newline at end of file diff --git a/_build/html/_sources/fact.rst.txt b/_build/html/_sources/fact.rst.txt new file mode 100644 index 00000000..d6bcd808 --- /dev/null +++ b/_build/html/_sources/fact.rst.txt @@ -0,0 +1,15 @@ +Facts Gathering Modules +========================================= + +| + +The Modules to gather FortiOS fatcs are invoking ``GET`` requests for FortiOS managed objects or procedures. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_configuration_fact.rst + fortios_monitor_fact.rst + fortios_log_fact.rst diff --git a/_build/html/_sources/faq.rst.txt b/_build/html/_sources/faq.rst.txt new file mode 100644 index 00000000..ecf1e1de --- /dev/null +++ b/_build/html/_sources/faq.rst.txt @@ -0,0 +1,420 @@ + +Frequently Asked Questions (FAQ) +================================ + +| + +**TABLE OF CONTENTS:** + - `What's Access Token?`_ + - `How To Backup And Restore FOS?`_ + - `How To Import A License?`_ + - `How does Ansible work with login banner?`_ + - `How To Work With Raw FotiOS CLI?`_ + - `How to use the set_fact module in a task?`_ + +| + +What's Access Token? +~~~~~~~~~~~~~~~~~~~~ + +Access Token here is an API token which is used to authenticate an API request, an api token is associated with an API user once generated in FortiOS. +FortiOS Ansible supports api token based authentication, please see `Run Your Playbook`_ for how to use ``access_token`` in Ansible playbook. + +Sometimes we also want to dynamically generate an API token via FortiOS ansible module, we have a demo to show how to generate an API token: + +:: + + # to customize privileges for the API user, we can also define an accprofile via module fortios_system_accprofile. + - name: Create An API User if not present + fortios_system_api_user: + vdom: 'root' + state: 'present' + system_api_user: + name: 'AnsibleAPIUser' + accprofile: 'super_admin' # This is predefined privilege profile. + vdom: + - name: 'root' + trusthost: + - id: '1' + ipv4_trusthost: '192.168.190.0 255.255.255.0' + + # To reference the generated token, we can use notation "{{ tokeninfo.meta.results.access_token }}"in further tasks or keep it somewhere in disk. + - name: Generate The API token + fortios_monitor: + vdom: 'root' + selector: 'generate-key.system.api-user' + params: + api-user: 'AnsibleAPIUser' + register: tokeninfo + + - name: do another api request with newly generated access_token + fortios_configuration_fact: + access_token: "{{ tokeninfo.meta.results.access_token }}" + vdom: 'root' + selector: 'system_status' + + + +How To Backup And Restore FOS? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Legacy module ``fortios_system_config_backup_restore`` is deprecated since 2.0.0, new modules are available for doing equivalent jobs. +New modules are desined to be very flexible, that requires us to combine modules to do complex task. + +**Note: operation backup and restore needs administrative privilege, better not choose access token based authentication.** + + +Backup settings to local file. +........................................... + +FortiOS Ansible collection doesn't provide any modules for local file operations, here we use builtin ``copy`` module to copy plain configuration text into a file. + +:: + + - name: Backup a virtual domain. + fortios_monitor_fact: + selector: 'system_config_backup' + vdom: 'root' + params: + scope: 'global' + register: backupinfo + + - name: Save the backup information. + copy: + content: '{{ backupinfo.meta.raw }}' + dest: './local.backup' + + +Restore settings from local file. +.................................. + +FortiOS only accepts base64 encoded text, the configuration text must be encoded before being uploaded. + + +:: + + - name: Restore from file. + fortios_monitor: + selector: 'restore.system.config' + vdom: 'root' + params: + scope: 'global' + source: 'upload' + vdom: 'root' + file_content: "{{ lookup( 'file', './local.backup') | string | b64encode }}" + +Restore settings from other sources. +.................................... + +no matter what source is, just make sure content is encoded. + +:: + + - name: Backup a virtual domain. + fortios_monitor_fact: + selector: 'system_config_backup' + vdom: 'root' + params: + scope: 'global' + register: backupinfo + + - name: Restore from intermediate result. + fortios_monitor: + selector: 'restore.system.config' + vdom: 'root' + params: + scope: 'global' + source: 'upload' + vdom: 'root' + file_content: "{{ backupinfo.meta.raw | string | b64encode}}" + + + +For more options to restore, see module ``fortios_monitor`` and its selector ``restore.system.config``, +for more options to backup, see module ``fortios_monitor_fact`` and its selector ``system_config_backup``. + +How To Import A License? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Import a license for a newly installed FOS instance. +...................................................... + +Make sure the active management port allows access to http service by setting ``allowaccess``. + +:: + + FortiGate-VM64 # show system interface port1 + config system interface + edit "port1" + set vdom "root" + set mode dhcp + set allowaccess ping https ssh http fgfm + set type physical + set snmp-index 1 + next + end + +Then run the following playbook to upload licence for the first time: + +:: + + - hosts: fortigate_new + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: no + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 80 + ansible_command_timeout: 5 + tasks: + + - name: Upload the license to the newly installed FGT device + fortios_monitor: + vdom: "{{ vdom }}" + selector: 'upload.system.vmlicense' + params: + file_content: "{{ lookup( 'file', './FGVM02TM20012347.lic') | string | b64encode }}" + ignore_errors: True + +In the example, we put license file ``FGVM02TM20012347.lic`` under current working directory. + +Once FOS accepts a valid licence, it reboots immediately and the connection terminates suddenly, as a result, we must not regard connection timeout as errors, we'd better ignore connection timeout exception. +and the default connection timeout is 30 seconds, better make it smaller. + +**Access token based authentication is not allowed in initial license import** + +Renew a license for a licence-ready FOS instance. +...................................................... + +To renew the license for a running FOS instance, we don't have to use http service (by default, after license is activated, http service is redirected to https service, which causes problems for Ansible). +by setting ``ansible_httpapi_use_ssl`` to ``True`` and ``ansible_httpapi_port`` to ``443``, the task can normally upload the license. + + +**Renewing a license can use access token based authentication as long as associated API user has admin privilege to upload license.** + +How does Ansible work with login banner? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +what's login banner? +............................ + +FOS puts a barrier in login process if pre- and(or) post- login bannner are enabled, and ansible authentication is restricted: **only access token based authentication is allowed**. + +How to safely generate access token? +........................................................ + +For Ansible FOS login banner usage, there could be a ``deadlock`` if one the of following cases apprears: + + - I don't have an API user or access token. + - I have an access token but it has expired. + +upon such deadlocks, there is no other way but to disable banners and (re)generate one. + +To generate an access token in advance, please see `How To Generate Access Token Dynamically`_, and please do token generation with Ansible with all the login banners disabled(it's not necessay to disable banners if we generate access token from WEB UI). + +:: + + FGVM02TM20012347 # config system global + FGVM02TM20012347 (global) # set post-login-banner disable + FGVM02TM20012347 (global) # set pre-login-banner disable + FGVM02TM20012347 (global) # end + FGVM02TM20012347 # + + + +where to keep generated access token? +.................................................. + +Normally if we generate an access token from WEB UI, we may put it in inventory file as a variable ``fortios_access_token``: + +:: + + [fortigates] + fortigate01 ansible_host= fortios_access_token= + + +we can encrypt the inventory file through ansible tool ``ansible-vault``, thus avoiding token leaks. + +To automate token (re)generation, we might also want to keep it somewhere else in local storage. An example is given below to show how to save and re-use a token later: + +:: + + - name: Generate The API token + fortios_monitor: + vdom: 'root' + selector: 'generate-key.system.api-user' + params: + api-user: 'AnsibleAPIUser' + register: tokeninfo + + - name: Save the API token + copy: + content: "{{ tokeninfo.meta.results.access_token }}" + dest: './access_token.save' + +then in subsequent tasks, we read the token directly from saved file: + +:: + + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + saved_access_token: "{{ lookup( 'file', './access_token.save') | string }}" + + tasks: + - name: do another api request with saved access_token + fortios_configuration_fact: + access_token: "{{ saved_access_token }}" + vdom: 'root' + selector: 'system_status' + +**Caveats: saved access token is not guarded by Ansible, once leaked, others may access the FOS illegally. one way to restrict illegal access is to limit source localtion in ipv4_trusthost during creating the API users.** + +How To Work With Raw FotiOS CLI? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In FortiOS, some CLI commands are not exported as RestAPI, as a reasult, Ansible FortiOS collection has no identical module for those CLI commands. +And FortiOS default CLI shell is not a standard Unix shell, so Ansible builtin modules like ``shell`` and ``command`` are of no use. +To work this around in Ansible, we use a verbose but very efficient and flexible way to execute some FortiOS CLI commands from Ansible. + + +Below are two examples of the template: + +**Append a firewall address member to a group using append command:** + +:: + + - hosts: localhost + vars: + # ======================== Below are crenditials to connect to Fortigate Device======== + fgt_host: '192.168.190.171' + fgt_user: 'admin' + fgt_pass: 'password' + + firewall_group_name: 'firwalladdressgroup0' + firewall_address_name: 'firewalladdress0' + # ===================================================================================== + script_path: '/tmp/fgt.shell.task' + tasks: + - name: Prepare The Shell Scrit Template. + raw: | + cat > {{script_path }} << EOF_OUTER + # /bin/bash + # Please make sure tool sshpass is installed. e.g. on Debian/Ubuntu, apt-get install sshpass. + # Optionally you can pass some parameters. + # The character `a` at second line below is to avoid post-login-banner barrier. + sshpass -p '{{ fgt_pass }}' ssh -o StrictHostKeyChecking=no {{ fgt_user }}@{{ fgt_host }} < {{script_path }} << EOF_OUTER + # /bin/bash + # Please make sure tool sshpass is installed. e.g. on Debian/Ubuntu, apt-get install sshpass. + # Optionally you can pass some parameters. + # The character `a` at second line below is to avoid post-login-banner barrier. + sshpass -p '{{ fgt_pass }}' ssh -o StrictHostKeyChecking=no {{ fgt_user }}@{{ fgt_host }} <= 2.0.0 + + +Parameters +---------- + +.. raw:: html + +
    + +
  • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
    • +
  • enable_log - Enable/Disable logging for task. type: bool required: False default: False
    • +
  • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
    • +
  • json_generic - json generic default: null type: dict
    • +
      +
    • dictbody - Body with YAML list of key/value format type: dict
      • +
    • jsonbody - Body with JSON string format, will always give priority to jsonbody type: str
      • +
    • method - HTTP methods type: str choices: GET, PUT, POST, DELETE
      • +
    • path - URL path, e.g./api/v2/cmdb/firewall/address type: str
      • +
    • specialparams - Extra URL parameters, e.g.start=1&count=10 type: str +
    + +
+ + + + +Examples +-------- + +**host** + +.. code-block:: yaml+jinja + + [fortigates] + fortigate01 ansible_host=192.168.52.177 ansible_user="admin" ansible_password="admin" + + [fortigates:vars] + ansible_network_os=fortios + + +**sample1.yml** + +.. code-block:: yaml+jinja + + --- + - hosts: fortigates + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + + tasks: + - name: test add with string + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "POST" + path: "/api/v2/cmdb/firewall/address" + jsonbody: | + { + "name": "111", + "type": "geography", + "fqdn": "", + "country": "AL", + "comment": "ccc", + "visibility": "enable", + "associated-interface": "port1", + "allow-routing": "disable" + } + register: info + + - name: display vars + debug: msg="{{info}}" + +**sample2.yml** + +.. code-block:: yaml+jinja + + --- + - hosts: fortigates + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + + tasks: + - name: test delete + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "DELETE" + path: "/api/v2/cmdb/firewall/address/111" + specialparams: "testpara1=1&testpara2=2" + register: info + + - name: display vars + debug: msg="{{info}}" + + - name: test add with dict + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "POST" + path: "/api/v2/cmdb/firewall/address" + dictbody: + name: "111" + type: "geography" + fqdn: "" + country: "AL" + comment: "ccc" + visibility: "enable" + associated-interface: "port1" + allow-routing: "disable" + register: info + + - name: display vars + debug: msg="{{info}}" + + - name: test delete + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "DELETE" + path: "/api/v2/cmdb/firewall/address/111" + register: info + + - name: display vars + debug: msg="{{info}}" + + - name: test add with string + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "POST" + path: "/api/v2/cmdb/firewall/address" + jsonbody: | + { + "name": "111", + "type": "geography", + "fqdn": "", + "country": "AL", + "comment": "ccc", + "visibility": "enable", + "associated-interface": "port1", + "allow-routing": "disable" + } + register: info + + - name: display vars + debug: msg="{{info}}" + + +**sample3.yml** + +.. code-block:: yaml+jinja + + --- + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + + tasks: + - name: test firewall policy order modification + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "PUT" + path: "/api/v2/cmdb/firewall/policy/1" + specialparams: "action=move&after=2" + register: info + + - name: display vars + debug: msg="{{info}}" + + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
    + +
  • build - Build number of the fortigate image returned: always type: str sample: '1547'
    • +
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: 'PUT'
    • +
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
    • +
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
    • +
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
    • +
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
    • +
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
    • +
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
    • +
  • status - Indication of the operation's result returned: always type: str sample: success
    • +
  • vdom - Virtual domain used returned: always type: str sample: root
    • +
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3
    • +
+ + + +Status +------ + +- This module is ported from https://github.com/fortinet/ansible-fortios-generic + + +Authors +------- +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Frank Shen (@fshen01) +- Hongbin Lu (@fgtdev-hblu) + + + + +Warning +------- +It's preferred to use ``FortiOS Ansible Collection Included Modules`` unless some features are not available there. diff --git a/_build/html/_sources/generic.rst.txt b/_build/html/_sources/generic.rst.txt new file mode 100644 index 00000000..dc59d49a --- /dev/null +++ b/_build/html/_sources/generic.rst.txt @@ -0,0 +1,13 @@ +Generic Modules +========================================= + +| + +The Modules to build flexible raw requests to FortiOS appliances. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_json_generic.rst diff --git a/_build/html/_sources/help.rst.txt b/_build/html/_sources/help.rst.txt new file mode 100644 index 00000000..414dfcb6 --- /dev/null +++ b/_build/html/_sources/help.rst.txt @@ -0,0 +1,23 @@ + +Get Help +======== + +| + +Technical and Commuity Support +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can get support from Fortinet `Technical Assistance Center`_. + +For Ansible common issue, you can also get support from the `community`_ + +Filing issues. +~~~~~~~~~~~~~~ + +You can get support from the community engineering team via filing an +issue in git `issues page`_ + +.. _Technical Assistance Center: https://www.fortinet.com/support/contact.html +.. _community: https://www.ansible.com/ +.. _issues page: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues + diff --git a/_build/html/_sources/index.rst.txt b/_build/html/_sources/index.rst.txt new file mode 100644 index 00000000..6c49b4d0 --- /dev/null +++ b/_build/html/_sources/index.rst.txt @@ -0,0 +1,46 @@ +.. frankshen01 documentation master file, created by + sphinx-quickstart on Fri Nov 1 14:49:13 2019. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Welcome to Ansible Galaxy FortiOS Collection Documentation {{__galaxy_version__}}! +============================================================================ + +The FortiOS Ansible Collection provides Ansible modules for configuring FortiOS appliances. + +.. toctree:: + :glob: + :caption: FortiOS/Galaxy Version Mapping Guide + :maxdepth: 1 + + version.rst + + +.. toctree:: + :glob: + :caption: User's Guide + :maxdepth: 1 + + install.rst + playbook.rst + faq.rst + help.rst + +.. toctree:: + :glob: + :caption: modules index + :maxdepth: 1 + + modules.rst + monitor.rst + fact.rst + export.rst + generic.rst + +.. toctree:: + :glob: + :maxdepth: 1 + :caption: Appendices + + release.rst + diff --git a/_build/html/_sources/install.rst.txt b/_build/html/_sources/install.rst.txt new file mode 100644 index 00000000..3a17fc0d --- /dev/null +++ b/_build/html/_sources/install.rst.txt @@ -0,0 +1,36 @@ + +Install FortiOS Ansible Galaxy +============================== + +This document explains how to install the FortiOS Ansible Galaxy +Collection. + +-------------- + +Install Python3 +~~~~~~~~~~~~~~~ + +- Follow steps in https://www.python.org/ to install Python3 on your + host. + +Install Ansible Core +~~~~~~~~~~~~~~~~~~~~ + +- Follow instructions in + https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html + to install Ansible +- The Ansible core version requirement: >= 2.9.0 + +Install FortiOS Galaxy Collection +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The FortiOS Ansible Galaxy supports multilple FortiOS major releases, +you can install the latest collection by default via command +``ansible-galaxy collection install fortinet.fortios``. you can also +choose another galaxy version to match your FortiOS device. + +Please see the `versionig notes`_ for more recently released collections +and install the ones which are marked ``latest`` for your devices. + +.. _versionig notes: version.html + diff --git a/_build/html/_sources/modules.rst.txt b/_build/html/_sources/modules.rst.txt new file mode 100644 index 00000000..e095dd8b --- /dev/null +++ b/_build/html/_sources/modules.rst.txt @@ -0,0 +1,9 @@ + +Configuration Modules +=================================== + +.. toctree:: + :glob: + :maxdepth: 1 + + gen/* diff --git a/_build/html/_sources/monitor.rst.txt b/_build/html/_sources/monitor.rst.txt new file mode 100644 index 00000000..ddb08269 --- /dev/null +++ b/_build/html/_sources/monitor.rst.txt @@ -0,0 +1,13 @@ +Monitor Modules +========================================= + +| + +The Modules to build FortiOS monitor API requests to FortiOS appliances. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_monitor.rst diff --git a/_build/html/_sources/playbook.rst.txt b/_build/html/_sources/playbook.rst.txt new file mode 100644 index 00000000..845610c7 --- /dev/null +++ b/_build/html/_sources/playbook.rst.txt @@ -0,0 +1,81 @@ + +Run Your First Playbook +============================== + +This document explains how to run your first FortiOS Ansible playbook. + +-------------- + +With FortiOS Galaxy collection, you are always recommended to run +FortiOS module in ``httpapi`` manner. The first step is to prepare your +host inventory with which you can use ``ansible-vault`` to encrypt or +decrypt your secrets for the sake of confidentiality. + +Prepare host inventory +~~~~~~~~~~~~~~~~~~~~~~ + +in our case we create a file named ``hosts``: + +:: + + [fortigates] + fortigate01 ansible_host=192.168.190.130 ansible_user="admin" ansible_password="password" + fortigate02 ansible_host=192.168.190.131 ansible_user="admin" ansible_password="password" + fortigate03 ansible_host=192.168.190.132 fortios_access_token= + + [fortigates:vars] + ansible_network_os=fortinet.fortios.fortios + +FortiOS supports two ways to authenticate Ansible: ``ansible_user`` and ``ansible_password`` pair based; ``fortios_access_token`` access token based. +Access token based way is prefered as it is safer without any password explosure and access token guarantees request source location is wanted. + + +for how to generate an API token, visit page `FortiOS API Spec`_. + + +Write the playbook +~~~~~~~~~~~~~~~~~~ + +in the example: ``test.yml`` we are going to modify the fortigate +device’s hostname: + +:: + + - hosts: fortigate03 + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global attributes. + fortios_system_global: + vdom: "{{ vdom }}" + access_token: "{{ fortios_access_token }}" #if you prefer access token based authentication, add this line. + system_global: + hostname: 'CustomHostName' + +there are several options which might need you special care: + +- **connection** : ``httpapi`` is preferred. +- **collections** : The namespace must be ``fortinet.fortios`` +- **ansible_httpapi_use_ssl** and **ansible_httpapi_port**: by + default when your fortiOS device is licensed, the https is enabled. + there is one exception: uploading vmlicence to a newly installed FOS instance, where you should set + ``ansible_httpapi_use_ssl: no`` and ``ansible_httpapi_port: 80``. Please see `Import licence to FOS`_ for more details. + +Run the playbook +~~~~~~~~~~~~~~~~ + +:: + + ansible-playbook -i hosts test.yml + +you can also observe the verbose output by adding option at the tail: +``-vvv``. + +.. _Import licence to FOS: faq.html#how-to-import-a-license +.. _FortiOS API Spec: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/92/ diff --git a/_build/html/_sources/release.rst.txt b/_build/html/_sources/release.rst.txt new file mode 100644 index 00000000..10f60b3c --- /dev/null +++ b/_build/html/_sources/release.rst.txt @@ -0,0 +1,674 @@ + +Release Notes +============================== + +| + +Release Galaxy 2.1.4 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.4 is based on 2.1.3 + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix bugs in the function of compare_ip_address on check_mode. +- Fix bugs when adding new members in some modules. + +Release Galaxy 2.1.3 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.3 is based on 2.1.2 + +Features +^^^^^^^^^^^^^^^ +- Collect the current configurations of the modules and convert them into playbooks. +- Support member operation (delete/add extra members) on an object that has a list of members in it. +- Add real-world use cases in the example section for some configuration modules. +- Support selectors feature in ``fortios_monitor_fact`` and ``fortios_log_fact``. +- Support FortiOS 7.0.1. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the filters error when fetching multiple facts with selectors for a configuration module (Github issue #138 ). +- Fix the corner cases that response does not have status in it. +- Fix Github issue #134 + +Release Galaxy 2.1.2 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.2 is based on 2.1.1 + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix a regression bug caused by non-required attributes. +- Fix an intentional exception for listed options. + +Release Galaxy 2.1.1 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.1 is based on 2.1.0 + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the KeyError caused by non-required multi-value attributes in an object. + +Release Galaxy 2.1.0 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.0 is based on 2.0.2 + +Features +^^^^^^^^^^^^^^^ +- Support Fortios 7.0. +- Support Log APIs. +- New module fortios_monitor_fact. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the unexpected warning caused by optinal params in ``fortios_monitor_fact`` and ``fortios_monitor``. +- Disable check_mode feature from all global objects of configuration modules due to 'state' issue. +- Fix a bug in IP_PREFIX.match(). +- Fix the issue that the ``server_type`` is not updated in ``fortios_system_central_management``. + +Release Galaxy 2.0.2 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.0.2 is based on 2.0.1 + +Features +^^^^^^^^^^^^^^^ +- Support ``check_mode`` in all cofigurationAPI-based modules. +- Improve ``fortios_configuration_fact`` to use multiple selectors concurrently. +- Support moving policy in ``firewall_central_snat_map``. +- Support filtering for fact gathering modules ``fortios_configuration_fact`` and ``fortios_monitor_fact``. +- Unify schemas for monitor API. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the authorization fails at log in with username and password in FOS7.0. +- Github Issue #103 +- Github Issue #105 + +Release Galaxy 2.0.1 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ +FortiOS Galaxy is based on ``2.0.0``. + +Features +^^^^^^^^^^^^^^^^^^ + - fixed ``pylint`` minor errors. + +Release Galaxy 2.0.0 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.0.0 is a major ansible release for all v6.x.x FOS virtual and hardware platforms. + +Features +^^^^^^^^^^^^^^^^^^ +- Full support for gathering facts of both configuration(``fortios_configuration_fact``) and monitor(``fortios_monitor_fact``) objects or runtime data. +- Support for requesting Monitor API via module ``fortios_monitor``. +- Ported FortiOS generic module: ``fortios_json_generic``. +- Unified collections for all 6.x FOS releases, Ansible detects versioning mismatch at runtime. +- Explicit logging option: ``enable_log``. +- Deprecated second-layer ``state`` module parameter. + +Compatibility Notes +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +As a major release, it semantically breaks backward compability, some modules are removed as new full-fledged replacements come into being. + +- For deprecated modules, please find the alternatives in **Deprecated Modules** section. +- Other existing modules are kepted compatible. + + +Deprecated Modules +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- ``fortios_facts``: find full selectors in modules ``fortios_configuration_fact`` and ``fortios_monitor_fact``. +- ``fortios_registration_forticare``: replaced by module ``fortios_monitor``, see selector ``add-license.registration.forticare``. +- ``fortios_registration_vdom``: replaced by module ``fortios_monitor``, see selector ``add-license.registration.vdom``. +- ``fortios_system_vmlicense``: replaced by module ``fortios_monitor``, see selector ``upload.system.vmlicense``. +- ``fortios_system_config_backup_restore``: it was a complexed module. + - To backup the FOS system, use module ``fortios_monitor_fact`` and its selector ``system_config_backup``. + - To restore the configuration, use module ``fortios_monitor`` and its selector ``restore.system.config``. + + +-------------- + +Legacy Multiversions Note(Prior to 2.0.0) +------------------------------------------ +The FortiOS Galaxy namespace: ``fortinet.fortios`` hosts Ansible modules +for multiple FortiOS major releases. + +A mismatched Ansible collection version for a FortiOS device can cause a +warning: + +:: + + [WARNING]: Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv + +you can find more details with ``-vvv`` option when running a +playbook: + +:: + + ... + "version_check_warning": { + "ansible_collection_version": "v6.0.0 (galaxy: 1.0.13)", + "matched": false, + "message": "Please follow steps in FortiOS versioning notes: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/version.html", + "system_version": "v6.2.0" + } + ... + +**Simply installing a matched FortiOS collection can prevent potential +compatibility issues.** + +Release Galaxy 1.1.9 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +- fos\_v6.0.0/galaxy\_1.1.9 + +Bug Fixes +^^^^^^^^^ + +- Fix legacy module ``fortios_system_config_backup_restore`` + + +Release Galaxy 1.1.6 … 1.1.8 +----------------------------- + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.2.0/galaxy\_1.1.6 +- fos\_v6.4.0/galaxy\_1.1.7 +- fos\_v6.0.0/galaxy\_1.1.8 + +Bug Fixes +^^^^^^^^^ + +- Fixed module construction for legacy module ``fortios_facts``. +- Sorted selector list of module ``fortios_configuration_fact``. + + +Release Galaxy 1.1.3 … 1.1.5 +----------------------------- + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.2.0/galaxy\_1.1.3 +- fos\_v6.4.0/galaxy\_1.1.4 +- fos\_v6.0.0/galaxy\_1.1.5 + +Bug Fixes +^^^^^^^^^ + +- Fixed a fatal error: ``mkey`` not recognized in plugin due to wrong naming convention. + + + +Release Galaxy 1.1.0 … 1.1.2 +----------------------------- + +| + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.2.0/galaxy\_1.1.0 +- fos\_v6.4.0/galaxy\_1.1.1 +- fos\_v6.0.0/galaxy\_1.1.2 + + +Features +^^^^^^^^ + +- Support check mode for modules. +- Deprecate ``fortiosapi`` legacy connection mode. +- Support access token based authentication. +- Fully support fact gathering for all configuration API (``fortios_configuration_fact``). +- Suport Ansible 2.10 base framework. +- Support moving objects to different orders (``fortios_firewall_policy``). + +Bug Fixes +^^^^^^^^^ + +- Github Issue #65 + +Release Galaxy 1.0.10 … 10.0.13 +------------------------------- + +| + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.0.0/galaxy\_1.0.13 +- fos\_v6.0.5/galaxy\_1.0.12 +- fos\_v6.4.0/galaxy\_1.0.11 +- fos\_v6.2.0/galaxy\_1.0.10 + + +New Modules +^^^^^^^^^^^ + ++-------+--------------------------------------------------------------+--------------+--------------+ +| # | Module Name | New in 6.2 | New in 6.4 | ++=======+==============================================================+==============+==============+ +| 1 | ``fortios_cifs_domain_controller`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 2 | ``fortios_cifs_profile`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 3 | ``fortios_dlp_sensitivity`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 4 | ``fortios_emailfilter_bwl`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 5 | ``fortios_emailfilter_bword`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 6 | ``fortios_emailfilter_dnsbl`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 7 | ``fortios_emailfilter_fortishield`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 8 | ``fortios_emailfilter_iptrust`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 9 | ``fortios_emailfilter_mheader`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 10 | ``fortios_emailfilter_options`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 11 | ``fortios_emailfilter_profile`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 12 | ``fortios_endpoint_control_fctems`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 13 | ``fortios_firewall_consolidated_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 14 | ``fortios_firewall_internet_service_addition`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 15 | ``fortios_firewall_internet_service_cat_definition`` | yes | no | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 16 | ``fortios_firewall_internet_service_definition`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 17 | ``fortios_firewall_internet_service_extension`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 18 | ``fortios_log_fortianalyzer2_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 19 | ``fortios_log_fortianalyzer2_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 20 | ``fortios_log_fortianalyzer3_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 21 | ``fortios_log_fortianalyzer3_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 22 | ``fortios_log_fortianalyzer_cloud_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 23 | ``fortios_log_fortianalyzer_cloud_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 24 | ``fortios_log_fortianalyzer_cloud_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 25 | ``fortios_log_fortianalyzer_cloud_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 26 | ``fortios_log_syslogd2_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 27 | ``fortios_log_syslogd2_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 28 | ``fortios_log_syslogd3_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 29 | ``fortios_log_syslogd3_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 30 | ``fortios_log_syslogd4_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 31 | ``fortios_log_syslogd4_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 32 | ``fortios_switch_controller_auto_config_custom`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 33 | ``fortios_switch_controller_auto_config_default`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 34 | ``fortios_switch_controller_auto_config_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 35 | ``fortios_switch_controller_flow_tracking`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 36 | ``fortios_switch_controller_location`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 37 | ``fortios_switch_controller_security_policy_local_access`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 38 | ``fortios_switch_controller_storm_control_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 39 | ``fortios_switch_controller_stp_instance`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 40 | ``fortios_switch_controller_traffic_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 41 | ``fortios_switch_controller_traffic_sniffer`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 42 | ``fortios_system_ipsec_aggregate`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 43 | ``fortios_system_lldp_network_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 44 | ``fortios_system_nd_proxy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 45 | ``fortios_system_npu`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 46 | ``fortios_system_ptp`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 47 | ``fortios_system_saml`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 48 | ``fortios_system_speed_test_server`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 49 | ``fortios_system_sso_admin`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 50 | ``fortios_user_exchange`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 51 | ``fortios_wireless_controller_address`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 52 | ``fortios_wireless_controller_addrgrp`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 53 | ``fortios_wireless_controller_log`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 54 | ``fortios_wireless_controller_region`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 55 | ``fortios_wireless_controller_snmp`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 56 | ``fortios_certificate_remote`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 57 | ``fortios_credential_store_domain_controller`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 58 | ``fortios_dpdk_cpus`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 59 | ``fortios_dpdk_global`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 60 | ``fortios_extender_modem_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 61 | ``fortios_extender_sys_info`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 62 | ``fortios_firewall_city`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 63 | ``fortios_firewall_country`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 64 | ``fortios_firewall_decrypted_traffic_mirror`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 65 | ``fortios_firewall_internet_service_botnet`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 66 | ``fortios_firewall_internet_service_ipbl_reason`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 67 | ``fortios_firewall_internet_service_ipbl_vendor`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 68 | ``fortios_firewall_internet_service_list`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 69 | ``fortios_firewall_internet_service_name`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 70 | ``fortios_firewall_internet_service_owner`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 71 | ``fortios_firewall_internet_service_reputation`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 72 | ``fortios_firewall_internet_service_sld`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 73 | ``fortios_firewall_iprope_list`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 74 | ``fortios_firewall_proute`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 75 | ``fortios_firewall_region`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 76 | ``fortios_firewall_security_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 77 | ``fortios_firewall_traffic_class`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 78 | ``fortios_firewall_vendor_mac`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 79 | ``fortios_hardware_nic`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 80 | ``fortios_ips_view_map`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 81 | ``fortios_switch_controller_initial_config_template`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 82 | ``fortios_switch_controller_initial_config_vlans`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 83 | ``fortios_switch_controller_mac_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 84 | ``fortios_switch_controller_nac_device`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 85 | ``fortios_switch_controller_nac_settings`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 86 | ``fortios_switch_controller_poe`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 87 | ``fortios_switch_controller_port_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 88 | ``fortios_switch_controller_remote_log`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 89 | ``fortios_switch_controller_snmp_community`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 90 | ``fortios_switch_controller_snmp_sysinfo`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 91 | ``fortios_switch_controller_snmp_trap_threshold`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 92 | ``fortios_switch_controller_snmp_user`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 93 | ``fortios_switch_controller_vlan_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 94 | ``fortios_system_geneve`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 95 | ``fortios_system_geoip_country`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 96 | ``fortios_system_performance_top`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 97 | ``fortios_system_standalone_cluster`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 98 | ``fortios_test_acd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 99 | ``fortios_test_acid`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 100 | ``fortios_test_autod`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 101 | ``fortios_test_awsd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 102 | ``fortios_test_azd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 103 | ``fortios_test_bfd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 104 | ``fortios_test_csfd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 105 | ``fortios_test_ddnscd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 106 | ``fortios_test_dhcp6c`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 107 | ``fortios_test_dhcp6r`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 108 | ``fortios_test_dhcprelay`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 109 | ``fortios_test_dlpfingerprint`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 110 | ``fortios_test_dlpfpcache`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 111 | ``fortios_test_dnsproxy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 112 | ``fortios_test_dsd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 113 | ``fortios_test_fas`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 114 | ``fortios_test_fcnacd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 115 | ``fortios_test_fnbamd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 116 | ``fortios_test_forticldd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 117 | ``fortios_test_forticron`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 118 | ``fortios_test_fsd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 119 | ``fortios_test_fsvrd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 120 | ``fortios_test_ftpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 121 | ``fortios_test_gcpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 122 | ``fortios_test_harelay`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 123 | ``fortios_test_hasync`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 124 | ``fortios_test_hatalk`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 125 | ``fortios_test_imap`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 126 | ``fortios_test_info_sslvpnd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 127 | ``fortios_test_init`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 128 | ``fortios_test_iotd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 129 | ``fortios_test_ipamd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 130 | ``fortios_test_ipldbd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 131 | ``fortios_test_ipsengine`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 132 | ``fortios_test_ipsmonitor`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 133 | ``fortios_test_ipsufd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 134 | ``fortios_test_kubed`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 135 | ``fortios_test_l2tpcd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 136 | ``fortios_test_lnkmtd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 137 | ``fortios_test_lted`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 138 | ``fortios_test_miglogd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 139 | ``fortios_test_mrd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 140 | ``fortios_test_netxd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 141 | ``fortios_test_nntp`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 142 | ``fortios_test_ocid`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 143 | ``fortios_test_openstackd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 144 | ``fortios_test_ovrd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 145 | ``fortios_test_pop3`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 146 | ``fortios_test_pptpcd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 147 | ``fortios_test_quarantined`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 148 | ``fortios_test_radius_das`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 149 | ``fortios_test_radiusd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 150 | ``fortios_test_radvd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 151 | ``fortios_test_reportd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 152 | ``fortios_test_sdncd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 153 | ``fortios_test_sepmd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 154 | ``fortios_test_sessionsync`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 155 | ``fortios_test_sflowd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 156 | ``fortios_test_smtp`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 157 | ``fortios_test_snmpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 158 | ``fortios_test_uploadd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 159 | ``fortios_test_urlfilter`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 160 | ``fortios_test_vmwd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 161 | ``fortios_test_wad`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 162 | ``fortios_test_wccpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 163 | ``fortios_test_wf_monitor`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 164 | ``fortios_test_zebos_launcher`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 165 | ``fortios_user_nac_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 166 | ``fortios_user_saml`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 167 | ``fortios_vpn_ike_gateway`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 168 | ``fortios_webfilter_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 169 | ``fortios_wireless_controller_access_control_list`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 170 | ``fortios_wireless_controller_apcfg_profile`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 171 | ``fortios_wireless_controller_client_info`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 172 | ``fortios_wireless_controller_rf_analysis`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 173 | ``fortios_wireless_controller_spectral_info`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 174 | ``fortios_wireless_controller_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 175 | ``fortios_wireless_controller_vap_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 176 | ``fortios_wireless_controller_wag_profile`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 177 | ``fortios_wireless_controller_wtp_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ + +Features +^^^^^^^^ + +- Support special identifier validation and restoration in Ansible + modules. +- Support more valid identifiers: ``3gpp_plmn``, ``802_1X_settings``, + ``802.1_tlvs`` and ``802.3_tlvs``. +- Support ``revision_change`` in response since fortigate 6.2.3. +- Support Underscore to hypen conversion. +- Support licence modules: ``fortios_system_vmlicense``, + ``fortios_registration_forticare`` and ``fortios_registration_vdom``. +- Support raw json encoding for generic module. + +Bug Fixes +^^^^^^^^^ + +- Fix ``fgd_alert_subscription`` multiple choices problem for module + ``fortios_system_global``. +- Fix ``proposal`` exceptional multilist for module + ``fortios_vpn_ipsec_phase2_interface``. +- Fix issue #26 of ansible\_fgt\_modules. +- Fix issue #24 of ansible\_fgt\_modules. +- Fix ``events`` exceptional multilist for module + ``fortios_system_snmp_community``. +- Fix py2/py3 compability issue for httpapi plugin fortios. +- Fix the mkey encoding in fortios api URL. +- Fix ``banned_cipher`` exceptional multilist for module + ``fortios_vpn_ssl_settings``. + + + diff --git a/_build/html/_sources/version.rst.txt b/_build/html/_sources/version.rst.txt new file mode 100644 index 00000000..67bf8932 --- /dev/null +++ b/_build/html/_sources/version.rst.txt @@ -0,0 +1,70 @@ +FortiOS Galaxy Versioning +==================================== + +FortiOS Galaxy versions +~~~~~~~~~~~~~~~~~~~~~~~ + +From ``v2.0.0`` on, FortiOS galaxy collections are unified, there is only one sequential collection at any moment. users who install these collections +are expected to find the version compatibility information for each module and its parameters. + ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| FOS version | Galaxy Version | Release date | Path to Install | ++===============+=====================+================+=================================================================+ +| unified | 2.0.0 | 2021/4/6 | ``ansible-galaxy collection install fortinet.fortios:2.0.0`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.0.1 | 2021/4/7 | ``ansible-galaxy collection install fortinet.fortios:2.0.1`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.0.2 | 2021/5/14 | ``ansible-galaxy collection install fortinet.fortios:2.0.2`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.0 | 2021/6/25 | ``ansible-galaxy collection install fortinet.fortios:2.1.0`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.1 | 2021/6/29 | ``ansible-galaxy collection install fortinet.fortios:2.1.1`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.2 | 2021/7/15 | ``ansible-galaxy collection install fortinet.fortios:2.1.2`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.3 | 2021/11/11 | ``ansible-galaxy collection install fortinet.fortios:2.1.3`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.4 ``latest`` | 2022/2/7 | ``ansible-galaxy collection install fortinet.fortios:2.1.4`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ + + +Legacy FortiOS Galaxy Versions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Prior to FortiOS collection ``v2.0.0``, FortiOS Galaxy collections were built over three FOS major versions, i.e. ``v6.0``, ``v6.2`` and ``v6.4``, thus, users are expected to install +the collection according to the following table to avoid potential compatibility issues. + + ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| FOS version | Galaxy Version | Release date | Path to Install | ++===============+=====================+================+=================================================================+ +| 6.0.0 | 1.0.13 | 2020/5/26 | ``ansible-galaxy collection install fortinet.fortios:1.0.13`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.2 | 2020/12/4 | ``ansible-galaxy collection install fortinet.fortios:1.1.2`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.5 | 2020/12/7 | ``ansible-galaxy collection install fortinet.fortios:1.1.5`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.8 | 2020/12/21 | ``ansible-galaxy collection install fortinet.fortios:1.1.8`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.9 | 2020/3/1 | ``ansible-galaxy collection install fortinet.fortios:1.1.9`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.0.10 | 2020/5/6 | ``ansible-galaxy collection install fortinet.fortios:1.0.10`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.1.0 | 2020/12/4 | ``ansible-galaxy collection install fortinet.fortios:1.1.0`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.1.3 | 2020/12/7 | ``ansible-galaxy collection install fortinet.fortios:1.1.3`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.1.6 | 2020/12/21 | ``ansible-galaxy collection install fortinet.fortios:1.1.6`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.0.11 | 2020/5/11 | ``ansible-galaxy collection install fortinet.fortios:1.0.11`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.1.1 | 2020/12/4 | ``ansible-galaxy collection install fortinet.fortios:1.1.1`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.1.4 | 2020/12/7 | ``ansible-galaxy collection install fortinet.fortios:1.1.4`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.1.7 | 2020/12/21 | ``ansible-galaxy collection install fortinet.fortios:1.1.7`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ + +**Note**: Use ``-f`` option (i.e. +``ansible-galaxy collection install -f fortinet.fortios:x.x.x``) to +renew your existing local installation. diff --git a/_build/html/_static/ajax-loader.gif b/_build/html/_static/ajax-loader.gif new file mode 100644 index 00000000..61faf8ca Binary files /dev/null and b/_build/html/_static/ajax-loader.gif differ diff --git a/_build/html/_static/basic.css b/_build/html/_static/basic.css new file mode 100644 index 00000000..0807176e --- /dev/null +++ b/_build/html/_static/basic.css @@ -0,0 +1,676 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li div.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 450px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px 7px 0 7px; + background-color: #ffe; + width: 40%; + float: right; +} + +p.sidebar-title { + font-weight: bold; +} + +/* -- topics ---------------------------------------------------------------- */ + +div.topic { + border: 1px solid #ccc; + padding: 7px 7px 0 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +div.admonition dl { + margin-bottom: 0; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +table.footnote td, table.footnote th { + border: 0 !important; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist td { + vertical-align: top; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +dl { + margin-bottom: 15px; +} + +dd p { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; +} + +td.linenos pre { + padding: 5px 0px; + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + margin-left: 0.5em; +} + +table.highlighttable td { + padding: 0 0.5em 0 0.5em; +} + +div.code-block-caption { + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +div.code-block-caption + div > div.highlight > pre { + margin-top: 0; +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + padding: 1em 1em 0; +} + +div.literal-block-wrapper div.highlight { + margin: 0; +} + +code.descname { + background-color: transparent; + font-weight: bold; + font-size: 1.2em; +} + +code.descclassname { + background-color: transparent; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: relative; + left: 0px; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/_build/html/_static/collapse.css b/_build/html/_static/collapse.css new file mode 100644 index 00000000..4bf3e3e9 --- /dev/null +++ b/_build/html/_static/collapse.css @@ -0,0 +1,134 @@ +/* + CSS for the main interaction +*/ +.accordion > input[name="collapse"] { + display: none; + + /*position: absolute; + left: -100vw;*/ +} + +.accordion label, +.accordion .content{ + /*max-width: 620px;*/ + margin: 0 auto; + } + + +.accordion .content { + background: auto; + overflow: hidden; + height: 0; + transition: 0.5s; + /*box-shadow: 1px 2px 4px rgba(0, 0, 0, 0.3);*/ +} + +.accordion > input[name="collapse"]:checked ~ .content { + /*height: 380px;*/ + transition: height 0.5s; +} + +.accordion label { + display: block; + +} + + +/* For Desktop */ +@media only screen and (min-width: 620px){ + + +.accordion > input[name="collapse"]:checked ~ .content { + height: auto; +} + +} + + + +.accordion { + margin-bottom: 1em; +} + +.accordion > input[name="collapse"]:checked ~ .content { + border-top: 0; + transition: 0.3s; +} + +.accordion .handle { + margin: 0; + font-size: 16px; + +} + +.accordion label { + color: #FF8C00; + cursor: pointer; + font-weight: normal; + padding: 10px; + background: auto; + user-select: none; + +} + +.accordion label:hover, +.accordion label:focus { + background: #252525; +} + +.accordion .handle label:before { + font-family: FontAwesome; + content: "\f107"; + display: inline-block; + margin-right: 10px; + font-size: 1em; + line-height: 1.556em; + vertical-align: middle; + transition: 0.4s; + +} + +.accordion > input[name="collapse"]:checked ~ .handle label:before { + transform: rotate(180deg); + transform-origin: center; + transition: 0.4s; +} + + +/* + Demo purposes only +*/ +*, +*:before, +*:after { + box-sizing: border-box; +} + +body { + background: #ccc; + padding: 10px; +} + +a { + color: #06c; +} + +p { + margin: 0 0 1em; + padding: 10px; +} + +h1 { + margin: 0 0 1.5em; + font-weight: 600; + font-size: 1.5em; +} + +.accordion p:last-child { + margin-bottom: 0; +} +.container{ + max-width: 620px; + margin: 0 auto; +} + diff --git a/_build/html/_static/comment-bright.png b/_build/html/_static/comment-bright.png new file mode 100644 index 00000000..15e27edb Binary files /dev/null and b/_build/html/_static/comment-bright.png differ diff --git a/_build/html/_static/comment-close.png b/_build/html/_static/comment-close.png new file mode 100644 index 00000000..4d91bcf5 Binary files /dev/null and b/_build/html/_static/comment-close.png differ diff --git a/_build/html/_static/comment.png b/_build/html/_static/comment.png new file mode 100644 index 00000000..dfbc0cbd Binary files /dev/null and b/_build/html/_static/comment.png differ diff --git a/_build/html/_static/css/badge_only.css b/_build/html/_static/css/badge_only.css new file mode 100644 index 00000000..e380325b --- /dev/null +++ b/_build/html/_static/css/badge_only.css @@ -0,0 +1 @@ +.fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}} \ No newline at end of file diff --git a/_build/html/_static/css/fonts/Roboto-Slab-Bold.woff b/_build/html/_static/css/fonts/Roboto-Slab-Bold.woff new file mode 100644 index 00000000..6cb60000 Binary files /dev/null and b/_build/html/_static/css/fonts/Roboto-Slab-Bold.woff differ diff --git a/_build/html/_static/css/fonts/Roboto-Slab-Bold.woff2 b/_build/html/_static/css/fonts/Roboto-Slab-Bold.woff2 new file mode 100644 index 00000000..7059e231 Binary files /dev/null and b/_build/html/_static/css/fonts/Roboto-Slab-Bold.woff2 differ diff --git a/_build/html/_static/css/fonts/Roboto-Slab-Regular.woff b/_build/html/_static/css/fonts/Roboto-Slab-Regular.woff new file mode 100644 index 00000000..f815f63f Binary files /dev/null and b/_build/html/_static/css/fonts/Roboto-Slab-Regular.woff differ diff --git a/_build/html/_static/css/fonts/Roboto-Slab-Regular.woff2 b/_build/html/_static/css/fonts/Roboto-Slab-Regular.woff2 new file mode 100644 index 00000000..f2c76e5b Binary files /dev/null and b/_build/html/_static/css/fonts/Roboto-Slab-Regular.woff2 differ diff --git a/_build/html/_static/css/fonts/fontawesome-webfont.eot b/_build/html/_static/css/fonts/fontawesome-webfont.eot new file mode 100644 index 00000000..e9f60ca9 Binary files /dev/null and b/_build/html/_static/css/fonts/fontawesome-webfont.eot differ diff --git a/_build/html/_static/css/fonts/fontawesome-webfont.svg b/_build/html/_static/css/fonts/fontawesome-webfont.svg new file mode 100644 index 00000000..855c845e --- /dev/null +++ b/_build/html/_static/css/fonts/fontawesome-webfont.svg @@ -0,0 +1,2671 @@ + + + + +Created by FontForge 20120731 at Mon Oct 24 17:37:40 2016 + By ,,, +Copyright Dave Gandy 2016. All rights reserved. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/_build/html/_static/css/fonts/fontawesome-webfont.ttf b/_build/html/_static/css/fonts/fontawesome-webfont.ttf new file mode 100644 index 00000000..35acda2f Binary files /dev/null and b/_build/html/_static/css/fonts/fontawesome-webfont.ttf differ diff --git a/_build/html/_static/css/fonts/fontawesome-webfont.woff b/_build/html/_static/css/fonts/fontawesome-webfont.woff new file mode 100644 index 00000000..400014a4 Binary files /dev/null and b/_build/html/_static/css/fonts/fontawesome-webfont.woff differ diff --git a/_build/html/_static/css/fonts/fontawesome-webfont.woff2 b/_build/html/_static/css/fonts/fontawesome-webfont.woff2 new file mode 100644 index 00000000..4d13fc60 Binary files /dev/null and b/_build/html/_static/css/fonts/fontawesome-webfont.woff2 differ diff --git a/_build/html/_static/css/fonts/lato-bold-italic.woff b/_build/html/_static/css/fonts/lato-bold-italic.woff new file mode 100644 index 00000000..88ad05b9 Binary files /dev/null and b/_build/html/_static/css/fonts/lato-bold-italic.woff differ diff --git a/_build/html/_static/css/fonts/lato-bold-italic.woff2 b/_build/html/_static/css/fonts/lato-bold-italic.woff2 new file mode 100644 index 00000000..c4e3d804 Binary files /dev/null and b/_build/html/_static/css/fonts/lato-bold-italic.woff2 differ diff --git a/_build/html/_static/css/fonts/lato-bold.woff b/_build/html/_static/css/fonts/lato-bold.woff new file mode 100644 index 00000000..c6dff51f Binary files /dev/null and b/_build/html/_static/css/fonts/lato-bold.woff differ diff --git a/_build/html/_static/css/fonts/lato-bold.woff2 b/_build/html/_static/css/fonts/lato-bold.woff2 new file mode 100644 index 00000000..bb195043 Binary files /dev/null and b/_build/html/_static/css/fonts/lato-bold.woff2 differ diff --git a/_build/html/_static/css/fonts/lato-normal-italic.woff b/_build/html/_static/css/fonts/lato-normal-italic.woff new file mode 100644 index 00000000..76114bc0 Binary files /dev/null and b/_build/html/_static/css/fonts/lato-normal-italic.woff differ diff --git a/_build/html/_static/css/fonts/lato-normal-italic.woff2 b/_build/html/_static/css/fonts/lato-normal-italic.woff2 new file mode 100644 index 00000000..3404f37e Binary files /dev/null and b/_build/html/_static/css/fonts/lato-normal-italic.woff2 differ diff --git a/_build/html/_static/css/fonts/lato-normal.woff b/_build/html/_static/css/fonts/lato-normal.woff new file mode 100644 index 00000000..ae1307ff Binary files /dev/null and b/_build/html/_static/css/fonts/lato-normal.woff differ diff --git a/_build/html/_static/css/fonts/lato-normal.woff2 b/_build/html/_static/css/fonts/lato-normal.woff2 new file mode 100644 index 00000000..3bf98433 Binary files /dev/null and b/_build/html/_static/css/fonts/lato-normal.woff2 differ diff --git a/_build/html/_static/css/theme.css b/_build/html/_static/css/theme.css new file mode 100644 index 00000000..0d9ae7e1 --- /dev/null +++ b/_build/html/_static/css/theme.css @@ -0,0 +1,4 @@ +html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden],audio:not([controls]){display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;text-decoration:none}ins,mark{color:#000}mark{background:#ff0;font-style:italic;font-weight:700}.rst-content code,.rst-content tt,code,kbd,pre,samp{font-family:monospace,serif;_font-family:courier new,monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:after,q:before{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}dl,ol,ul{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure,form{margin:0}label{cursor:pointer}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}textarea{resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none!important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{body,html,section{background:none!important}*{box-shadow:none!important;text-shadow:none!important;filter:none!important;-ms-filter:none!important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="#"]:after,a[href^="javascript:"]:after{content:""}blockquote,pre{page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}.rst-content .toctree-wrapper>p.caption,h2,h3,p{orphans:3;widows:3}.rst-content .toctree-wrapper>p.caption,h2,h3{page-break-after:avoid}}.btn,.fa:before,.icon:before,.rst-content .admonition,.rst-content .admonition-title:before,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .code-block-caption .headerlink:before,.rst-content .danger,.rst-content .eqno .headerlink:before,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-alert,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before,.wy-nav-top a,.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a,input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week],select,textarea{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}/*! + * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome + * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) + */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:""}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:""}.fa-search-plus:before{content:""}.fa-search-minus:before{content:""}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:""}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:""}.fa-map-marker:before{content:""}.fa-adjust:before{content:""}.fa-tint:before{content:""}.fa-edit:before,.fa-pencil-square-o:before{content:""}.fa-share-square-o:before{content:""}.fa-check-square-o:before{content:""}.fa-arrows:before{content:""}.fa-step-backward:before{content:""}.fa-fast-backward:before{content:""}.fa-backward:before{content:""}.fa-play:before{content:""}.fa-pause:before{content:""}.fa-stop:before{content:""}.fa-forward:before{content:""}.fa-fast-forward:before{content:""}.fa-step-forward:before{content:""}.fa-eject:before{content:""}.fa-chevron-left:before{content:""}.fa-chevron-right:before{content:""}.fa-plus-circle:before{content:""}.fa-minus-circle:before{content:""}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:""}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:""}.fa-question-circle:before{content:""}.fa-info-circle:before{content:""}.fa-crosshairs:before{content:""}.fa-times-circle-o:before{content:""}.fa-check-circle-o:before{content:""}.fa-ban:before{content:""}.fa-arrow-left:before{content:""}.fa-arrow-right:before{content:""}.fa-arrow-up:before{content:""}.fa-arrow-down:before{content:""}.fa-mail-forward:before,.fa-share:before{content:""}.fa-expand:before{content:""}.fa-compress:before{content:""}.fa-plus:before{content:""}.fa-minus:before{content:""}.fa-asterisk:before{content:""}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:""}.fa-gift:before{content:""}.fa-leaf:before{content:""}.fa-fire:before,.icon-fire:before{content:""}.fa-eye:before{content:""}.fa-eye-slash:before{content:""}.fa-exclamation-triangle:before,.fa-warning:before{content:""}.fa-plane:before{content:""}.fa-calendar:before{content:""}.fa-random:before{content:""}.fa-comment:before{content:""}.fa-magnet:before{content:""}.fa-chevron-up:before{content:""}.fa-chevron-down:before{content:""}.fa-retweet:before{content:""}.fa-shopping-cart:before{content:""}.fa-folder:before{content:""}.fa-folder-open:before{content:""}.fa-arrows-v:before{content:""}.fa-arrows-h:before{content:""}.fa-bar-chart-o:before,.fa-bar-chart:before{content:""}.fa-twitter-square:before{content:""}.fa-facebook-square:before{content:""}.fa-camera-retro:before{content:""}.fa-key:before{content:""}.fa-cogs:before,.fa-gears:before{content:""}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:""}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:""}.fa-external-link:before{content:""}.fa-sign-in:before{content:""}.fa-trophy:before{content:""}.fa-github-square:before{content:""}.fa-upload:before{content:""}.fa-lemon-o:before{content:""}.fa-phone:before{content:""}.fa-square-o:before{content:""}.fa-bookmark-o:before{content:""}.fa-phone-square:before{content:""}.fa-twitter:before{content:""}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:""}.fa-unlock:before{content:""}.fa-credit-card:before{content:""}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:""}.fa-bullhorn:before{content:""}.fa-bell:before{content:""}.fa-certificate:before{content:""}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:""}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:""}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:""}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:""}.fa-globe:before{content:""}.fa-wrench:before{content:""}.fa-tasks:before{content:""}.fa-filter:before{content:""}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:""}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:""}.fa-table:before{content:""}.fa-magic:before{content:""}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:""}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:""}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:""}.fa-angle-double-right:before{content:""}.fa-angle-double-up:before{content:""}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:""}.fa-angle-right:before{content:""}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:""}.fa-circle-o:before{content:""}.fa-quote-left:before{content:""}.fa-quote-right:before{content:""}.fa-spinner:before{content:""}.fa-circle:before{content:""}.fa-mail-reply:before,.fa-reply:before{content:""}.fa-github-alt:before{content:""}.fa-folder-o:before{content:""}.fa-folder-open-o:before{content:""}.fa-smile-o:before{content:""}.fa-frown-o:before{content:""}.fa-meh-o:before{content:""}.fa-gamepad:before{content:""}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:""}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:""}.fa-code:before{content:""}.fa-mail-reply-all:before,.fa-reply-all:before{content:""}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:""}.fa-location-arrow:before{content:""}.fa-crop:before{content:""}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:""}.fa-question:before{content:""}.fa-info:before{content:""}.fa-exclamation:before{content:""}.fa-superscript:before{content:""}.fa-subscript:before{content:""}.fa-eraser:before{content:""}.fa-puzzle-piece:before{content:""}.fa-microphone:before{content:""}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:""}.fa-rocket:before{content:""}.fa-maxcdn:before{content:""}.fa-chevron-circle-left:before{content:""}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:""}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:""}.fa-ellipsis-h:before{content:""}.fa-ellipsis-v:before{content:""}.fa-rss-square:before{content:""}.fa-play-circle:before{content:""}.fa-ticket:before{content:""}.fa-minus-square:before{content:""}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:""}.fa-level-up:before{content:""}.fa-level-down:before{content:""}.fa-check-square:before{content:""}.fa-pencil-square:before{content:""}.fa-external-link-square:before{content:""}.fa-share-square:before{content:""}.fa-compass:before{content:""}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:""}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:""}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:""}.fa-eur:before,.fa-euro:before{content:""}.fa-gbp:before{content:""}.fa-dollar:before,.fa-usd:before{content:""}.fa-inr:before,.fa-rupee:before{content:""}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:""}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:""}.fa-krw:before,.fa-won:before{content:""}.fa-bitcoin:before,.fa-btc:before{content:""}.fa-file:before{content:""}.fa-file-text:before{content:""}.fa-sort-alpha-asc:before{content:""}.fa-sort-alpha-desc:before{content:""}.fa-sort-amount-asc:before{content:""}.fa-sort-amount-desc:before{content:""}.fa-sort-numeric-asc:before{content:""}.fa-sort-numeric-desc:before{content:""}.fa-thumbs-up:before{content:""}.fa-thumbs-down:before{content:""}.fa-youtube-square:before{content:""}.fa-youtube:before{content:""}.fa-xing:before{content:""}.fa-xing-square:before{content:""}.fa-youtube-play:before{content:""}.fa-dropbox:before{content:""}.fa-stack-overflow:before{content:""}.fa-instagram:before{content:""}.fa-flickr:before{content:""}.fa-adn:before{content:""}.fa-bitbucket:before,.icon-bitbucket:before{content:""}.fa-bitbucket-square:before{content:""}.fa-tumblr:before{content:""}.fa-tumblr-square:before{content:""}.fa-long-arrow-down:before{content:""}.fa-long-arrow-up:before{content:""}.fa-long-arrow-left:before{content:""}.fa-long-arrow-right:before{content:""}.fa-apple:before{content:""}.fa-windows:before{content:""}.fa-android:before{content:""}.fa-linux:before{content:""}.fa-dribbble:before{content:""}.fa-skype:before{content:""}.fa-foursquare:before{content:""}.fa-trello:before{content:""}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:""}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:""}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:""}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:""}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:""}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:""}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:""}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:""}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:""}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:""}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:""}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:""}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:""}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:""}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:""}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:""}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:""}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:""}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:""}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:""}.fa-id-badge:before{content:""}.fa-drivers-license:before,.fa-id-card:before{content:""}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:""}.fa-free-code-camp:before{content:""}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:""}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:""}.fa-podcast:before{content:""}.fa-window-maximize:before{content:""}.fa-window-minimize:before{content:""}.fa-window-restore:before{content:""}.fa-times-rectangle:before,.fa-window-close:before{content:""}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:""}.fa-bandcamp:before{content:""}.fa-grav:before{content:""}.fa-etsy:before{content:""}.fa-imdb:before{content:""}.fa-ravelry:before{content:""}.fa-eercast:before{content:""}.fa-microchip:before{content:""}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:""}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:""}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs li{display:inline-block}.wy-breadcrumbs li.wy-breadcrumbs-aside{float:right}.wy-breadcrumbs li a{display:inline-block;padding:5px}.wy-breadcrumbs li a:first-child{padding-left:0}.rst-content .wy-breadcrumbs li tt,.wy-breadcrumbs li .rst-content tt,.wy-breadcrumbs li code{padding:5px;border:none;background:none}.rst-content .wy-breadcrumbs li tt.literal,.wy-breadcrumbs li .rst-content tt.literal,.wy-breadcrumbs li code.literal{color:#404040}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search>a:hover{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.version{margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.field-list>dt:after,html.writer-html5 .rst-content dl.footnote>dt:after{content:":"}html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.footnote>dt>span.brackets{margin-right:.5rem}html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{font-style:italic}html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.footnote>dd p,html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{font-size:inherit;line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.field-list)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) dl:not(.field-list)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.field-list)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) dl:not(.field-list)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel{border:1px solid #7fbbe3;background:#e7f2fa;font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block} \ No newline at end of file diff --git a/_build/html/_static/doctools.js b/_build/html/_static/doctools.js new file mode 100644 index 00000000..344db17d --- /dev/null +++ b/_build/html/_static/doctools.js @@ -0,0 +1,315 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Sphinx JavaScript utilities for all documentation. + * + * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/** + * select a different prefix for underscore + */ +$u = _.noConflict(); + +/** + * make the code below compatible with browsers without + * an installed firebug like debugger +if (!window.console || !console.firebug) { + var names = ["log", "debug", "info", "warn", "error", "assert", "dir", + "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace", + "profile", "profileEnd"]; + window.console = {}; + for (var i = 0; i < names.length; ++i) + window.console[names[i]] = function() {}; +} + */ + +/** + * small helper function to urldecode strings + */ +jQuery.urldecode = function(x) { + return decodeURIComponent(x).replace(/\+/g, ' '); +}; + +/** + * small helper function to urlencode strings + */ +jQuery.urlencode = encodeURIComponent; + +/** + * This function returns the parsed url parameters of the + * current request. Multiple values per key are supported, + * it will always return arrays of strings for the value parts. + */ +jQuery.getQueryParameters = function(s) { + if (typeof s === 'undefined') + s = document.location.search; + var parts = s.substr(s.indexOf('?') + 1).split('&'); + var result = {}; + for (var i = 0; i < parts.length; i++) { + var tmp = parts[i].split('=', 2); + var key = jQuery.urldecode(tmp[0]); + var value = jQuery.urldecode(tmp[1]); + if (key in result) + result[key].push(value); + else + result[key] = [value]; + } + return result; +}; + +/** + * highlight a given string on a jquery object by wrapping it in + * span elements with the given class name. + */ +jQuery.fn.highlightText = function(text, className) { + function highlight(node, addItems) { + if (node.nodeType === 3) { + var val = node.nodeValue; + var pos = val.toLowerCase().indexOf(text); + if (pos >= 0 && + !jQuery(node.parentNode).hasClass(className) && + !jQuery(node.parentNode).hasClass("nohighlight")) { + var span; + var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.className = className; + } + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + node.parentNode.insertBefore(span, node.parentNode.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling)); + node.nodeValue = val.substr(0, pos); + if (isInSVG) { + var bbox = span.getBBox(); + var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute('class', className); + var parentOfText = node.parentNode.parentNode; + addItems.push({ + "parent": node.parentNode, + "target": rect}); + } + } + } + else if (!jQuery(node).is("button, select, textarea")) { + jQuery.each(node.childNodes, function() { + highlight(this, addItems); + }); + } + } + var addItems = []; + var result = this.each(function() { + highlight(this, addItems); + }); + for (var i = 0; i < addItems.length; ++i) { + jQuery(addItems[i].parent).before(addItems[i].target); + } + return result; +}; + +/* + * backward compatibility for jQuery.browser + * This will be supported until firefox bug is fixed. + */ +if (!jQuery.browser) { + jQuery.uaMatch = function(ua) { + ua = ua.toLowerCase(); + + var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || + /(webkit)[ \/]([\w.]+)/.exec(ua) || + /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || + /(msie) ([\w.]+)/.exec(ua) || + ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || + []; + + return { + browser: match[ 1 ] || "", + version: match[ 2 ] || "0" + }; + }; + jQuery.browser = {}; + jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; +} + +/** + * Small JavaScript module for the documentation. + */ +var Documentation = { + + init : function() { + this.fixFirefoxAnchorBug(); + this.highlightSearchWords(); + this.initIndexTable(); + if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) { + this.initOnKeyListeners(); + } + }, + + /** + * i18n support + */ + TRANSLATIONS : {}, + PLURAL_EXPR : function(n) { return n === 1 ? 0 : 1; }, + LOCALE : 'unknown', + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext : function(string) { + var translated = Documentation.TRANSLATIONS[string]; + if (typeof translated === 'undefined') + return string; + return (typeof translated === 'string') ? translated : translated[0]; + }, + + ngettext : function(singular, plural, n) { + var translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated === 'undefined') + return (n == 1) ? singular : plural; + return translated[Documentation.PLURALEXPR(n)]; + }, + + addTranslations : function(catalog) { + for (var key in catalog.messages) + this.TRANSLATIONS[key] = catalog.messages[key]; + this.PLURAL_EXPR = new Function('n', 'return +(' + catalog.plural_expr + ')'); + this.LOCALE = catalog.locale; + }, + + /** + * add context elements like header anchor links + */ + addContextElements : function() { + $('div[id] > :header:first').each(function() { + $('\u00B6'). + attr('href', '#' + this.id). + attr('title', _('Permalink to this headline')). + appendTo(this); + }); + $('dt[id]').each(function() { + $('\u00B6'). + attr('href', '#' + this.id). + attr('title', _('Permalink to this definition')). + appendTo(this); + }); + }, + + /** + * workaround a firefox stupidity + * see: https://bugzilla.mozilla.org/show_bug.cgi?id=645075 + */ + fixFirefoxAnchorBug : function() { + if (document.location.hash && $.browser.mozilla) + window.setTimeout(function() { + document.location.href += ''; + }, 10); + }, + + /** + * highlight the search words provided in the url in the text + */ + highlightSearchWords : function() { + var params = $.getQueryParameters(); + var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : []; + if (terms.length) { + var body = $('div.body'); + if (!body.length) { + body = $('body'); + } + window.setTimeout(function() { + $.each(terms, function() { + body.highlightText(this.toLowerCase(), 'highlighted'); + }); + }, 10); + $('

' + _('Hide Search Matches') + '

') + .appendTo($('#searchbox')); + } + }, + + /** + * init the domain index toggle buttons + */ + initIndexTable : function() { + var togglers = $('img.toggler').click(function() { + var src = $(this).attr('src'); + var idnum = $(this).attr('id').substr(7); + $('tr.cg-' + idnum).toggle(); + if (src.substr(-9) === 'minus.png') + $(this).attr('src', src.substr(0, src.length-9) + 'plus.png'); + else + $(this).attr('src', src.substr(0, src.length-8) + 'minus.png'); + }).css('display', ''); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) { + togglers.click(); + } + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords : function() { + $('#searchbox .highlight-link').fadeOut(300); + $('span.highlighted').removeClass('highlighted'); + }, + + /** + * make the url absolute + */ + makeURL : function(relativeURL) { + return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL; + }, + + /** + * get the current relative url + */ + getCurrentURL : function() { + var path = document.location.pathname; + var parts = path.split(/\//); + $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() { + if (this === '..') + parts.pop(); + }); + var url = parts.join('/'); + return path.substring(url.lastIndexOf('/') + 1, path.length - 1); + }, + + initOnKeyListeners: function() { + $(document).keyup(function(event) { + var activeElementType = document.activeElement.tagName; + // don't navigate when in search box or textarea + if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT') { + switch (event.keyCode) { + case 37: // left + var prevHref = $('link[rel="prev"]').prop('href'); + if (prevHref) { + window.location.href = prevHref; + return false; + } + case 39: // right + var nextHref = $('link[rel="next"]').prop('href'); + if (nextHref) { + window.location.href = nextHref; + return false; + } + } + } + }); + } +}; + +// quick alias for translations +_ = Documentation.gettext; + +$(document).ready(function() { + Documentation.init(); +}); diff --git a/_build/html/_static/documentation_options.js b/_build/html/_static/documentation_options.js new file mode 100644 index 00000000..1925df3b --- /dev/null +++ b/_build/html/_static/documentation_options.js @@ -0,0 +1,10 @@ +var DOCUMENTATION_OPTIONS = { + URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), + VERSION: '1.0', + LANGUAGE: 'None', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, +}; \ No newline at end of file diff --git a/_build/html/_static/down-pressed.png b/_build/html/_static/down-pressed.png new file mode 100644 index 00000000..5756c8ca Binary files /dev/null and b/_build/html/_static/down-pressed.png differ diff --git a/_build/html/_static/down.png b/_build/html/_static/down.png new file mode 100644 index 00000000..1b3bdad2 Binary files /dev/null and b/_build/html/_static/down.png differ diff --git a/_build/html/_static/file.png b/_build/html/_static/file.png new file mode 100644 index 00000000..a858a410 Binary files /dev/null and b/_build/html/_static/file.png differ diff --git a/_build/html/_static/jquery-3.2.1.js b/_build/html/_static/jquery-3.2.1.js new file mode 100644 index 00000000..d2d8ca47 --- /dev/null +++ b/_build/html/_static/jquery-3.2.1.js @@ -0,0 +1,10253 @@ +/*! + * jQuery JavaScript Library v3.2.1 + * https://jquery.com/ + * + * Includes Sizzle.js + * https://sizzlejs.com/ + * + * Copyright JS Foundation and other contributors + * Released under the MIT license + * https://jquery.org/license + * + * Date: 2017-03-20T18:59Z + */ +( function( global, factory ) { + + "use strict"; + + if ( typeof module === "object" && typeof module.exports === "object" ) { + + // For CommonJS and CommonJS-like environments where a proper `window` + // is present, execute the factory and get jQuery. + // For environments that do not have a `window` with a `document` + // (such as Node.js), expose a factory as module.exports. + // This accentuates the need for the creation of a real `window`. + // e.g. var jQuery = require("jquery")(window); + // See ticket #14549 for more info. + module.exports = global.document ? + factory( global, true ) : + function( w ) { + if ( !w.document ) { + throw new Error( "jQuery requires a window with a document" ); + } + return factory( w ); + }; + } else { + factory( global ); + } + +// Pass this if window is not defined yet +} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { + +// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 +// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode +// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common +// enough that all such attempts are guarded in a try block. +"use strict"; + +var arr = []; + +var document = window.document; + +var getProto = Object.getPrototypeOf; + +var slice = arr.slice; + +var concat = arr.concat; + +var push = arr.push; + +var indexOf = arr.indexOf; + +var class2type = {}; + +var toString = class2type.toString; + +var hasOwn = class2type.hasOwnProperty; + +var fnToString = hasOwn.toString; + +var ObjectFunctionString = fnToString.call( Object ); + +var support = {}; + + + + function DOMEval( code, doc ) { + doc = doc || document; + + var script = doc.createElement( "script" ); + + script.text = code; + doc.head.appendChild( script ).parentNode.removeChild( script ); + } +/* global Symbol */ +// Defining this global in .eslintrc.json would create a danger of using the global +// unguarded in another place, it seems safer to define global only for this module + + + +var + version = "3.2.1", + + // Define a local copy of jQuery + jQuery = function( selector, context ) { + + // The jQuery object is actually just the init constructor 'enhanced' + // Need init if jQuery is called (just allow error to be thrown if not included) + return new jQuery.fn.init( selector, context ); + }, + + // Support: Android <=4.0 only + // Make sure we trim BOM and NBSP + rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, + + // Matches dashed string for camelizing + rmsPrefix = /^-ms-/, + rdashAlpha = /-([a-z])/g, + + // Used by jQuery.camelCase as callback to replace() + fcamelCase = function( all, letter ) { + return letter.toUpperCase(); + }; + +jQuery.fn = jQuery.prototype = { + + // The current version of jQuery being used + jquery: version, + + constructor: jQuery, + + // The default length of a jQuery object is 0 + length: 0, + + toArray: function() { + return slice.call( this ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + + // Return all the elements in a clean array + if ( num == null ) { + return slice.call( this ); + } + + // Return just the one element from the set + return num < 0 ? this[ num + this.length ] : this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + + // Build a new jQuery matched element set + var ret = jQuery.merge( this.constructor(), elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + each: function( callback ) { + return jQuery.each( this, callback ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map( this, function( elem, i ) { + return callback.call( elem, i, elem ); + } ) ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ) ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + eq: function( i ) { + var len = this.length, + j = +i + ( i < 0 ? len : 0 ); + return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); + }, + + end: function() { + return this.prevObject || this.constructor(); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: arr.sort, + splice: arr.splice +}; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !jQuery.isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + src = target[ name ]; + copy = options[ name ]; + + // Prevent never-ending loop + if ( target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = Array.isArray( copy ) ) ) ) { + + if ( copyIsArray ) { + copyIsArray = false; + clone = src && Array.isArray( src ) ? src : []; + + } else { + clone = src && jQuery.isPlainObject( src ) ? src : {}; + } + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend( { + + // Unique for each copy of jQuery on the page + expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), + + // Assume jQuery is ready without the ready module + isReady: true, + + error: function( msg ) { + throw new Error( msg ); + }, + + noop: function() {}, + + isFunction: function( obj ) { + return jQuery.type( obj ) === "function"; + }, + + isWindow: function( obj ) { + return obj != null && obj === obj.window; + }, + + isNumeric: function( obj ) { + + // As of jQuery 3.0, isNumeric is limited to + // strings and numbers (primitives or objects) + // that can be coerced to finite numbers (gh-2662) + var type = jQuery.type( obj ); + return ( type === "number" || type === "string" ) && + + // parseFloat NaNs numeric-cast false positives ("") + // ...but misinterprets leading-number strings, particularly hex literals ("0x...") + // subtraction forces infinities to NaN + !isNaN( obj - parseFloat( obj ) ); + }, + + isPlainObject: function( obj ) { + var proto, Ctor; + + // Detect obvious negatives + // Use toString instead of jQuery.type to catch host objects + if ( !obj || toString.call( obj ) !== "[object Object]" ) { + return false; + } + + proto = getProto( obj ); + + // Objects with no prototype (e.g., `Object.create( null )`) are plain + if ( !proto ) { + return true; + } + + // Objects with prototype are plain iff they were constructed by a global Object function + Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; + return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; + }, + + isEmptyObject: function( obj ) { + + /* eslint-disable no-unused-vars */ + // See https://github.com/eslint/eslint/issues/6125 + var name; + + for ( name in obj ) { + return false; + } + return true; + }, + + type: function( obj ) { + if ( obj == null ) { + return obj + ""; + } + + // Support: Android <=2.3 only (functionish RegExp) + return typeof obj === "object" || typeof obj === "function" ? + class2type[ toString.call( obj ) ] || "object" : + typeof obj; + }, + + // Evaluates a script in a global context + globalEval: function( code ) { + DOMEval( code ); + }, + + // Convert dashed to camelCase; used by the css and data modules + // Support: IE <=9 - 11, Edge 12 - 13 + // Microsoft forgot to hump their vendor prefix (#9572) + camelCase: function( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); + }, + + each: function( obj, callback ) { + var length, i = 0; + + if ( isArrayLike( obj ) ) { + length = obj.length; + for ( ; i < length; i++ ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } else { + for ( i in obj ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } + + return obj; + }, + + // Support: Android <=4.0 only + trim: function( text ) { + return text == null ? + "" : + ( text + "" ).replace( rtrim, "" ); + }, + + // results is for internal usage only + makeArray: function( arr, results ) { + var ret = results || []; + + if ( arr != null ) { + if ( isArrayLike( Object( arr ) ) ) { + jQuery.merge( ret, + typeof arr === "string" ? + [ arr ] : arr + ); + } else { + push.call( ret, arr ); + } + } + + return ret; + }, + + inArray: function( elem, arr, i ) { + return arr == null ? -1 : indexOf.call( arr, elem, i ); + }, + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + merge: function( first, second ) { + var len = +second.length, + j = 0, + i = first.length; + + for ( ; j < len; j++ ) { + first[ i++ ] = second[ j ]; + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, invert ) { + var callbackInverse, + matches = [], + i = 0, + length = elems.length, + callbackExpect = !invert; + + // Go through the array, only saving the items + // that pass the validator function + for ( ; i < length; i++ ) { + callbackInverse = !callback( elems[ i ], i ); + if ( callbackInverse !== callbackExpect ) { + matches.push( elems[ i ] ); + } + } + + return matches; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var length, value, + i = 0, + ret = []; + + // Go through the array, translating each of the items to their new values + if ( isArrayLike( elems ) ) { + length = elems.length; + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + + // Go through every key on the object, + } else { + for ( i in elems ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + } + + // Flatten any nested arrays + return concat.apply( [], ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // Bind a function to a context, optionally partially applying any + // arguments. + proxy: function( fn, context ) { + var tmp, args, proxy; + + if ( typeof context === "string" ) { + tmp = fn[ context ]; + context = fn; + fn = tmp; + } + + // Quick check to determine if target is callable, in the spec + // this throws a TypeError, but we will just return undefined. + if ( !jQuery.isFunction( fn ) ) { + return undefined; + } + + // Simulated bind + args = slice.call( arguments, 2 ); + proxy = function() { + return fn.apply( context || this, args.concat( slice.call( arguments ) ) ); + }; + + // Set the guid of unique handler to the same of original handler, so it can be removed + proxy.guid = fn.guid = fn.guid || jQuery.guid++; + + return proxy; + }, + + now: Date.now, + + // jQuery.support is not used in Core but other projects attach their + // properties to it so it needs to exist. + support: support +} ); + +if ( typeof Symbol === "function" ) { + jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; +} + +// Populate the class2type map +jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), +function( i, name ) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); +} ); + +function isArrayLike( obj ) { + + // Support: real iOS 8.2 only (not reproducible in simulator) + // `in` check used to prevent JIT error (gh-2145) + // hasOwn isn't used here due to false negatives + // regarding Nodelist length in IE + var length = !!obj && "length" in obj && obj.length, + type = jQuery.type( obj ); + + if ( type === "function" || jQuery.isWindow( obj ) ) { + return false; + } + + return type === "array" || length === 0 || + typeof length === "number" && length > 0 && ( length - 1 ) in obj; +} +var Sizzle = +/*! + * Sizzle CSS Selector Engine v2.3.3 + * https://sizzlejs.com/ + * + * Copyright jQuery Foundation and other contributors + * Released under the MIT license + * http://jquery.org/license + * + * Date: 2016-08-08 + */ +(function( window ) { + +var i, + support, + Expr, + getText, + isXML, + tokenize, + compile, + select, + outermostContext, + sortInput, + hasDuplicate, + + // Local document vars + setDocument, + document, + docElem, + documentIsHTML, + rbuggyQSA, + rbuggyMatches, + matches, + contains, + + // Instance-specific data + expando = "sizzle" + 1 * new Date(), + preferredDoc = window.document, + dirruns = 0, + done = 0, + classCache = createCache(), + tokenCache = createCache(), + compilerCache = createCache(), + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + } + return 0; + }, + + // Instance methods + hasOwn = ({}).hasOwnProperty, + arr = [], + pop = arr.pop, + push_native = arr.push, + push = arr.push, + slice = arr.slice, + // Use a stripped-down indexOf as it's faster than native + // https://jsperf.com/thor-indexof-vs-for/5 + indexOf = function( list, elem ) { + var i = 0, + len = list.length; + for ( ; i < len; i++ ) { + if ( list[i] === elem ) { + return i; + } + } + return -1; + }, + + booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped", + + // Regular expressions + + // http://www.w3.org/TR/css3-selectors/#whitespace + whitespace = "[\\x20\\t\\r\\n\\f]", + + // http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier + identifier = "(?:\\\\.|[\\w-]|[^\0-\\xa0])+", + + // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors + attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + + // Operator (capture 2) + "*([*^$|!~]?=)" + whitespace + + // "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]" + "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace + + "*\\]", + + pseudos = ":(" + identifier + ")(?:\\((" + + // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: + // 1. quoted (capture 3; capture 4 or capture 5) + "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + + // 2. simple (capture 6) + "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + + // 3. anything else (capture 2) + ".*" + + ")\\)|)", + + // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter + rwhitespace = new RegExp( whitespace + "+", "g" ), + rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ), + + rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), + rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ), + + rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ), + + rpseudo = new RegExp( pseudos ), + ridentifier = new RegExp( "^" + identifier + "$" ), + + matchExpr = { + "ID": new RegExp( "^#(" + identifier + ")" ), + "CLASS": new RegExp( "^\\.(" + identifier + ")" ), + "TAG": new RegExp( "^(" + identifier + "|[*])" ), + "ATTR": new RegExp( "^" + attributes ), + "PSEUDO": new RegExp( "^" + pseudos ), + "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace + + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace + + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), + "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), + // For use in libraries implementing .is() + // We use this for POS matching in `select` + "needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + + whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) + }, + + rinputs = /^(?:input|select|textarea|button)$/i, + rheader = /^h\d$/i, + + rnative = /^[^{]+\{\s*\[native \w/, + + // Easily-parseable/retrievable ID or TAG or CLASS selectors + rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, + + rsibling = /[+~]/, + + // CSS escapes + // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters + runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ), + funescape = function( _, escaped, escapedWhitespace ) { + var high = "0x" + escaped - 0x10000; + // NaN means non-codepoint + // Support: Firefox<24 + // Workaround erroneous numeric interpretation of +"0x" + return high !== high || escapedWhitespace ? + escaped : + high < 0 ? + // BMP codepoint + String.fromCharCode( high + 0x10000 ) : + // Supplemental Plane codepoint (surrogate pair) + String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); + }, + + // CSS string/identifier serialization + // https://drafts.csswg.org/cssom/#common-serializing-idioms + rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, + fcssescape = function( ch, asCodePoint ) { + if ( asCodePoint ) { + + // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER + if ( ch === "\0" ) { + return "\uFFFD"; + } + + // Control characters and (dependent upon position) numbers get escaped as code points + return ch.slice( 0, -1 ) + "\\" + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; + } + + // Other potentially-special ASCII characters get backslash-escaped + return "\\" + ch; + }, + + // Used for iframes + // See setDocument() + // Removing the function wrapper causes a "Permission Denied" + // error in IE + unloadHandler = function() { + setDocument(); + }, + + disabledAncestor = addCombinator( + function( elem ) { + return elem.disabled === true && ("form" in elem || "label" in elem); + }, + { dir: "parentNode", next: "legend" } + ); + +// Optimize for push.apply( _, NodeList ) +try { + push.apply( + (arr = slice.call( preferredDoc.childNodes )), + preferredDoc.childNodes + ); + // Support: Android<4.0 + // Detect silently failing push.apply + arr[ preferredDoc.childNodes.length ].nodeType; +} catch ( e ) { + push = { apply: arr.length ? + + // Leverage slice if possible + function( target, els ) { + push_native.apply( target, slice.call(els) ); + } : + + // Support: IE<9 + // Otherwise append directly + function( target, els ) { + var j = target.length, + i = 0; + // Can't trust NodeList.length + while ( (target[j++] = els[i++]) ) {} + target.length = j - 1; + } + }; +} + +function Sizzle( selector, context, results, seed ) { + var m, i, elem, nid, match, groups, newSelector, + newContext = context && context.ownerDocument, + + // nodeType defaults to 9, since context defaults to document + nodeType = context ? context.nodeType : 9; + + results = results || []; + + // Return early from calls with invalid selector or context + if ( typeof selector !== "string" || !selector || + nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { + + return results; + } + + // Try to shortcut find operations (as opposed to filters) in HTML documents + if ( !seed ) { + + if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) { + setDocument( context ); + } + context = context || document; + + if ( documentIsHTML ) { + + // If the selector is sufficiently simple, try using a "get*By*" DOM method + // (excepting DocumentFragment context, where the methods don't exist) + if ( nodeType !== 11 && (match = rquickExpr.exec( selector )) ) { + + // ID selector + if ( (m = match[1]) ) { + + // Document context + if ( nodeType === 9 ) { + if ( (elem = context.getElementById( m )) ) { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( elem.id === m ) { + results.push( elem ); + return results; + } + } else { + return results; + } + + // Element context + } else { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( newContext && (elem = newContext.getElementById( m )) && + contains( context, elem ) && + elem.id === m ) { + + results.push( elem ); + return results; + } + } + + // Type selector + } else if ( match[2] ) { + push.apply( results, context.getElementsByTagName( selector ) ); + return results; + + // Class selector + } else if ( (m = match[3]) && support.getElementsByClassName && + context.getElementsByClassName ) { + + push.apply( results, context.getElementsByClassName( m ) ); + return results; + } + } + + // Take advantage of querySelectorAll + if ( support.qsa && + !compilerCache[ selector + " " ] && + (!rbuggyQSA || !rbuggyQSA.test( selector )) ) { + + if ( nodeType !== 1 ) { + newContext = context; + newSelector = selector; + + // qSA looks outside Element context, which is not what we want + // Thanks to Andrew Dupont for this workaround technique + // Support: IE <=8 + // Exclude object elements + } else if ( context.nodeName.toLowerCase() !== "object" ) { + + // Capture the context ID, setting it first if necessary + if ( (nid = context.getAttribute( "id" )) ) { + nid = nid.replace( rcssescape, fcssescape ); + } else { + context.setAttribute( "id", (nid = expando) ); + } + + // Prefix every selector in the list + groups = tokenize( selector ); + i = groups.length; + while ( i-- ) { + groups[i] = "#" + nid + " " + toSelector( groups[i] ); + } + newSelector = groups.join( "," ); + + // Expand context for sibling selectors + newContext = rsibling.test( selector ) && testContext( context.parentNode ) || + context; + } + + if ( newSelector ) { + try { + push.apply( results, + newContext.querySelectorAll( newSelector ) + ); + return results; + } catch ( qsaError ) { + } finally { + if ( nid === expando ) { + context.removeAttribute( "id" ); + } + } + } + } + } + } + + // All others + return select( selector.replace( rtrim, "$1" ), context, results, seed ); +} + +/** + * Create key-value caches of limited size + * @returns {function(string, object)} Returns the Object data after storing it on itself with + * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) + * deleting the oldest entry + */ +function createCache() { + var keys = []; + + function cache( key, value ) { + // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) + if ( keys.push( key + " " ) > Expr.cacheLength ) { + // Only keep the most recent entries + delete cache[ keys.shift() ]; + } + return (cache[ key + " " ] = value); + } + return cache; +} + +/** + * Mark a function for special use by Sizzle + * @param {Function} fn The function to mark + */ +function markFunction( fn ) { + fn[ expando ] = true; + return fn; +} + +/** + * Support testing using an element + * @param {Function} fn Passed the created element and returns a boolean result + */ +function assert( fn ) { + var el = document.createElement("fieldset"); + + try { + return !!fn( el ); + } catch (e) { + return false; + } finally { + // Remove from its parent by default + if ( el.parentNode ) { + el.parentNode.removeChild( el ); + } + // release memory in IE + el = null; + } +} + +/** + * Adds the same handler for all of the specified attrs + * @param {String} attrs Pipe-separated list of attributes + * @param {Function} handler The method that will be applied + */ +function addHandle( attrs, handler ) { + var arr = attrs.split("|"), + i = arr.length; + + while ( i-- ) { + Expr.attrHandle[ arr[i] ] = handler; + } +} + +/** + * Checks document order of two siblings + * @param {Element} a + * @param {Element} b + * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b + */ +function siblingCheck( a, b ) { + var cur = b && a, + diff = cur && a.nodeType === 1 && b.nodeType === 1 && + a.sourceIndex - b.sourceIndex; + + // Use IE sourceIndex if available on both nodes + if ( diff ) { + return diff; + } + + // Check if b follows a + if ( cur ) { + while ( (cur = cur.nextSibling) ) { + if ( cur === b ) { + return -1; + } + } + } + + return a ? 1 : -1; +} + +/** + * Returns a function to use in pseudos for input types + * @param {String} type + */ +function createInputPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for buttons + * @param {String} type + */ +function createButtonPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return (name === "input" || name === "button") && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for :enabled/:disabled + * @param {Boolean} disabled true for :disabled; false for :enabled + */ +function createDisabledPseudo( disabled ) { + + // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable + return function( elem ) { + + // Only certain elements can match :enabled or :disabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled + if ( "form" in elem ) { + + // Check for inherited disabledness on relevant non-disabled elements: + // * listed form-associated elements in a disabled fieldset + // https://html.spec.whatwg.org/multipage/forms.html#category-listed + // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled + // * option elements in a disabled optgroup + // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled + // All such elements have a "form" property. + if ( elem.parentNode && elem.disabled === false ) { + + // Option elements defer to a parent optgroup if present + if ( "label" in elem ) { + if ( "label" in elem.parentNode ) { + return elem.parentNode.disabled === disabled; + } else { + return elem.disabled === disabled; + } + } + + // Support: IE 6 - 11 + // Use the isDisabled shortcut property to check for disabled fieldset ancestors + return elem.isDisabled === disabled || + + // Where there is no isDisabled, check manually + /* jshint -W018 */ + elem.isDisabled !== !disabled && + disabledAncestor( elem ) === disabled; + } + + return elem.disabled === disabled; + + // Try to winnow out elements that can't be disabled before trusting the disabled property. + // Some victims get caught in our net (label, legend, menu, track), but it shouldn't + // even exist on them, let alone have a boolean value. + } else if ( "label" in elem ) { + return elem.disabled === disabled; + } + + // Remaining elements are neither :enabled nor :disabled + return false; + }; +} + +/** + * Returns a function to use in pseudos for positionals + * @param {Function} fn + */ +function createPositionalPseudo( fn ) { + return markFunction(function( argument ) { + argument = +argument; + return markFunction(function( seed, matches ) { + var j, + matchIndexes = fn( [], seed.length, argument ), + i = matchIndexes.length; + + // Match elements found at the specified indexes + while ( i-- ) { + if ( seed[ (j = matchIndexes[i]) ] ) { + seed[j] = !(matches[j] = seed[j]); + } + } + }); + }); +} + +/** + * Checks a node for validity as a Sizzle context + * @param {Element|Object=} context + * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value + */ +function testContext( context ) { + return context && typeof context.getElementsByTagName !== "undefined" && context; +} + +// Expose support vars for convenience +support = Sizzle.support = {}; + +/** + * Detects XML nodes + * @param {Element|Object} elem An element or a document + * @returns {Boolean} True iff elem is a non-HTML XML node + */ +isXML = Sizzle.isXML = function( elem ) { + // documentElement is verified for cases where it doesn't yet exist + // (such as loading iframes in IE - #4833) + var documentElement = elem && (elem.ownerDocument || elem).documentElement; + return documentElement ? documentElement.nodeName !== "HTML" : false; +}; + +/** + * Sets document-related variables once based on the current document + * @param {Element|Object} [doc] An element or document object to use to set the document + * @returns {Object} Returns the current document + */ +setDocument = Sizzle.setDocument = function( node ) { + var hasCompare, subWindow, + doc = node ? node.ownerDocument || node : preferredDoc; + + // Return early if doc is invalid or already selected + if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) { + return document; + } + + // Update global variables + document = doc; + docElem = document.documentElement; + documentIsHTML = !isXML( document ); + + // Support: IE 9-11, Edge + // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) + if ( preferredDoc !== document && + (subWindow = document.defaultView) && subWindow.top !== subWindow ) { + + // Support: IE 11, Edge + if ( subWindow.addEventListener ) { + subWindow.addEventListener( "unload", unloadHandler, false ); + + // Support: IE 9 - 10 only + } else if ( subWindow.attachEvent ) { + subWindow.attachEvent( "onunload", unloadHandler ); + } + } + + /* Attributes + ---------------------------------------------------------------------- */ + + // Support: IE<8 + // Verify that getAttribute really returns attributes and not properties + // (excepting IE8 booleans) + support.attributes = assert(function( el ) { + el.className = "i"; + return !el.getAttribute("className"); + }); + + /* getElement(s)By* + ---------------------------------------------------------------------- */ + + // Check if getElementsByTagName("*") returns only elements + support.getElementsByTagName = assert(function( el ) { + el.appendChild( document.createComment("") ); + return !el.getElementsByTagName("*").length; + }); + + // Support: IE<9 + support.getElementsByClassName = rnative.test( document.getElementsByClassName ); + + // Support: IE<10 + // Check if getElementById returns elements by name + // The broken getElementById methods don't pick up programmatically-set names, + // so use a roundabout getElementsByName test + support.getById = assert(function( el ) { + docElem.appendChild( el ).id = expando; + return !document.getElementsByName || !document.getElementsByName( expando ).length; + }); + + // ID filter and find + if ( support.getById ) { + Expr.filter["ID"] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + return elem.getAttribute("id") === attrId; + }; + }; + Expr.find["ID"] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var elem = context.getElementById( id ); + return elem ? [ elem ] : []; + } + }; + } else { + Expr.filter["ID"] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + var node = typeof elem.getAttributeNode !== "undefined" && + elem.getAttributeNode("id"); + return node && node.value === attrId; + }; + }; + + // Support: IE 6 - 7 only + // getElementById is not reliable as a find shortcut + Expr.find["ID"] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var node, i, elems, + elem = context.getElementById( id ); + + if ( elem ) { + + // Verify the id attribute + node = elem.getAttributeNode("id"); + if ( node && node.value === id ) { + return [ elem ]; + } + + // Fall back on getElementsByName + elems = context.getElementsByName( id ); + i = 0; + while ( (elem = elems[i++]) ) { + node = elem.getAttributeNode("id"); + if ( node && node.value === id ) { + return [ elem ]; + } + } + } + + return []; + } + }; + } + + // Tag + Expr.find["TAG"] = support.getElementsByTagName ? + function( tag, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( tag ); + + // DocumentFragment nodes don't have gEBTN + } else if ( support.qsa ) { + return context.querySelectorAll( tag ); + } + } : + + function( tag, context ) { + var elem, + tmp = [], + i = 0, + // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too + results = context.getElementsByTagName( tag ); + + // Filter out possible comments + if ( tag === "*" ) { + while ( (elem = results[i++]) ) { + if ( elem.nodeType === 1 ) { + tmp.push( elem ); + } + } + + return tmp; + } + return results; + }; + + // Class + Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) { + if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { + return context.getElementsByClassName( className ); + } + }; + + /* QSA/matchesSelector + ---------------------------------------------------------------------- */ + + // QSA and matchesSelector support + + // matchesSelector(:active) reports false when true (IE9/Opera 11.5) + rbuggyMatches = []; + + // qSa(:focus) reports false when true (Chrome 21) + // We allow this because of a bug in IE8/9 that throws an error + // whenever `document.activeElement` is accessed on an iframe + // So, we allow :focus to pass through QSA all the time to avoid the IE error + // See https://bugs.jquery.com/ticket/13378 + rbuggyQSA = []; + + if ( (support.qsa = rnative.test( document.querySelectorAll )) ) { + // Build QSA regex + // Regex strategy adopted from Diego Perini + assert(function( el ) { + // Select is set to empty string on purpose + // This is to test IE's treatment of not explicitly + // setting a boolean content attribute, + // since its presence should be enough + // https://bugs.jquery.com/ticket/12359 + docElem.appendChild( el ).innerHTML = "" + + ""; + + // Support: IE8, Opera 11-12.16 + // Nothing should be selected when empty strings follow ^= or $= or *= + // The test attribute must be unknown in Opera but "safe" for WinRT + // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section + if ( el.querySelectorAll("[msallowcapture^='']").length ) { + rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); + } + + // Support: IE8 + // Boolean attributes and "value" are not treated correctly + if ( !el.querySelectorAll("[selected]").length ) { + rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); + } + + // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ + if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { + rbuggyQSA.push("~="); + } + + // Webkit/Opera - :checked should return selected option elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + // IE8 throws error here and will not see later tests + if ( !el.querySelectorAll(":checked").length ) { + rbuggyQSA.push(":checked"); + } + + // Support: Safari 8+, iOS 8+ + // https://bugs.webkit.org/show_bug.cgi?id=136851 + // In-page `selector#id sibling-combinator selector` fails + if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { + rbuggyQSA.push(".#.+[+~]"); + } + }); + + assert(function( el ) { + el.innerHTML = "" + + ""; + + // Support: Windows 8 Native Apps + // The type and name attributes are restricted during .innerHTML assignment + var input = document.createElement("input"); + input.setAttribute( "type", "hidden" ); + el.appendChild( input ).setAttribute( "name", "D" ); + + // Support: IE8 + // Enforce case-sensitivity of name attribute + if ( el.querySelectorAll("[name=d]").length ) { + rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); + } + + // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) + // IE8 throws error here and will not see later tests + if ( el.querySelectorAll(":enabled").length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: IE9-11+ + // IE's :disabled selector does not pick up the children of disabled fieldsets + docElem.appendChild( el ).disabled = true; + if ( el.querySelectorAll(":disabled").length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Opera 10-11 does not throw on post-comma invalid pseudos + el.querySelectorAll("*,:x"); + rbuggyQSA.push(",.*:"); + }); + } + + if ( (support.matchesSelector = rnative.test( (matches = docElem.matches || + docElem.webkitMatchesSelector || + docElem.mozMatchesSelector || + docElem.oMatchesSelector || + docElem.msMatchesSelector) )) ) { + + assert(function( el ) { + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9) + support.disconnectedMatch = matches.call( el, "*" ); + + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( el, "[s!='']:x" ); + rbuggyMatches.push( "!=", pseudos ); + }); + } + + rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") ); + rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") ); + + /* Contains + ---------------------------------------------------------------------- */ + hasCompare = rnative.test( docElem.compareDocumentPosition ); + + // Element contains another + // Purposefully self-exclusive + // As in, an element does not contain itself + contains = hasCompare || rnative.test( docElem.contains ) ? + function( a, b ) { + var adown = a.nodeType === 9 ? a.documentElement : a, + bup = b && b.parentNode; + return a === bup || !!( bup && bup.nodeType === 1 && ( + adown.contains ? + adown.contains( bup ) : + a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 + )); + } : + function( a, b ) { + if ( b ) { + while ( (b = b.parentNode) ) { + if ( b === a ) { + return true; + } + } + } + return false; + }; + + /* Sorting + ---------------------------------------------------------------------- */ + + // Document order sorting + sortOrder = hasCompare ? + function( a, b ) { + + // Flag for duplicate removal + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + // Sort on method existence if only one input has compareDocumentPosition + var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; + if ( compare ) { + return compare; + } + + // Calculate position if both inputs belong to the same document + compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ? + a.compareDocumentPosition( b ) : + + // Otherwise we know they are disconnected + 1; + + // Disconnected nodes + if ( compare & 1 || + (!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) { + + // Choose the first element that is related to our preferred document + if ( a === document || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) { + return -1; + } + if ( b === document || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) { + return 1; + } + + // Maintain original order + return sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + } + + return compare & 4 ? -1 : 1; + } : + function( a, b ) { + // Exit early if the nodes are identical + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + var cur, + i = 0, + aup = a.parentNode, + bup = b.parentNode, + ap = [ a ], + bp = [ b ]; + + // Parentless nodes are either documents or disconnected + if ( !aup || !bup ) { + return a === document ? -1 : + b === document ? 1 : + aup ? -1 : + bup ? 1 : + sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + + // If the nodes are siblings, we can do a quick check + } else if ( aup === bup ) { + return siblingCheck( a, b ); + } + + // Otherwise we need full lists of their ancestors for comparison + cur = a; + while ( (cur = cur.parentNode) ) { + ap.unshift( cur ); + } + cur = b; + while ( (cur = cur.parentNode) ) { + bp.unshift( cur ); + } + + // Walk down the tree looking for a discrepancy + while ( ap[i] === bp[i] ) { + i++; + } + + return i ? + // Do a sibling check if the nodes have a common ancestor + siblingCheck( ap[i], bp[i] ) : + + // Otherwise nodes in our document sort first + ap[i] === preferredDoc ? -1 : + bp[i] === preferredDoc ? 1 : + 0; + }; + + return document; +}; + +Sizzle.matches = function( expr, elements ) { + return Sizzle( expr, null, null, elements ); +}; + +Sizzle.matchesSelector = function( elem, expr ) { + // Set document vars if needed + if ( ( elem.ownerDocument || elem ) !== document ) { + setDocument( elem ); + } + + // Make sure that attribute selectors are quoted + expr = expr.replace( rattributeQuotes, "='$1']" ); + + if ( support.matchesSelector && documentIsHTML && + !compilerCache[ expr + " " ] && + ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && + ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { + + try { + var ret = matches.call( elem, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || support.disconnectedMatch || + // As well, disconnected nodes are said to be in a document + // fragment in IE 9 + elem.document && elem.document.nodeType !== 11 ) { + return ret; + } + } catch (e) {} + } + + return Sizzle( expr, document, null, [ elem ] ).length > 0; +}; + +Sizzle.contains = function( context, elem ) { + // Set document vars if needed + if ( ( context.ownerDocument || context ) !== document ) { + setDocument( context ); + } + return contains( context, elem ); +}; + +Sizzle.attr = function( elem, name ) { + // Set document vars if needed + if ( ( elem.ownerDocument || elem ) !== document ) { + setDocument( elem ); + } + + var fn = Expr.attrHandle[ name.toLowerCase() ], + // Don't get fooled by Object.prototype properties (jQuery #13807) + val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? + fn( elem, name, !documentIsHTML ) : + undefined; + + return val !== undefined ? + val : + support.attributes || !documentIsHTML ? + elem.getAttribute( name ) : + (val = elem.getAttributeNode(name)) && val.specified ? + val.value : + null; +}; + +Sizzle.escape = function( sel ) { + return (sel + "").replace( rcssescape, fcssescape ); +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Document sorting and removing duplicates + * @param {ArrayLike} results + */ +Sizzle.uniqueSort = function( results ) { + var elem, + duplicates = [], + j = 0, + i = 0; + + // Unless we *know* we can detect duplicates, assume their presence + hasDuplicate = !support.detectDuplicates; + sortInput = !support.sortStable && results.slice( 0 ); + results.sort( sortOrder ); + + if ( hasDuplicate ) { + while ( (elem = results[i++]) ) { + if ( elem === results[ i ] ) { + j = duplicates.push( i ); + } + } + while ( j-- ) { + results.splice( duplicates[ j ], 1 ); + } + } + + // Clear input after sorting to release objects + // See https://github.com/jquery/sizzle/pull/225 + sortInput = null; + + return results; +}; + +/** + * Utility function for retrieving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +getText = Sizzle.getText = function( elem ) { + var node, + ret = "", + i = 0, + nodeType = elem.nodeType; + + if ( !nodeType ) { + // If no nodeType, this is expected to be an array + while ( (node = elem[i++]) ) { + // Do not traverse comment nodes + ret += getText( node ); + } + } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + // Use textContent for elements + // innerText usage removed for consistency of new lines (jQuery #11153) + if ( typeof elem.textContent === "string" ) { + return elem.textContent; + } else { + // Traverse its children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + // Do not include comment or processing instruction nodes + + return ret; +}; + +Expr = Sizzle.selectors = { + + // Can be adjusted by the user + cacheLength: 50, + + createPseudo: markFunction, + + match: matchExpr, + + attrHandle: {}, + + find: {}, + + relative: { + ">": { dir: "parentNode", first: true }, + " ": { dir: "parentNode" }, + "+": { dir: "previousSibling", first: true }, + "~": { dir: "previousSibling" } + }, + + preFilter: { + "ATTR": function( match ) { + match[1] = match[1].replace( runescape, funescape ); + + // Move the given value to match[3] whether quoted or unquoted + match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape ); + + if ( match[2] === "~=" ) { + match[3] = " " + match[3] + " "; + } + + return match.slice( 0, 4 ); + }, + + "CHILD": function( match ) { + /* matches from matchExpr["CHILD"] + 1 type (only|nth|...) + 2 what (child|of-type) + 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) + 4 xn-component of xn+y argument ([+-]?\d*n|) + 5 sign of xn-component + 6 x of xn-component + 7 sign of y-component + 8 y of y-component + */ + match[1] = match[1].toLowerCase(); + + if ( match[1].slice( 0, 3 ) === "nth" ) { + // nth-* requires argument + if ( !match[3] ) { + Sizzle.error( match[0] ); + } + + // numeric x and y parameters for Expr.filter.CHILD + // remember that false/true cast respectively to 0/1 + match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) ); + match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" ); + + // other types prohibit arguments + } else if ( match[3] ) { + Sizzle.error( match[0] ); + } + + return match; + }, + + "PSEUDO": function( match ) { + var excess, + unquoted = !match[6] && match[2]; + + if ( matchExpr["CHILD"].test( match[0] ) ) { + return null; + } + + // Accept quoted arguments as-is + if ( match[3] ) { + match[2] = match[4] || match[5] || ""; + + // Strip excess characters from unquoted arguments + } else if ( unquoted && rpseudo.test( unquoted ) && + // Get excess from tokenize (recursively) + (excess = tokenize( unquoted, true )) && + // advance to the next closing parenthesis + (excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) { + + // excess is a negative index + match[0] = match[0].slice( 0, excess ); + match[2] = unquoted.slice( 0, excess ); + } + + // Return only captures needed by the pseudo filter method (type and argument) + return match.slice( 0, 3 ); + } + }, + + filter: { + + "TAG": function( nodeNameSelector ) { + var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); + return nodeNameSelector === "*" ? + function() { return true; } : + function( elem ) { + return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; + }; + }, + + "CLASS": function( className ) { + var pattern = classCache[ className + " " ]; + + return pattern || + (pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) && + classCache( className, function( elem ) { + return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== "undefined" && elem.getAttribute("class") || "" ); + }); + }, + + "ATTR": function( name, operator, check ) { + return function( elem ) { + var result = Sizzle.attr( elem, name ); + + if ( result == null ) { + return operator === "!="; + } + if ( !operator ) { + return true; + } + + result += ""; + + return operator === "=" ? result === check : + operator === "!=" ? result !== check : + operator === "^=" ? check && result.indexOf( check ) === 0 : + operator === "*=" ? check && result.indexOf( check ) > -1 : + operator === "$=" ? check && result.slice( -check.length ) === check : + operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : + operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : + false; + }; + }, + + "CHILD": function( type, what, argument, first, last ) { + var simple = type.slice( 0, 3 ) !== "nth", + forward = type.slice( -4 ) !== "last", + ofType = what === "of-type"; + + return first === 1 && last === 0 ? + + // Shortcut for :nth-*(n) + function( elem ) { + return !!elem.parentNode; + } : + + function( elem, context, xml ) { + var cache, uniqueCache, outerCache, node, nodeIndex, start, + dir = simple !== forward ? "nextSibling" : "previousSibling", + parent = elem.parentNode, + name = ofType && elem.nodeName.toLowerCase(), + useCache = !xml && !ofType, + diff = false; + + if ( parent ) { + + // :(first|last|only)-(child|of-type) + if ( simple ) { + while ( dir ) { + node = elem; + while ( (node = node[ dir ]) ) { + if ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) { + + return false; + } + } + // Reverse direction for :only-* (if we haven't yet done so) + start = dir = type === "only" && !start && "nextSibling"; + } + return true; + } + + start = [ forward ? parent.firstChild : parent.lastChild ]; + + // non-xml :nth-child(...) stores cache data on `parent` + if ( forward && useCache ) { + + // Seek `elem` from a previously-cached index + + // ...in a gzip-friendly way + node = parent; + outerCache = node[ expando ] || (node[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + (outerCache[ node.uniqueID ] = {}); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex && cache[ 2 ]; + node = nodeIndex && parent.childNodes[ nodeIndex ]; + + while ( (node = ++nodeIndex && node && node[ dir ] || + + // Fallback to seeking `elem` from the start + (diff = nodeIndex = 0) || start.pop()) ) { + + // When found, cache indexes on `parent` and break + if ( node.nodeType === 1 && ++diff && node === elem ) { + uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; + break; + } + } + + } else { + // Use previously-cached element index if available + if ( useCache ) { + // ...in a gzip-friendly way + node = elem; + outerCache = node[ expando ] || (node[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + (outerCache[ node.uniqueID ] = {}); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex; + } + + // xml :nth-child(...) + // or :nth-last-child(...) or :nth(-last)?-of-type(...) + if ( diff === false ) { + // Use the same loop as above to seek `elem` from the start + while ( (node = ++nodeIndex && node && node[ dir ] || + (diff = nodeIndex = 0) || start.pop()) ) { + + if ( ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) && + ++diff ) { + + // Cache the index of each encountered element + if ( useCache ) { + outerCache = node[ expando ] || (node[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + (outerCache[ node.uniqueID ] = {}); + + uniqueCache[ type ] = [ dirruns, diff ]; + } + + if ( node === elem ) { + break; + } + } + } + } + } + + // Incorporate the offset, then check against cycle size + diff -= last; + return diff === first || ( diff % first === 0 && diff / first >= 0 ); + } + }; + }, + + "PSEUDO": function( pseudo, argument ) { + // pseudo-class names are case-insensitive + // http://www.w3.org/TR/selectors/#pseudo-classes + // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters + // Remember that setFilters inherits from pseudos + var args, + fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || + Sizzle.error( "unsupported pseudo: " + pseudo ); + + // The user may use createPseudo to indicate that + // arguments are needed to create the filter function + // just as Sizzle does + if ( fn[ expando ] ) { + return fn( argument ); + } + + // But maintain support for old signatures + if ( fn.length > 1 ) { + args = [ pseudo, pseudo, "", argument ]; + return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? + markFunction(function( seed, matches ) { + var idx, + matched = fn( seed, argument ), + i = matched.length; + while ( i-- ) { + idx = indexOf( seed, matched[i] ); + seed[ idx ] = !( matches[ idx ] = matched[i] ); + } + }) : + function( elem ) { + return fn( elem, 0, args ); + }; + } + + return fn; + } + }, + + pseudos: { + // Potentially complex pseudos + "not": markFunction(function( selector ) { + // Trim the selector passed to compile + // to avoid treating leading and trailing + // spaces as combinators + var input = [], + results = [], + matcher = compile( selector.replace( rtrim, "$1" ) ); + + return matcher[ expando ] ? + markFunction(function( seed, matches, context, xml ) { + var elem, + unmatched = matcher( seed, null, xml, [] ), + i = seed.length; + + // Match elements unmatched by `matcher` + while ( i-- ) { + if ( (elem = unmatched[i]) ) { + seed[i] = !(matches[i] = elem); + } + } + }) : + function( elem, context, xml ) { + input[0] = elem; + matcher( input, null, xml, results ); + // Don't keep the element (issue #299) + input[0] = null; + return !results.pop(); + }; + }), + + "has": markFunction(function( selector ) { + return function( elem ) { + return Sizzle( selector, elem ).length > 0; + }; + }), + + "contains": markFunction(function( text ) { + text = text.replace( runescape, funescape ); + return function( elem ) { + return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1; + }; + }), + + // "Whether an element is represented by a :lang() selector + // is based solely on the element's language value + // being equal to the identifier C, + // or beginning with the identifier C immediately followed by "-". + // The matching of C against the element's language value is performed case-insensitively. + // The identifier C does not have to be a valid language name." + // http://www.w3.org/TR/selectors/#lang-pseudo + "lang": markFunction( function( lang ) { + // lang value must be a valid identifier + if ( !ridentifier.test(lang || "") ) { + Sizzle.error( "unsupported lang: " + lang ); + } + lang = lang.replace( runescape, funescape ).toLowerCase(); + return function( elem ) { + var elemLang; + do { + if ( (elemLang = documentIsHTML ? + elem.lang : + elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) { + + elemLang = elemLang.toLowerCase(); + return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; + } + } while ( (elem = elem.parentNode) && elem.nodeType === 1 ); + return false; + }; + }), + + // Miscellaneous + "target": function( elem ) { + var hash = window.location && window.location.hash; + return hash && hash.slice( 1 ) === elem.id; + }, + + "root": function( elem ) { + return elem === docElem; + }, + + "focus": function( elem ) { + return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex); + }, + + // Boolean properties + "enabled": createDisabledPseudo( false ), + "disabled": createDisabledPseudo( true ), + + "checked": function( elem ) { + // In CSS3, :checked should return both checked and selected elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + var nodeName = elem.nodeName.toLowerCase(); + return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected); + }, + + "selected": function( elem ) { + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + // Contents + "empty": function( elem ) { + // http://www.w3.org/TR/selectors/#empty-pseudo + // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), + // but not by others (comment: 8; processing instruction: 7; etc.) + // nodeType < 6 works because attributes (2) do not appear as children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + if ( elem.nodeType < 6 ) { + return false; + } + } + return true; + }, + + "parent": function( elem ) { + return !Expr.pseudos["empty"]( elem ); + }, + + // Element/input types + "header": function( elem ) { + return rheader.test( elem.nodeName ); + }, + + "input": function( elem ) { + return rinputs.test( elem.nodeName ); + }, + + "button": function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === "button" || name === "button"; + }, + + "text": function( elem ) { + var attr; + return elem.nodeName.toLowerCase() === "input" && + elem.type === "text" && + + // Support: IE<8 + // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" + ( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" ); + }, + + // Position-in-collection + "first": createPositionalPseudo(function() { + return [ 0 ]; + }), + + "last": createPositionalPseudo(function( matchIndexes, length ) { + return [ length - 1 ]; + }), + + "eq": createPositionalPseudo(function( matchIndexes, length, argument ) { + return [ argument < 0 ? argument + length : argument ]; + }), + + "even": createPositionalPseudo(function( matchIndexes, length ) { + var i = 0; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + }), + + "odd": createPositionalPseudo(function( matchIndexes, length ) { + var i = 1; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + }), + + "lt": createPositionalPseudo(function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; --i >= 0; ) { + matchIndexes.push( i ); + } + return matchIndexes; + }), + + "gt": createPositionalPseudo(function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; ++i < length; ) { + matchIndexes.push( i ); + } + return matchIndexes; + }) + } +}; + +Expr.pseudos["nth"] = Expr.pseudos["eq"]; + +// Add button/input type pseudos +for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { + Expr.pseudos[ i ] = createInputPseudo( i ); +} +for ( i in { submit: true, reset: true } ) { + Expr.pseudos[ i ] = createButtonPseudo( i ); +} + +// Easy API for creating new setFilters +function setFilters() {} +setFilters.prototype = Expr.filters = Expr.pseudos; +Expr.setFilters = new setFilters(); + +tokenize = Sizzle.tokenize = function( selector, parseOnly ) { + var matched, match, tokens, type, + soFar, groups, preFilters, + cached = tokenCache[ selector + " " ]; + + if ( cached ) { + return parseOnly ? 0 : cached.slice( 0 ); + } + + soFar = selector; + groups = []; + preFilters = Expr.preFilter; + + while ( soFar ) { + + // Comma and first run + if ( !matched || (match = rcomma.exec( soFar )) ) { + if ( match ) { + // Don't consume trailing commas as valid + soFar = soFar.slice( match[0].length ) || soFar; + } + groups.push( (tokens = []) ); + } + + matched = false; + + // Combinators + if ( (match = rcombinators.exec( soFar )) ) { + matched = match.shift(); + tokens.push({ + value: matched, + // Cast descendant combinators to space + type: match[0].replace( rtrim, " " ) + }); + soFar = soFar.slice( matched.length ); + } + + // Filters + for ( type in Expr.filter ) { + if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] || + (match = preFilters[ type ]( match ))) ) { + matched = match.shift(); + tokens.push({ + value: matched, + type: type, + matches: match + }); + soFar = soFar.slice( matched.length ); + } + } + + if ( !matched ) { + break; + } + } + + // Return the length of the invalid excess + // if we're just parsing + // Otherwise, throw an error or return tokens + return parseOnly ? + soFar.length : + soFar ? + Sizzle.error( selector ) : + // Cache the tokens + tokenCache( selector, groups ).slice( 0 ); +}; + +function toSelector( tokens ) { + var i = 0, + len = tokens.length, + selector = ""; + for ( ; i < len; i++ ) { + selector += tokens[i].value; + } + return selector; +} + +function addCombinator( matcher, combinator, base ) { + var dir = combinator.dir, + skip = combinator.next, + key = skip || dir, + checkNonElements = base && key === "parentNode", + doneName = done++; + + return combinator.first ? + // Check against closest ancestor/preceding element + function( elem, context, xml ) { + while ( (elem = elem[ dir ]) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + return matcher( elem, context, xml ); + } + } + return false; + } : + + // Check against all ancestor/preceding elements + function( elem, context, xml ) { + var oldCache, uniqueCache, outerCache, + newCache = [ dirruns, doneName ]; + + // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching + if ( xml ) { + while ( (elem = elem[ dir ]) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + if ( matcher( elem, context, xml ) ) { + return true; + } + } + } + } else { + while ( (elem = elem[ dir ]) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + outerCache = elem[ expando ] || (elem[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ elem.uniqueID ] || (outerCache[ elem.uniqueID ] = {}); + + if ( skip && skip === elem.nodeName.toLowerCase() ) { + elem = elem[ dir ] || elem; + } else if ( (oldCache = uniqueCache[ key ]) && + oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { + + // Assign to newCache so results back-propagate to previous elements + return (newCache[ 2 ] = oldCache[ 2 ]); + } else { + // Reuse newcache so results back-propagate to previous elements + uniqueCache[ key ] = newCache; + + // A match means we're done; a fail means we have to keep checking + if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) { + return true; + } + } + } + } + } + return false; + }; +} + +function elementMatcher( matchers ) { + return matchers.length > 1 ? + function( elem, context, xml ) { + var i = matchers.length; + while ( i-- ) { + if ( !matchers[i]( elem, context, xml ) ) { + return false; + } + } + return true; + } : + matchers[0]; +} + +function multipleContexts( selector, contexts, results ) { + var i = 0, + len = contexts.length; + for ( ; i < len; i++ ) { + Sizzle( selector, contexts[i], results ); + } + return results; +} + +function condense( unmatched, map, filter, context, xml ) { + var elem, + newUnmatched = [], + i = 0, + len = unmatched.length, + mapped = map != null; + + for ( ; i < len; i++ ) { + if ( (elem = unmatched[i]) ) { + if ( !filter || filter( elem, context, xml ) ) { + newUnmatched.push( elem ); + if ( mapped ) { + map.push( i ); + } + } + } + } + + return newUnmatched; +} + +function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { + if ( postFilter && !postFilter[ expando ] ) { + postFilter = setMatcher( postFilter ); + } + if ( postFinder && !postFinder[ expando ] ) { + postFinder = setMatcher( postFinder, postSelector ); + } + return markFunction(function( seed, results, context, xml ) { + var temp, i, elem, + preMap = [], + postMap = [], + preexisting = results.length, + + // Get initial elements from seed or context + elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ), + + // Prefilter to get matcher input, preserving a map for seed-results synchronization + matcherIn = preFilter && ( seed || !selector ) ? + condense( elems, preMap, preFilter, context, xml ) : + elems, + + matcherOut = matcher ? + // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, + postFinder || ( seed ? preFilter : preexisting || postFilter ) ? + + // ...intermediate processing is necessary + [] : + + // ...otherwise use results directly + results : + matcherIn; + + // Find primary matches + if ( matcher ) { + matcher( matcherIn, matcherOut, context, xml ); + } + + // Apply postFilter + if ( postFilter ) { + temp = condense( matcherOut, postMap ); + postFilter( temp, [], context, xml ); + + // Un-match failing elements by moving them back to matcherIn + i = temp.length; + while ( i-- ) { + if ( (elem = temp[i]) ) { + matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem); + } + } + } + + if ( seed ) { + if ( postFinder || preFilter ) { + if ( postFinder ) { + // Get the final matcherOut by condensing this intermediate into postFinder contexts + temp = []; + i = matcherOut.length; + while ( i-- ) { + if ( (elem = matcherOut[i]) ) { + // Restore matcherIn since elem is not yet a final match + temp.push( (matcherIn[i] = elem) ); + } + } + postFinder( null, (matcherOut = []), temp, xml ); + } + + // Move matched elements from seed to results to keep them synchronized + i = matcherOut.length; + while ( i-- ) { + if ( (elem = matcherOut[i]) && + (temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) { + + seed[temp] = !(results[temp] = elem); + } + } + } + + // Add elements to results, through postFinder if defined + } else { + matcherOut = condense( + matcherOut === results ? + matcherOut.splice( preexisting, matcherOut.length ) : + matcherOut + ); + if ( postFinder ) { + postFinder( null, results, matcherOut, xml ); + } else { + push.apply( results, matcherOut ); + } + } + }); +} + +function matcherFromTokens( tokens ) { + var checkContext, matcher, j, + len = tokens.length, + leadingRelative = Expr.relative[ tokens[0].type ], + implicitRelative = leadingRelative || Expr.relative[" "], + i = leadingRelative ? 1 : 0, + + // The foundational matcher ensures that elements are reachable from top-level context(s) + matchContext = addCombinator( function( elem ) { + return elem === checkContext; + }, implicitRelative, true ), + matchAnyContext = addCombinator( function( elem ) { + return indexOf( checkContext, elem ) > -1; + }, implicitRelative, true ), + matchers = [ function( elem, context, xml ) { + var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( + (checkContext = context).nodeType ? + matchContext( elem, context, xml ) : + matchAnyContext( elem, context, xml ) ); + // Avoid hanging onto element (issue #299) + checkContext = null; + return ret; + } ]; + + for ( ; i < len; i++ ) { + if ( (matcher = Expr.relative[ tokens[i].type ]) ) { + matchers = [ addCombinator(elementMatcher( matchers ), matcher) ]; + } else { + matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches ); + + // Return special upon seeing a positional matcher + if ( matcher[ expando ] ) { + // Find the next relative operator (if any) for proper handling + j = ++i; + for ( ; j < len; j++ ) { + if ( Expr.relative[ tokens[j].type ] ) { + break; + } + } + return setMatcher( + i > 1 && elementMatcher( matchers ), + i > 1 && toSelector( + // If the preceding token was a descendant combinator, insert an implicit any-element `*` + tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" }) + ).replace( rtrim, "$1" ), + matcher, + i < j && matcherFromTokens( tokens.slice( i, j ) ), + j < len && matcherFromTokens( (tokens = tokens.slice( j )) ), + j < len && toSelector( tokens ) + ); + } + matchers.push( matcher ); + } + } + + return elementMatcher( matchers ); +} + +function matcherFromGroupMatchers( elementMatchers, setMatchers ) { + var bySet = setMatchers.length > 0, + byElement = elementMatchers.length > 0, + superMatcher = function( seed, context, xml, results, outermost ) { + var elem, j, matcher, + matchedCount = 0, + i = "0", + unmatched = seed && [], + setMatched = [], + contextBackup = outermostContext, + // We must always have either seed elements or outermost context + elems = seed || byElement && Expr.find["TAG"]( "*", outermost ), + // Use integer dirruns iff this is the outermost matcher + dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1), + len = elems.length; + + if ( outermost ) { + outermostContext = context === document || context || outermost; + } + + // Add elements passing elementMatchers directly to results + // Support: IE<9, Safari + // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id + for ( ; i !== len && (elem = elems[i]) != null; i++ ) { + if ( byElement && elem ) { + j = 0; + if ( !context && elem.ownerDocument !== document ) { + setDocument( elem ); + xml = !documentIsHTML; + } + while ( (matcher = elementMatchers[j++]) ) { + if ( matcher( elem, context || document, xml) ) { + results.push( elem ); + break; + } + } + if ( outermost ) { + dirruns = dirrunsUnique; + } + } + + // Track unmatched elements for set filters + if ( bySet ) { + // They will have gone through all possible matchers + if ( (elem = !matcher && elem) ) { + matchedCount--; + } + + // Lengthen the array for every element, matched or not + if ( seed ) { + unmatched.push( elem ); + } + } + } + + // `i` is now the count of elements visited above, and adding it to `matchedCount` + // makes the latter nonnegative. + matchedCount += i; + + // Apply set filters to unmatched elements + // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` + // equals `i`), unless we didn't visit _any_ elements in the above loop because we have + // no element matchers and no seed. + // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that + // case, which will result in a "00" `matchedCount` that differs from `i` but is also + // numerically zero. + if ( bySet && i !== matchedCount ) { + j = 0; + while ( (matcher = setMatchers[j++]) ) { + matcher( unmatched, setMatched, context, xml ); + } + + if ( seed ) { + // Reintegrate element matches to eliminate the need for sorting + if ( matchedCount > 0 ) { + while ( i-- ) { + if ( !(unmatched[i] || setMatched[i]) ) { + setMatched[i] = pop.call( results ); + } + } + } + + // Discard index placeholder values to get only actual matches + setMatched = condense( setMatched ); + } + + // Add matches to results + push.apply( results, setMatched ); + + // Seedless set matches succeeding multiple successful matchers stipulate sorting + if ( outermost && !seed && setMatched.length > 0 && + ( matchedCount + setMatchers.length ) > 1 ) { + + Sizzle.uniqueSort( results ); + } + } + + // Override manipulation of globals by nested matchers + if ( outermost ) { + dirruns = dirrunsUnique; + outermostContext = contextBackup; + } + + return unmatched; + }; + + return bySet ? + markFunction( superMatcher ) : + superMatcher; +} + +compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { + var i, + setMatchers = [], + elementMatchers = [], + cached = compilerCache[ selector + " " ]; + + if ( !cached ) { + // Generate a function of recursive functions that can be used to check each element + if ( !match ) { + match = tokenize( selector ); + } + i = match.length; + while ( i-- ) { + cached = matcherFromTokens( match[i] ); + if ( cached[ expando ] ) { + setMatchers.push( cached ); + } else { + elementMatchers.push( cached ); + } + } + + // Cache the compiled function + cached = compilerCache( selector, matcherFromGroupMatchers( elementMatchers, setMatchers ) ); + + // Save selector and tokenization + cached.selector = selector; + } + return cached; +}; + +/** + * A low-level selection function that works with Sizzle's compiled + * selector functions + * @param {String|Function} selector A selector or a pre-compiled + * selector function built with Sizzle.compile + * @param {Element} context + * @param {Array} [results] + * @param {Array} [seed] A set of elements to match against + */ +select = Sizzle.select = function( selector, context, results, seed ) { + var i, tokens, token, type, find, + compiled = typeof selector === "function" && selector, + match = !seed && tokenize( (selector = compiled.selector || selector) ); + + results = results || []; + + // Try to minimize operations if there is only one selector in the list and no seed + // (the latter of which guarantees us context) + if ( match.length === 1 ) { + + // Reduce context if the leading compound selector is an ID + tokens = match[0] = match[0].slice( 0 ); + if ( tokens.length > 2 && (token = tokens[0]).type === "ID" && + context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[1].type ] ) { + + context = ( Expr.find["ID"]( token.matches[0].replace(runescape, funescape), context ) || [] )[0]; + if ( !context ) { + return results; + + // Precompiled matchers will still verify ancestry, so step up a level + } else if ( compiled ) { + context = context.parentNode; + } + + selector = selector.slice( tokens.shift().value.length ); + } + + // Fetch a seed set for right-to-left matching + i = matchExpr["needsContext"].test( selector ) ? 0 : tokens.length; + while ( i-- ) { + token = tokens[i]; + + // Abort if we hit a combinator + if ( Expr.relative[ (type = token.type) ] ) { + break; + } + if ( (find = Expr.find[ type ]) ) { + // Search, expanding context for leading sibling combinators + if ( (seed = find( + token.matches[0].replace( runescape, funescape ), + rsibling.test( tokens[0].type ) && testContext( context.parentNode ) || context + )) ) { + + // If seed is empty or no tokens remain, we can return early + tokens.splice( i, 1 ); + selector = seed.length && toSelector( tokens ); + if ( !selector ) { + push.apply( results, seed ); + return results; + } + + break; + } + } + } + } + + // Compile and execute a filtering function if one is not provided + // Provide `match` to avoid retokenization if we modified the selector above + ( compiled || compile( selector, match ) )( + seed, + context, + !documentIsHTML, + results, + !context || rsibling.test( selector ) && testContext( context.parentNode ) || context + ); + return results; +}; + +// One-time assignments + +// Sort stability +support.sortStable = expando.split("").sort( sortOrder ).join("") === expando; + +// Support: Chrome 14-35+ +// Always assume duplicates if they aren't passed to the comparison function +support.detectDuplicates = !!hasDuplicate; + +// Initialize against the default document +setDocument(); + +// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) +// Detached nodes confoundingly follow *each other* +support.sortDetached = assert(function( el ) { + // Should return 1, but returns 4 (following) + return el.compareDocumentPosition( document.createElement("fieldset") ) & 1; +}); + +// Support: IE<8 +// Prevent attribute/property "interpolation" +// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx +if ( !assert(function( el ) { + el.innerHTML = ""; + return el.firstChild.getAttribute("href") === "#" ; +}) ) { + addHandle( "type|href|height|width", function( elem, name, isXML ) { + if ( !isXML ) { + return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); + } + }); +} + +// Support: IE<9 +// Use defaultValue in place of getAttribute("value") +if ( !support.attributes || !assert(function( el ) { + el.innerHTML = ""; + el.firstChild.setAttribute( "value", "" ); + return el.firstChild.getAttribute( "value" ) === ""; +}) ) { + addHandle( "value", function( elem, name, isXML ) { + if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { + return elem.defaultValue; + } + }); +} + +// Support: IE<9 +// Use getAttributeNode to fetch booleans when getAttribute lies +if ( !assert(function( el ) { + return el.getAttribute("disabled") == null; +}) ) { + addHandle( booleans, function( elem, name, isXML ) { + var val; + if ( !isXML ) { + return elem[ name ] === true ? name.toLowerCase() : + (val = elem.getAttributeNode( name )) && val.specified ? + val.value : + null; + } + }); +} + +return Sizzle; + +})( window ); + + + +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; + +// Deprecated +jQuery.expr[ ":" ] = jQuery.expr.pseudos; +jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; +jQuery.escapeSelector = Sizzle.escape; + + + + +var dir = function( elem, dir, until ) { + var matched = [], + truncate = until !== undefined; + + while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { + if ( elem.nodeType === 1 ) { + if ( truncate && jQuery( elem ).is( until ) ) { + break; + } + matched.push( elem ); + } + } + return matched; +}; + + +var siblings = function( n, elem ) { + var matched = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + matched.push( n ); + } + } + + return matched; +}; + + +var rneedsContext = jQuery.expr.match.needsContext; + + + +function nodeName( elem, name ) { + + return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); + +}; +var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); + + + +var risSimple = /^.[^:#\[\.,]*$/; + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, not ) { + if ( jQuery.isFunction( qualifier ) ) { + return jQuery.grep( elements, function( elem, i ) { + return !!qualifier.call( elem, i, elem ) !== not; + } ); + } + + // Single element + if ( qualifier.nodeType ) { + return jQuery.grep( elements, function( elem ) { + return ( elem === qualifier ) !== not; + } ); + } + + // Arraylike of elements (jQuery, arguments, Array) + if ( typeof qualifier !== "string" ) { + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not; + } ); + } + + // Simple selector that can be filtered directly, removing non-Elements + if ( risSimple.test( qualifier ) ) { + return jQuery.filter( qualifier, elements, not ); + } + + // Complex selector, compare the two sets, removing non-Elements + qualifier = jQuery.filter( qualifier, elements ); + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not && elem.nodeType === 1; + } ); +} + +jQuery.filter = function( expr, elems, not ) { + var elem = elems[ 0 ]; + + if ( not ) { + expr = ":not(" + expr + ")"; + } + + if ( elems.length === 1 && elem.nodeType === 1 ) { + return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; + } + + return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { + return elem.nodeType === 1; + } ) ); +}; + +jQuery.fn.extend( { + find: function( selector ) { + var i, ret, + len = this.length, + self = this; + + if ( typeof selector !== "string" ) { + return this.pushStack( jQuery( selector ).filter( function() { + for ( i = 0; i < len; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + } ) ); + } + + ret = this.pushStack( [] ); + + for ( i = 0; i < len; i++ ) { + jQuery.find( selector, self[ i ], ret ); + } + + return len > 1 ? jQuery.uniqueSort( ret ) : ret; + }, + filter: function( selector ) { + return this.pushStack( winnow( this, selector || [], false ) ); + }, + not: function( selector ) { + return this.pushStack( winnow( this, selector || [], true ) ); + }, + is: function( selector ) { + return !!winnow( + this, + + // If this is a positional/relative selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + typeof selector === "string" && rneedsContext.test( selector ) ? + jQuery( selector ) : + selector || [], + false + ).length; + } +} ); + + +// Initialize a jQuery object + + +// A central reference to the root jQuery(document) +var rootjQuery, + + // A simple way to check for HTML strings + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + // Shortcut simple #id case for speed + rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, + + init = jQuery.fn.init = function( selector, context, root ) { + var match, elem; + + // HANDLE: $(""), $(null), $(undefined), $(false) + if ( !selector ) { + return this; + } + + // Method init() accepts an alternate rootjQuery + // so migrate can support jQuery.sub (gh-2101) + root = root || rootjQuery; + + // Handle HTML strings + if ( typeof selector === "string" ) { + if ( selector[ 0 ] === "<" && + selector[ selector.length - 1 ] === ">" && + selector.length >= 3 ) { + + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = rquickExpr.exec( selector ); + } + + // Match html or make sure no context is specified for #id + if ( match && ( match[ 1 ] || !context ) ) { + + // HANDLE: $(html) -> $(array) + if ( match[ 1 ] ) { + context = context instanceof jQuery ? context[ 0 ] : context; + + // Option to run scripts is true for back-compat + // Intentionally let the error be thrown if parseHTML is not present + jQuery.merge( this, jQuery.parseHTML( + match[ 1 ], + context && context.nodeType ? context.ownerDocument || context : document, + true + ) ); + + // HANDLE: $(html, props) + if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { + for ( match in context ) { + + // Properties of context are called as methods if possible + if ( jQuery.isFunction( this[ match ] ) ) { + this[ match ]( context[ match ] ); + + // ...and otherwise set as attributes + } else { + this.attr( match, context[ match ] ); + } + } + } + + return this; + + // HANDLE: $(#id) + } else { + elem = document.getElementById( match[ 2 ] ); + + if ( elem ) { + + // Inject the element directly into the jQuery object + this[ 0 ] = elem; + this.length = 1; + } + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || root ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(DOMElement) + } else if ( selector.nodeType ) { + this[ 0 ] = selector; + this.length = 1; + return this; + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( jQuery.isFunction( selector ) ) { + return root.ready !== undefined ? + root.ready( selector ) : + + // Execute immediately if ready is not present + selector( jQuery ); + } + + return jQuery.makeArray( selector, this ); + }; + +// Give the init function the jQuery prototype for later instantiation +init.prototype = jQuery.fn; + +// Initialize central reference +rootjQuery = jQuery( document ); + + +var rparentsprev = /^(?:parents|prev(?:Until|All))/, + + // Methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend( { + has: function( target ) { + var targets = jQuery( target, this ), + l = targets.length; + + return this.filter( function() { + var i = 0; + for ( ; i < l; i++ ) { + if ( jQuery.contains( this, targets[ i ] ) ) { + return true; + } + } + } ); + }, + + closest: function( selectors, context ) { + var cur, + i = 0, + l = this.length, + matched = [], + targets = typeof selectors !== "string" && jQuery( selectors ); + + // Positional selectors never match, since there's no _selection_ context + if ( !rneedsContext.test( selectors ) ) { + for ( ; i < l; i++ ) { + for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { + + // Always skip document fragments + if ( cur.nodeType < 11 && ( targets ? + targets.index( cur ) > -1 : + + // Don't pass non-elements to Sizzle + cur.nodeType === 1 && + jQuery.find.matchesSelector( cur, selectors ) ) ) { + + matched.push( cur ); + break; + } + } + } + } + + return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); + }, + + // Determine the position of an element within the set + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; + } + + // Index in selector + if ( typeof elem === "string" ) { + return indexOf.call( jQuery( elem ), this[ 0 ] ); + } + + // Locate the position of the desired element + return indexOf.call( this, + + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[ 0 ] : elem + ); + }, + + add: function( selector, context ) { + return this.pushStack( + jQuery.uniqueSort( + jQuery.merge( this.get(), jQuery( selector, context ) ) + ) + ); + }, + + addBack: function( selector ) { + return this.add( selector == null ? + this.prevObject : this.prevObject.filter( selector ) + ); + } +} ); + +function sibling( cur, dir ) { + while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} + return cur; +} + +jQuery.each( { + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, i, until ) { + return dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return sibling( elem, "nextSibling" ); + }, + prev: function( elem ) { + return sibling( elem, "previousSibling" ); + }, + nextAll: function( elem ) { + return dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, i, until ) { + return dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, i, until ) { + return dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return siblings( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return siblings( elem.firstChild ); + }, + contents: function( elem ) { + if ( nodeName( elem, "iframe" ) ) { + return elem.contentDocument; + } + + // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only + // Treat the template element as a regular one in browsers that + // don't support it. + if ( nodeName( elem, "template" ) ) { + elem = elem.content || elem; + } + + return jQuery.merge( [], elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var matched = jQuery.map( this, fn, until ); + + if ( name.slice( -5 ) !== "Until" ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + matched = jQuery.filter( selector, matched ); + } + + if ( this.length > 1 ) { + + // Remove duplicates + if ( !guaranteedUnique[ name ] ) { + jQuery.uniqueSort( matched ); + } + + // Reverse order for parents* and prev-derivatives + if ( rparentsprev.test( name ) ) { + matched.reverse(); + } + } + + return this.pushStack( matched ); + }; +} ); +var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); + + + +// Convert String-formatted options into Object-formatted ones +function createOptions( options ) { + var object = {}; + jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { + object[ flag ] = true; + } ); + return object; +} + +/* + * Create a callback list using the following parameters: + * + * options: an optional list of space-separated options that will change how + * the callback list behaves or a more traditional option object + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible options: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( options ) { + + // Convert options from String-formatted to Object-formatted if needed + // (we check in cache first) + options = typeof options === "string" ? + createOptions( options ) : + jQuery.extend( {}, options ); + + var // Flag to know if list is currently firing + firing, + + // Last fire value for non-forgettable lists + memory, + + // Flag to know if list was already fired + fired, + + // Flag to prevent firing + locked, + + // Actual callback list + list = [], + + // Queue of execution data for repeatable lists + queue = [], + + // Index of currently firing callback (modified by add/remove as needed) + firingIndex = -1, + + // Fire callbacks + fire = function() { + + // Enforce single-firing + locked = locked || options.once; + + // Execute callbacks for all pending executions, + // respecting firingIndex overrides and runtime changes + fired = firing = true; + for ( ; queue.length; firingIndex = -1 ) { + memory = queue.shift(); + while ( ++firingIndex < list.length ) { + + // Run callback and check for early termination + if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && + options.stopOnFalse ) { + + // Jump to end and forget the data so .add doesn't re-fire + firingIndex = list.length; + memory = false; + } + } + } + + // Forget the data if we're done with it + if ( !options.memory ) { + memory = false; + } + + firing = false; + + // Clean up if we're done firing for good + if ( locked ) { + + // Keep an empty list if we have data for future add calls + if ( memory ) { + list = []; + + // Otherwise, this object is spent + } else { + list = ""; + } + } + }, + + // Actual Callbacks object + self = { + + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + + // If we have memory from a past run, we should fire after adding + if ( memory && !firing ) { + firingIndex = list.length - 1; + queue.push( memory ); + } + + ( function add( args ) { + jQuery.each( args, function( _, arg ) { + if ( jQuery.isFunction( arg ) ) { + if ( !options.unique || !self.has( arg ) ) { + list.push( arg ); + } + } else if ( arg && arg.length && jQuery.type( arg ) !== "string" ) { + + // Inspect recursively + add( arg ); + } + } ); + } )( arguments ); + + if ( memory && !firing ) { + fire(); + } + } + return this; + }, + + // Remove a callback from the list + remove: function() { + jQuery.each( arguments, function( _, arg ) { + var index; + while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { + list.splice( index, 1 ); + + // Handle firing indexes + if ( index <= firingIndex ) { + firingIndex--; + } + } + } ); + return this; + }, + + // Check if a given callback is in the list. + // If no argument is given, return whether or not list has callbacks attached. + has: function( fn ) { + return fn ? + jQuery.inArray( fn, list ) > -1 : + list.length > 0; + }, + + // Remove all callbacks from the list + empty: function() { + if ( list ) { + list = []; + } + return this; + }, + + // Disable .fire and .add + // Abort any current/pending executions + // Clear all callbacks and values + disable: function() { + locked = queue = []; + list = memory = ""; + return this; + }, + disabled: function() { + return !list; + }, + + // Disable .fire + // Also disable .add unless we have memory (since it would have no effect) + // Abort any pending executions + lock: function() { + locked = queue = []; + if ( !memory && !firing ) { + list = memory = ""; + } + return this; + }, + locked: function() { + return !!locked; + }, + + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( !locked ) { + args = args || []; + args = [ context, args.slice ? args.slice() : args ]; + queue.push( args ); + if ( !firing ) { + fire(); + } + } + return this; + }, + + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + +function Identity( v ) { + return v; +} +function Thrower( ex ) { + throw ex; +} + +function adoptValue( value, resolve, reject, noValue ) { + var method; + + try { + + // Check for promise aspect first to privilege synchronous behavior + if ( value && jQuery.isFunction( ( method = value.promise ) ) ) { + method.call( value ).done( resolve ).fail( reject ); + + // Other thenables + } else if ( value && jQuery.isFunction( ( method = value.then ) ) ) { + method.call( value, resolve, reject ); + + // Other non-thenables + } else { + + // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: + // * false: [ value ].slice( 0 ) => resolve( value ) + // * true: [ value ].slice( 1 ) => resolve() + resolve.apply( undefined, [ value ].slice( noValue ) ); + } + + // For Promises/A+, convert exceptions into rejections + // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in + // Deferred#then to conditionally suppress rejection. + } catch ( value ) { + + // Support: Android 4.0 only + // Strict mode functions invoked without .call/.apply get global-object context + reject.apply( undefined, [ value ] ); + } +} + +jQuery.extend( { + + Deferred: function( func ) { + var tuples = [ + + // action, add listener, callbacks, + // ... .then handlers, argument index, [final state] + [ "notify", "progress", jQuery.Callbacks( "memory" ), + jQuery.Callbacks( "memory" ), 2 ], + [ "resolve", "done", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 0, "resolved" ], + [ "reject", "fail", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 1, "rejected" ] + ], + state = "pending", + promise = { + state: function() { + return state; + }, + always: function() { + deferred.done( arguments ).fail( arguments ); + return this; + }, + "catch": function( fn ) { + return promise.then( null, fn ); + }, + + // Keep pipe for back-compat + pipe: function( /* fnDone, fnFail, fnProgress */ ) { + var fns = arguments; + + return jQuery.Deferred( function( newDefer ) { + jQuery.each( tuples, function( i, tuple ) { + + // Map tuples (progress, done, fail) to arguments (done, fail, progress) + var fn = jQuery.isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; + + // deferred.progress(function() { bind to newDefer or newDefer.notify }) + // deferred.done(function() { bind to newDefer or newDefer.resolve }) + // deferred.fail(function() { bind to newDefer or newDefer.reject }) + deferred[ tuple[ 1 ] ]( function() { + var returned = fn && fn.apply( this, arguments ); + if ( returned && jQuery.isFunction( returned.promise ) ) { + returned.promise() + .progress( newDefer.notify ) + .done( newDefer.resolve ) + .fail( newDefer.reject ); + } else { + newDefer[ tuple[ 0 ] + "With" ]( + this, + fn ? [ returned ] : arguments + ); + } + } ); + } ); + fns = null; + } ).promise(); + }, + then: function( onFulfilled, onRejected, onProgress ) { + var maxDepth = 0; + function resolve( depth, deferred, handler, special ) { + return function() { + var that = this, + args = arguments, + mightThrow = function() { + var returned, then; + + // Support: Promises/A+ section 2.3.3.3.3 + // https://promisesaplus.com/#point-59 + // Ignore double-resolution attempts + if ( depth < maxDepth ) { + return; + } + + returned = handler.apply( that, args ); + + // Support: Promises/A+ section 2.3.1 + // https://promisesaplus.com/#point-48 + if ( returned === deferred.promise() ) { + throw new TypeError( "Thenable self-resolution" ); + } + + // Support: Promises/A+ sections 2.3.3.1, 3.5 + // https://promisesaplus.com/#point-54 + // https://promisesaplus.com/#point-75 + // Retrieve `then` only once + then = returned && + + // Support: Promises/A+ section 2.3.4 + // https://promisesaplus.com/#point-64 + // Only check objects and functions for thenability + ( typeof returned === "object" || + typeof returned === "function" ) && + returned.then; + + // Handle a returned thenable + if ( jQuery.isFunction( then ) ) { + + // Special processors (notify) just wait for resolution + if ( special ) { + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ) + ); + + // Normal processors (resolve) also hook into progress + } else { + + // ...and disregard older resolution values + maxDepth++; + + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ), + resolve( maxDepth, deferred, Identity, + deferred.notifyWith ) + ); + } + + // Handle all other returned values + } else { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Identity ) { + that = undefined; + args = [ returned ]; + } + + // Process the value(s) + // Default process is resolve + ( special || deferred.resolveWith )( that, args ); + } + }, + + // Only normal processors (resolve) catch and reject exceptions + process = special ? + mightThrow : + function() { + try { + mightThrow(); + } catch ( e ) { + + if ( jQuery.Deferred.exceptionHook ) { + jQuery.Deferred.exceptionHook( e, + process.stackTrace ); + } + + // Support: Promises/A+ section 2.3.3.3.4.1 + // https://promisesaplus.com/#point-61 + // Ignore post-resolution exceptions + if ( depth + 1 >= maxDepth ) { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Thrower ) { + that = undefined; + args = [ e ]; + } + + deferred.rejectWith( that, args ); + } + } + }; + + // Support: Promises/A+ section 2.3.3.3.1 + // https://promisesaplus.com/#point-57 + // Re-resolve promises immediately to dodge false rejection from + // subsequent errors + if ( depth ) { + process(); + } else { + + // Call an optional hook to record the stack, in case of exception + // since it's otherwise lost when execution goes async + if ( jQuery.Deferred.getStackHook ) { + process.stackTrace = jQuery.Deferred.getStackHook(); + } + window.setTimeout( process ); + } + }; + } + + return jQuery.Deferred( function( newDefer ) { + + // progress_handlers.add( ... ) + tuples[ 0 ][ 3 ].add( + resolve( + 0, + newDefer, + jQuery.isFunction( onProgress ) ? + onProgress : + Identity, + newDefer.notifyWith + ) + ); + + // fulfilled_handlers.add( ... ) + tuples[ 1 ][ 3 ].add( + resolve( + 0, + newDefer, + jQuery.isFunction( onFulfilled ) ? + onFulfilled : + Identity + ) + ); + + // rejected_handlers.add( ... ) + tuples[ 2 ][ 3 ].add( + resolve( + 0, + newDefer, + jQuery.isFunction( onRejected ) ? + onRejected : + Thrower + ) + ); + } ).promise(); + }, + + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + return obj != null ? jQuery.extend( obj, promise ) : promise; + } + }, + deferred = {}; + + // Add list-specific methods + jQuery.each( tuples, function( i, tuple ) { + var list = tuple[ 2 ], + stateString = tuple[ 5 ]; + + // promise.progress = list.add + // promise.done = list.add + // promise.fail = list.add + promise[ tuple[ 1 ] ] = list.add; + + // Handle state + if ( stateString ) { + list.add( + function() { + + // state = "resolved" (i.e., fulfilled) + // state = "rejected" + state = stateString; + }, + + // rejected_callbacks.disable + // fulfilled_callbacks.disable + tuples[ 3 - i ][ 2 ].disable, + + // progress_callbacks.lock + tuples[ 0 ][ 2 ].lock + ); + } + + // progress_handlers.fire + // fulfilled_handlers.fire + // rejected_handlers.fire + list.add( tuple[ 3 ].fire ); + + // deferred.notify = function() { deferred.notifyWith(...) } + // deferred.resolve = function() { deferred.resolveWith(...) } + // deferred.reject = function() { deferred.rejectWith(...) } + deferred[ tuple[ 0 ] ] = function() { + deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); + return this; + }; + + // deferred.notifyWith = list.fireWith + // deferred.resolveWith = list.fireWith + // deferred.rejectWith = list.fireWith + deferred[ tuple[ 0 ] + "With" ] = list.fireWith; + } ); + + // Make the deferred a promise + promise.promise( deferred ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( singleValue ) { + var + + // count of uncompleted subordinates + remaining = arguments.length, + + // count of unprocessed arguments + i = remaining, + + // subordinate fulfillment data + resolveContexts = Array( i ), + resolveValues = slice.call( arguments ), + + // the master Deferred + master = jQuery.Deferred(), + + // subordinate callback factory + updateFunc = function( i ) { + return function( value ) { + resolveContexts[ i ] = this; + resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; + if ( !( --remaining ) ) { + master.resolveWith( resolveContexts, resolveValues ); + } + }; + }; + + // Single- and empty arguments are adopted like Promise.resolve + if ( remaining <= 1 ) { + adoptValue( singleValue, master.done( updateFunc( i ) ).resolve, master.reject, + !remaining ); + + // Use .then() to unwrap secondary thenables (cf. gh-3000) + if ( master.state() === "pending" || + jQuery.isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { + + return master.then(); + } + } + + // Multiple arguments are aggregated like Promise.all array elements + while ( i-- ) { + adoptValue( resolveValues[ i ], updateFunc( i ), master.reject ); + } + + return master.promise(); + } +} ); + + +// These usually indicate a programmer mistake during development, +// warn about them ASAP rather than swallowing them by default. +var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; + +jQuery.Deferred.exceptionHook = function( error, stack ) { + + // Support: IE 8 - 9 only + // Console exists when dev tools are open, which can happen at any time + if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { + window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); + } +}; + + + + +jQuery.readyException = function( error ) { + window.setTimeout( function() { + throw error; + } ); +}; + + + + +// The deferred used on DOM ready +var readyList = jQuery.Deferred(); + +jQuery.fn.ready = function( fn ) { + + readyList + .then( fn ) + + // Wrap jQuery.readyException in a function so that the lookup + // happens at the time of error handling instead of callback + // registration. + .catch( function( error ) { + jQuery.readyException( error ); + } ); + + return this; +}; + +jQuery.extend( { + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Handle when the DOM is ready + ready: function( wait ) { + + // Abort if there are pending holds or we're already ready + if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { + return; + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.resolveWith( document, [ jQuery ] ); + } +} ); + +jQuery.ready.then = readyList.then; + +// The ready event handler and self cleanup method +function completed() { + document.removeEventListener( "DOMContentLoaded", completed ); + window.removeEventListener( "load", completed ); + jQuery.ready(); +} + +// Catch cases where $(document).ready() is called +// after the browser event has already occurred. +// Support: IE <=9 - 10 only +// Older IE sometimes signals "interactive" too soon +if ( document.readyState === "complete" || + ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { + + // Handle it asynchronously to allow scripts the opportunity to delay ready + window.setTimeout( jQuery.ready ); + +} else { + + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", completed ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", completed ); +} + + + + +// Multifunctional method to get and set values of a collection +// The value/s can optionally be executed if it's a function +var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { + var i = 0, + len = elems.length, + bulk = key == null; + + // Sets many values + if ( jQuery.type( key ) === "object" ) { + chainable = true; + for ( i in key ) { + access( elems, fn, i, key[ i ], true, emptyGet, raw ); + } + + // Sets one value + } else if ( value !== undefined ) { + chainable = true; + + if ( !jQuery.isFunction( value ) ) { + raw = true; + } + + if ( bulk ) { + + // Bulk operations run against the entire set + if ( raw ) { + fn.call( elems, value ); + fn = null; + + // ...except when executing function values + } else { + bulk = fn; + fn = function( elem, key, value ) { + return bulk.call( jQuery( elem ), value ); + }; + } + } + + if ( fn ) { + for ( ; i < len; i++ ) { + fn( + elems[ i ], key, raw ? + value : + value.call( elems[ i ], i, fn( elems[ i ], key ) ) + ); + } + } + } + + if ( chainable ) { + return elems; + } + + // Gets + if ( bulk ) { + return fn.call( elems ); + } + + return len ? fn( elems[ 0 ], key ) : emptyGet; +}; +var acceptData = function( owner ) { + + // Accepts only: + // - Node + // - Node.ELEMENT_NODE + // - Node.DOCUMENT_NODE + // - Object + // - Any + return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); +}; + + + + +function Data() { + this.expando = jQuery.expando + Data.uid++; +} + +Data.uid = 1; + +Data.prototype = { + + cache: function( owner ) { + + // Check if the owner object already has a cache + var value = owner[ this.expando ]; + + // If not, create one + if ( !value ) { + value = {}; + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( acceptData( owner ) ) { + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable property + // configurable must be true to allow the property to be + // deleted when data is removed + } else { + Object.defineProperty( owner, this.expando, { + value: value, + configurable: true + } ); + } + } + } + + return value; + }, + set: function( owner, data, value ) { + var prop, + cache = this.cache( owner ); + + // Handle: [ owner, key, value ] args + // Always use camelCase key (gh-2257) + if ( typeof data === "string" ) { + cache[ jQuery.camelCase( data ) ] = value; + + // Handle: [ owner, { properties } ] args + } else { + + // Copy the properties one-by-one to the cache object + for ( prop in data ) { + cache[ jQuery.camelCase( prop ) ] = data[ prop ]; + } + } + return cache; + }, + get: function( owner, key ) { + return key === undefined ? + this.cache( owner ) : + + // Always use camelCase key (gh-2257) + owner[ this.expando ] && owner[ this.expando ][ jQuery.camelCase( key ) ]; + }, + access: function( owner, key, value ) { + + // In cases where either: + // + // 1. No key was specified + // 2. A string key was specified, but no value provided + // + // Take the "read" path and allow the get method to determine + // which value to return, respectively either: + // + // 1. The entire cache object + // 2. The data stored at the key + // + if ( key === undefined || + ( ( key && typeof key === "string" ) && value === undefined ) ) { + + return this.get( owner, key ); + } + + // When the key is not a string, or both a key and value + // are specified, set or extend (existing objects) with either: + // + // 1. An object of properties + // 2. A key and value + // + this.set( owner, key, value ); + + // Since the "set" path can have two possible entry points + // return the expected data based on which path was taken[*] + return value !== undefined ? value : key; + }, + remove: function( owner, key ) { + var i, + cache = owner[ this.expando ]; + + if ( cache === undefined ) { + return; + } + + if ( key !== undefined ) { + + // Support array or space separated string of keys + if ( Array.isArray( key ) ) { + + // If key is an array of keys... + // We always set camelCase keys, so remove that. + key = key.map( jQuery.camelCase ); + } else { + key = jQuery.camelCase( key ); + + // If a key with the spaces exists, use it. + // Otherwise, create an array by matching non-whitespace + key = key in cache ? + [ key ] : + ( key.match( rnothtmlwhite ) || [] ); + } + + i = key.length; + + while ( i-- ) { + delete cache[ key[ i ] ]; + } + } + + // Remove the expando if there's no more data + if ( key === undefined || jQuery.isEmptyObject( cache ) ) { + + // Support: Chrome <=35 - 45 + // Webkit & Blink performance suffers when deleting properties + // from DOM nodes, so set to undefined instead + // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) + if ( owner.nodeType ) { + owner[ this.expando ] = undefined; + } else { + delete owner[ this.expando ]; + } + } + }, + hasData: function( owner ) { + var cache = owner[ this.expando ]; + return cache !== undefined && !jQuery.isEmptyObject( cache ); + } +}; +var dataPriv = new Data(); + +var dataUser = new Data(); + + + +// Implementation Summary +// +// 1. Enforce API surface and semantic compatibility with 1.9.x branch +// 2. Improve the module's maintainability by reducing the storage +// paths to a single mechanism. +// 3. Use the same single mechanism to support "private" and "user" data. +// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) +// 5. Avoid exposing implementation details on user objects (eg. expando properties) +// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 + +var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, + rmultiDash = /[A-Z]/g; + +function getData( data ) { + if ( data === "true" ) { + return true; + } + + if ( data === "false" ) { + return false; + } + + if ( data === "null" ) { + return null; + } + + // Only convert to a number if it doesn't change the string + if ( data === +data + "" ) { + return +data; + } + + if ( rbrace.test( data ) ) { + return JSON.parse( data ); + } + + return data; +} + +function dataAttr( elem, key, data ) { + var name; + + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = getData( data ); + } catch ( e ) {} + + // Make sure we set the data so it isn't changed later + dataUser.set( elem, key, data ); + } else { + data = undefined; + } + } + return data; +} + +jQuery.extend( { + hasData: function( elem ) { + return dataUser.hasData( elem ) || dataPriv.hasData( elem ); + }, + + data: function( elem, name, data ) { + return dataUser.access( elem, name, data ); + }, + + removeData: function( elem, name ) { + dataUser.remove( elem, name ); + }, + + // TODO: Now that all calls to _data and _removeData have been replaced + // with direct calls to dataPriv methods, these can be deprecated. + _data: function( elem, name, data ) { + return dataPriv.access( elem, name, data ); + }, + + _removeData: function( elem, name ) { + dataPriv.remove( elem, name ); + } +} ); + +jQuery.fn.extend( { + data: function( key, value ) { + var i, name, data, + elem = this[ 0 ], + attrs = elem && elem.attributes; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = dataUser.get( elem ); + + if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { + i = attrs.length; + while ( i-- ) { + + // Support: IE 11 only + // The attrs elements can be null (#14894) + if ( attrs[ i ] ) { + name = attrs[ i ].name; + if ( name.indexOf( "data-" ) === 0 ) { + name = jQuery.camelCase( name.slice( 5 ) ); + dataAttr( elem, name, data[ name ] ); + } + } + } + dataPriv.set( elem, "hasDataAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each( function() { + dataUser.set( this, key ); + } ); + } + + return access( this, function( value ) { + var data; + + // The calling jQuery object (element matches) is not empty + // (and therefore has an element appears at this[ 0 ]) and the + // `value` parameter was not undefined. An empty jQuery object + // will result in `undefined` for elem = this[ 0 ] which will + // throw an exception if an attempt to read a data cache is made. + if ( elem && value === undefined ) { + + // Attempt to get data from the cache + // The key will always be camelCased in Data + data = dataUser.get( elem, key ); + if ( data !== undefined ) { + return data; + } + + // Attempt to "discover" the data in + // HTML5 custom data-* attrs + data = dataAttr( elem, key ); + if ( data !== undefined ) { + return data; + } + + // We tried really hard, but the data doesn't exist. + return; + } + + // Set the data... + this.each( function() { + + // We always store the camelCased key + dataUser.set( this, key, value ); + } ); + }, null, value, arguments.length > 1, null, true ); + }, + + removeData: function( key ) { + return this.each( function() { + dataUser.remove( this, key ); + } ); + } +} ); + + +jQuery.extend( { + queue: function( elem, type, data ) { + var queue; + + if ( elem ) { + type = ( type || "fx" ) + "queue"; + queue = dataPriv.get( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !queue || Array.isArray( data ) ) { + queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); + } else { + queue.push( data ); + } + } + return queue || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + startLength = queue.length, + fn = queue.shift(), + hooks = jQuery._queueHooks( elem, type ), + next = function() { + jQuery.dequeue( elem, type ); + }; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + startLength--; + } + + if ( fn ) { + + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + // Clear up the last queue stop function + delete hooks.stop; + fn.call( elem, next, hooks ); + } + + if ( !startLength && hooks ) { + hooks.empty.fire(); + } + }, + + // Not public - generate a queueHooks object, or return the current one + _queueHooks: function( elem, type ) { + var key = type + "queueHooks"; + return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { + empty: jQuery.Callbacks( "once memory" ).add( function() { + dataPriv.remove( elem, [ type + "queue", key ] ); + } ) + } ); + } +} ); + +jQuery.fn.extend( { + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[ 0 ], type ); + } + + return data === undefined ? + this : + this.each( function() { + var queue = jQuery.queue( this, type, data ); + + // Ensure a hooks for this queue + jQuery._queueHooks( this, type ); + + if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + } ); + }, + dequeue: function( type ) { + return this.each( function() { + jQuery.dequeue( this, type ); + } ); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, obj ) { + var tmp, + count = 1, + defer = jQuery.Deferred(), + elements = this, + i = this.length, + resolve = function() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + }; + + if ( typeof type !== "string" ) { + obj = type; + type = undefined; + } + type = type || "fx"; + + while ( i-- ) { + tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); + if ( tmp && tmp.empty ) { + count++; + tmp.empty.add( resolve ); + } + } + resolve(); + return defer.promise( obj ); + } +} ); +var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; + +var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); + + +var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; + +var isHiddenWithinTree = function( elem, el ) { + + // isHiddenWithinTree might be called from jQuery#filter function; + // in that case, element will be second argument + elem = el || elem; + + // Inline style trumps all + return elem.style.display === "none" || + elem.style.display === "" && + + // Otherwise, check computed style + // Support: Firefox <=43 - 45 + // Disconnected elements can have computed display: none, so first confirm that elem is + // in the document. + jQuery.contains( elem.ownerDocument, elem ) && + + jQuery.css( elem, "display" ) === "none"; + }; + +var swap = function( elem, options, callback, args ) { + var ret, name, + old = {}; + + // Remember the old values, and insert the new ones + for ( name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + ret = callback.apply( elem, args || [] ); + + // Revert the old values + for ( name in options ) { + elem.style[ name ] = old[ name ]; + } + + return ret; +}; + + + + +function adjustCSS( elem, prop, valueParts, tween ) { + var adjusted, + scale = 1, + maxIterations = 20, + currentValue = tween ? + function() { + return tween.cur(); + } : + function() { + return jQuery.css( elem, prop, "" ); + }, + initial = currentValue(), + unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), + + // Starting value computation is required for potential unit mismatches + initialInUnit = ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && + rcssNum.exec( jQuery.css( elem, prop ) ); + + if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { + + // Trust units reported by jQuery.css + unit = unit || initialInUnit[ 3 ]; + + // Make sure we update the tween properties later on + valueParts = valueParts || []; + + // Iteratively approximate from a nonzero starting point + initialInUnit = +initial || 1; + + do { + + // If previous iteration zeroed out, double until we get *something*. + // Use string for doubling so we don't accidentally see scale as unchanged below + scale = scale || ".5"; + + // Adjust and apply + initialInUnit = initialInUnit / scale; + jQuery.style( elem, prop, initialInUnit + unit ); + + // Update scale, tolerating zero or NaN from tween.cur() + // Break the loop if scale is unchanged or perfect, or if we've just had enough. + } while ( + scale !== ( scale = currentValue() / initial ) && scale !== 1 && --maxIterations + ); + } + + if ( valueParts ) { + initialInUnit = +initialInUnit || +initial || 0; + + // Apply relative offset (+=/-=) if specified + adjusted = valueParts[ 1 ] ? + initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : + +valueParts[ 2 ]; + if ( tween ) { + tween.unit = unit; + tween.start = initialInUnit; + tween.end = adjusted; + } + } + return adjusted; +} + + +var defaultDisplayMap = {}; + +function getDefaultDisplay( elem ) { + var temp, + doc = elem.ownerDocument, + nodeName = elem.nodeName, + display = defaultDisplayMap[ nodeName ]; + + if ( display ) { + return display; + } + + temp = doc.body.appendChild( doc.createElement( nodeName ) ); + display = jQuery.css( temp, "display" ); + + temp.parentNode.removeChild( temp ); + + if ( display === "none" ) { + display = "block"; + } + defaultDisplayMap[ nodeName ] = display; + + return display; +} + +function showHide( elements, show ) { + var display, elem, + values = [], + index = 0, + length = elements.length; + + // Determine new display value for elements that need to change + for ( ; index < length; index++ ) { + elem = elements[ index ]; + if ( !elem.style ) { + continue; + } + + display = elem.style.display; + if ( show ) { + + // Since we force visibility upon cascade-hidden elements, an immediate (and slow) + // check is required in this first loop unless we have a nonempty display value (either + // inline or about-to-be-restored) + if ( display === "none" ) { + values[ index ] = dataPriv.get( elem, "display" ) || null; + if ( !values[ index ] ) { + elem.style.display = ""; + } + } + if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { + values[ index ] = getDefaultDisplay( elem ); + } + } else { + if ( display !== "none" ) { + values[ index ] = "none"; + + // Remember what we're overwriting + dataPriv.set( elem, "display", display ); + } + } + } + + // Set the display of the elements in a second loop to avoid constant reflow + for ( index = 0; index < length; index++ ) { + if ( values[ index ] != null ) { + elements[ index ].style.display = values[ index ]; + } + } + + return elements; +} + +jQuery.fn.extend( { + show: function() { + return showHide( this, true ); + }, + hide: function() { + return showHide( this ); + }, + toggle: function( state ) { + if ( typeof state === "boolean" ) { + return state ? this.show() : this.hide(); + } + + return this.each( function() { + if ( isHiddenWithinTree( this ) ) { + jQuery( this ).show(); + } else { + jQuery( this ).hide(); + } + } ); + } +} ); +var rcheckableType = ( /^(?:checkbox|radio)$/i ); + +var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]+)/i ); + +var rscriptType = ( /^$|\/(?:java|ecma)script/i ); + + + +// We have to close these tags to support XHTML (#13200) +var wrapMap = { + + // Support: IE <=9 only + option: [ 1, "" ], + + // XHTML parsers do not magically insert elements in the + // same way that tag soup parsers do. So we cannot shorten + // this by omitting or other required elements. + thead: [ 1, "", "
" ], + col: [ 2, "", "
" ], + tr: [ 2, "", "
" ], + td: [ 3, "", "
" ], + + _default: [ 0, "", "" ] +}; + +// Support: IE <=9 only +wrapMap.optgroup = wrapMap.option; + +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + + +function getAll( context, tag ) { + + // Support: IE <=9 - 11 only + // Use typeof to avoid zero-argument method invocation on host objects (#15151) + var ret; + + if ( typeof context.getElementsByTagName !== "undefined" ) { + ret = context.getElementsByTagName( tag || "*" ); + + } else if ( typeof context.querySelectorAll !== "undefined" ) { + ret = context.querySelectorAll( tag || "*" ); + + } else { + ret = []; + } + + if ( tag === undefined || tag && nodeName( context, tag ) ) { + return jQuery.merge( [ context ], ret ); + } + + return ret; +} + + +// Mark scripts as having already been evaluated +function setGlobalEval( elems, refElements ) { + var i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + dataPriv.set( + elems[ i ], + "globalEval", + !refElements || dataPriv.get( refElements[ i ], "globalEval" ) + ); + } +} + + +var rhtml = /<|&#?\w+;/; + +function buildFragment( elems, context, scripts, selection, ignored ) { + var elem, tmp, tag, wrap, contains, j, + fragment = context.createDocumentFragment(), + nodes = [], + i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + elem = elems[ i ]; + + if ( elem || elem === 0 ) { + + // Add nodes directly + if ( jQuery.type( elem ) === "object" ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); + + // Convert non-html into a text node + } else if ( !rhtml.test( elem ) ) { + nodes.push( context.createTextNode( elem ) ); + + // Convert html into DOM nodes + } else { + tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); + + // Deserialize a standard representation + tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); + wrap = wrapMap[ tag ] || wrapMap._default; + tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; + + // Descend through wrappers to the right content + j = wrap[ 0 ]; + while ( j-- ) { + tmp = tmp.lastChild; + } + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, tmp.childNodes ); + + // Remember the top-level container + tmp = fragment.firstChild; + + // Ensure the created nodes are orphaned (#12392) + tmp.textContent = ""; + } + } + } + + // Remove wrapper from fragment + fragment.textContent = ""; + + i = 0; + while ( ( elem = nodes[ i++ ] ) ) { + + // Skip elements already in the context collection (trac-4087) + if ( selection && jQuery.inArray( elem, selection ) > -1 ) { + if ( ignored ) { + ignored.push( elem ); + } + continue; + } + + contains = jQuery.contains( elem.ownerDocument, elem ); + + // Append to fragment + tmp = getAll( fragment.appendChild( elem ), "script" ); + + // Preserve script evaluation history + if ( contains ) { + setGlobalEval( tmp ); + } + + // Capture executables + if ( scripts ) { + j = 0; + while ( ( elem = tmp[ j++ ] ) ) { + if ( rscriptType.test( elem.type || "" ) ) { + scripts.push( elem ); + } + } + } + } + + return fragment; +} + + +( function() { + var fragment = document.createDocumentFragment(), + div = fragment.appendChild( document.createElement( "div" ) ), + input = document.createElement( "input" ); + + // Support: Android 4.0 - 4.3 only + // Check state lost if the name is set (#11217) + // Support: Windows Web Apps (WWA) + // `name` and `type` must use .setAttribute for WWA (#14901) + input.setAttribute( "type", "radio" ); + input.setAttribute( "checked", "checked" ); + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + + // Support: Android <=4.1 only + // Older WebKit doesn't clone checked state correctly in fragments + support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Support: IE <=11 only + // Make sure textarea (and checkbox) defaultValue is properly cloned + div.innerHTML = ""; + support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; +} )(); +var documentElement = document.documentElement; + + + +var + rkeyEvent = /^key/, + rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/, + rtypenamespace = /^([^.]*)(?:\.(.+)|)/; + +function returnTrue() { + return true; +} + +function returnFalse() { + return false; +} + +// Support: IE <=9 only +// See #13393 for more info +function safeActiveElement() { + try { + return document.activeElement; + } catch ( err ) { } +} + +function on( elem, types, selector, data, fn, one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { + + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + on( elem, type, selector, data, types[ type ], one ); + } + return elem; + } + + if ( data == null && fn == null ) { + + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return elem; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return elem.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + } ); +} + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + global: {}, + + add: function( elem, types, handler, data, selector ) { + + var handleObjIn, eventHandle, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.get( elem ); + + // Don't attach events to noData or text/comment nodes (but allow plain objects) + if ( !elemData ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Ensure that invalid selectors throw exceptions at attach time + // Evaluate against documentElement in case elem is a non-element node (e.g., document) + if ( selector ) { + jQuery.find.matchesSelector( documentElement, selector ); + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + if ( !( events = elemData.events ) ) { + events = elemData.events = {}; + } + if ( !( eventHandle = elemData.handle ) ) { + eventHandle = elemData.handle = function( e ) { + + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? + jQuery.event.dispatch.apply( elem, arguments ) : undefined; + }; + } + + // Handle multiple events separated by a space + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // There *must* be a type, no attaching namespace-only handlers + if ( !type ) { + continue; + } + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend( { + type: type, + origType: origType, + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + needsContext: selector && jQuery.expr.match.needsContext.test( selector ), + namespace: namespaces.join( "." ) + }, handleObjIn ); + + // Init the event handler queue if we're the first + if ( !( handlers = events[ type ] ) ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener if the special events handler returns false + if ( !special.setup || + special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + }, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var j, origCount, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); + + if ( !elemData || !( events = elemData.events ) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector ? special.delegateType : special.bindType ) || type; + handlers = events[ type ] || []; + tmp = tmp[ 2 ] && + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); + + // Remove matching events + origCount = j = handlers.length; + while ( j-- ) { + handleObj = handlers[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !tmp || tmp.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || + selector === "**" && handleObj.selector ) ) { + handlers.splice( j, 1 ); + + if ( handleObj.selector ) { + handlers.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( origCount && !handlers.length ) { + if ( !special.teardown || + special.teardown.call( elem, namespaces, elemData.handle ) === false ) { + + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove data and the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + dataPriv.remove( elem, "handle events" ); + } + }, + + dispatch: function( nativeEvent ) { + + // Make a writable jQuery.Event from the native event object + var event = jQuery.event.fix( nativeEvent ); + + var i, j, ret, matched, handleObj, handlerQueue, + args = new Array( arguments.length ), + handlers = ( dataPriv.get( this, "events" ) || {} )[ event.type ] || [], + special = jQuery.event.special[ event.type ] || {}; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[ 0 ] = event; + + for ( i = 1; i < arguments.length; i++ ) { + args[ i ] = arguments[ i ]; + } + + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers + handlerQueue = jQuery.event.handlers.call( this, event, handlers ); + + // Run delegates first; they may want to stop propagation beneath us + i = 0; + while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { + event.currentTarget = matched.elem; + + j = 0; + while ( ( handleObj = matched.handlers[ j++ ] ) && + !event.isImmediatePropagationStopped() ) { + + // Triggered event must either 1) have no namespace, or 2) have namespace(s) + // a subset or equal to those in the bound event (both can have no namespace). + if ( !event.rnamespace || event.rnamespace.test( handleObj.namespace ) ) { + + event.handleObj = handleObj; + event.data = handleObj.data; + + ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || + handleObj.handler ).apply( matched.elem, args ); + + if ( ret !== undefined ) { + if ( ( event.result = ret ) === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + handlers: function( event, handlers ) { + var i, handleObj, sel, matchedHandlers, matchedSelectors, + handlerQueue = [], + delegateCount = handlers.delegateCount, + cur = event.target; + + // Find delegate handlers + if ( delegateCount && + + // Support: IE <=9 + // Black-hole SVG instance trees (trac-13180) + cur.nodeType && + + // Support: Firefox <=42 + // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) + // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click + // Support: IE 11 only + // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) + !( event.type === "click" && event.button >= 1 ) ) { + + for ( ; cur !== this; cur = cur.parentNode || this ) { + + // Don't check non-elements (#13208) + // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) + if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { + matchedHandlers = []; + matchedSelectors = {}; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + + // Don't conflict with Object.prototype properties (#13203) + sel = handleObj.selector + " "; + + if ( matchedSelectors[ sel ] === undefined ) { + matchedSelectors[ sel ] = handleObj.needsContext ? + jQuery( sel, this ).index( cur ) > -1 : + jQuery.find( sel, this, null, [ cur ] ).length; + } + if ( matchedSelectors[ sel ] ) { + matchedHandlers.push( handleObj ); + } + } + if ( matchedHandlers.length ) { + handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); + } + } + } + } + + // Add the remaining (directly-bound) handlers + cur = this; + if ( delegateCount < handlers.length ) { + handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); + } + + return handlerQueue; + }, + + addProp: function( name, hook ) { + Object.defineProperty( jQuery.Event.prototype, name, { + enumerable: true, + configurable: true, + + get: jQuery.isFunction( hook ) ? + function() { + if ( this.originalEvent ) { + return hook( this.originalEvent ); + } + } : + function() { + if ( this.originalEvent ) { + return this.originalEvent[ name ]; + } + }, + + set: function( value ) { + Object.defineProperty( this, name, { + enumerable: true, + configurable: true, + writable: true, + value: value + } ); + } + } ); + }, + + fix: function( originalEvent ) { + return originalEvent[ jQuery.expando ] ? + originalEvent : + new jQuery.Event( originalEvent ); + }, + + special: { + load: { + + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + focus: { + + // Fire native event if possible so blur/focus sequence is correct + trigger: function() { + if ( this !== safeActiveElement() && this.focus ) { + this.focus(); + return false; + } + }, + delegateType: "focusin" + }, + blur: { + trigger: function() { + if ( this === safeActiveElement() && this.blur ) { + this.blur(); + return false; + } + }, + delegateType: "focusout" + }, + click: { + + // For checkbox, fire native event so checked state will be right + trigger: function() { + if ( this.type === "checkbox" && this.click && nodeName( this, "input" ) ) { + this.click(); + return false; + } + }, + + // For cross-browser consistency, don't fire native .click() on links + _default: function( event ) { + return nodeName( event.target, "a" ); + } + }, + + beforeunload: { + postDispatch: function( event ) { + + // Support: Firefox 20+ + // Firefox doesn't alert if the returnValue field is not set. + if ( event.result !== undefined && event.originalEvent ) { + event.originalEvent.returnValue = event.result; + } + } + } + } +}; + +jQuery.removeEvent = function( elem, type, handle ) { + + // This "if" is needed for plain objects + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle ); + } +}; + +jQuery.Event = function( src, props ) { + + // Allow instantiation without the 'new' keyword + if ( !( this instanceof jQuery.Event ) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = src.defaultPrevented || + src.defaultPrevented === undefined && + + // Support: Android <=2.3 only + src.returnValue === false ? + returnTrue : + returnFalse; + + // Create target properties + // Support: Safari <=6 - 7 only + // Target should not be a text node (#504, #13143) + this.target = ( src.target && src.target.nodeType === 3 ) ? + src.target.parentNode : + src.target; + + this.currentTarget = src.currentTarget; + this.relatedTarget = src.relatedTarget; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || jQuery.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + constructor: jQuery.Event, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse, + isSimulated: false, + + preventDefault: function() { + var e = this.originalEvent; + + this.isDefaultPrevented = returnTrue; + + if ( e && !this.isSimulated ) { + e.preventDefault(); + } + }, + stopPropagation: function() { + var e = this.originalEvent; + + this.isPropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopPropagation(); + } + }, + stopImmediatePropagation: function() { + var e = this.originalEvent; + + this.isImmediatePropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopImmediatePropagation(); + } + + this.stopPropagation(); + } +}; + +// Includes all common event props including KeyEvent and MouseEvent specific props +jQuery.each( { + altKey: true, + bubbles: true, + cancelable: true, + changedTouches: true, + ctrlKey: true, + detail: true, + eventPhase: true, + metaKey: true, + pageX: true, + pageY: true, + shiftKey: true, + view: true, + "char": true, + charCode: true, + key: true, + keyCode: true, + button: true, + buttons: true, + clientX: true, + clientY: true, + offsetX: true, + offsetY: true, + pointerId: true, + pointerType: true, + screenX: true, + screenY: true, + targetTouches: true, + toElement: true, + touches: true, + + which: function( event ) { + var button = event.button; + + // Add which for key events + if ( event.which == null && rkeyEvent.test( event.type ) ) { + return event.charCode != null ? event.charCode : event.keyCode; + } + + // Add which for click: 1 === left; 2 === middle; 3 === right + if ( !event.which && button !== undefined && rmouseEvent.test( event.type ) ) { + if ( button & 1 ) { + return 1; + } + + if ( button & 2 ) { + return 3; + } + + if ( button & 4 ) { + return 2; + } + + return 0; + } + + return event.which; + } +}, jQuery.event.addProp ); + +// Create mouseenter/leave events using mouseover/out and event-time checks +// so that event delegation works in jQuery. +// Do the same for pointerenter/pointerleave and pointerover/pointerout +// +// Support: Safari 7 only +// Safari sends mouseenter too often; see: +// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 +// for the description of the bug (it existed in older Chrome versions as well). +jQuery.each( { + mouseenter: "mouseover", + mouseleave: "mouseout", + pointerenter: "pointerover", + pointerleave: "pointerout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var ret, + target = this, + related = event.relatedTarget, + handleObj = event.handleObj; + + // For mouseenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +} ); + +jQuery.fn.extend( { + + on: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn ); + }, + one: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + var handleObj, type; + if ( types && types.preventDefault && types.handleObj ) { + + // ( event ) dispatched jQuery.Event + handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? + handleObj.origType + "." + handleObj.namespace : + handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + + // ( types-object [, selector] ) + for ( type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each( function() { + jQuery.event.remove( this, types, fn, selector ); + } ); + } +} ); + + +var + + /* eslint-disable max-len */ + + // See https://github.com/eslint/eslint/issues/3229 + rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi, + + /* eslint-enable */ + + // Support: IE <=10 - 11, Edge 12 - 13 + // In IE/Edge using regex groups here causes severe slowdowns. + // See https://connect.microsoft.com/IE/feedback/details/1736512/ + rnoInnerhtml = /\s*$/g; + +// Prefer a tbody over its parent table for containing new rows +function manipulationTarget( elem, content ) { + if ( nodeName( elem, "table" ) && + nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { + + return jQuery( ">tbody", elem )[ 0 ] || elem; + } + + return elem; +} + +// Replace/restore the type attribute of script elements for safe DOM manipulation +function disableScript( elem ) { + elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; + return elem; +} +function restoreScript( elem ) { + var match = rscriptTypeMasked.exec( elem.type ); + + if ( match ) { + elem.type = match[ 1 ]; + } else { + elem.removeAttribute( "type" ); + } + + return elem; +} + +function cloneCopyEvent( src, dest ) { + var i, l, type, pdataOld, pdataCur, udataOld, udataCur, events; + + if ( dest.nodeType !== 1 ) { + return; + } + + // 1. Copy private data: events, handlers, etc. + if ( dataPriv.hasData( src ) ) { + pdataOld = dataPriv.access( src ); + pdataCur = dataPriv.set( dest, pdataOld ); + events = pdataOld.events; + + if ( events ) { + delete pdataCur.handle; + pdataCur.events = {}; + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + } + + // 2. Copy user data + if ( dataUser.hasData( src ) ) { + udataOld = dataUser.access( src ); + udataCur = jQuery.extend( {}, udataOld ); + + dataUser.set( dest, udataCur ); + } +} + +// Fix IE bugs, see support tests +function fixInput( src, dest ) { + var nodeName = dest.nodeName.toLowerCase(); + + // Fails to persist the checked state of a cloned checkbox or radio button. + if ( nodeName === "input" && rcheckableType.test( src.type ) ) { + dest.checked = src.checked; + + // Fails to return the selected option to the default selected state when cloning options + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + } +} + +function domManip( collection, args, callback, ignored ) { + + // Flatten any nested arrays + args = concat.apply( [], args ); + + var fragment, first, scripts, hasScripts, node, doc, + i = 0, + l = collection.length, + iNoClone = l - 1, + value = args[ 0 ], + isFunction = jQuery.isFunction( value ); + + // We can't cloneNode fragments that contain checked, in WebKit + if ( isFunction || + ( l > 1 && typeof value === "string" && + !support.checkClone && rchecked.test( value ) ) ) { + return collection.each( function( index ) { + var self = collection.eq( index ); + if ( isFunction ) { + args[ 0 ] = value.call( this, index, self.html() ); + } + domManip( self, args, callback, ignored ); + } ); + } + + if ( l ) { + fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); + first = fragment.firstChild; + + if ( fragment.childNodes.length === 1 ) { + fragment = first; + } + + // Require either new content or an interest in ignored elements to invoke the callback + if ( first || ignored ) { + scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); + hasScripts = scripts.length; + + // Use the original fragment for the last item + // instead of the first because it can end up + // being emptied incorrectly in certain situations (#8070). + for ( ; i < l; i++ ) { + node = fragment; + + if ( i !== iNoClone ) { + node = jQuery.clone( node, true, true ); + + // Keep references to cloned scripts for later restoration + if ( hasScripts ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( scripts, getAll( node, "script" ) ); + } + } + + callback.call( collection[ i ], node, i ); + } + + if ( hasScripts ) { + doc = scripts[ scripts.length - 1 ].ownerDocument; + + // Reenable scripts + jQuery.map( scripts, restoreScript ); + + // Evaluate executable scripts on first document insertion + for ( i = 0; i < hasScripts; i++ ) { + node = scripts[ i ]; + if ( rscriptType.test( node.type || "" ) && + !dataPriv.access( node, "globalEval" ) && + jQuery.contains( doc, node ) ) { + + if ( node.src ) { + + // Optional AJAX dependency, but won't run scripts if not present + if ( jQuery._evalUrl ) { + jQuery._evalUrl( node.src ); + } + } else { + DOMEval( node.textContent.replace( rcleanScript, "" ), doc ); + } + } + } + } + } + } + + return collection; +} + +function remove( elem, selector, keepData ) { + var node, + nodes = selector ? jQuery.filter( selector, elem ) : elem, + i = 0; + + for ( ; ( node = nodes[ i ] ) != null; i++ ) { + if ( !keepData && node.nodeType === 1 ) { + jQuery.cleanData( getAll( node ) ); + } + + if ( node.parentNode ) { + if ( keepData && jQuery.contains( node.ownerDocument, node ) ) { + setGlobalEval( getAll( node, "script" ) ); + } + node.parentNode.removeChild( node ); + } + } + + return elem; +} + +jQuery.extend( { + htmlPrefilter: function( html ) { + return html.replace( rxhtmlTag, "<$1>" ); + }, + + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var i, l, srcElements, destElements, + clone = elem.cloneNode( true ), + inPage = jQuery.contains( elem.ownerDocument, elem ); + + // Fix IE cloning issues + if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && + !jQuery.isXMLDoc( elem ) ) { + + // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 + destElements = getAll( clone ); + srcElements = getAll( elem ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + fixInput( srcElements[ i ], destElements[ i ] ); + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + if ( deepDataAndEvents ) { + srcElements = srcElements || getAll( elem ); + destElements = destElements || getAll( clone ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + cloneCopyEvent( srcElements[ i ], destElements[ i ] ); + } + } else { + cloneCopyEvent( elem, clone ); + } + } + + // Preserve script evaluation history + destElements = getAll( clone, "script" ); + if ( destElements.length > 0 ) { + setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); + } + + // Return the cloned set + return clone; + }, + + cleanData: function( elems ) { + var data, elem, type, + special = jQuery.event.special, + i = 0; + + for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { + if ( acceptData( elem ) ) { + if ( ( data = elem[ dataPriv.expando ] ) ) { + if ( data.events ) { + for ( type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + } + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataPriv.expando ] = undefined; + } + if ( elem[ dataUser.expando ] ) { + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataUser.expando ] = undefined; + } + } + } + } +} ); + +jQuery.fn.extend( { + detach: function( selector ) { + return remove( this, selector, true ); + }, + + remove: function( selector ) { + return remove( this, selector ); + }, + + text: function( value ) { + return access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().each( function() { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + this.textContent = value; + } + } ); + }, null, value, arguments.length ); + }, + + append: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.appendChild( elem ); + } + } ); + }, + + prepend: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.insertBefore( elem, target.firstChild ); + } + } ); + }, + + before: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this ); + } + } ); + }, + + after: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + } + } ); + }, + + empty: function() { + var elem, + i = 0; + + for ( ; ( elem = this[ i ] ) != null; i++ ) { + if ( elem.nodeType === 1 ) { + + // Prevent memory leaks + jQuery.cleanData( getAll( elem, false ) ); + + // Remove any remaining nodes + elem.textContent = ""; + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function() { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + } ); + }, + + html: function( value ) { + return access( this, function( value ) { + var elem = this[ 0 ] || {}, + i = 0, + l = this.length; + + if ( value === undefined && elem.nodeType === 1 ) { + return elem.innerHTML; + } + + // See if we can take a shortcut and just use innerHTML + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { + + value = jQuery.htmlPrefilter( value ); + + try { + for ( ; i < l; i++ ) { + elem = this[ i ] || {}; + + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( getAll( elem, false ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch ( e ) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function() { + var ignored = []; + + // Make the changes, replacing each non-ignored context element with the new content + return domManip( this, arguments, function( elem ) { + var parent = this.parentNode; + + if ( jQuery.inArray( this, ignored ) < 0 ) { + jQuery.cleanData( getAll( this ) ); + if ( parent ) { + parent.replaceChild( elem, this ); + } + } + + // Force callback invocation + }, ignored ); + } +} ); + +jQuery.each( { + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var elems, + ret = [], + insert = jQuery( selector ), + last = insert.length - 1, + i = 0; + + for ( ; i <= last; i++ ) { + elems = i === last ? this : this.clone( true ); + jQuery( insert[ i ] )[ original ]( elems ); + + // Support: Android <=4.0 only, PhantomJS 1 only + // .get() because push.apply(_, arraylike) throws on ancient WebKit + push.apply( ret, elems.get() ); + } + + return this.pushStack( ret ); + }; +} ); +var rmargin = ( /^margin/ ); + +var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); + +var getStyles = function( elem ) { + + // Support: IE <=11 only, Firefox <=30 (#15098, #14150) + // IE throws on elements created in popups + // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" + var view = elem.ownerDocument.defaultView; + + if ( !view || !view.opener ) { + view = window; + } + + return view.getComputedStyle( elem ); + }; + + + +( function() { + + // Executing both pixelPosition & boxSizingReliable tests require only one layout + // so they're executed at the same time to save the second computation. + function computeStyleTests() { + + // This is a singleton, we need to execute it only once + if ( !div ) { + return; + } + + div.style.cssText = + "box-sizing:border-box;" + + "position:relative;display:block;" + + "margin:auto;border:1px;padding:1px;" + + "top:1%;width:50%"; + div.innerHTML = ""; + documentElement.appendChild( container ); + + var divStyle = window.getComputedStyle( div ); + pixelPositionVal = divStyle.top !== "1%"; + + // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 + reliableMarginLeftVal = divStyle.marginLeft === "2px"; + boxSizingReliableVal = divStyle.width === "4px"; + + // Support: Android 4.0 - 4.3 only + // Some styles come back with percentage values, even though they shouldn't + div.style.marginRight = "50%"; + pixelMarginRightVal = divStyle.marginRight === "4px"; + + documentElement.removeChild( container ); + + // Nullify the div so it wouldn't be stored in the memory and + // it will also be a sign that checks already performed + div = null; + } + + var pixelPositionVal, boxSizingReliableVal, pixelMarginRightVal, reliableMarginLeftVal, + container = document.createElement( "div" ), + div = document.createElement( "div" ); + + // Finish early in limited (non-browser) environments + if ( !div.style ) { + return; + } + + // Support: IE <=9 - 11 only + // Style of cloned element affects source element cloned (#8908) + div.style.backgroundClip = "content-box"; + div.cloneNode( true ).style.backgroundClip = ""; + support.clearCloneStyle = div.style.backgroundClip === "content-box"; + + container.style.cssText = "border:0;width:8px;height:0;top:0;left:-9999px;" + + "padding:0;margin-top:1px;position:absolute"; + container.appendChild( div ); + + jQuery.extend( support, { + pixelPosition: function() { + computeStyleTests(); + return pixelPositionVal; + }, + boxSizingReliable: function() { + computeStyleTests(); + return boxSizingReliableVal; + }, + pixelMarginRight: function() { + computeStyleTests(); + return pixelMarginRightVal; + }, + reliableMarginLeft: function() { + computeStyleTests(); + return reliableMarginLeftVal; + } + } ); +} )(); + + +function curCSS( elem, name, computed ) { + var width, minWidth, maxWidth, ret, + + // Support: Firefox 51+ + // Retrieving style before computed somehow + // fixes an issue with getting wrong values + // on detached elements + style = elem.style; + + computed = computed || getStyles( elem ); + + // getPropertyValue is needed for: + // .css('filter') (IE 9 only, #12537) + // .css('--customProperty) (#3144) + if ( computed ) { + ret = computed.getPropertyValue( name ) || computed[ name ]; + + if ( ret === "" && !jQuery.contains( elem.ownerDocument, elem ) ) { + ret = jQuery.style( elem, name ); + } + + // A tribute to the "awesome hack by Dean Edwards" + // Android Browser returns percentage for some values, + // but width seems to be reliably pixels. + // This is against the CSSOM draft spec: + // https://drafts.csswg.org/cssom/#resolved-values + if ( !support.pixelMarginRight() && rnumnonpx.test( ret ) && rmargin.test( name ) ) { + + // Remember the original values + width = style.width; + minWidth = style.minWidth; + maxWidth = style.maxWidth; + + // Put in the new values to get a computed value out + style.minWidth = style.maxWidth = style.width = ret; + ret = computed.width; + + // Revert the changed values + style.width = width; + style.minWidth = minWidth; + style.maxWidth = maxWidth; + } + } + + return ret !== undefined ? + + // Support: IE <=9 - 11 only + // IE returns zIndex value as an integer. + ret + "" : + ret; +} + + +function addGetHookIf( conditionFn, hookFn ) { + + // Define the hook, we'll check on the first run if it's really needed. + return { + get: function() { + if ( conditionFn() ) { + + // Hook not needed (or it's not possible to use it due + // to missing dependency), remove it. + delete this.get; + return; + } + + // Hook needed; redefine it so that the support test is not executed again. + return ( this.get = hookFn ).apply( this, arguments ); + } + }; +} + + +var + + // Swappable if display is none or starts with table + // except "table", "table-cell", or "table-caption" + // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display + rdisplayswap = /^(none|table(?!-c[ea]).+)/, + rcustomProp = /^--/, + cssShow = { position: "absolute", visibility: "hidden", display: "block" }, + cssNormalTransform = { + letterSpacing: "0", + fontWeight: "400" + }, + + cssPrefixes = [ "Webkit", "Moz", "ms" ], + emptyStyle = document.createElement( "div" ).style; + +// Return a css property mapped to a potentially vendor prefixed property +function vendorPropName( name ) { + + // Shortcut for names that are not vendor prefixed + if ( name in emptyStyle ) { + return name; + } + + // Check for vendor prefixed names + var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), + i = cssPrefixes.length; + + while ( i-- ) { + name = cssPrefixes[ i ] + capName; + if ( name in emptyStyle ) { + return name; + } + } +} + +// Return a property mapped along what jQuery.cssProps suggests or to +// a vendor prefixed property. +function finalPropName( name ) { + var ret = jQuery.cssProps[ name ]; + if ( !ret ) { + ret = jQuery.cssProps[ name ] = vendorPropName( name ) || name; + } + return ret; +} + +function setPositiveNumber( elem, value, subtract ) { + + // Any relative (+/-) values have already been + // normalized at this point + var matches = rcssNum.exec( value ); + return matches ? + + // Guard against undefined "subtract", e.g., when used as in cssHooks + Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : + value; +} + +function augmentWidthOrHeight( elem, name, extra, isBorderBox, styles ) { + var i, + val = 0; + + // If we already have the right measurement, avoid augmentation + if ( extra === ( isBorderBox ? "border" : "content" ) ) { + i = 4; + + // Otherwise initialize for horizontal or vertical properties + } else { + i = name === "width" ? 1 : 0; + } + + for ( ; i < 4; i += 2 ) { + + // Both box models exclude margin, so add it if we want it + if ( extra === "margin" ) { + val += jQuery.css( elem, extra + cssExpand[ i ], true, styles ); + } + + if ( isBorderBox ) { + + // border-box includes padding, so remove it if we want content + if ( extra === "content" ) { + val -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + } + + // At this point, extra isn't border nor margin, so remove border + if ( extra !== "margin" ) { + val -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + } else { + + // At this point, extra isn't content, so add padding + val += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + + // At this point, extra isn't content nor padding, so add border + if ( extra !== "padding" ) { + val += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + } + } + + return val; +} + +function getWidthOrHeight( elem, name, extra ) { + + // Start with computed style + var valueIsBorderBox, + styles = getStyles( elem ), + val = curCSS( elem, name, styles ), + isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; + + // Computed unit is not pixels. Stop here and return. + if ( rnumnonpx.test( val ) ) { + return val; + } + + // Check for style in case a browser which returns unreliable values + // for getComputedStyle silently falls back to the reliable elem.style + valueIsBorderBox = isBorderBox && + ( support.boxSizingReliable() || val === elem.style[ name ] ); + + // Fall back to offsetWidth/Height when value is "auto" + // This happens for inline elements with no explicit setting (gh-3571) + if ( val === "auto" ) { + val = elem[ "offset" + name[ 0 ].toUpperCase() + name.slice( 1 ) ]; + } + + // Normalize "", auto, and prepare for extra + val = parseFloat( val ) || 0; + + // Use the active box-sizing model to add/subtract irrelevant styles + return ( val + + augmentWidthOrHeight( + elem, + name, + extra || ( isBorderBox ? "border" : "content" ), + valueIsBorderBox, + styles + ) + ) + "px"; +} + +jQuery.extend( { + + // Add in style property hooks for overriding the default + // behavior of getting and setting a style property + cssHooks: { + opacity: { + get: function( elem, computed ) { + if ( computed ) { + + // We should always get a number back from opacity + var ret = curCSS( elem, "opacity" ); + return ret === "" ? "1" : ret; + } + } + } + }, + + // Don't automatically add "px" to these possibly-unitless properties + cssNumber: { + "animationIterationCount": true, + "columnCount": true, + "fillOpacity": true, + "flexGrow": true, + "flexShrink": true, + "fontWeight": true, + "lineHeight": true, + "opacity": true, + "order": true, + "orphans": true, + "widows": true, + "zIndex": true, + "zoom": true + }, + + // Add in properties whose names you wish to fix before + // setting or getting the value + cssProps: { + "float": "cssFloat" + }, + + // Get and set the style property on a DOM Node + style: function( elem, name, value, extra ) { + + // Don't set styles on text and comment nodes + if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { + return; + } + + // Make sure that we're working with the right name + var ret, type, hooks, + origName = jQuery.camelCase( name ), + isCustomProp = rcustomProp.test( name ), + style = elem.style; + + // Make sure that we're working with the right name. We don't + // want to query the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Gets hook for the prefixed version, then unprefixed version + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // Check if we're setting a value + if ( value !== undefined ) { + type = typeof value; + + // Convert "+=" or "-=" to relative numbers (#7345) + if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { + value = adjustCSS( elem, name, ret ); + + // Fixes bug #9237 + type = "number"; + } + + // Make sure that null and NaN values aren't set (#7116) + if ( value == null || value !== value ) { + return; + } + + // If a number was passed in, add the unit (except for certain CSS properties) + if ( type === "number" ) { + value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); + } + + // background-* props affect original clone's values + if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { + style[ name ] = "inherit"; + } + + // If a hook was provided, use that value, otherwise just set the specified value + if ( !hooks || !( "set" in hooks ) || + ( value = hooks.set( elem, value, extra ) ) !== undefined ) { + + if ( isCustomProp ) { + style.setProperty( name, value ); + } else { + style[ name ] = value; + } + } + + } else { + + // If a hook was provided get the non-computed value from there + if ( hooks && "get" in hooks && + ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { + + return ret; + } + + // Otherwise just get the value from the style object + return style[ name ]; + } + }, + + css: function( elem, name, extra, styles ) { + var val, num, hooks, + origName = jQuery.camelCase( name ), + isCustomProp = rcustomProp.test( name ); + + // Make sure that we're working with the right name. We don't + // want to modify the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Try prefixed name followed by the unprefixed name + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // If a hook was provided get the computed value from there + if ( hooks && "get" in hooks ) { + val = hooks.get( elem, true, extra ); + } + + // Otherwise, if a way to get the computed value exists, use that + if ( val === undefined ) { + val = curCSS( elem, name, styles ); + } + + // Convert "normal" to computed value + if ( val === "normal" && name in cssNormalTransform ) { + val = cssNormalTransform[ name ]; + } + + // Make numeric if forced or a qualifier was provided and val looks numeric + if ( extra === "" || extra ) { + num = parseFloat( val ); + return extra === true || isFinite( num ) ? num || 0 : val; + } + + return val; + } +} ); + +jQuery.each( [ "height", "width" ], function( i, name ) { + jQuery.cssHooks[ name ] = { + get: function( elem, computed, extra ) { + if ( computed ) { + + // Certain elements can have dimension info if we invisibly show them + // but it must have a current display style that would benefit + return rdisplayswap.test( jQuery.css( elem, "display" ) ) && + + // Support: Safari 8+ + // Table columns in Safari have non-zero offsetWidth & zero + // getBoundingClientRect().width unless display is changed. + // Support: IE <=11 only + // Running getBoundingClientRect on a disconnected node + // in IE throws an error. + ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? + swap( elem, cssShow, function() { + return getWidthOrHeight( elem, name, extra ); + } ) : + getWidthOrHeight( elem, name, extra ); + } + }, + + set: function( elem, value, extra ) { + var matches, + styles = extra && getStyles( elem ), + subtract = extra && augmentWidthOrHeight( + elem, + name, + extra, + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + styles + ); + + // Convert to pixels if value adjustment is needed + if ( subtract && ( matches = rcssNum.exec( value ) ) && + ( matches[ 3 ] || "px" ) !== "px" ) { + + elem.style[ name ] = value; + value = jQuery.css( elem, name ); + } + + return setPositiveNumber( elem, value, subtract ); + } + }; +} ); + +jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, + function( elem, computed ) { + if ( computed ) { + return ( parseFloat( curCSS( elem, "marginLeft" ) ) || + elem.getBoundingClientRect().left - + swap( elem, { marginLeft: 0 }, function() { + return elem.getBoundingClientRect().left; + } ) + ) + "px"; + } + } +); + +// These hooks are used by animate to expand properties +jQuery.each( { + margin: "", + padding: "", + border: "Width" +}, function( prefix, suffix ) { + jQuery.cssHooks[ prefix + suffix ] = { + expand: function( value ) { + var i = 0, + expanded = {}, + + // Assumes a single number if not a string + parts = typeof value === "string" ? value.split( " " ) : [ value ]; + + for ( ; i < 4; i++ ) { + expanded[ prefix + cssExpand[ i ] + suffix ] = + parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; + } + + return expanded; + } + }; + + if ( !rmargin.test( prefix ) ) { + jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; + } +} ); + +jQuery.fn.extend( { + css: function( name, value ) { + return access( this, function( elem, name, value ) { + var styles, len, + map = {}, + i = 0; + + if ( Array.isArray( name ) ) { + styles = getStyles( elem ); + len = name.length; + + for ( ; i < len; i++ ) { + map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); + } + + return map; + } + + return value !== undefined ? + jQuery.style( elem, name, value ) : + jQuery.css( elem, name ); + }, name, value, arguments.length > 1 ); + } +} ); + + +function Tween( elem, options, prop, end, easing ) { + return new Tween.prototype.init( elem, options, prop, end, easing ); +} +jQuery.Tween = Tween; + +Tween.prototype = { + constructor: Tween, + init: function( elem, options, prop, end, easing, unit ) { + this.elem = elem; + this.prop = prop; + this.easing = easing || jQuery.easing._default; + this.options = options; + this.start = this.now = this.cur(); + this.end = end; + this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); + }, + cur: function() { + var hooks = Tween.propHooks[ this.prop ]; + + return hooks && hooks.get ? + hooks.get( this ) : + Tween.propHooks._default.get( this ); + }, + run: function( percent ) { + var eased, + hooks = Tween.propHooks[ this.prop ]; + + if ( this.options.duration ) { + this.pos = eased = jQuery.easing[ this.easing ]( + percent, this.options.duration * percent, 0, 1, this.options.duration + ); + } else { + this.pos = eased = percent; + } + this.now = ( this.end - this.start ) * eased + this.start; + + if ( this.options.step ) { + this.options.step.call( this.elem, this.now, this ); + } + + if ( hooks && hooks.set ) { + hooks.set( this ); + } else { + Tween.propHooks._default.set( this ); + } + return this; + } +}; + +Tween.prototype.init.prototype = Tween.prototype; + +Tween.propHooks = { + _default: { + get: function( tween ) { + var result; + + // Use a property on the element directly when it is not a DOM element, + // or when there is no matching style property that exists. + if ( tween.elem.nodeType !== 1 || + tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { + return tween.elem[ tween.prop ]; + } + + // Passing an empty string as a 3rd parameter to .css will automatically + // attempt a parseFloat and fallback to a string if the parse fails. + // Simple values such as "10px" are parsed to Float; + // complex values such as "rotate(1rad)" are returned as-is. + result = jQuery.css( tween.elem, tween.prop, "" ); + + // Empty strings, null, undefined and "auto" are converted to 0. + return !result || result === "auto" ? 0 : result; + }, + set: function( tween ) { + + // Use step hook for back compat. + // Use cssHook if its there. + // Use .style if available and use plain properties where available. + if ( jQuery.fx.step[ tween.prop ] ) { + jQuery.fx.step[ tween.prop ]( tween ); + } else if ( tween.elem.nodeType === 1 && + ( tween.elem.style[ jQuery.cssProps[ tween.prop ] ] != null || + jQuery.cssHooks[ tween.prop ] ) ) { + jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); + } else { + tween.elem[ tween.prop ] = tween.now; + } + } + } +}; + +// Support: IE <=9 only +// Panic based approach to setting things on disconnected nodes +Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { + set: function( tween ) { + if ( tween.elem.nodeType && tween.elem.parentNode ) { + tween.elem[ tween.prop ] = tween.now; + } + } +}; + +jQuery.easing = { + linear: function( p ) { + return p; + }, + swing: function( p ) { + return 0.5 - Math.cos( p * Math.PI ) / 2; + }, + _default: "swing" +}; + +jQuery.fx = Tween.prototype.init; + +// Back compat <1.8 extension point +jQuery.fx.step = {}; + + + + +var + fxNow, inProgress, + rfxtypes = /^(?:toggle|show|hide)$/, + rrun = /queueHooks$/; + +function schedule() { + if ( inProgress ) { + if ( document.hidden === false && window.requestAnimationFrame ) { + window.requestAnimationFrame( schedule ); + } else { + window.setTimeout( schedule, jQuery.fx.interval ); + } + + jQuery.fx.tick(); + } +} + +// Animations created synchronously will run synchronously +function createFxNow() { + window.setTimeout( function() { + fxNow = undefined; + } ); + return ( fxNow = jQuery.now() ); +} + +// Generate parameters to create a standard animation +function genFx( type, includeWidth ) { + var which, + i = 0, + attrs = { height: type }; + + // If we include width, step value is 1 to do all cssExpand values, + // otherwise step value is 2 to skip over Left and Right + includeWidth = includeWidth ? 1 : 0; + for ( ; i < 4; i += 2 - includeWidth ) { + which = cssExpand[ i ]; + attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; + } + + if ( includeWidth ) { + attrs.opacity = attrs.width = type; + } + + return attrs; +} + +function createTween( value, prop, animation ) { + var tween, + collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), + index = 0, + length = collection.length; + for ( ; index < length; index++ ) { + if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { + + // We're done with this property + return tween; + } + } +} + +function defaultPrefilter( elem, props, opts ) { + var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, + isBox = "width" in props || "height" in props, + anim = this, + orig = {}, + style = elem.style, + hidden = elem.nodeType && isHiddenWithinTree( elem ), + dataShow = dataPriv.get( elem, "fxshow" ); + + // Queue-skipping animations hijack the fx hooks + if ( !opts.queue ) { + hooks = jQuery._queueHooks( elem, "fx" ); + if ( hooks.unqueued == null ) { + hooks.unqueued = 0; + oldfire = hooks.empty.fire; + hooks.empty.fire = function() { + if ( !hooks.unqueued ) { + oldfire(); + } + }; + } + hooks.unqueued++; + + anim.always( function() { + + // Ensure the complete handler is called before this completes + anim.always( function() { + hooks.unqueued--; + if ( !jQuery.queue( elem, "fx" ).length ) { + hooks.empty.fire(); + } + } ); + } ); + } + + // Detect show/hide animations + for ( prop in props ) { + value = props[ prop ]; + if ( rfxtypes.test( value ) ) { + delete props[ prop ]; + toggle = toggle || value === "toggle"; + if ( value === ( hidden ? "hide" : "show" ) ) { + + // Pretend to be hidden if this is a "show" and + // there is still data from a stopped show/hide + if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { + hidden = true; + + // Ignore all other no-op show/hide data + } else { + continue; + } + } + orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); + } + } + + // Bail out if this is a no-op like .hide().hide() + propTween = !jQuery.isEmptyObject( props ); + if ( !propTween && jQuery.isEmptyObject( orig ) ) { + return; + } + + // Restrict "overflow" and "display" styles during box animations + if ( isBox && elem.nodeType === 1 ) { + + // Support: IE <=9 - 11, Edge 12 - 13 + // Record all 3 overflow attributes because IE does not infer the shorthand + // from identically-valued overflowX and overflowY + opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; + + // Identify a display type, preferring old show/hide data over the CSS cascade + restoreDisplay = dataShow && dataShow.display; + if ( restoreDisplay == null ) { + restoreDisplay = dataPriv.get( elem, "display" ); + } + display = jQuery.css( elem, "display" ); + if ( display === "none" ) { + if ( restoreDisplay ) { + display = restoreDisplay; + } else { + + // Get nonempty value(s) by temporarily forcing visibility + showHide( [ elem ], true ); + restoreDisplay = elem.style.display || restoreDisplay; + display = jQuery.css( elem, "display" ); + showHide( [ elem ] ); + } + } + + // Animate inline elements as inline-block + if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { + if ( jQuery.css( elem, "float" ) === "none" ) { + + // Restore the original display value at the end of pure show/hide animations + if ( !propTween ) { + anim.done( function() { + style.display = restoreDisplay; + } ); + if ( restoreDisplay == null ) { + display = style.display; + restoreDisplay = display === "none" ? "" : display; + } + } + style.display = "inline-block"; + } + } + } + + if ( opts.overflow ) { + style.overflow = "hidden"; + anim.always( function() { + style.overflow = opts.overflow[ 0 ]; + style.overflowX = opts.overflow[ 1 ]; + style.overflowY = opts.overflow[ 2 ]; + } ); + } + + // Implement show/hide animations + propTween = false; + for ( prop in orig ) { + + // General show/hide setup for this element animation + if ( !propTween ) { + if ( dataShow ) { + if ( "hidden" in dataShow ) { + hidden = dataShow.hidden; + } + } else { + dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); + } + + // Store hidden/visible for toggle so `.stop().toggle()` "reverses" + if ( toggle ) { + dataShow.hidden = !hidden; + } + + // Show elements before animating them + if ( hidden ) { + showHide( [ elem ], true ); + } + + /* eslint-disable no-loop-func */ + + anim.done( function() { + + /* eslint-enable no-loop-func */ + + // The final step of a "hide" animation is actually hiding the element + if ( !hidden ) { + showHide( [ elem ] ); + } + dataPriv.remove( elem, "fxshow" ); + for ( prop in orig ) { + jQuery.style( elem, prop, orig[ prop ] ); + } + } ); + } + + // Per-property setup + propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); + if ( !( prop in dataShow ) ) { + dataShow[ prop ] = propTween.start; + if ( hidden ) { + propTween.end = propTween.start; + propTween.start = 0; + } + } + } +} + +function propFilter( props, specialEasing ) { + var index, name, easing, value, hooks; + + // camelCase, specialEasing and expand cssHook pass + for ( index in props ) { + name = jQuery.camelCase( index ); + easing = specialEasing[ name ]; + value = props[ index ]; + if ( Array.isArray( value ) ) { + easing = value[ 1 ]; + value = props[ index ] = value[ 0 ]; + } + + if ( index !== name ) { + props[ name ] = value; + delete props[ index ]; + } + + hooks = jQuery.cssHooks[ name ]; + if ( hooks && "expand" in hooks ) { + value = hooks.expand( value ); + delete props[ name ]; + + // Not quite $.extend, this won't overwrite existing keys. + // Reusing 'index' because we have the correct "name" + for ( index in value ) { + if ( !( index in props ) ) { + props[ index ] = value[ index ]; + specialEasing[ index ] = easing; + } + } + } else { + specialEasing[ name ] = easing; + } + } +} + +function Animation( elem, properties, options ) { + var result, + stopped, + index = 0, + length = Animation.prefilters.length, + deferred = jQuery.Deferred().always( function() { + + // Don't match elem in the :animated selector + delete tick.elem; + } ), + tick = function() { + if ( stopped ) { + return false; + } + var currentTime = fxNow || createFxNow(), + remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), + + // Support: Android 2.3 only + // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) + temp = remaining / animation.duration || 0, + percent = 1 - temp, + index = 0, + length = animation.tweens.length; + + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( percent ); + } + + deferred.notifyWith( elem, [ animation, percent, remaining ] ); + + // If there's more to do, yield + if ( percent < 1 && length ) { + return remaining; + } + + // If this was an empty animation, synthesize a final progress notification + if ( !length ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + } + + // Resolve the animation and report its conclusion + deferred.resolveWith( elem, [ animation ] ); + return false; + }, + animation = deferred.promise( { + elem: elem, + props: jQuery.extend( {}, properties ), + opts: jQuery.extend( true, { + specialEasing: {}, + easing: jQuery.easing._default + }, options ), + originalProperties: properties, + originalOptions: options, + startTime: fxNow || createFxNow(), + duration: options.duration, + tweens: [], + createTween: function( prop, end ) { + var tween = jQuery.Tween( elem, animation.opts, prop, end, + animation.opts.specialEasing[ prop ] || animation.opts.easing ); + animation.tweens.push( tween ); + return tween; + }, + stop: function( gotoEnd ) { + var index = 0, + + // If we are going to the end, we want to run all the tweens + // otherwise we skip this part + length = gotoEnd ? animation.tweens.length : 0; + if ( stopped ) { + return this; + } + stopped = true; + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( 1 ); + } + + // Resolve when we played the last frame; otherwise, reject + if ( gotoEnd ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + deferred.resolveWith( elem, [ animation, gotoEnd ] ); + } else { + deferred.rejectWith( elem, [ animation, gotoEnd ] ); + } + return this; + } + } ), + props = animation.props; + + propFilter( props, animation.opts.specialEasing ); + + for ( ; index < length; index++ ) { + result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); + if ( result ) { + if ( jQuery.isFunction( result.stop ) ) { + jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = + jQuery.proxy( result.stop, result ); + } + return result; + } + } + + jQuery.map( props, createTween, animation ); + + if ( jQuery.isFunction( animation.opts.start ) ) { + animation.opts.start.call( elem, animation ); + } + + // Attach callbacks from options + animation + .progress( animation.opts.progress ) + .done( animation.opts.done, animation.opts.complete ) + .fail( animation.opts.fail ) + .always( animation.opts.always ); + + jQuery.fx.timer( + jQuery.extend( tick, { + elem: elem, + anim: animation, + queue: animation.opts.queue + } ) + ); + + return animation; +} + +jQuery.Animation = jQuery.extend( Animation, { + + tweeners: { + "*": [ function( prop, value ) { + var tween = this.createTween( prop, value ); + adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); + return tween; + } ] + }, + + tweener: function( props, callback ) { + if ( jQuery.isFunction( props ) ) { + callback = props; + props = [ "*" ]; + } else { + props = props.match( rnothtmlwhite ); + } + + var prop, + index = 0, + length = props.length; + + for ( ; index < length; index++ ) { + prop = props[ index ]; + Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; + Animation.tweeners[ prop ].unshift( callback ); + } + }, + + prefilters: [ defaultPrefilter ], + + prefilter: function( callback, prepend ) { + if ( prepend ) { + Animation.prefilters.unshift( callback ); + } else { + Animation.prefilters.push( callback ); + } + } +} ); + +jQuery.speed = function( speed, easing, fn ) { + var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { + complete: fn || !fn && easing || + jQuery.isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !jQuery.isFunction( easing ) && easing + }; + + // Go to the end state if fx are off + if ( jQuery.fx.off ) { + opt.duration = 0; + + } else { + if ( typeof opt.duration !== "number" ) { + if ( opt.duration in jQuery.fx.speeds ) { + opt.duration = jQuery.fx.speeds[ opt.duration ]; + + } else { + opt.duration = jQuery.fx.speeds._default; + } + } + } + + // Normalize opt.queue - true/undefined/null -> "fx" + if ( opt.queue == null || opt.queue === true ) { + opt.queue = "fx"; + } + + // Queueing + opt.old = opt.complete; + + opt.complete = function() { + if ( jQuery.isFunction( opt.old ) ) { + opt.old.call( this ); + } + + if ( opt.queue ) { + jQuery.dequeue( this, opt.queue ); + } + }; + + return opt; +}; + +jQuery.fn.extend( { + fadeTo: function( speed, to, easing, callback ) { + + // Show any hidden elements after setting opacity to 0 + return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() + + // Animate to the value specified + .end().animate( { opacity: to }, speed, easing, callback ); + }, + animate: function( prop, speed, easing, callback ) { + var empty = jQuery.isEmptyObject( prop ), + optall = jQuery.speed( speed, easing, callback ), + doAnimation = function() { + + // Operate on a copy of prop so per-property easing won't be lost + var anim = Animation( this, jQuery.extend( {}, prop ), optall ); + + // Empty animations, or finishing resolves immediately + if ( empty || dataPriv.get( this, "finish" ) ) { + anim.stop( true ); + } + }; + doAnimation.finish = doAnimation; + + return empty || optall.queue === false ? + this.each( doAnimation ) : + this.queue( optall.queue, doAnimation ); + }, + stop: function( type, clearQueue, gotoEnd ) { + var stopQueue = function( hooks ) { + var stop = hooks.stop; + delete hooks.stop; + stop( gotoEnd ); + }; + + if ( typeof type !== "string" ) { + gotoEnd = clearQueue; + clearQueue = type; + type = undefined; + } + if ( clearQueue && type !== false ) { + this.queue( type || "fx", [] ); + } + + return this.each( function() { + var dequeue = true, + index = type != null && type + "queueHooks", + timers = jQuery.timers, + data = dataPriv.get( this ); + + if ( index ) { + if ( data[ index ] && data[ index ].stop ) { + stopQueue( data[ index ] ); + } + } else { + for ( index in data ) { + if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { + stopQueue( data[ index ] ); + } + } + } + + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && + ( type == null || timers[ index ].queue === type ) ) { + + timers[ index ].anim.stop( gotoEnd ); + dequeue = false; + timers.splice( index, 1 ); + } + } + + // Start the next in the queue if the last step wasn't forced. + // Timers currently will call their complete callbacks, which + // will dequeue but only if they were gotoEnd. + if ( dequeue || !gotoEnd ) { + jQuery.dequeue( this, type ); + } + } ); + }, + finish: function( type ) { + if ( type !== false ) { + type = type || "fx"; + } + return this.each( function() { + var index, + data = dataPriv.get( this ), + queue = data[ type + "queue" ], + hooks = data[ type + "queueHooks" ], + timers = jQuery.timers, + length = queue ? queue.length : 0; + + // Enable finishing flag on private data + data.finish = true; + + // Empty the queue first + jQuery.queue( this, type, [] ); + + if ( hooks && hooks.stop ) { + hooks.stop.call( this, true ); + } + + // Look for any active animations, and finish them + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && timers[ index ].queue === type ) { + timers[ index ].anim.stop( true ); + timers.splice( index, 1 ); + } + } + + // Look for any animations in the old queue and finish them + for ( index = 0; index < length; index++ ) { + if ( queue[ index ] && queue[ index ].finish ) { + queue[ index ].finish.call( this ); + } + } + + // Turn off finishing flag + delete data.finish; + } ); + } +} ); + +jQuery.each( [ "toggle", "show", "hide" ], function( i, name ) { + var cssFn = jQuery.fn[ name ]; + jQuery.fn[ name ] = function( speed, easing, callback ) { + return speed == null || typeof speed === "boolean" ? + cssFn.apply( this, arguments ) : + this.animate( genFx( name, true ), speed, easing, callback ); + }; +} ); + +// Generate shortcuts for custom animations +jQuery.each( { + slideDown: genFx( "show" ), + slideUp: genFx( "hide" ), + slideToggle: genFx( "toggle" ), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" }, + fadeToggle: { opacity: "toggle" } +}, function( name, props ) { + jQuery.fn[ name ] = function( speed, easing, callback ) { + return this.animate( props, speed, easing, callback ); + }; +} ); + +jQuery.timers = []; +jQuery.fx.tick = function() { + var timer, + i = 0, + timers = jQuery.timers; + + fxNow = jQuery.now(); + + for ( ; i < timers.length; i++ ) { + timer = timers[ i ]; + + // Run the timer and safely remove it when done (allowing for external removal) + if ( !timer() && timers[ i ] === timer ) { + timers.splice( i--, 1 ); + } + } + + if ( !timers.length ) { + jQuery.fx.stop(); + } + fxNow = undefined; +}; + +jQuery.fx.timer = function( timer ) { + jQuery.timers.push( timer ); + jQuery.fx.start(); +}; + +jQuery.fx.interval = 13; +jQuery.fx.start = function() { + if ( inProgress ) { + return; + } + + inProgress = true; + schedule(); +}; + +jQuery.fx.stop = function() { + inProgress = null; +}; + +jQuery.fx.speeds = { + slow: 600, + fast: 200, + + // Default speed + _default: 400 +}; + + +// Based off of the plugin by Clint Helfers, with permission. +// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ +jQuery.fn.delay = function( time, type ) { + time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; + type = type || "fx"; + + return this.queue( type, function( next, hooks ) { + var timeout = window.setTimeout( next, time ); + hooks.stop = function() { + window.clearTimeout( timeout ); + }; + } ); +}; + + +( function() { + var input = document.createElement( "input" ), + select = document.createElement( "select" ), + opt = select.appendChild( document.createElement( "option" ) ); + + input.type = "checkbox"; + + // Support: Android <=4.3 only + // Default value for a checkbox should be "on" + support.checkOn = input.value !== ""; + + // Support: IE <=11 only + // Must access selectedIndex to make default options select + support.optSelected = opt.selected; + + // Support: IE <=11 only + // An input loses its value after becoming a radio + input = document.createElement( "input" ); + input.value = "t"; + input.type = "radio"; + support.radioValue = input.value === "t"; +} )(); + + +var boolHook, + attrHandle = jQuery.expr.attrHandle; + +jQuery.fn.extend( { + attr: function( name, value ) { + return access( this, jQuery.attr, name, value, arguments.length > 1 ); + }, + + removeAttr: function( name ) { + return this.each( function() { + jQuery.removeAttr( this, name ); + } ); + } +} ); + +jQuery.extend( { + attr: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set attributes on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + // Fallback to prop when attributes are not supported + if ( typeof elem.getAttribute === "undefined" ) { + return jQuery.prop( elem, name, value ); + } + + // Attribute hooks are determined by the lowercase version + // Grab necessary hook if one is defined + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + hooks = jQuery.attrHooks[ name.toLowerCase() ] || + ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); + } + + if ( value !== undefined ) { + if ( value === null ) { + jQuery.removeAttr( elem, name ); + return; + } + + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + elem.setAttribute( name, value + "" ); + return value; + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + ret = jQuery.find.attr( elem, name ); + + // Non-existent attributes return null, we normalize to undefined + return ret == null ? undefined : ret; + }, + + attrHooks: { + type: { + set: function( elem, value ) { + if ( !support.radioValue && value === "radio" && + nodeName( elem, "input" ) ) { + var val = elem.value; + elem.setAttribute( "type", value ); + if ( val ) { + elem.value = val; + } + return value; + } + } + } + }, + + removeAttr: function( elem, value ) { + var name, + i = 0, + + // Attribute names can contain non-HTML whitespace characters + // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 + attrNames = value && value.match( rnothtmlwhite ); + + if ( attrNames && elem.nodeType === 1 ) { + while ( ( name = attrNames[ i++ ] ) ) { + elem.removeAttribute( name ); + } + } + } +} ); + +// Hooks for boolean attributes +boolHook = { + set: function( elem, value, name ) { + if ( value === false ) { + + // Remove boolean attributes when set to false + jQuery.removeAttr( elem, name ); + } else { + elem.setAttribute( name, name ); + } + return name; + } +}; + +jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( i, name ) { + var getter = attrHandle[ name ] || jQuery.find.attr; + + attrHandle[ name ] = function( elem, name, isXML ) { + var ret, handle, + lowercaseName = name.toLowerCase(); + + if ( !isXML ) { + + // Avoid an infinite loop by temporarily removing this function from the getter + handle = attrHandle[ lowercaseName ]; + attrHandle[ lowercaseName ] = ret; + ret = getter( elem, name, isXML ) != null ? + lowercaseName : + null; + attrHandle[ lowercaseName ] = handle; + } + return ret; + }; +} ); + + + + +var rfocusable = /^(?:input|select|textarea|button)$/i, + rclickable = /^(?:a|area)$/i; + +jQuery.fn.extend( { + prop: function( name, value ) { + return access( this, jQuery.prop, name, value, arguments.length > 1 ); + }, + + removeProp: function( name ) { + return this.each( function() { + delete this[ jQuery.propFix[ name ] || name ]; + } ); + } +} ); + +jQuery.extend( { + prop: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set properties on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + + // Fix name and attach hooks + name = jQuery.propFix[ name ] || name; + hooks = jQuery.propHooks[ name ]; + } + + if ( value !== undefined ) { + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + return ( elem[ name ] = value ); + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + return elem[ name ]; + }, + + propHooks: { + tabIndex: { + get: function( elem ) { + + // Support: IE <=9 - 11 only + // elem.tabIndex doesn't always return the + // correct value when it hasn't been explicitly set + // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + // Use proper attribute retrieval(#12072) + var tabindex = jQuery.find.attr( elem, "tabindex" ); + + if ( tabindex ) { + return parseInt( tabindex, 10 ); + } + + if ( + rfocusable.test( elem.nodeName ) || + rclickable.test( elem.nodeName ) && + elem.href + ) { + return 0; + } + + return -1; + } + } + }, + + propFix: { + "for": "htmlFor", + "class": "className" + } +} ); + +// Support: IE <=11 only +// Accessing the selectedIndex property +// forces the browser to respect setting selected +// on the option +// The getter ensures a default option is selected +// when in an optgroup +// eslint rule "no-unused-expressions" is disabled for this code +// since it considers such accessions noop +if ( !support.optSelected ) { + jQuery.propHooks.selected = { + get: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent && parent.parentNode ) { + parent.parentNode.selectedIndex; + } + return null; + }, + set: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent ) { + parent.selectedIndex; + + if ( parent.parentNode ) { + parent.parentNode.selectedIndex; + } + } + } + }; +} + +jQuery.each( [ + "tabIndex", + "readOnly", + "maxLength", + "cellSpacing", + "cellPadding", + "rowSpan", + "colSpan", + "useMap", + "frameBorder", + "contentEditable" +], function() { + jQuery.propFix[ this.toLowerCase() ] = this; +} ); + + + + + // Strip and collapse whitespace according to HTML spec + // https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace + function stripAndCollapse( value ) { + var tokens = value.match( rnothtmlwhite ) || []; + return tokens.join( " " ); + } + + +function getClass( elem ) { + return elem.getAttribute && elem.getAttribute( "class" ) || ""; +} + +jQuery.fn.extend( { + addClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( jQuery.isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + if ( typeof value === "string" && value ) { + classes = value.match( rnothtmlwhite ) || []; + + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + if ( cur.indexOf( " " + clazz + " " ) < 0 ) { + cur += clazz + " "; + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + removeClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( jQuery.isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + if ( !arguments.length ) { + return this.attr( "class", "" ); + } + + if ( typeof value === "string" && value ) { + classes = value.match( rnothtmlwhite ) || []; + + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + + // This expression is here for better compressibility (see addClass) + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + + // Remove *all* instances + while ( cur.indexOf( " " + clazz + " " ) > -1 ) { + cur = cur.replace( " " + clazz + " ", " " ); + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + toggleClass: function( value, stateVal ) { + var type = typeof value; + + if ( typeof stateVal === "boolean" && type === "string" ) { + return stateVal ? this.addClass( value ) : this.removeClass( value ); + } + + if ( jQuery.isFunction( value ) ) { + return this.each( function( i ) { + jQuery( this ).toggleClass( + value.call( this, i, getClass( this ), stateVal ), + stateVal + ); + } ); + } + + return this.each( function() { + var className, i, self, classNames; + + if ( type === "string" ) { + + // Toggle individual class names + i = 0; + self = jQuery( this ); + classNames = value.match( rnothtmlwhite ) || []; + + while ( ( className = classNames[ i++ ] ) ) { + + // Check each className given, space separated list + if ( self.hasClass( className ) ) { + self.removeClass( className ); + } else { + self.addClass( className ); + } + } + + // Toggle whole class name + } else if ( value === undefined || type === "boolean" ) { + className = getClass( this ); + if ( className ) { + + // Store className if set + dataPriv.set( this, "__className__", className ); + } + + // If the element has a class name or if we're passed `false`, + // then remove the whole classname (if there was one, the above saved it). + // Otherwise bring back whatever was previously saved (if anything), + // falling back to the empty string if nothing was stored. + if ( this.setAttribute ) { + this.setAttribute( "class", + className || value === false ? + "" : + dataPriv.get( this, "__className__" ) || "" + ); + } + } + } ); + }, + + hasClass: function( selector ) { + var className, elem, + i = 0; + + className = " " + selector + " "; + while ( ( elem = this[ i++ ] ) ) { + if ( elem.nodeType === 1 && + ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { + return true; + } + } + + return false; + } +} ); + + + + +var rreturn = /\r/g; + +jQuery.fn.extend( { + val: function( value ) { + var hooks, ret, isFunction, + elem = this[ 0 ]; + + if ( !arguments.length ) { + if ( elem ) { + hooks = jQuery.valHooks[ elem.type ] || + jQuery.valHooks[ elem.nodeName.toLowerCase() ]; + + if ( hooks && + "get" in hooks && + ( ret = hooks.get( elem, "value" ) ) !== undefined + ) { + return ret; + } + + ret = elem.value; + + // Handle most common string cases + if ( typeof ret === "string" ) { + return ret.replace( rreturn, "" ); + } + + // Handle cases where value is null/undef or number + return ret == null ? "" : ret; + } + + return; + } + + isFunction = jQuery.isFunction( value ); + + return this.each( function( i ) { + var val; + + if ( this.nodeType !== 1 ) { + return; + } + + if ( isFunction ) { + val = value.call( this, i, jQuery( this ).val() ); + } else { + val = value; + } + + // Treat null/undefined as ""; convert numbers to string + if ( val == null ) { + val = ""; + + } else if ( typeof val === "number" ) { + val += ""; + + } else if ( Array.isArray( val ) ) { + val = jQuery.map( val, function( value ) { + return value == null ? "" : value + ""; + } ); + } + + hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; + + // If set returns undefined, fall back to normal setting + if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { + this.value = val; + } + } ); + } +} ); + +jQuery.extend( { + valHooks: { + option: { + get: function( elem ) { + + var val = jQuery.find.attr( elem, "value" ); + return val != null ? + val : + + // Support: IE <=10 - 11 only + // option.text throws exceptions (#14686, #14858) + // Strip and collapse whitespace + // https://html.spec.whatwg.org/#strip-and-collapse-whitespace + stripAndCollapse( jQuery.text( elem ) ); + } + }, + select: { + get: function( elem ) { + var value, option, i, + options = elem.options, + index = elem.selectedIndex, + one = elem.type === "select-one", + values = one ? null : [], + max = one ? index + 1 : options.length; + + if ( index < 0 ) { + i = max; + + } else { + i = one ? index : 0; + } + + // Loop through all the selected options + for ( ; i < max; i++ ) { + option = options[ i ]; + + // Support: IE <=9 only + // IE8-9 doesn't update selected after form reset (#2551) + if ( ( option.selected || i === index ) && + + // Don't return options that are disabled or in a disabled optgroup + !option.disabled && + ( !option.parentNode.disabled || + !nodeName( option.parentNode, "optgroup" ) ) ) { + + // Get the specific value for the option + value = jQuery( option ).val(); + + // We don't need an array for one selects + if ( one ) { + return value; + } + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + }, + + set: function( elem, value ) { + var optionSet, option, + options = elem.options, + values = jQuery.makeArray( value ), + i = options.length; + + while ( i-- ) { + option = options[ i ]; + + /* eslint-disable no-cond-assign */ + + if ( option.selected = + jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 + ) { + optionSet = true; + } + + /* eslint-enable no-cond-assign */ + } + + // Force browsers to behave consistently when non-matching value is set + if ( !optionSet ) { + elem.selectedIndex = -1; + } + return values; + } + } + } +} ); + +// Radios and checkboxes getter/setter +jQuery.each( [ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = { + set: function( elem, value ) { + if ( Array.isArray( value ) ) { + return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); + } + } + }; + if ( !support.checkOn ) { + jQuery.valHooks[ this ].get = function( elem ) { + return elem.getAttribute( "value" ) === null ? "on" : elem.value; + }; + } +} ); + + + + +// Return jQuery for attributes-only inclusion + + +var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/; + +jQuery.extend( jQuery.event, { + + trigger: function( event, data, elem, onlyHandlers ) { + + var i, cur, tmp, bubbleType, ontype, handle, special, + eventPath = [ elem || document ], + type = hasOwn.call( event, "type" ) ? event.type : event, + namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; + + cur = tmp = elem = elem || document; + + // Don't do events on text and comment nodes + if ( elem.nodeType === 3 || elem.nodeType === 8 ) { + return; + } + + // focus/blur morphs to focusin/out; ensure we're not firing them right now + if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { + return; + } + + if ( type.indexOf( "." ) > -1 ) { + + // Namespaced trigger; create a regexp to match event type in handle() + namespaces = type.split( "." ); + type = namespaces.shift(); + namespaces.sort(); + } + ontype = type.indexOf( ":" ) < 0 && "on" + type; + + // Caller can pass in a jQuery.Event object, Object, or just an event type string + event = event[ jQuery.expando ] ? + event : + new jQuery.Event( type, typeof event === "object" && event ); + + // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) + event.isTrigger = onlyHandlers ? 2 : 3; + event.namespace = namespaces.join( "." ); + event.rnamespace = event.namespace ? + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : + null; + + // Clean up the event in case it is being reused + event.result = undefined; + if ( !event.target ) { + event.target = elem; + } + + // Clone any incoming data and prepend the event, creating the handler arg list + data = data == null ? + [ event ] : + jQuery.makeArray( data, [ event ] ); + + // Allow special events to draw outside the lines + special = jQuery.event.special[ type ] || {}; + if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { + return; + } + + // Determine event propagation path in advance, per W3C events spec (#9951) + // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) + if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) { + + bubbleType = special.delegateType || type; + if ( !rfocusMorph.test( bubbleType + type ) ) { + cur = cur.parentNode; + } + for ( ; cur; cur = cur.parentNode ) { + eventPath.push( cur ); + tmp = cur; + } + + // Only add window if we got to document (e.g., not plain obj or detached DOM) + if ( tmp === ( elem.ownerDocument || document ) ) { + eventPath.push( tmp.defaultView || tmp.parentWindow || window ); + } + } + + // Fire handlers on the event path + i = 0; + while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { + + event.type = i > 1 ? + bubbleType : + special.bindType || type; + + // jQuery handler + handle = ( dataPriv.get( cur, "events" ) || {} )[ event.type ] && + dataPriv.get( cur, "handle" ); + if ( handle ) { + handle.apply( cur, data ); + } + + // Native handler + handle = ontype && cur[ ontype ]; + if ( handle && handle.apply && acceptData( cur ) ) { + event.result = handle.apply( cur, data ); + if ( event.result === false ) { + event.preventDefault(); + } + } + } + event.type = type; + + // If nobody prevented the default action, do it now + if ( !onlyHandlers && !event.isDefaultPrevented() ) { + + if ( ( !special._default || + special._default.apply( eventPath.pop(), data ) === false ) && + acceptData( elem ) ) { + + // Call a native DOM method on the target with the same name as the event. + // Don't do default actions on window, that's where global variables be (#6170) + if ( ontype && jQuery.isFunction( elem[ type ] ) && !jQuery.isWindow( elem ) ) { + + // Don't re-trigger an onFOO event when we call its FOO() method + tmp = elem[ ontype ]; + + if ( tmp ) { + elem[ ontype ] = null; + } + + // Prevent re-triggering of the same event, since we already bubbled it above + jQuery.event.triggered = type; + elem[ type ](); + jQuery.event.triggered = undefined; + + if ( tmp ) { + elem[ ontype ] = tmp; + } + } + } + } + + return event.result; + }, + + // Piggyback on a donor event to simulate a different one + // Used only for `focus(in | out)` events + simulate: function( type, elem, event ) { + var e = jQuery.extend( + new jQuery.Event(), + event, + { + type: type, + isSimulated: true + } + ); + + jQuery.event.trigger( e, null, elem ); + } + +} ); + +jQuery.fn.extend( { + + trigger: function( type, data ) { + return this.each( function() { + jQuery.event.trigger( type, data, this ); + } ); + }, + triggerHandler: function( type, data ) { + var elem = this[ 0 ]; + if ( elem ) { + return jQuery.event.trigger( type, data, elem, true ); + } + } +} ); + + +jQuery.each( ( "blur focus focusin focusout resize scroll click dblclick " + + "mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " + + "change select submit keydown keypress keyup contextmenu" ).split( " " ), + function( i, name ) { + + // Handle event binding + jQuery.fn[ name ] = function( data, fn ) { + return arguments.length > 0 ? + this.on( name, null, data, fn ) : + this.trigger( name ); + }; +} ); + +jQuery.fn.extend( { + hover: function( fnOver, fnOut ) { + return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver ); + } +} ); + + + + +support.focusin = "onfocusin" in window; + + +// Support: Firefox <=44 +// Firefox doesn't have focus(in | out) events +// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 +// +// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 +// focus(in | out) events fire after focus & blur events, +// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order +// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 +if ( !support.focusin ) { + jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { + + // Attach a single capturing handler on the document while someone wants focusin/focusout + var handler = function( event ) { + jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); + }; + + jQuery.event.special[ fix ] = { + setup: function() { + var doc = this.ownerDocument || this, + attaches = dataPriv.access( doc, fix ); + + if ( !attaches ) { + doc.addEventListener( orig, handler, true ); + } + dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); + }, + teardown: function() { + var doc = this.ownerDocument || this, + attaches = dataPriv.access( doc, fix ) - 1; + + if ( !attaches ) { + doc.removeEventListener( orig, handler, true ); + dataPriv.remove( doc, fix ); + + } else { + dataPriv.access( doc, fix, attaches ); + } + } + }; + } ); +} +var location = window.location; + +var nonce = jQuery.now(); + +var rquery = ( /\?/ ); + + + +// Cross-browser xml parsing +jQuery.parseXML = function( data ) { + var xml; + if ( !data || typeof data !== "string" ) { + return null; + } + + // Support: IE 9 - 11 only + // IE throws on parseFromString with invalid input. + try { + xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); + } catch ( e ) { + xml = undefined; + } + + if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) { + jQuery.error( "Invalid XML: " + data ); + } + return xml; +}; + + +var + rbracket = /\[\]$/, + rCRLF = /\r?\n/g, + rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, + rsubmittable = /^(?:input|select|textarea|keygen)/i; + +function buildParams( prefix, obj, traditional, add ) { + var name; + + if ( Array.isArray( obj ) ) { + + // Serialize array item. + jQuery.each( obj, function( i, v ) { + if ( traditional || rbracket.test( prefix ) ) { + + // Treat each array item as a scalar. + add( prefix, v ); + + } else { + + // Item is non-scalar (array or object), encode its numeric index. + buildParams( + prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", + v, + traditional, + add + ); + } + } ); + + } else if ( !traditional && jQuery.type( obj ) === "object" ) { + + // Serialize object item. + for ( name in obj ) { + buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); + } + + } else { + + // Serialize scalar item. + add( prefix, obj ); + } +} + +// Serialize an array of form elements or a set of +// key/values into a query string +jQuery.param = function( a, traditional ) { + var prefix, + s = [], + add = function( key, valueOrFunction ) { + + // If value is a function, invoke it and use its return value + var value = jQuery.isFunction( valueOrFunction ) ? + valueOrFunction() : + valueOrFunction; + + s[ s.length ] = encodeURIComponent( key ) + "=" + + encodeURIComponent( value == null ? "" : value ); + }; + + // If an array was passed in, assume that it is an array of form elements. + if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { + + // Serialize the form elements + jQuery.each( a, function() { + add( this.name, this.value ); + } ); + + } else { + + // If traditional, encode the "old" way (the way 1.3.2 or older + // did it), otherwise encode params recursively. + for ( prefix in a ) { + buildParams( prefix, a[ prefix ], traditional, add ); + } + } + + // Return the resulting serialization + return s.join( "&" ); +}; + +jQuery.fn.extend( { + serialize: function() { + return jQuery.param( this.serializeArray() ); + }, + serializeArray: function() { + return this.map( function() { + + // Can add propHook for "elements" to filter or add form elements + var elements = jQuery.prop( this, "elements" ); + return elements ? jQuery.makeArray( elements ) : this; + } ) + .filter( function() { + var type = this.type; + + // Use .is( ":disabled" ) so that fieldset[disabled] works + return this.name && !jQuery( this ).is( ":disabled" ) && + rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && + ( this.checked || !rcheckableType.test( type ) ); + } ) + .map( function( i, elem ) { + var val = jQuery( this ).val(); + + if ( val == null ) { + return null; + } + + if ( Array.isArray( val ) ) { + return jQuery.map( val, function( val ) { + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ); + } + + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ).get(); + } +} ); + + +var + r20 = /%20/g, + rhash = /#.*$/, + rantiCache = /([?&])_=[^&]*/, + rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, + + // #7653, #8125, #8152: local protocol detection + rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, + rnoContent = /^(?:GET|HEAD)$/, + rprotocol = /^\/\//, + + /* Prefilters + * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) + * 2) These are called: + * - BEFORE asking for a transport + * - AFTER param serialization (s.data is a string if s.processData is true) + * 3) key is the dataType + * 4) the catchall symbol "*" can be used + * 5) execution will start with transport dataType and THEN continue down to "*" if needed + */ + prefilters = {}, + + /* Transports bindings + * 1) key is the dataType + * 2) the catchall symbol "*" can be used + * 3) selection will start with transport dataType and THEN go to "*" if needed + */ + transports = {}, + + // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression + allTypes = "*/".concat( "*" ), + + // Anchor tag for parsing the document origin + originAnchor = document.createElement( "a" ); + originAnchor.href = location.href; + +// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport +function addToPrefiltersOrTransports( structure ) { + + // dataTypeExpression is optional and defaults to "*" + return function( dataTypeExpression, func ) { + + if ( typeof dataTypeExpression !== "string" ) { + func = dataTypeExpression; + dataTypeExpression = "*"; + } + + var dataType, + i = 0, + dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; + + if ( jQuery.isFunction( func ) ) { + + // For each dataType in the dataTypeExpression + while ( ( dataType = dataTypes[ i++ ] ) ) { + + // Prepend if requested + if ( dataType[ 0 ] === "+" ) { + dataType = dataType.slice( 1 ) || "*"; + ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); + + // Otherwise append + } else { + ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); + } + } + } + }; +} + +// Base inspection function for prefilters and transports +function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { + + var inspected = {}, + seekingTransport = ( structure === transports ); + + function inspect( dataType ) { + var selected; + inspected[ dataType ] = true; + jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { + var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); + if ( typeof dataTypeOrTransport === "string" && + !seekingTransport && !inspected[ dataTypeOrTransport ] ) { + + options.dataTypes.unshift( dataTypeOrTransport ); + inspect( dataTypeOrTransport ); + return false; + } else if ( seekingTransport ) { + return !( selected = dataTypeOrTransport ); + } + } ); + return selected; + } + + return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); +} + +// A special extend for ajax options +// that takes "flat" options (not to be deep extended) +// Fixes #9887 +function ajaxExtend( target, src ) { + var key, deep, + flatOptions = jQuery.ajaxSettings.flatOptions || {}; + + for ( key in src ) { + if ( src[ key ] !== undefined ) { + ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; + } + } + if ( deep ) { + jQuery.extend( true, target, deep ); + } + + return target; +} + +/* Handles responses to an ajax request: + * - finds the right dataType (mediates between content-type and expected dataType) + * - returns the corresponding response + */ +function ajaxHandleResponses( s, jqXHR, responses ) { + + var ct, type, finalDataType, firstDataType, + contents = s.contents, + dataTypes = s.dataTypes; + + // Remove auto dataType and get content-type in the process + while ( dataTypes[ 0 ] === "*" ) { + dataTypes.shift(); + if ( ct === undefined ) { + ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); + } + } + + // Check if we're dealing with a known content-type + if ( ct ) { + for ( type in contents ) { + if ( contents[ type ] && contents[ type ].test( ct ) ) { + dataTypes.unshift( type ); + break; + } + } + } + + // Check to see if we have a response for the expected dataType + if ( dataTypes[ 0 ] in responses ) { + finalDataType = dataTypes[ 0 ]; + } else { + + // Try convertible dataTypes + for ( type in responses ) { + if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { + finalDataType = type; + break; + } + if ( !firstDataType ) { + firstDataType = type; + } + } + + // Or just use first one + finalDataType = finalDataType || firstDataType; + } + + // If we found a dataType + // We add the dataType to the list if needed + // and return the corresponding response + if ( finalDataType ) { + if ( finalDataType !== dataTypes[ 0 ] ) { + dataTypes.unshift( finalDataType ); + } + return responses[ finalDataType ]; + } +} + +/* Chain conversions given the request and the original response + * Also sets the responseXXX fields on the jqXHR instance + */ +function ajaxConvert( s, response, jqXHR, isSuccess ) { + var conv2, current, conv, tmp, prev, + converters = {}, + + // Work with a copy of dataTypes in case we need to modify it for conversion + dataTypes = s.dataTypes.slice(); + + // Create converters map with lowercased keys + if ( dataTypes[ 1 ] ) { + for ( conv in s.converters ) { + converters[ conv.toLowerCase() ] = s.converters[ conv ]; + } + } + + current = dataTypes.shift(); + + // Convert to each sequential dataType + while ( current ) { + + if ( s.responseFields[ current ] ) { + jqXHR[ s.responseFields[ current ] ] = response; + } + + // Apply the dataFilter if provided + if ( !prev && isSuccess && s.dataFilter ) { + response = s.dataFilter( response, s.dataType ); + } + + prev = current; + current = dataTypes.shift(); + + if ( current ) { + + // There's only work to do if current dataType is non-auto + if ( current === "*" ) { + + current = prev; + + // Convert response if prev dataType is non-auto and differs from current + } else if ( prev !== "*" && prev !== current ) { + + // Seek a direct converter + conv = converters[ prev + " " + current ] || converters[ "* " + current ]; + + // If none found, seek a pair + if ( !conv ) { + for ( conv2 in converters ) { + + // If conv2 outputs current + tmp = conv2.split( " " ); + if ( tmp[ 1 ] === current ) { + + // If prev can be converted to accepted input + conv = converters[ prev + " " + tmp[ 0 ] ] || + converters[ "* " + tmp[ 0 ] ]; + if ( conv ) { + + // Condense equivalence converters + if ( conv === true ) { + conv = converters[ conv2 ]; + + // Otherwise, insert the intermediate dataType + } else if ( converters[ conv2 ] !== true ) { + current = tmp[ 0 ]; + dataTypes.unshift( tmp[ 1 ] ); + } + break; + } + } + } + } + + // Apply converter (if not an equivalence) + if ( conv !== true ) { + + // Unless errors are allowed to bubble, catch and return them + if ( conv && s.throws ) { + response = conv( response ); + } else { + try { + response = conv( response ); + } catch ( e ) { + return { + state: "parsererror", + error: conv ? e : "No conversion from " + prev + " to " + current + }; + } + } + } + } + } + } + + return { state: "success", data: response }; +} + +jQuery.extend( { + + // Counter for holding the number of active queries + active: 0, + + // Last-Modified header cache for next request + lastModified: {}, + etag: {}, + + ajaxSettings: { + url: location.href, + type: "GET", + isLocal: rlocalProtocol.test( location.protocol ), + global: true, + processData: true, + async: true, + contentType: "application/x-www-form-urlencoded; charset=UTF-8", + + /* + timeout: 0, + data: null, + dataType: null, + username: null, + password: null, + cache: null, + throws: false, + traditional: false, + headers: {}, + */ + + accepts: { + "*": allTypes, + text: "text/plain", + html: "text/html", + xml: "application/xml, text/xml", + json: "application/json, text/javascript" + }, + + contents: { + xml: /\bxml\b/, + html: /\bhtml/, + json: /\bjson\b/ + }, + + responseFields: { + xml: "responseXML", + text: "responseText", + json: "responseJSON" + }, + + // Data converters + // Keys separate source (or catchall "*") and destination types with a single space + converters: { + + // Convert anything to text + "* text": String, + + // Text to html (true = no transformation) + "text html": true, + + // Evaluate text as a json expression + "text json": JSON.parse, + + // Parse text as xml + "text xml": jQuery.parseXML + }, + + // For options that shouldn't be deep extended: + // you can add your own custom options here if + // and when you create one that shouldn't be + // deep extended (see ajaxExtend) + flatOptions: { + url: true, + context: true + } + }, + + // Creates a full fledged settings object into target + // with both ajaxSettings and settings fields. + // If target is omitted, writes into ajaxSettings. + ajaxSetup: function( target, settings ) { + return settings ? + + // Building a settings object + ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : + + // Extending ajaxSettings + ajaxExtend( jQuery.ajaxSettings, target ); + }, + + ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), + ajaxTransport: addToPrefiltersOrTransports( transports ), + + // Main method + ajax: function( url, options ) { + + // If url is an object, simulate pre-1.5 signature + if ( typeof url === "object" ) { + options = url; + url = undefined; + } + + // Force options to be an object + options = options || {}; + + var transport, + + // URL without anti-cache param + cacheURL, + + // Response headers + responseHeadersString, + responseHeaders, + + // timeout handle + timeoutTimer, + + // Url cleanup var + urlAnchor, + + // Request state (becomes false upon send and true upon completion) + completed, + + // To know if global events are to be dispatched + fireGlobals, + + // Loop variable + i, + + // uncached part of the url + uncached, + + // Create the final options object + s = jQuery.ajaxSetup( {}, options ), + + // Callbacks context + callbackContext = s.context || s, + + // Context for global events is callbackContext if it is a DOM node or jQuery collection + globalEventContext = s.context && + ( callbackContext.nodeType || callbackContext.jquery ) ? + jQuery( callbackContext ) : + jQuery.event, + + // Deferreds + deferred = jQuery.Deferred(), + completeDeferred = jQuery.Callbacks( "once memory" ), + + // Status-dependent callbacks + statusCode = s.statusCode || {}, + + // Headers (they are sent all at once) + requestHeaders = {}, + requestHeadersNames = {}, + + // Default abort message + strAbort = "canceled", + + // Fake xhr + jqXHR = { + readyState: 0, + + // Builds headers hashtable if needed + getResponseHeader: function( key ) { + var match; + if ( completed ) { + if ( !responseHeaders ) { + responseHeaders = {}; + while ( ( match = rheaders.exec( responseHeadersString ) ) ) { + responseHeaders[ match[ 1 ].toLowerCase() ] = match[ 2 ]; + } + } + match = responseHeaders[ key.toLowerCase() ]; + } + return match == null ? null : match; + }, + + // Raw string + getAllResponseHeaders: function() { + return completed ? responseHeadersString : null; + }, + + // Caches the header + setRequestHeader: function( name, value ) { + if ( completed == null ) { + name = requestHeadersNames[ name.toLowerCase() ] = + requestHeadersNames[ name.toLowerCase() ] || name; + requestHeaders[ name ] = value; + } + return this; + }, + + // Overrides response content-type header + overrideMimeType: function( type ) { + if ( completed == null ) { + s.mimeType = type; + } + return this; + }, + + // Status-dependent callbacks + statusCode: function( map ) { + var code; + if ( map ) { + if ( completed ) { + + // Execute the appropriate callbacks + jqXHR.always( map[ jqXHR.status ] ); + } else { + + // Lazy-add the new callbacks in a way that preserves old ones + for ( code in map ) { + statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; + } + } + } + return this; + }, + + // Cancel the request + abort: function( statusText ) { + var finalText = statusText || strAbort; + if ( transport ) { + transport.abort( finalText ); + } + done( 0, finalText ); + return this; + } + }; + + // Attach deferreds + deferred.promise( jqXHR ); + + // Add protocol if not provided (prefilters might expect it) + // Handle falsy url in the settings object (#10093: consistency with old signature) + // We also use the url parameter if available + s.url = ( ( url || s.url || location.href ) + "" ) + .replace( rprotocol, location.protocol + "//" ); + + // Alias method option to type as per ticket #12004 + s.type = options.method || options.type || s.method || s.type; + + // Extract dataTypes list + s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; + + // A cross-domain request is in order when the origin doesn't match the current origin. + if ( s.crossDomain == null ) { + urlAnchor = document.createElement( "a" ); + + // Support: IE <=8 - 11, Edge 12 - 13 + // IE throws exception on accessing the href property if url is malformed, + // e.g. http://example.com:80x/ + try { + urlAnchor.href = s.url; + + // Support: IE <=8 - 11 only + // Anchor's host property isn't correctly set when s.url is relative + urlAnchor.href = urlAnchor.href; + s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== + urlAnchor.protocol + "//" + urlAnchor.host; + } catch ( e ) { + + // If there is an error parsing the URL, assume it is crossDomain, + // it can be rejected by the transport if it is invalid + s.crossDomain = true; + } + } + + // Convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) { + s.data = jQuery.param( s.data, s.traditional ); + } + + // Apply prefilters + inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); + + // If request was aborted inside a prefilter, stop there + if ( completed ) { + return jqXHR; + } + + // We can fire global events as of now if asked to + // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) + fireGlobals = jQuery.event && s.global; + + // Watch for a new set of requests + if ( fireGlobals && jQuery.active++ === 0 ) { + jQuery.event.trigger( "ajaxStart" ); + } + + // Uppercase the type + s.type = s.type.toUpperCase(); + + // Determine if request has content + s.hasContent = !rnoContent.test( s.type ); + + // Save the URL in case we're toying with the If-Modified-Since + // and/or If-None-Match header later on + // Remove hash to simplify url manipulation + cacheURL = s.url.replace( rhash, "" ); + + // More options handling for requests with no content + if ( !s.hasContent ) { + + // Remember the hash so we can put it back + uncached = s.url.slice( cacheURL.length ); + + // If data is available, append data to url + if ( s.data ) { + cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; + + // #9682: remove data so that it's not used in an eventual retry + delete s.data; + } + + // Add or update anti-cache param if needed + if ( s.cache === false ) { + cacheURL = cacheURL.replace( rantiCache, "$1" ); + uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce++ ) + uncached; + } + + // Put hash and anti-cache on the URL that will be requested (gh-1732) + s.url = cacheURL + uncached; + + // Change '%20' to '+' if this is encoded form body content (gh-2658) + } else if ( s.data && s.processData && + ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { + s.data = s.data.replace( r20, "+" ); + } + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + if ( jQuery.lastModified[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); + } + if ( jQuery.etag[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); + } + } + + // Set the correct header, if data is being sent + if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { + jqXHR.setRequestHeader( "Content-Type", s.contentType ); + } + + // Set the Accepts header for the server, depending on the dataType + jqXHR.setRequestHeader( + "Accept", + s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? + s.accepts[ s.dataTypes[ 0 ] ] + + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : + s.accepts[ "*" ] + ); + + // Check for headers option + for ( i in s.headers ) { + jqXHR.setRequestHeader( i, s.headers[ i ] ); + } + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && + ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { + + // Abort if not done already and return + return jqXHR.abort(); + } + + // Aborting is no longer a cancellation + strAbort = "abort"; + + // Install callbacks on deferreds + completeDeferred.add( s.complete ); + jqXHR.done( s.success ); + jqXHR.fail( s.error ); + + // Get transport + transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); + + // If no transport, we auto-abort + if ( !transport ) { + done( -1, "No Transport" ); + } else { + jqXHR.readyState = 1; + + // Send global event + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); + } + + // If request was aborted inside ajaxSend, stop there + if ( completed ) { + return jqXHR; + } + + // Timeout + if ( s.async && s.timeout > 0 ) { + timeoutTimer = window.setTimeout( function() { + jqXHR.abort( "timeout" ); + }, s.timeout ); + } + + try { + completed = false; + transport.send( requestHeaders, done ); + } catch ( e ) { + + // Rethrow post-completion exceptions + if ( completed ) { + throw e; + } + + // Propagate others as results + done( -1, e ); + } + } + + // Callback for when everything is done + function done( status, nativeStatusText, responses, headers ) { + var isSuccess, success, error, response, modified, + statusText = nativeStatusText; + + // Ignore repeat invocations + if ( completed ) { + return; + } + + completed = true; + + // Clear timeout if it exists + if ( timeoutTimer ) { + window.clearTimeout( timeoutTimer ); + } + + // Dereference transport for early garbage collection + // (no matter how long the jqXHR object will be used) + transport = undefined; + + // Cache response headers + responseHeadersString = headers || ""; + + // Set readyState + jqXHR.readyState = status > 0 ? 4 : 0; + + // Determine if successful + isSuccess = status >= 200 && status < 300 || status === 304; + + // Get response data + if ( responses ) { + response = ajaxHandleResponses( s, jqXHR, responses ); + } + + // Convert no matter what (that way responseXXX fields are always set) + response = ajaxConvert( s, response, jqXHR, isSuccess ); + + // If successful, handle type chaining + if ( isSuccess ) { + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + modified = jqXHR.getResponseHeader( "Last-Modified" ); + if ( modified ) { + jQuery.lastModified[ cacheURL ] = modified; + } + modified = jqXHR.getResponseHeader( "etag" ); + if ( modified ) { + jQuery.etag[ cacheURL ] = modified; + } + } + + // if no content + if ( status === 204 || s.type === "HEAD" ) { + statusText = "nocontent"; + + // if not modified + } else if ( status === 304 ) { + statusText = "notmodified"; + + // If we have data, let's convert it + } else { + statusText = response.state; + success = response.data; + error = response.error; + isSuccess = !error; + } + } else { + + // Extract error from statusText and normalize for non-aborts + error = statusText; + if ( status || !statusText ) { + statusText = "error"; + if ( status < 0 ) { + status = 0; + } + } + } + + // Set data for the fake xhr object + jqXHR.status = status; + jqXHR.statusText = ( nativeStatusText || statusText ) + ""; + + // Success/Error + if ( isSuccess ) { + deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); + } else { + deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); + } + + // Status-dependent callbacks + jqXHR.statusCode( statusCode ); + statusCode = undefined; + + if ( fireGlobals ) { + globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", + [ jqXHR, s, isSuccess ? success : error ] ); + } + + // Complete + completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); + + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); + + // Handle the global AJAX counter + if ( !( --jQuery.active ) ) { + jQuery.event.trigger( "ajaxStop" ); + } + } + } + + return jqXHR; + }, + + getJSON: function( url, data, callback ) { + return jQuery.get( url, data, callback, "json" ); + }, + + getScript: function( url, callback ) { + return jQuery.get( url, undefined, callback, "script" ); + } +} ); + +jQuery.each( [ "get", "post" ], function( i, method ) { + jQuery[ method ] = function( url, data, callback, type ) { + + // Shift arguments if data argument was omitted + if ( jQuery.isFunction( data ) ) { + type = type || callback; + callback = data; + data = undefined; + } + + // The url can be an options object (which then must have .url) + return jQuery.ajax( jQuery.extend( { + url: url, + type: method, + dataType: type, + data: data, + success: callback + }, jQuery.isPlainObject( url ) && url ) ); + }; +} ); + + +jQuery._evalUrl = function( url ) { + return jQuery.ajax( { + url: url, + + // Make this explicit, since user can override this through ajaxSetup (#11264) + type: "GET", + dataType: "script", + cache: true, + async: false, + global: false, + "throws": true + } ); +}; + + +jQuery.fn.extend( { + wrapAll: function( html ) { + var wrap; + + if ( this[ 0 ] ) { + if ( jQuery.isFunction( html ) ) { + html = html.call( this[ 0 ] ); + } + + // The elements to wrap the target around + wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); + + if ( this[ 0 ].parentNode ) { + wrap.insertBefore( this[ 0 ] ); + } + + wrap.map( function() { + var elem = this; + + while ( elem.firstElementChild ) { + elem = elem.firstElementChild; + } + + return elem; + } ).append( this ); + } + + return this; + }, + + wrapInner: function( html ) { + if ( jQuery.isFunction( html ) ) { + return this.each( function( i ) { + jQuery( this ).wrapInner( html.call( this, i ) ); + } ); + } + + return this.each( function() { + var self = jQuery( this ), + contents = self.contents(); + + if ( contents.length ) { + contents.wrapAll( html ); + + } else { + self.append( html ); + } + } ); + }, + + wrap: function( html ) { + var isFunction = jQuery.isFunction( html ); + + return this.each( function( i ) { + jQuery( this ).wrapAll( isFunction ? html.call( this, i ) : html ); + } ); + }, + + unwrap: function( selector ) { + this.parent( selector ).not( "body" ).each( function() { + jQuery( this ).replaceWith( this.childNodes ); + } ); + return this; + } +} ); + + +jQuery.expr.pseudos.hidden = function( elem ) { + return !jQuery.expr.pseudos.visible( elem ); +}; +jQuery.expr.pseudos.visible = function( elem ) { + return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); +}; + + + + +jQuery.ajaxSettings.xhr = function() { + try { + return new window.XMLHttpRequest(); + } catch ( e ) {} +}; + +var xhrSuccessStatus = { + + // File protocol always yields status code 0, assume 200 + 0: 200, + + // Support: IE <=9 only + // #1450: sometimes IE returns 1223 when it should be 204 + 1223: 204 + }, + xhrSupported = jQuery.ajaxSettings.xhr(); + +support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); +support.ajax = xhrSupported = !!xhrSupported; + +jQuery.ajaxTransport( function( options ) { + var callback, errorCallback; + + // Cross domain only allowed if supported through XMLHttpRequest + if ( support.cors || xhrSupported && !options.crossDomain ) { + return { + send: function( headers, complete ) { + var i, + xhr = options.xhr(); + + xhr.open( + options.type, + options.url, + options.async, + options.username, + options.password + ); + + // Apply custom fields if provided + if ( options.xhrFields ) { + for ( i in options.xhrFields ) { + xhr[ i ] = options.xhrFields[ i ]; + } + } + + // Override mime type if needed + if ( options.mimeType && xhr.overrideMimeType ) { + xhr.overrideMimeType( options.mimeType ); + } + + // X-Requested-With header + // For cross-domain requests, seeing as conditions for a preflight are + // akin to a jigsaw puzzle, we simply never set it to be sure. + // (it can always be set on a per-request basis or even using ajaxSetup) + // For same-domain requests, won't change header if already provided. + if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { + headers[ "X-Requested-With" ] = "XMLHttpRequest"; + } + + // Set headers + for ( i in headers ) { + xhr.setRequestHeader( i, headers[ i ] ); + } + + // Callback + callback = function( type ) { + return function() { + if ( callback ) { + callback = errorCallback = xhr.onload = + xhr.onerror = xhr.onabort = xhr.onreadystatechange = null; + + if ( type === "abort" ) { + xhr.abort(); + } else if ( type === "error" ) { + + // Support: IE <=9 only + // On a manual native abort, IE9 throws + // errors on any property access that is not readyState + if ( typeof xhr.status !== "number" ) { + complete( 0, "error" ); + } else { + complete( + + // File: protocol always yields status 0; see #8605, #14207 + xhr.status, + xhr.statusText + ); + } + } else { + complete( + xhrSuccessStatus[ xhr.status ] || xhr.status, + xhr.statusText, + + // Support: IE <=9 only + // IE9 has no XHR2 but throws on binary (trac-11426) + // For XHR2 non-text, let the caller handle it (gh-2498) + ( xhr.responseType || "text" ) !== "text" || + typeof xhr.responseText !== "string" ? + { binary: xhr.response } : + { text: xhr.responseText }, + xhr.getAllResponseHeaders() + ); + } + } + }; + }; + + // Listen to events + xhr.onload = callback(); + errorCallback = xhr.onerror = callback( "error" ); + + // Support: IE 9 only + // Use onreadystatechange to replace onabort + // to handle uncaught aborts + if ( xhr.onabort !== undefined ) { + xhr.onabort = errorCallback; + } else { + xhr.onreadystatechange = function() { + + // Check readyState before timeout as it changes + if ( xhr.readyState === 4 ) { + + // Allow onerror to be called first, + // but that will not handle a native abort + // Also, save errorCallback to a variable + // as xhr.onerror cannot be accessed + window.setTimeout( function() { + if ( callback ) { + errorCallback(); + } + } ); + } + }; + } + + // Create the abort callback + callback = callback( "abort" ); + + try { + + // Do send the request (this may raise an exception) + xhr.send( options.hasContent && options.data || null ); + } catch ( e ) { + + // #14683: Only rethrow if this hasn't been notified as an error yet + if ( callback ) { + throw e; + } + } + }, + + abort: function() { + if ( callback ) { + callback(); + } + } + }; + } +} ); + + + + +// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) +jQuery.ajaxPrefilter( function( s ) { + if ( s.crossDomain ) { + s.contents.script = false; + } +} ); + +// Install script dataType +jQuery.ajaxSetup( { + accepts: { + script: "text/javascript, application/javascript, " + + "application/ecmascript, application/x-ecmascript" + }, + contents: { + script: /\b(?:java|ecma)script\b/ + }, + converters: { + "text script": function( text ) { + jQuery.globalEval( text ); + return text; + } + } +} ); + +// Handle cache's special case and crossDomain +jQuery.ajaxPrefilter( "script", function( s ) { + if ( s.cache === undefined ) { + s.cache = false; + } + if ( s.crossDomain ) { + s.type = "GET"; + } +} ); + +// Bind script tag hack transport +jQuery.ajaxTransport( "script", function( s ) { + + // This transport only deals with cross domain requests + if ( s.crossDomain ) { + var script, callback; + return { + send: function( _, complete ) { + script = jQuery( " + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Export playbooks

+
+

+
+

The module gathers FortiOS factss are invoking GET requests for FortiOS managed objects or procedures and converts the returned facts into a playbook that users can apply directly.

+
+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/fact.html b/_build/html/fact.html new file mode 100644 index 00000000..f15540cf --- /dev/null +++ b/_build/html/fact.html @@ -0,0 +1,132 @@ + + + + + + Facts Gathering Modules — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Facts Gathering Modules

+
+

+
+

The Modules to gather FortiOS fatcs are invoking GET requests for FortiOS managed objects or procedures.

+
+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/faq.html b/_build/html/faq.html new file mode 100644 index 00000000..40217a66 --- /dev/null +++ b/_build/html/faq.html @@ -0,0 +1,510 @@ + + + + + + Frequently Asked Questions (FAQ) — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Frequently Asked Questions (FAQ)

+
+

+
+
+
TABLE OF CONTENTS:
+
+
+
+
+

+
+
+

What’s Access Token?

+

Access Token here is an API token which is used to authenticate an API request, an api token is associated with an API user once generated in FortiOS. +FortiOS Ansible supports api token based authentication, please see Run Your Playbook for how to use access_token in Ansible playbook.

+

Sometimes we also want to dynamically generate an API token via FortiOS ansible module, we have a demo to show how to generate an API token:

+
# to customize privileges for the API user, we can also define an accprofile via module fortios_system_accprofile.
+- name: Create An API User if not present
+  fortios_system_api_user:
+     vdom: 'root'
+     state: 'present'
+     system_api_user:
+         name: 'AnsibleAPIUser'
+         accprofile: 'super_admin' # This is predefined privilege profile.
+         vdom:
+            - name: 'root'
+         trusthost:
+             - id: '1'
+               ipv4_trusthost: '192.168.190.0 255.255.255.0'
+
+# To reference the generated token, we can use notation "{{ tokeninfo.meta.results.access_token  }}"in further tasks or keep it somewhere in disk.
+- name: Generate The API token
+  fortios_monitor:
+     vdom: 'root'
+     selector: 'generate-key.system.api-user'
+     params:
+         api-user: 'AnsibleAPIUser'
+  register: tokeninfo
+
+- name: do another api request with newly generated access_token
+  fortios_configuration_fact:
+     access_token: "{{ tokeninfo.meta.results.access_token  }}"
+     vdom: 'root'
+     selector: 'system_status'
+
+
+
+
+

How To Backup And Restore FOS?

+

Legacy module fortios_system_config_backup_restore is deprecated since 2.0.0, new modules are available for doing equivalent jobs. +New modules are desined to be very flexible, that requires us to combine modules to do complex task.

+

Note: operation backup and restore needs administrative privilege, better not choose access token based authentication.

+
+

Backup settings to local file.

+

FortiOS Ansible collection doesn’t provide any modules for local file operations, here we use builtin copy module to copy plain configuration text into a file.

+
- name: Backup a virtual domain.
+  fortios_monitor_fact:
+     selector: 'system_config_backup'
+     vdom: 'root'
+     params:
+         scope: 'global'
+  register: backupinfo
+
+- name: Save the backup information.
+  copy:
+     content: '{{ backupinfo.meta.raw }}'
+     dest: './local.backup'
+
+
+
+
+

Restore settings from local file.

+

FortiOS only accepts base64 encoded text, the configuration text must be encoded before being uploaded.

+
- name: Restore from file.
+  fortios_monitor:
+     selector: 'restore.system.config'
+     vdom: 'root'
+     params:
+         scope: 'global'
+         source: 'upload'
+         vdom: 'root'
+         file_content: "{{ lookup( 'file', './local.backup') | string | b64encode }}"
+
+
+
+
+

Restore settings from other sources.

+

no matter what source is, just make sure content is encoded.

+
- name: Backup a virtual domain.
+  fortios_monitor_fact:
+     selector: 'system_config_backup'
+     vdom: 'root'
+     params:
+         scope: 'global'
+  register: backupinfo
+
+- name: Restore from intermediate result.
+  fortios_monitor:
+     selector: 'restore.system.config'
+     vdom: 'root'
+     params:
+         scope: 'global'
+         source: 'upload'
+         vdom: 'root'
+         file_content: "{{ backupinfo.meta.raw | string | b64encode}}"
+
+
+

For more options to restore, see module fortios_monitor and its selector restore.system.config, +for more options to backup, see module fortios_monitor_fact and its selector system_config_backup.

+
+
+
+

How To Import A License?

+
+

Import a license for a newly installed FOS instance.

+

Make sure the active management port allows access to http service by setting allowaccess.

+
FortiGate-VM64 # show system interface port1
+config system interface
+edit "port1"
+    set vdom "root"
+    set mode dhcp
+    set allowaccess ping https ssh http fgfm
+    set type physical
+    set snmp-index 1
+next
+end
+
+
+

Then run the following playbook to upload licence for the first time:

+
- hosts: fortigate_new
+  connection: httpapi
+  collections:
+   - fortinet.fortios
+  vars:
+   vdom: "root"
+   ansible_httpapi_use_ssl: no
+   ansible_httpapi_validate_certs: no
+   ansible_httpapi_port: 80
+   ansible_command_timeout: 5
+  tasks:
+
+   - name: Upload the license to the newly installed FGT device
+     fortios_monitor:
+         vdom: "{{ vdom }}"
+         selector: 'upload.system.vmlicense'
+         params:
+             file_content: "{{ lookup( 'file', './FGVM02TM20012347.lic') | string | b64encode }}"
+     ignore_errors: True
+
+
+

In the example, we put license file FGVM02TM20012347.lic under current working directory.

+

Once FOS accepts a valid licence, it reboots immediately and the connection terminates suddenly, as a result, we must not regard connection timeout as errors, we’d better ignore connection timeout exception. +and the default connection timeout is 30 seconds, better make it smaller.

+

Access token based authentication is not allowed in initial license import

+
+
+

Renew a license for a licence-ready FOS instance.

+

To renew the license for a running FOS instance, we don’t have to use http service (by default, after license is activated, http service is redirected to https service, which causes problems for Ansible). +by setting ansible_httpapi_use_ssl to True and ansible_httpapi_port to 443, the task can normally upload the license.

+

Renewing a license can use access token based authentication as long as associated API user has admin privilege to upload license.

+
+
+
+

How does Ansible work with login banner?

+
+

what’s login banner?

+

FOS puts a barrier in login process if pre- and(or) post- login bannner are enabled, and ansible authentication is restricted: only access token based authentication is allowed.

+
+
+

How to safely generate access token?

+

For Ansible FOS login banner usage, there could be a deadlock if one the of following cases apprears:

+
+
    +
  • I don’t have an API user or access token.
    • +
  • I have an access token but it has expired.
    • +
+
+

upon such deadlocks, there is no other way but to disable banners and (re)generate one.

+

To generate an access token in advance, please see How To Generate Access Token Dynamically, and please do token generation with Ansible with all the login banners disabled(it’s not necessay to disable banners if we generate access token from WEB UI).

+
FGVM02TM20012347 # config system global
+FGVM02TM20012347 (global) # set post-login-banner disable
+FGVM02TM20012347 (global) # set pre-login-banner disable
+FGVM02TM20012347 (global) # end
+FGVM02TM20012347 #
+
+
+
+
+

where to keep generated access token?

+

Normally if we generate an access token from WEB UI, we may put it in inventory file as a variable fortios_access_token:

+
[fortigates]
+fortigate01 ansible_host=<the address of the host> fortios_access_token=<the access token>
+
+
+

we can encrypt the inventory file through ansible tool ansible-vault, thus avoiding token leaks.

+

To automate token (re)generation, we might also want to keep it somewhere else in local storage. An example is given below to show how to save and re-use a token later:

+
- name: Generate The API token
+  fortios_monitor:
+     vdom: 'root'
+     selector: 'generate-key.system.api-user'
+     params:
+         api-user: 'AnsibleAPIUser'
+  register: tokeninfo
+
+- name: Save the API token
+  copy:
+     content: "{{ tokeninfo.meta.results.access_token }}"
+     dest: './access_token.save'
+
+
+

then in subsequent tasks, we read the token directly from saved file:

+
vars:
+ vdom: "root"
+ ansible_httpapi_use_ssl: yes
+ ansible_httpapi_validate_certs: no
+ ansible_httpapi_port: 443
+ saved_access_token: "{{ lookup( 'file', './access_token.save') | string }}"
+
+tasks:
+ - name: do another api request with saved access_token
+   fortios_configuration_fact:
+     access_token: "{{ saved_access_token }}"
+     vdom: 'root'
+     selector: 'system_status'
+
+
+

Caveats: saved access token is not guarded by Ansible, once leaked, others may access the FOS illegally. one way to restrict illegal access is to limit source localtion in ipv4_trusthost during creating the API users.

+
+
+
+

How To Work With Raw FotiOS CLI?

+

In FortiOS, some CLI commands are not exported as RestAPI, as a reasult, Ansible FortiOS collection has no identical module for those CLI commands. +And FortiOS default CLI shell is not a standard Unix shell, so Ansible builtin modules like shell and command are of no use. +To work this around in Ansible, we use a verbose but very efficient and flexible way to execute some FortiOS CLI commands from Ansible.

+

Below are two examples of the template:

+

Append a firewall address member to a group using append command:

+
- hosts: localhost
+  vars:
+    # ======================== Below are crenditials to connect to Fortigate Device========
+    fgt_host: '192.168.190.171'
+    fgt_user: 'admin'
+    fgt_pass: 'password'
+
+    firewall_group_name: 'firwalladdressgroup0'
+    firewall_address_name: 'firewalladdress0'
+    # =====================================================================================
+    script_path: '/tmp/fgt.shell.task'
+  tasks:
+   - name: Prepare The Shell Scrit Template.
+     raw: |
+            cat > {{script_path }} << EOF_OUTER
+            # /bin/bash
+            # Please make sure tool sshpass is installed. e.g. on Debian/Ubuntu, apt-get install sshpass.
+            # Optionally you can pass some parameters.
+            # The character `a` at second line below is to avoid post-login-banner barrier.
+            sshpass -p '{{ fgt_pass }}' ssh -o StrictHostKeyChecking=no {{ fgt_user }}@{{ fgt_host }} <<EOF
+            a
+            # ====================== Edit Your Commands Below =============================================
+            config firewall addrgrp
+            edit '\$1'
+            append member '\$2'
+            end
+            # ==============================================================================================
+            EOF
+            EOF_OUTER
+
+
+   - name: Execute The Cli Commands.
+     raw: |
+            chmod +x {{ script_path }} && {{ script_path }} '{{ firewall_group_name }}' '{{ firewall_address_name }}'
+     args:
+       executable: /bin/bash
+
+
+

Enable/Disable pre-/post- login banners

+
- hosts: localhost
+  vars:
+    # ======================== Below are crenditials to connect to Fortigate Device========
+    fgt_host: '192.168.190.171'
+    fgt_user: 'admin'
+    fgt_pass: 'password'
+    # =====================================================================================
+    script_path: '/tmp/fgt.shell.task'
+  tasks:
+   - name: Prepare The Shell Scrit Template.
+     raw: |
+            cat > {{script_path }} << EOF_OUTER
+            # /bin/bash
+            # Please make sure tool sshpass is installed. e.g. on Debian/Ubuntu, apt-get install sshpass.
+            # Optionally you can pass some parameters.
+            # The character `a` at second line below is to avoid post-login-banner barrier.
+            sshpass -p '{{ fgt_pass }}' ssh -o StrictHostKeyChecking=no {{ fgt_user }}@{{ fgt_host }} <<EOF
+            a
+            # ====================== Edit Your Commands Below =============================================
+            config system global
+            set pre-login-banner '\${1:-disbale}'
+            set post-login-banner '\${2:-disable}'
+            end
+            # ==============================================================================================
+            EOF
+            EOF_OUTER
+
+
+   - name: Execute The Cli Commands, e.g. enable pre- and post- login banner.
+     raw: |
+            chmod +x {{ script_path }} && {{ script_path }} enable enable
+     args:
+       executable: /bin/bash
+
+
+
+
+

How to use the set_fact module in a task?

+

In Ansible, there’s an important module that works with variables and is used to get or set variable values, which is set_fact. +This module is used to set new variables and these variables are available to subsequent plays in a playbook. +Using set_fact, we can store the value after preparing it on the fly using certain task.

+

The following example will show you how set_fact module can be used in a task to configure the firewall address group.

+

Configuring the firewall address group with a string type of variable that contains all the grouped firewall addresses:

+
- hosts: fortigateslab
+  connection: httpapi
+  collections:
+    - fortinet.fortios
+  vars:
+    vdom: 'root'
+    ansible_httpapi_use_ssl: yes
+    ansible_httpapi_validate_certs: no
+    ansible_httpapi_port: 443
+    demo_input: 'login.microsoftonline.com, login.microsoft.com, login.windows.net'
+    demo_members: []
+  tasks:
+    - name: Process input content
+      set_fact:
+        demo_members: "{{ demo_members + [{'name': item.strip(' ')}] }}"
+      with_items:
+        - "{{demo_input.split(',')}}"
+
+    - debug:
+        var: demo_members
+
+    - name: Configure Firewall Schedule Recurring
+      fortios_firewall_addrgrp:
+        vdom:  '{{ vdom }}'
+        state: 'present'
+        enable_log: True
+        access_token: '{{ fortios_access_token }}'
+        firewall_addrgrp:
+          name: 'group_1'
+          comment: 'created via Ansible'
+          visibility: 'enable'
+          member: '{{ demo_members }}'
+
+
+

In the example, the first task is preprocessing the input content. +Specifically, it splits the input content with comma to get a list of the firewall addresses. +Then it appends the each address to the variable demo_members. +So the demo_members variable can be assigned to the variable members in the subsequent play.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/fortios_json_generic.html b/_build/html/fortios_json_generic.html new file mode 100644 index 00000000..292aa459 --- /dev/null +++ b/_build/html/fortios_json_generic.html @@ -0,0 +1,366 @@ + + + + + + fortios_json_generic – Configure Fortinet’s FortiOS and FortiGate with json generic method. — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

fortios_json_generic – Configure Fortinet’s FortiOS and FortiGate with json generic method.

+ +
+

Synopsis

+

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set any category supported by FortiAPI with raw json. All parameters and values included in examples need to be adjusted to datasources before usage.

+
+
+

Requirements

+

The below requirements are needed on the host that executes this module.

+
    +
  • install galaxy collection fortinet.fortios >= 2.0.0
    • +
+
+
+

Parameters

+
    + +
  • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
    • +
  • enable_log - Enable/Disable logging for task. type: bool required: False default: False
    • +
  • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
    • +
  • json_generic - json generic default: null type: dict
    • +
      +
    • dictbody - Body with YAML list of key/value format type: dict
      • +
    • jsonbody - Body with JSON string format, will always give priority to jsonbody type: str
      • +
    • method - HTTP methods type: str choices: GET, PUT, POST, DELETE
      • +
    • path - URL path, e.g./api/v2/cmdb/firewall/address type: str
      • +
    • specialparams - Extra URL parameters, e.g.start=1&count=10 type: str +
    + +
+
+

Examples

+

host

+
[fortigates]
+fortigate01 ansible_host=192.168.52.177 ansible_user="admin" ansible_password="admin"
+
+[fortigates:vars]
+ansible_network_os=fortios
+
+
+

sample1.yml

+
---
+- hosts: fortigates
+  connection: httpapi
+  collections:
+    - fortinet.fortios
+  vars:
+   vdom: "root"
+   ansible_httpapi_use_ssl: yes
+   ansible_httpapi_validate_certs: no
+   ansible_httpapi_port: 443
+
+  tasks:
+  - name: test add with string
+    fortios_json_generic:
+      vdom:  "{{ vdom }}"
+      json_generic:
+        method: "POST"
+        path: "/api/v2/cmdb/firewall/address"
+        jsonbody: |
+          {
+          "name": "111",
+          "type": "geography",
+          "fqdn": "",
+          "country": "AL",
+          "comment": "ccc",
+          "visibility": "enable",
+          "associated-interface": "port1",
+          "allow-routing": "disable"
+          }
+    register: info
+
+  - name: display vars
+    debug: msg="{{info}}"
+
+
+

sample2.yml

+
---
+- hosts: fortigates
+  connection: httpapi
+  collections:
+    - fortinet.fortios
+  vars:
+   vdom: "root"
+   ansible_httpapi_use_ssl: yes
+   ansible_httpapi_validate_certs: no
+   ansible_httpapi_port: 443
+
+  tasks:
+  - name: test delete
+    fortios_json_generic:
+      vdom:  "{{ vdom }}"
+      json_generic:
+        method: "DELETE"
+        path: "/api/v2/cmdb/firewall/address/111"
+        specialparams: "testpara1=1&testpara2=2"
+    register: info
+
+  - name: display vars
+    debug: msg="{{info}}"
+
+  - name: test add with dict
+    fortios_json_generic:
+      vdom:  "{{ vdom }}"
+      json_generic:
+        method: "POST"
+        path: "/api/v2/cmdb/firewall/address"
+        dictbody:
+          name: "111"
+          type: "geography"
+          fqdn: ""
+          country: "AL"
+          comment: "ccc"
+          visibility: "enable"
+          associated-interface: "port1"
+          allow-routing: "disable"
+    register: info
+
+  - name: display vars
+    debug: msg="{{info}}"
+
+  - name: test delete
+    fortios_json_generic:
+      vdom:  "{{ vdom }}"
+      json_generic:
+        method: "DELETE"
+        path: "/api/v2/cmdb/firewall/address/111"
+    register: info
+
+  - name: display vars
+    debug: msg="{{info}}"
+
+  - name: test add with string
+    fortios_json_generic:
+      vdom:  "{{ vdom }}"
+      json_generic:
+        method: "POST"
+        path: "/api/v2/cmdb/firewall/address"
+        jsonbody: |
+          {
+          "name": "111",
+          "type": "geography",
+          "fqdn": "",
+          "country": "AL",
+          "comment": "ccc",
+          "visibility": "enable",
+          "associated-interface": "port1",
+          "allow-routing": "disable"
+          }
+    register: info
+
+  - name: display vars
+    debug: msg="{{info}}"
+
+
+

sample3.yml

+
---
+- hosts: fortigates
+  collections:
+    - fortinet.fortios
+  connection: httpapi
+  vars:
+   vdom: "root"
+   ansible_httpapi_use_ssl: yes
+   ansible_httpapi_validate_certs: no
+   ansible_httpapi_port: 443
+
+  tasks:
+  - name: test firewall policy order modification
+    fortios_json_generic:
+      vdom:  "{{ vdom }}"
+      json_generic:
+            method: "PUT"
+            path: "/api/v2/cmdb/firewall/policy/1"
+            specialparams: "action=move&after=2"
+    register: info
+
+  - name: display vars
+    debug: msg="{{info}}"
+
+
+
+
+

Return Values

+

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

+
    + +
  • build - Build number of the fortigate image returned: always type: str sample: '1547'
    • +
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: 'PUT'
    • +
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
    • +
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
    • +
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
    • +
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
    • +
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
    • +
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
    • +
  • status - Indication of the operation's result returned: always type: str sample: success
    • +
  • vdom - Virtual domain used returned: always type: str sample: root
    • +
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3
    • +
+ +
+

Authors

+
    +
  • Link Zheng (@chillancezen)
    • +
  • Jie Xue (@JieX19)
    • +
  • Frank Shen (@fshen01)
    • +
  • Hongbin Lu (@fgtdev-hblu)
    • +
+
+
+

Warning

+

It’s preferred to use FortiOS Ansible Collection Included Modules unless some features are not available there.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/generic.html b/_build/html/generic.html new file mode 100644 index 00000000..c4ea2c46 --- /dev/null +++ b/_build/html/generic.html @@ -0,0 +1,136 @@ + + + + + + Generic Modules — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Generic Modules

+
+

+
+

The Modules to build flexible raw requests to FortiOS appliances.

+
+ +
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/genindex.html b/_build/html/genindex.html new file mode 100644 index 00000000..3f1dbde3 --- /dev/null +++ b/_build/html/genindex.html @@ -0,0 +1,122 @@ + + + + + + + Index — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+
    +
  • »
    • +
  • Index
    • +
  • +
    • +
+
+
+
+
+ + +

Index

+ +
+ +
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/help.html b/_build/html/help.html new file mode 100644 index 00000000..ccb8147d --- /dev/null +++ b/_build/html/help.html @@ -0,0 +1,141 @@ + + + + + + Get Help — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Get Help

+
+

+
+
+

Technical and Commuity Support

+

You can get support from Fortinet Technical Assistance Center.

+

For Ansible common issue, you can also get support from the community

+
+
+

Filing issues.

+

You can get support from the community engineering team via filing an +issue in git issues page

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/index.html b/_build/html/index.html new file mode 100644 index 00000000..6074e24e --- /dev/null +++ b/_build/html/index.html @@ -0,0 +1,154 @@ + + + + + + Welcome to Ansible Galaxy FortiOS Collection Documentation {{__galaxy_version__}}! — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+
    +
  • »
    • +
  • Welcome to Ansible Galaxy FortiOS Collection Documentation {{__galaxy_version__}}!
    • +
  • + View page source +
    • +
+
+
+
+
+ +
+

Welcome to Ansible Galaxy FortiOS Collection Documentation {{__galaxy_version__}}!

+

The FortiOS Ansible Collection provides Ansible modules for configuring FortiOS appliances.

+
+

FortiOS/Galaxy Version Mapping Guide

+ +
+
+

User's Guide

+ +
+
+

modules index

+ +
+
+

Appendices

+ +
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/install.html b/_build/html/install.html new file mode 100644 index 00000000..126ea610 --- /dev/null +++ b/_build/html/install.html @@ -0,0 +1,157 @@ + + + + + + Install FortiOS Ansible Galaxy — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Install FortiOS Ansible Galaxy

+

This document explains how to install the FortiOS Ansible Galaxy +Collection.

+
+
+

Install Python3

+ +
+
+

Install Ansible Core

+ +
+
+

Install FortiOS Galaxy Collection

+

The FortiOS Ansible Galaxy supports multilple FortiOS major releases, +you can install the latest collection by default via command +ansible-galaxy collection install fortinet.fortios. you can also +choose another galaxy version to match your FortiOS device.

+

Please see the versionig notes for more recently released collections +and install the ones which are marked latest for your devices.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/modules.html b/_build/html/modules.html new file mode 100644 index 00000000..19c252e0 --- /dev/null +++ b/_build/html/modules.html @@ -0,0 +1,128 @@ + + + + + + Configuration Modules — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Configuration Modules

+
+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/monitor.html b/_build/html/monitor.html new file mode 100644 index 00000000..4164cc80 --- /dev/null +++ b/_build/html/monitor.html @@ -0,0 +1,132 @@ + + + + + + Monitor Modules — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Monitor Modules

+
+

+
+

The Modules to build FortiOS monitor API requests to FortiOS appliances.

+
+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/objects.inv b/_build/html/objects.inv new file mode 100644 index 00000000..7451537e Binary files /dev/null and b/_build/html/objects.inv differ diff --git a/_build/html/playbook.html b/_build/html/playbook.html new file mode 100644 index 00000000..c1829763 --- /dev/null +++ b/_build/html/playbook.html @@ -0,0 +1,191 @@ + + + + + + Run Your First Playbook — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Run Your First Playbook

+

This document explains how to run your first FortiOS Ansible playbook.

+
+

With FortiOS Galaxy collection, you are always recommended to run +FortiOS module in httpapi manner. The first step is to prepare your +host inventory with which you can use ansible-vault to encrypt or +decrypt your secrets for the sake of confidentiality.

+
+

Prepare host inventory

+

in our case we create a file named hosts:

+
[fortigates]
+fortigate01 ansible_host=192.168.190.130 ansible_user="admin" ansible_password="password"
+fortigate02 ansible_host=192.168.190.131 ansible_user="admin" ansible_password="password"
+fortigate03 ansible_host=192.168.190.132 fortios_access_token=<your access token>
+
+[fortigates:vars]
+ansible_network_os=fortinet.fortios.fortios
+
+
+

FortiOS supports two ways to authenticate Ansible: ansible_user and ansible_password pair based; fortios_access_token access token based. +Access token based way is prefered as it is safer without any password explosure and access token guarantees request source location is wanted.

+

for how to generate an API token, visit page FortiOS API Spec.

+
+
+

Write the playbook

+

in the example: test.yml we are going to modify the fortigate +device’s hostname:

+
- hosts: fortigate03
+  connection: httpapi
+  collections:
+  - fortinet.fortios
+  vars:
+   vdom: "root"
+   ansible_httpapi_use_ssl: yes
+   ansible_httpapi_validate_certs: no
+   ansible_httpapi_port: 443
+  tasks:
+   - name: Configure global attributes.
+     fortios_system_global:
+        vdom:  "{{ vdom }}"
+        access_token: "{{ fortios_access_token }}" #if you prefer access token based authentication, add this line.
+        system_global:
+            hostname: 'CustomHostName'
+
+
+

there are several options which might need you special care:

+
    +
  • connection : httpapi is preferred.
    • +
  • collections : The namespace must be fortinet.fortios
    • +
  • ansible_httpapi_use_ssl and ansible_httpapi_port: by +default when your fortiOS device is licensed, the https is enabled. +there is one exception: uploading vmlicence to a newly installed FOS instance, where you should set +ansible_httpapi_use_ssl: no and ansible_httpapi_port: 80. Please see Import licence to FOS for more details.
    • +
+
+
+

Run the playbook

+
ansible-playbook -i hosts test.yml
+
+
+

you can also observe the verbose output by adding option at the tail: +-vvv.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/release.html b/_build/html/release.html new file mode 100644 index 00000000..74208f0b --- /dev/null +++ b/_build/html/release.html @@ -0,0 +1,1436 @@ + + + + + + Release Notes — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Release Notes

+
+

+
+
+

Release Galaxy 2.1.4

+
+

Release Targets

+

FortiOS Galaxy 2.1.4 is based on 2.1.3

+
+
+

Bug Fixes

+
    +
  • Fix bugs in the function of compare_ip_address on check_mode.
    • +
  • Fix bugs when adding new members in some modules.
    • +
+
+
+
+

Release Galaxy 2.1.3

+
+

Release Targets

+

FortiOS Galaxy 2.1.3 is based on 2.1.2

+
+
+

Features

+
    +
  • Collect the current configurations of the modules and convert them into playbooks.
    • +
  • Support member operation (delete/add extra members) on an object that has a list of members in it.
    • +
  • Add real-world use cases in the example section for some configuration modules.
    • +
  • Support selectors feature in fortios_monitor_fact and fortios_log_fact.
    • +
  • Support FortiOS 7.0.1.
    • +
+
+
+

Bug Fixes

+
    +
  • Fix the filters error when fetching multiple facts with selectors for a configuration module (Github issue #138 ).
    • +
  • Fix the corner cases that response does not have status in it.
    • +
  • Fix Github issue #134
    • +
+
+
+
+

Release Galaxy 2.1.2

+
+

Release Targets

+

FortiOS Galaxy 2.1.2 is based on 2.1.1

+
+
+

Bug Fixes

+
    +
  • Fix a regression bug caused by non-required attributes.
    • +
  • Fix an intentional exception for listed options.
    • +
+
+
+
+

Release Galaxy 2.1.1

+
+

Release Targets

+

FortiOS Galaxy 2.1.1 is based on 2.1.0

+
+
+

Bug Fixes

+
    +
  • Fix the KeyError caused by non-required multi-value attributes in an object.
    • +
+
+
+
+

Release Galaxy 2.1.0

+
+

Release Targets

+

FortiOS Galaxy 2.1.0 is based on 2.0.2

+
+
+

Features

+
    +
  • Support Fortios 7.0.
    • +
  • Support Log APIs.
    • +
  • New module fortios_monitor_fact.
    • +
+
+
+

Bug Fixes

+
    +
  • Fix the unexpected warning caused by optinal params in fortios_monitor_fact and fortios_monitor.
    • +
  • Disable check_mode feature from all global objects of configuration modules due to ‘state’ issue.
    • +
  • Fix a bug in IP_PREFIX.match().
    • +
  • Fix the issue that the server_type is not updated in fortios_system_central_management.
    • +
+
+
+
+

Release Galaxy 2.0.2

+
+

Release Targets

+

FortiOS Galaxy 2.0.2 is based on 2.0.1

+
+
+

Features

+
    +
  • Support check_mode in all cofigurationAPI-based modules.
    • +
  • Improve fortios_configuration_fact to use multiple selectors concurrently.
    • +
  • Support moving policy in firewall_central_snat_map.
    • +
  • Support filtering for fact gathering modules fortios_configuration_fact and fortios_monitor_fact.
    • +
  • Unify schemas for monitor API.
    • +
+
+
+

Bug Fixes

+
    +
  • Fix the authorization fails at log in with username and password in FOS7.0.
    • +
  • Github Issue #103
    • +
  • Github Issue #105
    • +
+
+
+
+

Release Galaxy 2.0.1

+
+

Release Targets

+

FortiOS Galaxy is based on 2.0.0.

+
+
+

Features

+
+
    +
  • fixed pylint minor errors.
    • +
+
+
+
+
+

Release Galaxy 2.0.0

+
+

Release Targets

+

FortiOS Galaxy 2.0.0 is a major ansible release for all v6.x.x FOS virtual and hardware platforms.

+
+
+

Features

+
    +
  • Full support for gathering facts of both configuration(fortios_configuration_fact) and monitor(fortios_monitor_fact) objects or runtime data.
    • +
  • Support for requesting Monitor API via module fortios_monitor.
    • +
  • Ported FortiOS generic module: fortios_json_generic.
    • +
  • Unified collections for all 6.x FOS releases, Ansible detects versioning mismatch at runtime.
    • +
  • Explicit logging option: enable_log.
    • +
  • Deprecated second-layer state module parameter.
    • +
+
+
+

Compatibility Notes

+

As a major release, it semantically breaks backward compability, some modules are removed as new full-fledged replacements come into being.

+
    +
  • For deprecated modules, please find the alternatives in Deprecated Modules section.
    • +
  • Other existing modules are kepted compatible.
    • +
+
+
+

Deprecated Modules

+
    +
  • fortios_facts: find full selectors in modules fortios_configuration_fact and fortios_monitor_fact.
    • +
  • fortios_registration_forticare: replaced by module fortios_monitor, see selector add-license.registration.forticare.
    • +
  • fortios_registration_vdom: replaced by module fortios_monitor, see selector add-license.registration.vdom.
    • +
  • fortios_system_vmlicense: replaced by module fortios_monitor, see selector upload.system.vmlicense.
    • +
  • +
    fortios_system_config_backup_restore: it was a complexed module.
    +
      +
    • To backup the FOS system, use module fortios_monitor_fact and its selector system_config_backup.
      • +
    • To restore the configuration, use module fortios_monitor and its selector restore.system.config.
      • +
    +
    +
    +
    • +
+
+
+
+
+

Legacy Multiversions Note(Prior to 2.0.0)

+

The FortiOS Galaxy namespace: fortinet.fortios hosts Ansible modules +for multiple FortiOS major releases.

+

A mismatched Ansible collection version for a FortiOS device can cause a +warning:

+
[WARNING]: Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv
+
+
+

you can find more details with -vvv option when running a +playbook:

+
...
+"version_check_warning": {
+    "ansible_collection_version": "v6.0.0 (galaxy: 1.0.13)",
+    "matched": false,
+    "message": "Please follow steps in FortiOS versioning notes: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/version.html",
+    "system_version": "v6.2.0"
+}
+...
+
+
+

Simply installing a matched FortiOS collection can prevent potential +compatibility issues.

+
+
+

Release Galaxy 1.1.9

+
+

Release Targets

+
    +
  • fos_v6.0.0/galaxy_1.1.9
    • +
+
+
+

Bug Fixes

+
    +
  • Fix legacy module fortios_system_config_backup_restore
    • +
+
+
+
+

Release Galaxy 1.1.6 … 1.1.8

+
+

Release Targets

+

There are multiple Galaxy releases dedicated to different FortiOS major releases.

+
    +
  • fos_v6.2.0/galaxy_1.1.6
    • +
  • fos_v6.4.0/galaxy_1.1.7
    • +
  • fos_v6.0.0/galaxy_1.1.8
    • +
+
+
+

Bug Fixes

+
    +
  • Fixed module construction for legacy module fortios_facts.
    • +
  • Sorted selector list of module fortios_configuration_fact.
    • +
+
+
+
+

Release Galaxy 1.1.3 … 1.1.5

+
+

Release Targets

+

There are multiple Galaxy releases dedicated to different FortiOS major releases.

+
    +
  • fos_v6.2.0/galaxy_1.1.3
    • +
  • fos_v6.4.0/galaxy_1.1.4
    • +
  • fos_v6.0.0/galaxy_1.1.5
    • +
+
+
+

Bug Fixes

+
    +
  • Fixed a fatal error: mkey not recognized in plugin due to wrong naming convention.
    • +
+
+
+
+

Release Galaxy 1.1.0 … 1.1.2

+
+

+
+
+

Release Targets

+

There are multiple Galaxy releases dedicated to different FortiOS major releases.

+
    +
  • fos_v6.2.0/galaxy_1.1.0
    • +
  • fos_v6.4.0/galaxy_1.1.1
    • +
  • fos_v6.0.0/galaxy_1.1.2
    • +
+
+
+

Features

+
    +
  • Support check mode for modules.
    • +
  • Deprecate fortiosapi legacy connection mode.
    • +
  • Support access token based authentication.
    • +
  • Fully support fact gathering for all configuration API (fortios_configuration_fact).
    • +
  • Suport Ansible 2.10 base framework.
    • +
  • Support moving objects to different orders (fortios_firewall_policy).
    • +
+
+
+

Bug Fixes

+
    +
  • Github Issue #65
    • +
+
+
+
+

Release Galaxy 1.0.10 … 10.0.13

+
+

+
+
+

Release Targets

+

There are multiple Galaxy releases dedicated to different FortiOS major releases.

+
    +
  • fos_v6.0.0/galaxy_1.0.13
    • +
  • fos_v6.0.5/galaxy_1.0.12
    • +
  • fos_v6.4.0/galaxy_1.0.11
    • +
  • fos_v6.2.0/galaxy_1.0.10
    • +
+
+
+

New Modules

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
#Module NameNew in 6.2New in 6.4
1fortios_cifs_domain_controlleryesyes
2fortios_cifs_profileyesyes
3fortios_dlp_sensitivityyesyes
4fortios_emailfilter_bwlyesyes
5fortios_emailfilter_bwordyesyes
6fortios_emailfilter_dnsblyesyes
7fortios_emailfilter_fortishieldyesyes
8fortios_emailfilter_iptrustyesyes
9fortios_emailfilter_mheaderyesyes
10fortios_emailfilter_optionsyesyes
11fortios_emailfilter_profileyesyes
12fortios_endpoint_control_fctemsyesyes
13fortios_firewall_consolidated_policyyesyes
14fortios_firewall_internet_service_additionyesyes
15fortios_firewall_internet_service_cat_definitionyesno
16fortios_firewall_internet_service_definitionyesyes
17fortios_firewall_internet_service_extensionyesyes
18fortios_log_fortianalyzer2_override_filteryesyes
19fortios_log_fortianalyzer2_override_settingyesyes
20fortios_log_fortianalyzer3_override_filteryesyes
21fortios_log_fortianalyzer3_override_settingyesyes
22fortios_log_fortianalyzer_cloud_filteryesyes
23fortios_log_fortianalyzer_cloud_override_filteryesyes
24fortios_log_fortianalyzer_cloud_override_settingyesyes
25fortios_log_fortianalyzer_cloud_settingyesyes
26fortios_log_syslogd2_override_filteryesyes
27fortios_log_syslogd2_override_settingyesyes
28fortios_log_syslogd3_override_filteryesyes
29fortios_log_syslogd3_override_settingyesyes
30fortios_log_syslogd4_override_filteryesyes
31fortios_log_syslogd4_override_settingyesyes
32fortios_switch_controller_auto_config_customyesyes
33fortios_switch_controller_auto_config_defaultyesyes
34fortios_switch_controller_auto_config_policyyesyes
35fortios_switch_controller_flow_trackingyesyes
36fortios_switch_controller_locationyesyes
37fortios_switch_controller_security_policy_local_accessyesyes
38fortios_switch_controller_storm_control_policyyesyes
39fortios_switch_controller_stp_instanceyesyes
40fortios_switch_controller_traffic_policyyesyes
41fortios_switch_controller_traffic_snifferyesyes
42fortios_system_ipsec_aggregateyesyes
43fortios_system_lldp_network_policyyesyes
44fortios_system_nd_proxyyesyes
45fortios_system_npuyesyes
46fortios_system_ptpyesyes
47fortios_system_samlyesyes
48fortios_system_speed_test_serveryesyes
49fortios_system_sso_adminyesyes
50fortios_user_exchangeyesyes
51fortios_wireless_controller_addressyesyes
52fortios_wireless_controller_addrgrpyesyes
53fortios_wireless_controller_logyesyes
54fortios_wireless_controller_regionyesyes
55fortios_wireless_controller_snmpyesyes
56fortios_certificate_remotenoyes
57fortios_credential_store_domain_controllernoyes
58fortios_dpdk_cpusnoyes
59fortios_dpdk_globalnoyes
60fortios_extender_modem_statusnoyes
61fortios_extender_sys_infonoyes
62fortios_firewall_citynoyes
63fortios_firewall_countrynoyes
64fortios_firewall_decrypted_traffic_mirrornoyes
65fortios_firewall_internet_service_botnetnoyes
66fortios_firewall_internet_service_ipbl_reasonnoyes
67fortios_firewall_internet_service_ipbl_vendornoyes
68fortios_firewall_internet_service_listnoyes
69fortios_firewall_internet_service_namenoyes
70fortios_firewall_internet_service_ownernoyes
71fortios_firewall_internet_service_reputationnoyes
72fortios_firewall_internet_service_sldnoyes
73fortios_firewall_iprope_listnoyes
74fortios_firewall_proutenoyes
75fortios_firewall_regionnoyes
76fortios_firewall_security_policynoyes
77fortios_firewall_traffic_classnoyes
78fortios_firewall_vendor_macnoyes
79fortios_hardware_nicnoyes
80fortios_ips_view_mapnoyes
81fortios_switch_controller_initial_config_templatenoyes
82fortios_switch_controller_initial_config_vlansnoyes
83fortios_switch_controller_mac_policynoyes
84fortios_switch_controller_nac_devicenoyes
85fortios_switch_controller_nac_settingsnoyes
86fortios_switch_controller_poenoyes
87fortios_switch_controller_port_policynoyes
88fortios_switch_controller_remote_lognoyes
89fortios_switch_controller_snmp_communitynoyes
90fortios_switch_controller_snmp_sysinfonoyes
91fortios_switch_controller_snmp_trap_thresholdnoyes
92fortios_switch_controller_snmp_usernoyes
93fortios_switch_controller_vlan_policynoyes
94fortios_system_genevenoyes
95fortios_system_geoip_countrynoyes
96fortios_system_performance_topnoyes
97fortios_system_standalone_clusternoyes
98fortios_test_acdnoyes
99fortios_test_acidnoyes
100fortios_test_autodnoyes
101fortios_test_awsdnoyes
102fortios_test_azdnoyes
103fortios_test_bfdnoyes
104fortios_test_csfdnoyes
105fortios_test_ddnscdnoyes
106fortios_test_dhcp6cnoyes
107fortios_test_dhcp6rnoyes
108fortios_test_dhcprelaynoyes
109fortios_test_dlpfingerprintnoyes
110fortios_test_dlpfpcachenoyes
111fortios_test_dnsproxynoyes
112fortios_test_dsdnoyes
113fortios_test_fasnoyes
114fortios_test_fcnacdnoyes
115fortios_test_fnbamdnoyes
116fortios_test_forticlddnoyes
117fortios_test_forticronnoyes
118fortios_test_fsdnoyes
119fortios_test_fsvrdnoyes
120fortios_test_ftpdnoyes
121fortios_test_gcpdnoyes
122fortios_test_harelaynoyes
123fortios_test_hasyncnoyes
124fortios_test_hatalknoyes
125fortios_test_imapnoyes
126fortios_test_info_sslvpndnoyes
127fortios_test_initnoyes
128fortios_test_iotdnoyes
129fortios_test_ipamdnoyes
130fortios_test_ipldbdnoyes
131fortios_test_ipsenginenoyes
132fortios_test_ipsmonitornoyes
133fortios_test_ipsufdnoyes
134fortios_test_kubednoyes
135fortios_test_l2tpcdnoyes
136fortios_test_lnkmtdnoyes
137fortios_test_ltednoyes
138fortios_test_miglogdnoyes
139fortios_test_mrdnoyes
140fortios_test_netxdnoyes
141fortios_test_nntpnoyes
142fortios_test_ocidnoyes
143fortios_test_openstackdnoyes
144fortios_test_ovrdnoyes
145fortios_test_pop3noyes
146fortios_test_pptpcdnoyes
147fortios_test_quarantinednoyes
148fortios_test_radius_dasnoyes
149fortios_test_radiusdnoyes
150fortios_test_radvdnoyes
151fortios_test_reportdnoyes
152fortios_test_sdncdnoyes
153fortios_test_sepmdnoyes
154fortios_test_sessionsyncnoyes
155fortios_test_sflowdnoyes
156fortios_test_smtpnoyes
157fortios_test_snmpdnoyes
158fortios_test_uploaddnoyes
159fortios_test_urlfilternoyes
160fortios_test_vmwdnoyes
161fortios_test_wadnoyes
162fortios_test_wccpdnoyes
163fortios_test_wf_monitornoyes
164fortios_test_zebos_launchernoyes
165fortios_user_nac_policynoyes
166fortios_user_samlnoyes
167fortios_vpn_ike_gatewaynoyes
168fortios_webfilter_statusnoyes
169fortios_wireless_controller_access_control_listnoyes
170fortios_wireless_controller_apcfg_profilenoyes
171fortios_wireless_controller_client_infonoyes
172fortios_wireless_controller_rf_analysisnoyes
173fortios_wireless_controller_spectral_infonoyes
174fortios_wireless_controller_statusnoyes
175fortios_wireless_controller_vap_statusnoyes
176fortios_wireless_controller_wag_profilenoyes
177fortios_wireless_controller_wtp_statusnoyes
+
+
+

Features

+
    +
  • Support special identifier validation and restoration in Ansible +modules.
    • +
  • Support more valid identifiers: 3gpp_plmn, 802_1X_settings, +802.1_tlvs and 802.3_tlvs.
    • +
  • Support revision_change in response since fortigate 6.2.3.
    • +
  • Support Underscore to hypen conversion.
    • +
  • Support licence modules: fortios_system_vmlicense, +fortios_registration_forticare and fortios_registration_vdom.
    • +
  • Support raw json encoding for generic module.
    • +
+
+
+

Bug Fixes

+
    +
  • Fix fgd_alert_subscription multiple choices problem for module +fortios_system_global.
    • +
  • Fix proposal exceptional multilist for module +fortios_vpn_ipsec_phase2_interface.
    • +
  • Fix issue #26 of ansible_fgt_modules.
    • +
  • Fix issue #24 of ansible_fgt_modules.
    • +
  • Fix events exceptional multilist for module +fortios_system_snmp_community.
    • +
  • Fix py2/py3 compability issue for httpapi plugin fortios.
    • +
  • Fix the mkey encoding in fortios api URL.
    • +
  • Fix banned_cipher exceptional multilist for module +fortios_vpn_ssl_settings.
    • +
+
+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_build/html/search.html b/_build/html/search.html new file mode 100644 index 00000000..4dcc2a6f --- /dev/null +++ b/_build/html/search.html @@ -0,0 +1,136 @@ + + + + + + Search — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+
    +
  • »
    • +
  • Search
    • +
  • +
    • +
+
+
+
+
+ + + + +
+ +
+ +
+
+ +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/_build/html/searchindex.js b/_build/html/searchindex.js new file mode 100644 index 00000000..30405e1c --- /dev/null +++ b/_build/html/searchindex.js @@ -0,0 +1 @@ +Search.setIndex({docnames:["export","fact","faq","fortios_json_generic","generic","help","index","install","modules","monitor","playbook","release","version"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.cpp":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,sphinx:55},filenames:["export.rst","fact.rst","faq.rst","fortios_json_generic.rst","generic.rst","help.rst","index.rst","install.rst","modules.rst","monitor.rst","playbook.rst","release.rst","version.rst"],objects:{},objnames:{},objtypes:{},terms:{"1_tlv":11,"3_tlv":11,"3gpp_plmn":11,"802_1x_set":11,"break":11,"case":[2,10,11],"default":[2,3,7,10],"export":[2,6],"function":11,"import":10,"long":2,"new":2,"null":3,"return":0,"true":2,"var":[2,3,10],FOS:[3,10,11,12],For:[2,5,11],The:[0,1,2,3,4,6,7,9,10,11],Then:2,There:11,Use:12,Using:2,With:10,abl:3,accept:2,access:[10,11],access_token:[2,3,10],accord:12,accprofil:2,action:3,activ:2,add:[3,10,11],adding:[10,11],address:[2,3],addrgrp:2,adjust:3,admin:[2,3,10],administr:2,advanc:2,after:[2,3],all:[2,3,11],allow:[2,3],allowaccess:2,also:[2,5,7,10],altern:11,alwai:[3,10],among:3,ani:[2,3,10,12],anoth:[2,7],ansibl:[3,5,10,11,12],ansible_collection_vers:11,ansible_command_timeout:2,ansible_fgt_modul:11,ansible_host:[2,3,10],ansible_httpapi_port:[2,3,10],ansible_httpapi_use_ssl:[2,3,10],ansible_httpapi_validate_cert:[2,3,10],ansible_network_o:[3,10],ansible_password:[3,10],ansible_us:[3,10],ansibleapius:2,api:[2,3,9,10,11],append:2,appendic:6,appli:[0,3],applianc:[4,6,9],apprear:2,apt:2,arg:2,around:2,ask:6,assign:2,assist:5,associ:[2,3],attribut:[10,11],authent:[2,3,10,11],author:11,autom:2,avail:[2,3],avoid:[2,12],b64encod:2,backup:11,backupinfo:2,backward:11,banned_ciph:11,bannner:2,barrier:2,base64:2,base:[2,3,10,11],bash:2,befor:[2,3],being:[2,11],below:[2,3],better:2,between:11,bin:2,bodi:3,bool:3,both:11,build:[3,4,9],built:12,builtin:2,call:3,can:[0,2,3,5,7,10,11],care:10,cat:2,categori:3,caus:[2,11],caveat:2,ccc:3,center:5,certain:2,charact:2,check:11,check_mod:11,chillancezen:3,chmod:2,choic:[3,11],choos:[2,7],cmdb:3,cofigurationapi:11,collect:[2,3,10,11,12],com:[2,3,7],combin:2,come:11,comma:2,command:[2,7],comment:[2,3],common:[3,5],common_return_valu:3,commun:5,compabl:11,compare_ip_address:11,compat:12,complex:[2,11],concurr:11,confidenti:10,config:[2,11],configur:[2,4,6,10,11],connect:[2,3,10,11],construct:11,contain:2,content:[2,3],convent:11,convers:11,convert:[0,11],copi:2,corner:11,could:2,count:3,countri:3,creat:[2,10],crenditi:2,current:[2,11],custom:2,customhostnam:10,data:11,datasourc:3,date:12,deadlock:2,debian:2,debug:[2,3],decrypt:10,dedic:11,defin:[2,3],delet:[3,11],demo:2,demo_input:2,demo_memb:2,deprec:2,desin:2,dest:2,detail:[10,11],detect:11,devic:[2,3,7,10,11],dhcp:2,dict:3,dictbodi:3,differ:[3,11],directli:[0,2],directori:2,disabl:[2,3,11],disbal:2,disk:2,displai:3,doc:[3,7,11],document:[3,7,10],doe:11,doesn:2,doing:2,domain:[2,3],don:2,due:11,dure:2,dynam:2,each:[2,12],edit:2,effici:2,els:2,enabl:[2,3,10],enable_log:[2,3,11],encod:[2,11],encrypt:[2,10],end:2,engin:5,eof:2,eof_out:2,equival:2,error:[2,11],event:11,exampl:[2,10,11],except:[2,10,11],execut:[2,3],exist:[11,12],expect:12,expir:2,explain:[7,10],explicit:11,explosur:10,extra:[3,11],fact:[0,6,11],factss:0,fail:11,fals:[3,11],faq:6,fatal:11,fatc:1,featur:3,fetch:11,fgd_alert_subscript:11,fgfm:2,fgt:2,fgt_host:2,fgt_pass:2,fgt_user:2,fgtdev:3,fgvm02tm20012347:2,fgvmevyyqt3ab5352:3,field:3,file:10,file_cont:2,filter:11,find:[11,12],firewal:[2,3],firewall_address_nam:2,firewall_addrgrp:2,firewall_central_snat_map:11,firewall_group_nam:2,firewalladdress0:2,first:[2,6],firwalladdressgroup0:2,fledg:11,flexibl:[2,4],fly:2,follow:[2,3,7,11,12],format:3,fortiapi:3,forticar:11,fortig:[2,4,10,11],fortigate01:[2,3,10],fortigate02:10,fortigate03:10,fortigate_new:2,fortigateslab:2,fortinet:[2,4,5,7,10,11,12],fortio:[0,1,2,4,9,10,11],fortios_access_token:[2,10],fortios_certificate_remot:11,fortios_cifs_domain_control:11,fortios_cifs_profil:11,fortios_configuration_fact:[2,11],fortios_credential_store_domain_control:11,fortios_dlp_sensit:11,fortios_dpdk_cpu:11,fortios_dpdk_glob:11,fortios_emailfilter_bwl:11,fortios_emailfilter_bword:11,fortios_emailfilter_dnsbl:11,fortios_emailfilter_fortishield:11,fortios_emailfilter_iptrust:11,fortios_emailfilter_mhead:11,fortios_emailfilter_opt:11,fortios_emailfilter_profil:11,fortios_endpoint_control_fctem:11,fortios_extender_modem_statu:11,fortios_extender_sys_info:11,fortios_fact:11,fortios_firewall_addrgrp:2,fortios_firewall_c:11,fortios_firewall_consolidated_polici:11,fortios_firewall_countri:11,fortios_firewall_decrypted_traffic_mirror:11,fortios_firewall_internet_service_addit:11,fortios_firewall_internet_service_botnet:11,fortios_firewall_internet_service_cat_definit:11,fortios_firewall_internet_service_definit:11,fortios_firewall_internet_service_extens:11,fortios_firewall_internet_service_ipbl_reason:11,fortios_firewall_internet_service_ipbl_vendor:11,fortios_firewall_internet_service_list:11,fortios_firewall_internet_service_nam:11,fortios_firewall_internet_service_own:11,fortios_firewall_internet_service_reput:11,fortios_firewall_internet_service_sld:11,fortios_firewall_iprope_list:11,fortios_firewall_polici:11,fortios_firewall_prout:11,fortios_firewall_region:11,fortios_firewall_security_polici:11,fortios_firewall_traffic_class:11,fortios_firewall_vendor_mac:11,fortios_hardware_n:11,fortios_ips_view_map:11,fortios_json_gener:[4,11],fortios_log_fact:11,fortios_log_fortianalyzer2_override_filt:11,fortios_log_fortianalyzer2_override_set:11,fortios_log_fortianalyzer3_override_filt:11,fortios_log_fortianalyzer3_override_set:11,fortios_log_fortianalyzer_cloud_filt:11,fortios_log_fortianalyzer_cloud_override_filt:11,fortios_log_fortianalyzer_cloud_override_set:11,fortios_log_fortianalyzer_cloud_set:11,fortios_log_syslogd2_override_filt:11,fortios_log_syslogd2_override_set:11,fortios_log_syslogd3_override_filt:11,fortios_log_syslogd3_override_set:11,fortios_log_syslogd4_override_filt:11,fortios_log_syslogd4_override_set:11,fortios_monitor:[2,11],fortios_monitor_fact:[2,11],fortios_registration_forticar:11,fortios_registration_vdom:11,fortios_switch_controller_auto_config_custom:11,fortios_switch_controller_auto_config_default:11,fortios_switch_controller_auto_config_polici:11,fortios_switch_controller_flow_track:11,fortios_switch_controller_initial_config_templ:11,fortios_switch_controller_initial_config_vlan:11,fortios_switch_controller_loc:11,fortios_switch_controller_mac_polici:11,fortios_switch_controller_nac_devic:11,fortios_switch_controller_nac_set:11,fortios_switch_controller_po:11,fortios_switch_controller_port_polici:11,fortios_switch_controller_remote_log:11,fortios_switch_controller_security_policy_local_access:11,fortios_switch_controller_snmp_commun:11,fortios_switch_controller_snmp_sysinfo:11,fortios_switch_controller_snmp_trap_threshold:11,fortios_switch_controller_snmp_us:11,fortios_switch_controller_storm_control_polici:11,fortios_switch_controller_stp_inst:11,fortios_switch_controller_traffic_polici:11,fortios_switch_controller_traffic_sniff:11,fortios_switch_controller_vlan_polici:11,fortios_system_accprofil:2,fortios_system_api_us:2,fortios_system_central_manag:11,fortios_system_config_backup_restor:[2,11],fortios_system_genev:11,fortios_system_geoip_countri:11,fortios_system_glob:[10,11],fortios_system_ipsec_aggreg:11,fortios_system_lldp_network_polici:11,fortios_system_nd_proxi:11,fortios_system_npu:11,fortios_system_performance_top:11,fortios_system_ptp:11,fortios_system_saml:11,fortios_system_snmp_commun:11,fortios_system_speed_test_serv:11,fortios_system_sso_admin:11,fortios_system_standalone_clust:11,fortios_system_vmlicens:11,fortios_test_acd:11,fortios_test_acid:11,fortios_test_autod:11,fortios_test_awsd:11,fortios_test_azd:11,fortios_test_bfd:11,fortios_test_csfd:11,fortios_test_ddnscd:11,fortios_test_dhcp6c:11,fortios_test_dhcp6r:11,fortios_test_dhcprelai:11,fortios_test_dlpfingerprint:11,fortios_test_dlpfpcach:11,fortios_test_dnsproxi:11,fortios_test_dsd:11,fortios_test_fa:11,fortios_test_fcnacd:11,fortios_test_fnbamd:11,fortios_test_forticldd:11,fortios_test_forticron:11,fortios_test_fsd:11,fortios_test_fsvrd:11,fortios_test_ftpd:11,fortios_test_gcpd:11,fortios_test_harelai:11,fortios_test_hasync:11,fortios_test_hatalk:11,fortios_test_imap:11,fortios_test_info_sslvpnd:11,fortios_test_init:11,fortios_test_iotd:11,fortios_test_ipamd:11,fortios_test_ipldbd:11,fortios_test_ipsengin:11,fortios_test_ipsmonitor:11,fortios_test_ipsufd:11,fortios_test_kub:11,fortios_test_l2tpcd:11,fortios_test_lnkmtd:11,fortios_test_lt:11,fortios_test_miglogd:11,fortios_test_mrd:11,fortios_test_netxd:11,fortios_test_nntp:11,fortios_test_ocid:11,fortios_test_openstackd:11,fortios_test_ovrd:11,fortios_test_pop3:11,fortios_test_pptpcd:11,fortios_test_quarantin:11,fortios_test_radius_da:11,fortios_test_radiusd:11,fortios_test_radvd:11,fortios_test_reportd:11,fortios_test_sdncd:11,fortios_test_sepmd:11,fortios_test_sessionsync:11,fortios_test_sflowd:11,fortios_test_smtp:11,fortios_test_snmpd:11,fortios_test_uploadd:11,fortios_test_urlfilt:11,fortios_test_vmwd:11,fortios_test_wad:11,fortios_test_wccpd:11,fortios_test_wf_monitor:11,fortios_test_zebos_launch:11,fortios_user_exchang:11,fortios_user_nac_polici:11,fortios_user_saml:11,fortios_vpn_ike_gatewai:11,fortios_vpn_ipsec_phase2_interfac:11,fortios_vpn_ssl_set:11,fortios_webfilter_statu:11,fortios_wireless_controller_access_control_list:11,fortios_wireless_controller_address:11,fortios_wireless_controller_addrgrp:11,fortios_wireless_controller_apcfg_profil:11,fortios_wireless_controller_client_info:11,fortios_wireless_controller_log:11,fortios_wireless_controller_region:11,fortios_wireless_controller_rf_analysi:11,fortios_wireless_controller_snmp:11,fortios_wireless_controller_spectral_info:11,fortios_wireless_controller_statu:11,fortios_wireless_controller_vap_statu:11,fortios_wireless_controller_wag_profil:11,fortios_wireless_controller_wtp_statu:11,fortiosapi:11,forto:11,fos7:11,fos_v6:11,fqdn:3,framework:11,frank:3,frequent:6,from:[3,5,11,12],fshen01:3,fulfil:3,full:11,fulli:11,further:2,galaxi:[3,10],galaxy_1:11,gather:[0,6,11],gener:[6,10,11],geographi:3,get:[0,1,2,3,6],git:5,github:[3,11],give:3,given:[2,3],global:[2,10,11],going:10,group:2,group_1:2,guarante:10,guard:2,gui:3,guid:6,hardwar:11,has:[2,11],have:[2,11],hblu:3,help:6,here:2,hongbin:3,host:[2,3,7,11],hostnam:10,how:[7,10],html:[3,7,11],http:[2,3,7,10,11],http_method:3,http_statu:3,httpapi:[2,3,10,11],hypen:11,ident:2,identifi:11,ignor:2,ignore_error:2,illeg:2,imag:3,immedi:2,improv:11,includ:3,index:[2,6],indic:3,info:3,inform:[2,12],initi:2,input:2,instal:[3,6,10,11,12],installation_guid:7,instanc:[3,10],instruct:7,intent:11,interfac:[2,3],intermedi:2,intern:3,intro_instal:7,inventori:2,invok:[0,1],ip_prefix:11,ipv4_trusthost:2,issu:[11,12],item:2,its:[2,11,12],jie:3,jiex19:3,job:2,json:[4,11],json_gener:3,jsonbodi:3,just:2,kei:[2,3],kept:11,keyerror:11,last:3,later:2,latest:[3,7,11,12],layer:11,leak:2,legaci:2,lic:2,licenc:[10,11],licens:[10,11],like:2,limit:2,line:[2,10],link:3,list:[2,3,11],local:12,localhost:2,localt:2,locat:10,log:[3,11],lookup:2,mai:2,major:[7,11,12],make:2,manag:[0,1,2],manner:10,map:6,mark:7,master:3,match:[7,11],matter:2,member:[2,11],messag:11,meta:2,method:4,microsoft:2,microsoftonlin:2,might:[2,10],minor:11,mismatch:11,mkei:[3,11],mode:[2,11],modif:3,modifi:10,modul:[0,3,6,10,12],moment:12,monitor:[6,11],more:[2,7,10,11],move:[3,11],msg:3,multi:11,multilist:11,multilpl:7,multipl:11,must:[2,10],name:[2,3,10,11],namespac:[10,11],necessai:2,need:[2,3,10],net:2,newli:10,next:2,non:11,normal:2,notat:2,note:[2,6,7,12],number:3,object:[0,1,11],observ:10,onc:2,one:[2,10,12],ones:7,onli:[2,12],oper:[2,3,11],optin:11,option:[2,10,11,12],order:[3,11],org:7,other:11,our:10,output:10,over:12,page:[5,10],pair:10,param:[2,11],paramet:[2,11,12],pass:2,password:[2,10,11],path:[3,12],physic:2,ping:2,plai:2,plain:2,platform:11,playbook:[2,6,11],pleas:[2,7,10,11],plugin:11,polici:[3,11],port1:[2,3],port:[2,3,11],post:[2,3],potenti:[11,12],pre:2,predefin:2,prefer:[3,10],prepar:2,preprocess:2,present:2,prevent:11,previous:3,prior:12,prioriti:3,privileg:2,problem:[2,11],procedur:[0,1],process:2,profil:2,propos:11,provid:[2,6],provis:3,put:[2,3],py2:11,py3:11,pylint:11,python:7,question:6,raw:[3,4,11],read:2,readthedoc:11,real:11,reasult:2,reboot:2,recent:7,recogn:11,recommend:10,recur:2,redirect:2,refer:2,reference_appendic:3,regard:2,regist:[2,3],registr:11,regress:11,releas:[6,7,12],remov:11,renew:12,replac:11,request:[0,1,2,3,4,9,10,11],requir:[2,7,11],respons:11,restapi:2,restor:11,restrict:2,result:[2,3],revis:3,revision_chang:11,root:[2,3,10],rout:3,run:[2,6,11],runtim:11,safer:10,sake:10,sampl:3,sample1:3,sample2:3,sample3:3,save:2,saved_access_token:2,schedul:2,schema:11,scope:2,script_path:2,scrit:2,second:[2,11],secret:10,section:11,see:[2,7,10,11],selector:[2,11],semant:11,sequenti:12,serial:3,server_typ:11,servic:2,set:[3,10],sever:10,shell:2,shen:3,should:10,show:2,simpli:11,sinc:[2,11],smaller:2,snmp:2,some:[2,3,11],sometim:2,somewher:2,sort:11,sourc:10,spec:10,special:[10,11],specialparam:3,specif:2,specifi:11,split:2,ssh:2,sshpass:2,standard:2,start:3,state:[2,11],statu:11,step:[7,10,11],storag:2,store:2,str:3,stricthostkeycheck:2,string:[2,3],strip:2,subsequ:2,success:3,suddenli:2,super_admin:2,suport:11,support:[2,3,7,10,11],sure:2,system:[2,11],system_api_us:2,system_config_backup:[2,11],system_glob:10,system_statu:2,system_vers:11,tabl:[2,3,12],tail:10,task:[3,10],team:5,templat:2,termin:2,test:[3,10],testpara1:3,testpara2:3,text:2,them:11,thi:[2,3,7,10],those:[2,3],three:12,through:2,thu:[2,12],time:2,timeout:2,tmp:2,token:[3,10,11],tokeninfo:2,tool:2,trusthost:2,two:[2,10],type:[2,3],ubuntu:2,under:2,underscor:11,unexpect:11,unifi:[11,12],uniqu:3,unit:3,unix:2,unless:3,updat:11,upload:[2,10,11],upon:2,url:[3,11],urlfilt:3,usag:[2,3],use:[3,10,11],used:[2,3],user:[0,2,3,6,12],usernam:11,using:2,valid:[2,11],valu:[2,11],variabl:2,vault:[2,10],vdom:[2,3,10,11],verbos:[2,10],veri:2,version:[3,6,7,11],version_check_warn:11,versionig:7,via:[2,5,7,11],virtual:[2,3,11],visibl:[2,3],visit:10,vm64:2,vmlicenc:10,vmlicens:[2,11],vvv:[10,11],wai:[2,10],want:[2,10],warn:11,web:2,webfilt:3,were:12,when:[10,11],where:10,which:[2,7,10],who:12,window:2,with_item:2,without:10,world:11,wrong:11,www:7,xue:3,yaml:3,yes:[2,3,10,11],yml:[3,10],you:[2,5,7,10,11],your:[2,6,7,12],zheng:3},titles:["Export playbooks","Facts Gathering Modules","Frequently Asked Questions (FAQ)","fortios_json_generic \u2013 Configure Fortinet\u2019s FortiOS and FortiGate with json generic method.","Generic Modules","Get Help","Welcome to Ansible Galaxy FortiOS Collection Documentation {{__galaxy_version__}}!","Install FortiOS Ansible Galaxy","Configuration Modules","Monitor Modules","Run Your First Playbook","Release Notes","FortiOS Galaxy Versioning"],titleterms:{"export":0,"import":2,"new":11,"return":3,And:2,FOS:2,With:2,__galaxy_version__:6,access:2,ansibl:[2,6,7],ask:2,author:3,backup:2,banner:2,bug:11,cli:2,collect:[6,7],commuiti:5,compat:11,configur:[3,8],core:7,deprec:11,document:6,doe:2,exampl:3,fact:1,faq:2,featur:11,file:[2,5],first:10,fix:11,fortig:3,fortinet:3,fortio:[3,6,7,12],fortios_json_gener:3,fotio:2,frequent:2,from:2,galaxi:[6,7,11,12],gather:1,gener:[2,3,4],get:5,help:5,host:10,how:2,instal:[2,7],instanc:2,inventori:10,issu:5,json:3,keep:2,legaci:[11,12],licenc:2,licens:2,local:2,login:2,method:3,modul:[1,2,4,8,9,11],monitor:9,multivers:11,newli:2,note:11,other:2,paramet:3,playbook:[0,10],prepar:10,prior:11,python3:7,question:2,raw:2,readi:2,releas:11,renew:2,requir:3,restor:2,run:10,safe:2,set:2,set_fact:2,sourc:2,statu:3,support:5,synopsi:3,target:11,task:2,technic:5,token:2,use:2,valu:3,version:12,warn:3,welcom:6,what:2,where:2,work:2,write:10,your:10}}) \ No newline at end of file diff --git a/_build/html/version.html b/_build/html/version.html new file mode 100644 index 00000000..89bd8e79 --- /dev/null +++ b/_build/html/version.html @@ -0,0 +1,280 @@ + + + + + + FortiOS Galaxy Versioning — Ansible Galaxy FortiOS Collection 1.0 documentation + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

FortiOS Galaxy Versioning

+
+

FortiOS Galaxy versions

+

From v2.0.0 on, FortiOS galaxy collections are unified, there is only one sequential collection at any moment. users who install these collections +are expected to find the version compatibility information for each module and its parameters.

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FOS versionGalaxy VersionRelease datePath to Install
unified2.0.02021/4/6ansible-galaxy collection install fortinet.fortios:2.0.0
unified2.0.12021/4/7ansible-galaxy collection install fortinet.fortios:2.0.1
unified2.0.22021/5/14ansible-galaxy collection install fortinet.fortios:2.0.2
unified2.1.02021/6/25ansible-galaxy collection install fortinet.fortios:2.1.0
unified2.1.12021/6/29ansible-galaxy collection install fortinet.fortios:2.1.1
unified2.1.22021/7/15ansible-galaxy collection install fortinet.fortios:2.1.2
unified2.1.32021/11/11ansible-galaxy collection install fortinet.fortios:2.1.3
unified2.1.4 latest2022/2/7ansible-galaxy collection install fortinet.fortios:2.1.4
+
+
+

Legacy FortiOS Galaxy Versions

+

Prior to FortiOS collection v2.0.0, FortiOS Galaxy collections were built over three FOS major versions, i.e. v6.0, v6.2 and v6.4, thus, users are expected to install +the collection according to the following table to avoid potential compatibility issues.

+ ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FOS versionGalaxy VersionRelease datePath to Install
6.0.01.0.132020/5/26ansible-galaxy collection install fortinet.fortios:1.0.13
6.0.01.1.22020/12/4ansible-galaxy collection install fortinet.fortios:1.1.2
6.0.01.1.52020/12/7ansible-galaxy collection install fortinet.fortios:1.1.5
6.0.01.1.82020/12/21ansible-galaxy collection install fortinet.fortios:1.1.8
6.0.01.1.92020/3/1ansible-galaxy collection install fortinet.fortios:1.1.9
6.2.01.0.102020/5/6ansible-galaxy collection install fortinet.fortios:1.0.10
6.2.01.1.02020/12/4ansible-galaxy collection install fortinet.fortios:1.1.0
6.2.01.1.32020/12/7ansible-galaxy collection install fortinet.fortios:1.1.3
6.2.01.1.62020/12/21ansible-galaxy collection install fortinet.fortios:1.1.6
6.4.01.0.112020/5/11ansible-galaxy collection install fortinet.fortios:1.0.11
6.4.01.1.12020/12/4ansible-galaxy collection install fortinet.fortios:1.1.1
6.4.01.1.42020/12/7ansible-galaxy collection install fortinet.fortios:1.1.4
6.4.01.1.72020/12/21ansible-galaxy collection install fortinet.fortios:1.1.7
+

Note: Use -f option (i.e. +ansible-galaxy collection install -f fortinet.fortios:x.x.x) to +renew your existing local installation.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/_static/collapse.css b/_static/collapse.css new file mode 100644 index 00000000..4bf3e3e9 --- /dev/null +++ b/_static/collapse.css @@ -0,0 +1,134 @@ +/* + CSS for the main interaction +*/ +.accordion > input[name="collapse"] { + display: none; + + /*position: absolute; + left: -100vw;*/ +} + +.accordion label, +.accordion .content{ + /*max-width: 620px;*/ + margin: 0 auto; + } + + +.accordion .content { + background: auto; + overflow: hidden; + height: 0; + transition: 0.5s; + /*box-shadow: 1px 2px 4px rgba(0, 0, 0, 0.3);*/ +} + +.accordion > input[name="collapse"]:checked ~ .content { + /*height: 380px;*/ + transition: height 0.5s; +} + +.accordion label { + display: block; + +} + + +/* For Desktop */ +@media only screen and (min-width: 620px){ + + +.accordion > input[name="collapse"]:checked ~ .content { + height: auto; +} + +} + + + +.accordion { + margin-bottom: 1em; +} + +.accordion > input[name="collapse"]:checked ~ .content { + border-top: 0; + transition: 0.3s; +} + +.accordion .handle { + margin: 0; + font-size: 16px; + +} + +.accordion label { + color: #FF8C00; + cursor: pointer; + font-weight: normal; + padding: 10px; + background: auto; + user-select: none; + +} + +.accordion label:hover, +.accordion label:focus { + background: #252525; +} + +.accordion .handle label:before { + font-family: FontAwesome; + content: "\f107"; + display: inline-block; + margin-right: 10px; + font-size: 1em; + line-height: 1.556em; + vertical-align: middle; + transition: 0.4s; + +} + +.accordion > input[name="collapse"]:checked ~ .handle label:before { + transform: rotate(180deg); + transform-origin: center; + transition: 0.4s; +} + + +/* + Demo purposes only +*/ +*, +*:before, +*:after { + box-sizing: border-box; +} + +body { + background: #ccc; + padding: 10px; +} + +a { + color: #06c; +} + +p { + margin: 0 0 1em; + padding: 10px; +} + +h1 { + margin: 0 0 1.5em; + font-weight: 600; + font-size: 1.5em; +} + +.accordion p:last-child { + margin-bottom: 0; +} +.container{ + max-width: 620px; + margin: 0 auto; +} + diff --git a/_static/theme_overrides.css b/_static/theme_overrides.css new file mode 100644 index 00000000..f2bf5833 --- /dev/null +++ b/_static/theme_overrides.css @@ -0,0 +1,109 @@ +/* override table width restrictions */ +@media screen and (min-width: 767px) { + + .wy-table-responsive table td { + /* !important prevents the common CSS stylesheets from overriding + this as on RTD they are loaded after this stylesheet */ + white-space: normal !important; + } + + .wy-table-responsive { + overflow: visible !important; + } +} +table.documentation-table { + border-collapse: collapse; + border-left:1px; +} + +th { + background-color: #85BEE4; + color: white; +} + +tr:hover {background-color: #E7F2FA;} + +table.documentation-table, th, td { + padding: 6px; + border: 1px solid black; +} + +.li-head{ + border-radius: 0%; + background-color: #EEEEEE; + padding-left: 8px; + padding-right: 8px; + background-position-y: 9%; + font-family: Consolas; + color: #fa7d2a; + border-left:solid #fcc29b 3px; +} +.li-normal{ + background-color: #FFFFFF; + border-radius: 5%; + padding-left: 8px; + padding-right: 8px; + font-family: Consolas; + font-size: 11pt; + /*font-size: 9pt;*/ + color: #666666; + border-bottom:solid #EEEEEE 1px; +} +.li-required{ + background-color: #FFFFFF; + border-radius: 5%; + padding-left: 8px; + padding-right: 8px; + font-family: Consolas; + font-size: 11pt; + color: #ee0000; + border-bottom:solid #EEEEEE 1px; +} + +.li-return{ + border-radius: 0%; + background-color: #EEEEEE; + padding-left: 8px; + padding-right: 8px; + background-position-y: 9%; + font-family: Consolas; + color: #009de6; + border-left:solid #bbe1fa 3px; +} + +* { +margin: 0; +padding: 0; +} + +.ul-all{ + margin-left: 0px; +} + +.ul-self{ + margin-left: 30px; +} + +.wy-side-nav-search { + background: #ff893a; +} + +.caption-text { + color: #ff893a; +} + +.wy-nav-content { + max-width: none; +} + +/* +.wy-nav-top { + background: #ff2c32; +} + +.wy-nav-side { + background: #ffe8d7; +} +.rst-versions .rst-current-version { + background: #22ffff; +} */ diff --git a/_static/util.js b/_static/util.js new file mode 100644 index 00000000..6694a0f6 --- /dev/null +++ b/_static/util.js @@ -0,0 +1,30 @@ + function ContentClick(elementid, btnid) { + + // display the content + if (document.getElementById(elementid).clicked == undefined || + document.getElementById(elementid).clicked == false) { + document.getElementById(elementid).clicked = true; + document.getElementById(elementid).style.display = ''; + document.getElementById(btnid).text = 'less...'; + } else { + document.getElementById(elementid).style.display = 'none'; + document.getElementById(elementid).clicked = false; + document.getElementById(btnid).text = 'more...'; + } + } + + function ContentPreview(elementid) { + if (document.getElementById(elementid).clicked == false || + document.getElementById(elementid).clicked == undefined) { + document.getElementById(elementid).style.display = ''; + } + document.getElementById(elementid).underpreview = true; + } + + function ContentUnpreview(elementid) { + if (document.getElementById(elementid).clicked == false || + document.getElementById(elementid).clicked == undefined) { + document.getElementById(elementid).style.display = 'none'; + } + document.getElementById(elementid).underpreview = false; + } diff --git a/conf.py b/conf.py new file mode 100644 index 00000000..c5f545a2 --- /dev/null +++ b/conf.py @@ -0,0 +1,70 @@ +# Configuration file for the Sphinx documentation builder. +# +# This file only contains a selection of the most common options. For a full +# list see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +# -- Path setup -------------------------------------------------------------- + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +# import os +# import sys +# sys.path.insert(0, os.path.abspath('.')) + + +# -- Project information ----------------------------------------------------- + +project = 'Ansible Galaxy FortiOS Collection' +copyright = '2020-2021, Fortinet' +author = 'Fortinet' + +# The full version, including alpha/beta/rc tags +release = '1.0' + +html_static_path = ['_static'] + +html_context = { + 'css_files': [ + '_static/theme_overrides.css', # override wide tables in RTD theme + '_static/collapse.css', + ], + } + +html_js_files = [ + 'util.js', +] + +master_doc = 'index' + +# -- General configuration --------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This pattern also affects html_static_path and html_extra_path. +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] + + +# -- Options for HTML output ------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = 'sphinx_rtd_theme' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] +html4_writer=True diff --git a/docs/requirements.txt b/docs/requirements.txt new file mode 100644 index 00000000..0559dcb8 --- /dev/null +++ b/docs/requirements.txt @@ -0,0 +1,4 @@ +docutils<0.18 +Sphinx<2 +Jinja2<3 +MarkupSafe<2 \ No newline at end of file diff --git a/export.rst b/export.rst new file mode 100644 index 00000000..363762c2 --- /dev/null +++ b/export.rst @@ -0,0 +1,13 @@ +Export playbooks +========================================= + +| + +The module gathers FortiOS factss are invoking ``GET`` requests for FortiOS managed objects or procedures and converts the returned facts into a playbook that users can apply directly. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_export_config_playbook.rst \ No newline at end of file diff --git a/fact.rst b/fact.rst new file mode 100644 index 00000000..d6bcd808 --- /dev/null +++ b/fact.rst @@ -0,0 +1,15 @@ +Facts Gathering Modules +========================================= + +| + +The Modules to gather FortiOS fatcs are invoking ``GET`` requests for FortiOS managed objects or procedures. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_configuration_fact.rst + fortios_monitor_fact.rst + fortios_log_fact.rst diff --git a/faq.rst b/faq.rst new file mode 100644 index 00000000..ecf1e1de --- /dev/null +++ b/faq.rst @@ -0,0 +1,420 @@ + +Frequently Asked Questions (FAQ) +================================ + +| + +**TABLE OF CONTENTS:** + - `What's Access Token?`_ + - `How To Backup And Restore FOS?`_ + - `How To Import A License?`_ + - `How does Ansible work with login banner?`_ + - `How To Work With Raw FotiOS CLI?`_ + - `How to use the set_fact module in a task?`_ + +| + +What's Access Token? +~~~~~~~~~~~~~~~~~~~~ + +Access Token here is an API token which is used to authenticate an API request, an api token is associated with an API user once generated in FortiOS. +FortiOS Ansible supports api token based authentication, please see `Run Your Playbook`_ for how to use ``access_token`` in Ansible playbook. + +Sometimes we also want to dynamically generate an API token via FortiOS ansible module, we have a demo to show how to generate an API token: + +:: + + # to customize privileges for the API user, we can also define an accprofile via module fortios_system_accprofile. + - name: Create An API User if not present + fortios_system_api_user: + vdom: 'root' + state: 'present' + system_api_user: + name: 'AnsibleAPIUser' + accprofile: 'super_admin' # This is predefined privilege profile. + vdom: + - name: 'root' + trusthost: + - id: '1' + ipv4_trusthost: '192.168.190.0 255.255.255.0' + + # To reference the generated token, we can use notation "{{ tokeninfo.meta.results.access_token }}"in further tasks or keep it somewhere in disk. + - name: Generate The API token + fortios_monitor: + vdom: 'root' + selector: 'generate-key.system.api-user' + params: + api-user: 'AnsibleAPIUser' + register: tokeninfo + + - name: do another api request with newly generated access_token + fortios_configuration_fact: + access_token: "{{ tokeninfo.meta.results.access_token }}" + vdom: 'root' + selector: 'system_status' + + + +How To Backup And Restore FOS? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Legacy module ``fortios_system_config_backup_restore`` is deprecated since 2.0.0, new modules are available for doing equivalent jobs. +New modules are desined to be very flexible, that requires us to combine modules to do complex task. + +**Note: operation backup and restore needs administrative privilege, better not choose access token based authentication.** + + +Backup settings to local file. +........................................... + +FortiOS Ansible collection doesn't provide any modules for local file operations, here we use builtin ``copy`` module to copy plain configuration text into a file. + +:: + + - name: Backup a virtual domain. + fortios_monitor_fact: + selector: 'system_config_backup' + vdom: 'root' + params: + scope: 'global' + register: backupinfo + + - name: Save the backup information. + copy: + content: '{{ backupinfo.meta.raw }}' + dest: './local.backup' + + +Restore settings from local file. +.................................. + +FortiOS only accepts base64 encoded text, the configuration text must be encoded before being uploaded. + + +:: + + - name: Restore from file. + fortios_monitor: + selector: 'restore.system.config' + vdom: 'root' + params: + scope: 'global' + source: 'upload' + vdom: 'root' + file_content: "{{ lookup( 'file', './local.backup') | string | b64encode }}" + +Restore settings from other sources. +.................................... + +no matter what source is, just make sure content is encoded. + +:: + + - name: Backup a virtual domain. + fortios_monitor_fact: + selector: 'system_config_backup' + vdom: 'root' + params: + scope: 'global' + register: backupinfo + + - name: Restore from intermediate result. + fortios_monitor: + selector: 'restore.system.config' + vdom: 'root' + params: + scope: 'global' + source: 'upload' + vdom: 'root' + file_content: "{{ backupinfo.meta.raw | string | b64encode}}" + + + +For more options to restore, see module ``fortios_monitor`` and its selector ``restore.system.config``, +for more options to backup, see module ``fortios_monitor_fact`` and its selector ``system_config_backup``. + +How To Import A License? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Import a license for a newly installed FOS instance. +...................................................... + +Make sure the active management port allows access to http service by setting ``allowaccess``. + +:: + + FortiGate-VM64 # show system interface port1 + config system interface + edit "port1" + set vdom "root" + set mode dhcp + set allowaccess ping https ssh http fgfm + set type physical + set snmp-index 1 + next + end + +Then run the following playbook to upload licence for the first time: + +:: + + - hosts: fortigate_new + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: no + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 80 + ansible_command_timeout: 5 + tasks: + + - name: Upload the license to the newly installed FGT device + fortios_monitor: + vdom: "{{ vdom }}" + selector: 'upload.system.vmlicense' + params: + file_content: "{{ lookup( 'file', './FGVM02TM20012347.lic') | string | b64encode }}" + ignore_errors: True + +In the example, we put license file ``FGVM02TM20012347.lic`` under current working directory. + +Once FOS accepts a valid licence, it reboots immediately and the connection terminates suddenly, as a result, we must not regard connection timeout as errors, we'd better ignore connection timeout exception. +and the default connection timeout is 30 seconds, better make it smaller. + +**Access token based authentication is not allowed in initial license import** + +Renew a license for a licence-ready FOS instance. +...................................................... + +To renew the license for a running FOS instance, we don't have to use http service (by default, after license is activated, http service is redirected to https service, which causes problems for Ansible). +by setting ``ansible_httpapi_use_ssl`` to ``True`` and ``ansible_httpapi_port`` to ``443``, the task can normally upload the license. + + +**Renewing a license can use access token based authentication as long as associated API user has admin privilege to upload license.** + +How does Ansible work with login banner? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +what's login banner? +............................ + +FOS puts a barrier in login process if pre- and(or) post- login bannner are enabled, and ansible authentication is restricted: **only access token based authentication is allowed**. + +How to safely generate access token? +........................................................ + +For Ansible FOS login banner usage, there could be a ``deadlock`` if one the of following cases apprears: + + - I don't have an API user or access token. + - I have an access token but it has expired. + +upon such deadlocks, there is no other way but to disable banners and (re)generate one. + +To generate an access token in advance, please see `How To Generate Access Token Dynamically`_, and please do token generation with Ansible with all the login banners disabled(it's not necessay to disable banners if we generate access token from WEB UI). + +:: + + FGVM02TM20012347 # config system global + FGVM02TM20012347 (global) # set post-login-banner disable + FGVM02TM20012347 (global) # set pre-login-banner disable + FGVM02TM20012347 (global) # end + FGVM02TM20012347 # + + + +where to keep generated access token? +.................................................. + +Normally if we generate an access token from WEB UI, we may put it in inventory file as a variable ``fortios_access_token``: + +:: + + [fortigates] + fortigate01 ansible_host= fortios_access_token= + + +we can encrypt the inventory file through ansible tool ``ansible-vault``, thus avoiding token leaks. + +To automate token (re)generation, we might also want to keep it somewhere else in local storage. An example is given below to show how to save and re-use a token later: + +:: + + - name: Generate The API token + fortios_monitor: + vdom: 'root' + selector: 'generate-key.system.api-user' + params: + api-user: 'AnsibleAPIUser' + register: tokeninfo + + - name: Save the API token + copy: + content: "{{ tokeninfo.meta.results.access_token }}" + dest: './access_token.save' + +then in subsequent tasks, we read the token directly from saved file: + +:: + + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + saved_access_token: "{{ lookup( 'file', './access_token.save') | string }}" + + tasks: + - name: do another api request with saved access_token + fortios_configuration_fact: + access_token: "{{ saved_access_token }}" + vdom: 'root' + selector: 'system_status' + +**Caveats: saved access token is not guarded by Ansible, once leaked, others may access the FOS illegally. one way to restrict illegal access is to limit source localtion in ipv4_trusthost during creating the API users.** + +How To Work With Raw FotiOS CLI? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In FortiOS, some CLI commands are not exported as RestAPI, as a reasult, Ansible FortiOS collection has no identical module for those CLI commands. +And FortiOS default CLI shell is not a standard Unix shell, so Ansible builtin modules like ``shell`` and ``command`` are of no use. +To work this around in Ansible, we use a verbose but very efficient and flexible way to execute some FortiOS CLI commands from Ansible. + + +Below are two examples of the template: + +**Append a firewall address member to a group using append command:** + +:: + + - hosts: localhost + vars: + # ======================== Below are crenditials to connect to Fortigate Device======== + fgt_host: '192.168.190.171' + fgt_user: 'admin' + fgt_pass: 'password' + + firewall_group_name: 'firwalladdressgroup0' + firewall_address_name: 'firewalladdress0' + # ===================================================================================== + script_path: '/tmp/fgt.shell.task' + tasks: + - name: Prepare The Shell Scrit Template. + raw: | + cat > {{script_path }} << EOF_OUTER + # /bin/bash + # Please make sure tool sshpass is installed. e.g. on Debian/Ubuntu, apt-get install sshpass. + # Optionally you can pass some parameters. + # The character `a` at second line below is to avoid post-login-banner barrier. + sshpass -p '{{ fgt_pass }}' ssh -o StrictHostKeyChecking=no {{ fgt_user }}@{{ fgt_host }} < {{script_path }} << EOF_OUTER + # /bin/bash + # Please make sure tool sshpass is installed. e.g. on Debian/Ubuntu, apt-get install sshpass. + # Optionally you can pass some parameters. + # The character `a` at second line below is to avoid post-login-banner barrier. + sshpass -p '{{ fgt_pass }}' ssh -o StrictHostKeyChecking=no {{ fgt_user }}@{{ fgt_host }} <= ``2.0.0``. + + +Parameters +---------- + + +.. raw:: html + +
    +
  • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
    • +
  • enable_log - Enable/Disable logging for task. type: bool required: False default: False
    • +
  • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
    • +
  • filters - A list of expressions to filter the returned results. type: list required: False + more... + +
    • +
  • sorters - A list of expressions to sort the returned results. type: list required: False + more... + +
    • +
  • formatters - A list of fields to display for returned results. type: list required: False
    • +
  • selector - selector of the retrieved fortimanager facts type: str choices:
    • +
  • + +

    + +

    +
    +
      +
    • alertemail_setting
      • +
    • antivirus_heuristic
      • +
    • antivirus_mms-checksum param: id type: int required: True
      • +
    • antivirus_notification param: id type: int required: True
      • +
    • antivirus_profile param: name type: str required: True
      • +
    • antivirus_quarantine
      • +
    • antivirus_settings
      • +
    • application_custom param: tag type: str required: True
      • +
    • application_group param: name type: str required: True
      • +
    • application_list param: name type: str required: True
      • +
    • application_name param: name type: str required: True
      • +
    • application_rule-settings param: id type: int required: True
      • +
    • authentication_rule param: name type: str required: True
      • +
    • authentication_scheme param: name type: str required: True
      • +
    • authentication_setting
      • +
    • certificate_ca param: name type: str required: True
      • +
    • certificate_crl param: name type: str required: True
      • +
    • certificate_local param: name type: str required: True
      • +
    • certificate_remote param: name type: str required: True
      • +
    • cifs_domain-controller param: server_name type: str required: True
      • +
    • cifs_profile param: name type: str required: True
      • +
    • credential-store_domain-controller param: server_name type: str required: True
      • +
    • dlp_filepattern param: id type: int required: True
      • +
    • dlp_fp-doc-source param: name type: str required: True
      • +
    • dlp_fp-sensitivity param: name type: str required: True
      • +
    • dlp_sensitivity param: name type: str required: True
      • +
    • dlp_sensor param: name type: str required: True
      • +
    • dlp_settings
      • +
    • dnsfilter_domain-filter param: id type: int required: True
      • +
    • dnsfilter_profile param: name type: str required: True
      • +
    • dpdk_cpus
      • +
    • dpdk_global
      • +
    • emailfilter_block-allow-list param: id type: int required: True
      • +
    • emailfilter_bwl param: id type: int required: True
      • +
    • emailfilter_bword param: id type: int required: True
      • +
    • emailfilter_dnsbl param: id type: int required: True
      • +
    • emailfilter_fortishield
      • +
    • emailfilter_iptrust param: id type: int required: True
      • +
    • emailfilter_mheader param: id type: int required: True
      • +
    • emailfilter_options
      • +
    • emailfilter_profile param: name type: str required: True
      • +
    • endpoint-control_client param: id type: int required: True
      • +
    • endpoint-control_fctems param: name type: str required: True
      • +
    • endpoint-control_forticlient-ems param: name type: str required: True
      • +
    • endpoint-control_forticlient-registration-sync param: peer_name type: str required: True
      • +
    • endpoint-control_profile param: profile_name type: str required: True
      • +
    • endpoint-control_registered-forticlient param: uid type: str required: True
      • +
    • endpoint-control_settings
      • +
    • extender-controller_dataplan param: name type: str required: True
      • +
    • extender-controller_extender param: name type: str required: True
      • +
    • extender-controller_extender-profile param: name type: str required: True
      • +
    • extender_extender-info
      • +
    • extender_lte-carrier-by-mcc-mnc
      • +
    • extender_lte-carrier-list
      • +
    • extender_modem-status
      • +
    • extender_session-info
      • +
    • extender_sys-info
      • +
    • file-filter_profile param: name type: str required: True
      • +
    • firewall.consolidated_policy param: policyid type: int required: True
      • +
    • firewall.ipmacbinding_setting
      • +
    • firewall.ipmacbinding_table param: seq_num type: int required: True
      • +
    • firewall.iprope.appctrl_list
      • +
    • firewall.iprope.appctrl_status
      • +
    • firewall.iprope_list
      • +
    • firewall.schedule_group param: name type: str required: True
      • +
    • firewall.schedule_onetime param: name type: str required: True
      • +
    • firewall.schedule_recurring param: name type: str required: True
      • +
    • firewall.service_category param: name type: str required: True
      • +
    • firewall.service_custom param: name type: str required: True
      • +
    • firewall.service_group param: name type: str required: True
      • +
    • firewall.shaper_per-ip
      • +
    • firewall.shaper_per-ip-shaper param: name type: str required: True
      • +
    • firewall.shaper_traffic
      • +
    • firewall.shaper_traffic-shaper param: name type: str required: True
      • +
    • firewall.ssh_host-key param: name type: str required: True
      • +
    • firewall.ssh_local-ca param: name type: str required: True
      • +
    • firewall.ssh_local-key param: name type: str required: True
      • +
    • firewall.ssh_setting
      • +
    • firewall.ssl_setting
      • +
    • firewall.wildcard-fqdn_custom param: name type: str required: True
      • +
    • firewall.wildcard-fqdn_group param: name type: str required: True
      • +
    • firewall_access-proxy param: name type: str required: True
      • +
    • firewall_access-proxy-ssh-client-cert param: name type: str required: True
      • +
    • firewall_access-proxy-virtual-host param: name type: str required: True
      • +
    • firewall_access-proxy6 param: name type: str required: True
      • +
    • firewall_acl param: policyid type: int required: True
      • +
    • firewall_acl6 param: policyid type: int required: True
      • +
    • firewall_address param: name type: str required: True
      • +
    • firewall_address6 param: name type: str required: True
      • +
    • firewall_address6-template param: name type: str required: True
      • +
    • firewall_addrgrp param: name type: str required: True
      • +
    • firewall_addrgrp6 param: name type: str required: True
      • +
    • firewall_auth-portal
      • +
    • firewall_carrier-endpoint-bwl param: id type: int required: True
      • +
    • firewall_central-snat-map param: policyid type: int required: True
      • +
    • firewall_city param: id type: int required: True
      • +
    • firewall_country param: id type: int required: True
      • +
    • firewall_decrypted-traffic-mirror param: name type: str required: True
      • +
    • firewall_dnstranslation param: id type: int required: True
      • +
    • firewall_DoS-policy param: policyid type: int required: True
      • +
    • firewall_DoS-policy6 param: policyid type: int required: True
      • +
    • firewall_gtp param: name type: str required: True
      • +
    • firewall_identity-based-route param: name type: str required: True
      • +
    • firewall_interface-policy param: policyid type: int required: True
      • +
    • firewall_interface-policy6 param: policyid type: int required: True
      • +
    • firewall_internet-service param: id type: int required: True
      • +
    • firewall_internet-service-addition param: id type: int required: True
      • +
    • firewall_internet-service-append
      • +
    • firewall_internet-service-botnet param: id type: int required: True
      • +
    • firewall_internet-service-custom param: name type: str required: True
      • +
    • firewall_internet-service-custom-group param: name type: str required: True
      • +
    • firewall_internet-service-definition param: id type: int required: True
      • +
    • firewall_internet-service-extension param: id type: int required: True
      • +
    • firewall_internet-service-group param: name type: str required: True
      • +
    • firewall_internet-service-ipbl-reason param: id type: int required: True
      • +
    • firewall_internet-service-ipbl-vendor param: id type: int required: True
      • +
    • firewall_internet-service-list param: id type: int required: True
      • +
    • firewall_internet-service-name param: name type: str required: True
      • +
    • firewall_internet-service-owner param: id type: int required: True
      • +
    • firewall_internet-service-reputation param: id type: int required: True
      • +
    • firewall_internet-service-sld param: id type: int required: True
      • +
    • firewall_ip-translation param: transid type: int required: True
      • +
    • firewall_ippool param: name type: str required: True
      • +
    • firewall_ippool6 param: name type: str required: True
      • +
    • firewall_ipv6-eh-filter
      • +
    • firewall_ldb-monitor param: name type: str required: True
      • +
    • firewall_local-in-policy param: policyid type: int required: True
      • +
    • firewall_local-in-policy6 param: policyid type: int required: True
      • +
    • firewall_mms-profile param: name type: str required: True
      • +
    • firewall_multicast-address param: name type: str required: True
      • +
    • firewall_multicast-address6 param: name type: str required: True
      • +
    • firewall_multicast-policy param: id type: int required: True
      • +
    • firewall_multicast-policy6 param: id type: int required: True
      • +
    • firewall_pfcp param: name type: str required: True
      • +
    • firewall_policy param: policyid type: int required: True
      • +
    • firewall_policy46 param: policyid type: int required: True
      • +
    • firewall_policy6 param: policyid type: int required: True
      • +
    • firewall_policy64 param: policyid type: int required: True
      • +
    • firewall_profile-group param: name type: str required: True
      • +
    • firewall_profile-protocol-options param: name type: str required: True
      • +
    • firewall_proute
      • +
    • firewall_proute6
      • +
    • firewall_proxy-address param: name type: str required: True
      • +
    • firewall_proxy-addrgrp param: name type: str required: True
      • +
    • firewall_proxy-policy param: policyid type: int required: True
      • +
    • firewall_region param: id type: int required: True
      • +
    • firewall_security-policy param: policyid type: int required: True
      • +
    • firewall_shaping-policy param: id type: int required: True
      • +
    • firewall_shaping-profile param: profile_name type: str required: True
      • +
    • firewall_sniffer param: id type: int required: True
      • +
    • firewall_ssl-server param: name type: str required: True
      • +
    • firewall_ssl-ssh-profile param: name type: str required: True
      • +
    • firewall_traffic-class param: class_id type: int required: True
      • +
    • firewall_ttl-policy param: id type: int required: True
      • +
    • firewall_vendor-mac param: id type: int required: True
      • +
    • firewall_vendor-mac-summary
      • +
    • firewall_vip param: name type: str required: True
      • +
    • firewall_vip46 param: name type: str required: True
      • +
    • firewall_vip6 param: name type: str required: True
      • +
    • firewall_vip64 param: name type: str required: True
      • +
    • firewall_vipgrp param: name type: str required: True
      • +
    • firewall_vipgrp46 param: name type: str required: True
      • +
    • firewall_vipgrp6 param: name type: str required: True
      • +
    • firewall_vipgrp64 param: name type: str required: True
      • +
    • ftp-proxy_explicit
      • +
    • gtp_apn param: name type: str required: True
      • +
    • gtp_apn-shaper param: id type: int required: True
      • +
    • gtp_apngrp param: name type: str required: True
      • +
    • gtp_ie-allow-list param: name type: str required: True
      • +
    • gtp_ie-white-list param: name type: str required: True
      • +
    • gtp_message-filter-v0v1 param: name type: str required: True
      • +
    • gtp_message-filter-v2 param: name type: str required: True
      • +
    • gtp_rat-timeout-profile param: name type: str required: True
      • +
    • gtp_tunnel-limit param: name type: str required: True
      • +
    • hardware.npu.np6_dce
      • +
    • hardware.npu.np6_ipsec-stats
      • +
    • hardware.npu.np6_port-list
      • +
    • hardware.npu.np6_session-stats
      • +
    • hardware.npu.np6_sse-stats
      • +
    • hardware.npu.np6_synproxy-stats
      • +
    • hardware_cpu
      • +
    • hardware_memory
      • +
    • hardware_nic
      • +
    • hardware_status
      • +
    • icap_profile param: name type: str required: True
      • +
    • icap_server param: name type: str required: True
      • +
    • ips_custom param: tag type: str required: True
      • +
    • ips_decoder param: name type: str required: True
      • +
    • ips_global
      • +
    • ips_rule param: name type: str required: True
      • +
    • ips_rule-settings param: id type: int required: True
      • +
    • ips_sensor param: name type: str required: True
      • +
    • ips_session
      • +
    • ips_settings
      • +
    • ips_view-map param: id type: int required: True
      • +
    • ipsec_tunnel
      • +
    • log.disk_filter
      • +
    • log.disk_setting
      • +
    • log.fortianalyzer-cloud_filter
      • +
    • log.fortianalyzer-cloud_override-filter
      • +
    • log.fortianalyzer-cloud_override-setting
      • +
    • log.fortianalyzer-cloud_setting
      • +
    • log.fortianalyzer2_filter
      • +
    • log.fortianalyzer2_override-filter
      • +
    • log.fortianalyzer2_override-setting
      • +
    • log.fortianalyzer2_setting
      • +
    • log.fortianalyzer3_filter
      • +
    • log.fortianalyzer3_override-filter
      • +
    • log.fortianalyzer3_override-setting
      • +
    • log.fortianalyzer3_setting
      • +
    • log.fortianalyzer_filter
      • +
    • log.fortianalyzer_override-filter
      • +
    • log.fortianalyzer_override-setting
      • +
    • log.fortianalyzer_setting
      • +
    • log.fortiguard_filter
      • +
    • log.fortiguard_override-filter
      • +
    • log.fortiguard_override-setting
      • +
    • log.fortiguard_setting
      • +
    • log.memory_filter
      • +
    • log.memory_global-setting
      • +
    • log.memory_setting
      • +
    • log.null-device_filter
      • +
    • log.null-device_setting
      • +
    • log.syslogd2_filter
      • +
    • log.syslogd2_override-filter
      • +
    • log.syslogd2_override-setting
      • +
    • log.syslogd2_setting
      • +
    • log.syslogd3_filter
      • +
    • log.syslogd3_override-filter
      • +
    • log.syslogd3_override-setting
      • +
    • log.syslogd3_setting
      • +
    • log.syslogd4_filter
      • +
    • log.syslogd4_override-filter
      • +
    • log.syslogd4_override-setting
      • +
    • log.syslogd4_setting
      • +
    • log.syslogd_filter
      • +
    • log.syslogd_override-filter
      • +
    • log.syslogd_override-setting
      • +
    • log.syslogd_setting
      • +
    • log.tacacs+accounting2_filter
      • +
    • log.tacacs+accounting2_setting
      • +
    • log.tacacs+accounting3_filter
      • +
    • log.tacacs+accounting3_setting
      • +
    • log.tacacs+accounting_filter
      • +
    • log.tacacs+accounting_setting
      • +
    • log.webtrends_filter
      • +
    • log.webtrends_setting
      • +
    • log_custom-field param: id type: str required: True
      • +
    • log_eventfilter
      • +
    • log_gui-display
      • +
    • log_setting
      • +
    • log_threat-weight
      • +
    • mgmt-data_status
      • +
    • monitoring_np6-ipsec-engine
      • +
    • monitoring_npu-hpe
      • +
    • nsxt_service-chain param: id type: int required: True
      • +
    • nsxt_setting
      • +
    • pfcp_message-filter param: name type: str required: True
      • +
    • report.sql_status
      • +
    • report_chart param: name type: str required: True
      • +
    • report_dataset param: name type: str required: True
      • +
    • report_layout param: name type: str required: True
      • +
    • report_setting
      • +
    • report_style param: name type: str required: True
      • +
    • report_theme param: name type: str required: True
      • +
    • router_access-list param: name type: str required: True
      • +
    • router_access-list6 param: name type: str required: True
      • +
    • router_aspath-list param: name type: str required: True
      • +
    • router_auth-path param: name type: str required: True
      • +
    • router_bfd
      • +
    • router_bfd6
      • +
    • router_bgp
      • +
    • router_community-list param: name type: str required: True
      • +
    • router_info
      • +
    • router_info6
      • +
    • router_isis
      • +
    • router_key-chain param: name type: str required: True
      • +
    • router_multicast
      • +
    • router_multicast-flow param: name type: str required: True
      • +
    • router_multicast6
      • +
    • router_ospf
      • +
    • router_ospf6
      • +
    • router_policy param: seq_num type: int required: True
      • +
    • router_policy6 param: seq_num type: int required: True
      • +
    • router_prefix-list param: name type: str required: True
      • +
    • router_prefix-list6 param: name type: str required: True
      • +
    • router_rip
      • +
    • router_ripng
      • +
    • router_route-map param: name type: str required: True
      • +
    • router_setting
      • +
    • router_static param: seq_num type: int required: True
      • +
    • router_static6 param: seq_num type: int required: True
      • +
    • sctp-filter_profile param: name type: str required: True
      • +
    • spamfilter_bwl param: id type: int required: True
      • +
    • spamfilter_bword param: id type: int required: True
      • +
    • spamfilter_dnsbl param: id type: int required: True
      • +
    • spamfilter_fortishield
      • +
    • spamfilter_iptrust param: id type: int required: True
      • +
    • spamfilter_mheader param: id type: int required: True
      • +
    • spamfilter_options
      • +
    • spamfilter_profile param: name type: str required: True
      • +
    • ssh-filter_profile param: name type: str required: True
      • +
    • switch-controller.auto-config_custom param: name type: str required: True
      • +
    • switch-controller.auto-config_default
      • +
    • switch-controller.auto-config_policy param: name type: str required: True
      • +
    • switch-controller.initial-config_template param: name type: str required: True
      • +
    • switch-controller.initial-config_vlans
      • +
    • switch-controller.ptp_policy param: name type: str required: True
      • +
    • switch-controller.ptp_settings
      • +
    • switch-controller.qos_dot1p-map param: name type: str required: True
      • +
    • switch-controller.qos_ip-dscp-map param: name type: str required: True
      • +
    • switch-controller.qos_qos-policy param: name type: str required: True
      • +
    • switch-controller.qos_queue-policy param: name type: str required: True
      • +
    • switch-controller.security-policy_802-1X param: name type: str required: True
      • +
    • switch-controller.security-policy_captive-portal param: name type: str required: True
      • +
    • switch-controller.security-policy_local-access param: name type: str required: True
      • +
    • switch-controller_802-1X-settings
      • +
    • switch-controller_custom-command param: command_name type: str required: True
      • +
    • switch-controller_dynamic-port-policy param: name type: str required: True
      • +
    • switch-controller_flow-tracking
      • +
    • switch-controller_fortilink-settings param: name type: str required: True
      • +
    • switch-controller_global
      • +
    • switch-controller_igmp-snooping
      • +
    • switch-controller_lldp-profile param: name type: str required: True
      • +
    • switch-controller_lldp-settings
      • +
    • switch-controller_location param: name type: str required: True
      • +
    • switch-controller_mac-policy param: name type: str required: True
      • +
    • switch-controller_mac-sync-settings
      • +
    • switch-controller_managed-switch param: switch_id type: str required: True
      • +
    • switch-controller_nac-device param: id type: int required: True
      • +
    • switch-controller_nac-settings param: name type: str required: True
      • +
    • switch-controller_network-monitor-settings
      • +
    • switch-controller_poe
      • +
    • switch-controller_port-policy param: name type: str required: True
      • +
    • switch-controller_quarantine
      • +
    • switch-controller_remote-log param: name type: str required: True
      • +
    • switch-controller_sflow
      • +
    • switch-controller_snmp-community param: id type: int required: True
      • +
    • switch-controller_snmp-sysinfo
      • +
    • switch-controller_snmp-trap-threshold
      • +
    • switch-controller_snmp-user param: name type: str required: True
      • +
    • switch-controller_storm-control
      • +
    • switch-controller_storm-control-policy param: name type: str required: True
      • +
    • switch-controller_stp-instance param: id type: str required: True
      • +
    • switch-controller_stp-settings
      • +
    • switch-controller_switch-group param: name type: str required: True
      • +
    • switch-controller_switch-interface-tag param: name type: str required: True
      • +
    • switch-controller_switch-log
      • +
    • switch-controller_switch-profile param: name type: str required: True
      • +
    • switch-controller_system
      • +
    • switch-controller_traffic-policy param: name type: str required: True
      • +
    • switch-controller_traffic-sniffer
      • +
    • switch-controller_virtual-port-pool param: name type: str required: True
      • +
    • switch-controller_vlan param: name type: str required: True
      • +
    • switch-controller_vlan-policy param: name type: str required: True
      • +
    • system.3g-modem_custom param: id type: int required: True
      • +
    • system.auto-update_status
      • +
    • system.auto-update_versions
      • +
    • system.autoupdate_push-update
      • +
    • system.autoupdate_schedule
      • +
    • system.autoupdate_tunneling
      • +
    • system.checksum_status
      • +
    • system.dhcp6_server param: id type: int required: True
      • +
    • system.dhcp_server param: id type: int required: True
      • +
    • system.info.admin_ssh
      • +
    • system.info.admin_status
      • +
    • system.ip-conflict_status
      • +
    • system.lldp_network-policy param: name type: str required: True
      • +
    • system.performance.firewall_packet-distribution
      • +
    • system.performance.firewall_statistics
      • +
    • system.performance_status
      • +
    • system.performance_top
      • +
    • system.replacemsg_admin param: msg_type type: str required: True
      • +
    • system.replacemsg_alertmail param: msg_type type: str required: True
      • +
    • system.replacemsg_auth param: msg_type type: str required: True
      • +
    • system.replacemsg_automation param: msg_type type: str required: True
      • +
    • system.replacemsg_device-detection-portal param: msg_type type: str required: True
      • +
    • system.replacemsg_ec param: msg_type type: str required: True
      • +
    • system.replacemsg_fortiguard-wf param: msg_type type: str required: True
      • +
    • system.replacemsg_ftp param: msg_type type: str required: True
      • +
    • system.replacemsg_http param: msg_type type: str required: True
      • +
    • system.replacemsg_icap param: msg_type type: str required: True
      • +
    • system.replacemsg_mail param: msg_type type: str required: True
      • +
    • system.replacemsg_mm1 param: msg_type type: str required: True
      • +
    • system.replacemsg_mm3 param: msg_type type: str required: True
      • +
    • system.replacemsg_mm4 param: msg_type type: str required: True
      • +
    • system.replacemsg_mm7 param: msg_type type: str required: True
      • +
    • system.replacemsg_mms param: msg_type type: str required: True
      • +
    • system.replacemsg_nac-quar param: msg_type type: str required: True
      • +
    • system.replacemsg_nntp param: msg_type type: str required: True
      • +
    • system.replacemsg_spam param: msg_type type: str required: True
      • +
    • system.replacemsg_sslvpn param: msg_type type: str required: True
      • +
    • system.replacemsg_traffic-quota param: msg_type type: str required: True
      • +
    • system.replacemsg_utm param: msg_type type: str required: True
      • +
    • system.replacemsg_webproxy param: msg_type type: str required: True
      • +
    • system.session-helper-info_list
      • +
    • system.session-info_expectation
      • +
    • system.session-info_full-stat
      • +
    • system.session-info_list
      • +
    • system.session-info_statistics
      • +
    • system.session-info_ttl
      • +
    • system.snmp_community param: id type: int required: True
      • +
    • system.snmp_sysinfo
      • +
    • system.snmp_user param: name type: str required: True
      • +
    • system.source-ip_status
      • +
    • system_accprofile param: name type: str required: True
      • +
    • system_acme
      • +
    • system_admin param: name type: str required: True
      • +
    • system_affinity-interrupt param: id type: int required: True
      • +
    • system_affinity-packet-redistribution param: id type: int required: True
      • +
    • system_alarm
      • +
    • system_alias param: name type: str required: True
      • +
    • system_api-user param: name type: str required: True
      • +
    • system_arp
      • +
    • system_arp-table param: id type: int required: True
      • +
    • system_auto-install
      • +
    • system_auto-script param: name type: str required: True
      • +
    • system_automation-action param: name type: str required: True
      • +
    • system_automation-destination param: name type: str required: True
      • +
    • system_automation-stitch param: name type: str required: True
      • +
    • system_automation-trigger param: name type: str required: True
      • +
    • system_central-management
      • +
    • system_central-mgmt
      • +
    • system_cluster-sync param: sync_id type: int required: True
      • +
    • system_cmdb
      • +
    • system_console
      • +
    • system_csf
      • +
    • system_custom-language param: name type: str required: True
      • +
    • system_ddns param: ddnsid type: int required: True
      • +
    • system_dedicated-mgmt
      • +
    • system_dns
      • +
    • system_dns-database param: name type: str required: True
      • +
    • system_dns-server param: name type: str required: True
      • +
    • system_dns64
      • +
    • system_dscp-based-priority param: id type: int required: True
      • +
    • system_email-server
      • +
    • system_external-resource param: name type: str required: True
      • +
    • system_federated-upgrade
      • +
    • system_fips-cc
      • +
    • system_fm
      • +
    • system_fortiai
      • +
    • system_fortianalyzer-connectivity
      • +
    • system_fortiguard
      • +
    • system_fortiguard-log-service
      • +
    • system_fortiguard-service
      • +
    • system_fortimanager
      • +
    • system_fortisandbox
      • +
    • system_fsso-polling
      • +
    • system_ftm-push
      • +
    • system_geneve param: name type: str required: True
      • +
    • system_geoip-country param: id type: str required: True
      • +
    • system_geoip-override param: name type: str required: True
      • +
    • system_gi-gk
      • +
    • system_global
      • +
    • system_gre-tunnel param: name type: str required: True
      • +
    • system_ha
      • +
    • system_ha-monitor
      • +
    • system_ha-nonsync-csum
      • +
    • system_ike
      • +
    • system_interface param: name type: str required: True
      • +
    • system_ipam
      • +
    • system_ipip-tunnel param: name type: str required: True
      • +
    • system_ips
      • +
    • system_ips-urlfilter-dns param: address type: str required: True
      • +
    • system_ips-urlfilter-dns6 param: address6 type: str required: True
      • +
    • system_ipsec-aggregate param: name type: str required: True
      • +
    • system_ipv6-neighbor-cache param: id type: int required: True
      • +
    • system_ipv6-tunnel param: name type: str required: True
      • +
    • system_isf-queue-profile param: name type: str required: True
      • +
    • system_link-monitor param: name type: str required: True
      • +
    • system_lte-modem
      • +
    • system_mac-address-table param: mac type: str required: True
      • +
    • system_management-tunnel
      • +
    • system_mem-mgr
      • +
    • system_mgmt-csum
      • +
    • system_mobile-tunnel param: name type: str required: True
      • +
    • system_modem
      • +
    • system_nat64
      • +
    • system_nd-proxy
      • +
    • system_netflow
      • +
    • system_network-visibility
      • +
    • system_np6 param: name type: str required: True
      • +
    • system_npu
      • +
    • system_ntp
      • +
    • system_object-tagging param: category type: str required: True
      • +
    • system_password-policy
      • +
    • system_password-policy-guest-admin
      • +
    • system_physical-switch param: name type: str required: True
      • +
    • system_pppoe-interface param: name type: str required: True
      • +
    • system_probe-response
      • +
    • system_proxy-arp param: id type: int required: True
      • +
    • system_ptp
      • +
    • system_replacemsg-group param: name type: str required: True
      • +
    • system_replacemsg-image param: name type: str required: True
      • +
    • system_resource-limits
      • +
    • system_saml
      • +
    • system_sdn-connector param: name type: str required: True
      • +
    • system_sdwan
      • +
    • system_session
      • +
    • system_session-helper param: id type: int required: True
      • +
    • system_session-ttl
      • +
    • system_session6
      • +
    • system_settings
      • +
    • system_sflow
      • +
    • system_sit-tunnel param: name type: str required: True
      • +
    • system_smc-ntp
      • +
    • system_sms-server param: name type: str required: True
      • +
    • system_speed-test-schedule param: interface type: str required: True
      • +
    • system_speed-test-server param: name type: str required: True
      • +
    • system_sso-admin param: name type: str required: True
      • +
    • system_sso-forticloud-admin param: name type: str required: True
      • +
    • system_standalone-cluster
      • +
    • system_startup-error-log
      • +
    • system_status
      • +
    • system_storage param: name type: str required: True
      • +
    • system_stp
      • +
    • system_switch-interface param: name type: str required: True
      • +
    • system_tos-based-priority param: id type: int required: True
      • +
    • system_vdom param: name type: str required: True
      • +
    • system_vdom-dns
      • +
    • system_vdom-exception param: id type: int required: True
      • +
    • system_vdom-link param: name type: str required: True
      • +
    • system_vdom-netflow
      • +
    • system_vdom-property param: name type: str required: True
      • +
    • system_vdom-radius-server param: name type: str required: True
      • +
    • system_vdom-sflow
      • +
    • system_virtual-switch param: name type: str required: True
      • +
    • system_virtual-wan-link
      • +
    • system_virtual-wire-pair param: name type: str required: True
      • +
    • system_vne-tunnel
      • +
    • system_vxlan param: name type: str required: True
      • +
    • system_wccp param: service_id type: str required: True
      • +
    • system_zone param: name type: str required: True
      • +
    • user_adgrp param: name type: str required: True
      • +
    • user_certificate param: name type: str required: True
      • +
    • user_device param: alias type: str required: True
      • +
    • user_device-access-list param: name type: str required: True
      • +
    • user_device-category param: name type: str required: True
      • +
    • user_device-group param: name type: str required: True
      • +
    • user_domain-controller param: name type: str required: True
      • +
    • user_exchange param: name type: str required: True
      • +
    • user_fortitoken param: serial_number type: str required: True
      • +
    • user_fsso param: name type: str required: True
      • +
    • user_fsso-polling param: id type: int required: True
      • +
    • user_group param: name type: str required: True
      • +
    • user_krb-keytab param: name type: str required: True
      • +
    • user_ldap param: name type: str required: True
      • +
    • user_local param: name type: str required: True
      • +
    • user_nac-policy param: name type: str required: True
      • +
    • user_password-policy param: name type: str required: True
      • +
    • user_peer param: name type: str required: True
      • +
    • user_peergrp param: name type: str required: True
      • +
    • user_pop3 param: name type: str required: True
      • +
    • user_quarantine
      • +
    • user_radius param: name type: str required: True
      • +
    • user_saml param: name type: str required: True
      • +
    • user_security-exempt-list param: name type: str required: True
      • +
    • user_setting
      • +
    • user_tacacs+ param: name type: str required: True
      • +
    • videofilter_profile param: name type: str required: True
      • +
    • videofilter_youtube-channel-filter param: id type: int required: True
      • +
    • videofilter_youtube-key param: id type: int required: True
      • +
    • voip_profile param: name type: str required: True
      • +
    • vpn.certificate_ca param: name type: str required: True
      • +
    • vpn.certificate_crl param: name type: str required: True
      • +
    • vpn.certificate_local param: name type: str required: True
      • +
    • vpn.certificate_ocsp-server param: name type: str required: True
      • +
    • vpn.certificate_remote param: name type: str required: True
      • +
    • vpn.certificate_setting
      • +
    • vpn.ike_gateway
      • +
    • vpn.ipsec.stats_crypto
      • +
    • vpn.ipsec.stats_tunnel
      • +
    • vpn.ipsec.tunnel_details
      • +
    • vpn.ipsec.tunnel_name
      • +
    • vpn.ipsec.tunnel_summary
      • +
    • vpn.ipsec_concentrator param: id type: int required: True
      • +
    • vpn.ipsec_fec param: name type: str required: True
      • +
    • vpn.ipsec_forticlient param: realm type: str required: True
      • +
    • vpn.ipsec_manualkey param: name type: str required: True
      • +
    • vpn.ipsec_manualkey-interface param: name type: str required: True
      • +
    • vpn.ipsec_phase1 param: name type: str required: True
      • +
    • vpn.ipsec_phase1-interface param: name type: str required: True
      • +
    • vpn.ipsec_phase2 param: name type: str required: True
      • +
    • vpn.ipsec_phase2-interface param: name type: str required: True
      • +
    • vpn.ssl.web_host-check-software param: name type: str required: True
      • +
    • vpn.ssl.web_portal param: name type: str required: True
      • +
    • vpn.ssl.web_realm param: url_path type: str required: True
      • +
    • vpn.ssl.web_user-bookmark param: name type: str required: True
      • +
    • vpn.ssl.web_user-group-bookmark param: name type: str required: True
      • +
    • vpn.ssl_client param: name type: str required: True
      • +
    • vpn.ssl_monitor
      • +
    • vpn.ssl_settings
      • +
    • vpn.status.ssl_hw-acceleration-status
      • +
    • vpn.status.ssl_list
      • +
    • vpn.status_l2tp
      • +
    • vpn.status_pptp
      • +
    • vpn_l2tp
      • +
    • vpn_ocvpn
      • +
    • vpn_pptp
      • +
    • waf_main-class param: id type: int required: True
      • +
    • waf_profile param: name type: str required: True
      • +
    • waf_signature param: id type: int required: True
      • +
    • waf_sub-class param: id type: int required: True
      • +
    • wanopt_auth-group param: name type: str required: True
      • +
    • wanopt_cache-service
      • +
    • wanopt_content-delivery-network-rule param: name type: str required: True
      • +
    • wanopt_peer param: peer_host_id type: str required: True
      • +
    • wanopt_profile param: name type: str required: True
      • +
    • wanopt_remote-storage
      • +
    • wanopt_settings
      • +
    • wanopt_webcache
      • +
    • web-proxy_debug-url param: name type: str required: True
      • +
    • web-proxy_explicit
      • +
    • web-proxy_forward-server param: name type: str required: True
      • +
    • web-proxy_forward-server-group param: name type: str required: True
      • +
    • web-proxy_global
      • +
    • web-proxy_profile param: name type: str required: True
      • +
    • web-proxy_url-match param: name type: str required: True
      • +
    • web-proxy_wisp param: name type: str required: True
      • +
    • webfilter_categories
      • +
    • webfilter_content param: id type: int required: True
      • +
    • webfilter_content-header param: id type: int required: True
      • +
    • webfilter_fortiguard
      • +
    • webfilter_ftgd-local-cat param: desc type: str required: True
      • +
    • webfilter_ftgd-local-rating param: url type: str required: True
      • +
    • webfilter_ftgd-statistics
      • +
    • webfilter_ips-urlfilter-cache-setting
      • +
    • webfilter_ips-urlfilter-setting
      • +
    • webfilter_ips-urlfilter-setting6
      • +
    • webfilter_override param: id type: int required: True
      • +
    • webfilter_override-usr
      • +
    • webfilter_profile param: name type: str required: True
      • +
    • webfilter_search-engine param: name type: str required: True
      • +
    • webfilter_status
      • +
    • webfilter_urlfilter param: id type: int required: True
      • +
    • wireless-controller.hotspot20_anqp-3gpp-cellular param: name type: str required: True
      • +
    • wireless-controller.hotspot20_anqp-ip-address-type param: name type: str required: True
      • +
    • wireless-controller.hotspot20_anqp-nai-realm param: name type: str required: True
      • +
    • wireless-controller.hotspot20_anqp-network-auth-type param: name type: str required: True
      • +
    • wireless-controller.hotspot20_anqp-roaming-consortium param: name type: str required: True
      • +
    • wireless-controller.hotspot20_anqp-venue-name param: name type: str required: True
      • +
    • wireless-controller.hotspot20_anqp-venue-url param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-advice-of-charge param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-conn-capability param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-operator-name param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-osu-provider param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-osu-provider-nai param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-terms-and-conditions param: name type: str required: True
      • +
    • wireless-controller.hotspot20_h2qp-wan-metric param: name type: str required: True
      • +
    • wireless-controller.hotspot20_hs-profile param: name type: str required: True
      • +
    • wireless-controller.hotspot20_icon param: name type: str required: True
      • +
    • wireless-controller.hotspot20_qos-map param: name type: str required: True
      • +
    • wireless-controller_access-control-list param: name type: str required: True
      • +
    • wireless-controller_address param: id type: str required: True
      • +
    • wireless-controller_addrgrp param: id type: str required: True
      • +
    • wireless-controller_ap-status param: id type: int required: True
      • +
    • wireless-controller_apcfg-profile param: name type: str required: True
      • +
    • wireless-controller_arrp-profile param: name type: str required: True
      • +
    • wireless-controller_ble-profile param: name type: str required: True
      • +
    • wireless-controller_bonjour-profile param: name type: str required: True
      • +
    • wireless-controller_client-info
      • +
    • wireless-controller_global
      • +
    • wireless-controller_inter-controller
      • +
    • wireless-controller_log
      • +
    • wireless-controller_mpsk-profile param: name type: str required: True
      • +
    • wireless-controller_nac-profile param: name type: str required: True
      • +
    • wireless-controller_qos-profile param: name type: str required: True
      • +
    • wireless-controller_region param: name type: str required: True
      • +
    • wireless-controller_rf-analysis
      • +
    • wireless-controller_scan
      • +
    • wireless-controller_setting
      • +
    • wireless-controller_snmp
      • +
    • wireless-controller_spectral-info
      • +
    • wireless-controller_ssid-policy param: name type: str required: True
      • +
    • wireless-controller_status
      • +
    • wireless-controller_syslog-profile param: name type: str required: True
      • +
    • wireless-controller_timers
      • +
    • wireless-controller_utm-profile param: name type: str required: True
      • +
    • wireless-controller_vap param: name type: str required: True
      • +
    • wireless-controller_vap-group param: name type: str required: True
      • +
    • wireless-controller_vap-status
      • +
    • wireless-controller_wag-profile param: name type: str required: True
      • +
    • wireless-controller_wids-profile param: name type: str required: True
      • +
    • wireless-controller_wlchanlistlic
      • +
    • wireless-controller_wtp param: wtp_id type: str required: True
      • +
    • wireless-controller_wtp-group param: name type: str required: True
      • +
    • wireless-controller_wtp-profile param: name type: str required: True
      • +
    • wireless-controller_wtp-status
      • +
    +
    +
    +
  • params - the parameter for each selector, see definition in above list.type: dict
    • +
  • selectors - selectors list allows to pass more than one selector and its parameters in a task.type: list
    • + +Notes +----- + +.. note:: + + - Different ``selector`` may have different parameters, users are expected to look up them for a specific selector. + + - For some selectors, the objects are global, no ``params`` are allowed to appear. + + - If ``params`` is empty a non-unique object, the whole object list is returned. + + - This module has support for all configuration API, excluding any monitor API. + + - The result of API request is stored in ``results`` as a list. + + - There are three filtering parameters: ``filters``, ``sorters`` and ``formatters``, please see `filtering spec`_ for more information. + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigateslab + connection: httpapi + collections: + - fortinet.fortios + vars: + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + vdom: "root" + tasks: + - name: Get multiple selectors info concurrently + fortios_configuration_fact: + selectors: + - selector: firewall_address + params: + name: "gmail.com" + - selector: system_interface + - selector: log_eventfilter + params: {} + + - name: fact gathering with filters + fortios_configuration_fact: + vdom: "" + filters: + - name==port1 + - vlanid==0 + sorters: + - name,vlanid + - management-ip + formatters: + - name + - management-ip + - vlanid + selector: 'system_interface' + + - name: get all + fortios_configuration_fact: + vdom: "" + access_token: "" + selector: log_custom-field + + - name: get single + fortios_configuration_fact: + vdom: "" + access_token: "" + selector: log_custom-field + #optionally list or single get + params: + id: "3" + + - name: fetch one firewall address + fortios_configuration_fact: + selector: firewall_address + params: + name: "login.microsoft.com" + + - name: fetch all firewall addresses + fortios_configuration_fact: + selector: firewall_address + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
      + +
    • build - Build number of the fortigate image returned: always type: str sample: 1547
      • +
    • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
      • +
    • name - Name of the table used to fulfill the request returned: always type: str sample: firmware
      • +
    • path - Path of the table used to fulfill the request returned: always type: str sample: system
      • +
    • results - Object list retrieved from device. returned: always type: list
      • +
    • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
      • +
    • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
      • +
    • status - Indication of the operation's result returned: always type: str sample: success
      • +
    • vdom - Virtual domain used returned: always type: str sample: root
      • +
    • version - Version of the FortiGate returned: always type: str sample: v5.6.3
      • +
    • ansible_facts - The list of fact subsets collected from the device returned: always type: dict
      • +
    + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@fshen01) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. + +.. _filtering spec: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/597/ diff --git a/fortios_export_config_playbook.rst b/fortios_export_config_playbook.rst new file mode 100644 index 00000000..d5a673bf --- /dev/null +++ b/fortios_export_config_playbook.rst @@ -0,0 +1,898 @@ +:source: fortios_export_config_playbook.py + +:orphan: + +.. : + +fortios_export_config_playbook -- Convert the returned facts into a playbook. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.11 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Collect the current configurations of a module on a running device and converts the returned facts into a playbook that users can apply directly. More than one playbook will be generated if there are many selectors provided. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- install galaxy collection fortinet.fortios >= ``2.1.3``. + + +Parameters +---------- + + +.. raw:: html + +
      +
    • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
      • +
    • enable_log - Enable/Disable logging for task. type: bool required: False default: False
      • +
    • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
      • +
    • filters - A list of expressions to filter the returned results. type: list required: False + more... + +
      • +
    • sorters - A list of expressions to sort the returned results. type: list required: False + more... + +
      • +
    • formatters - A list of fields to display for returned results. type: list required: False
      • +
    • selector - selector that used to collect the current configurations of the module and convert to a playbook. type: str choices:
      • +
    • + +

      + +

      +
      +
        +
      • alertemail_setting
        • +
      • antivirus_heuristic
        • +
      • antivirus_mms-checksum param: id type: int required: True
        • +
      • antivirus_notification param: id type: int required: True
        • +
      • antivirus_profile param: name type: str required: True
        • +
      • antivirus_quarantine
        • +
      • antivirus_settings
        • +
      • application_custom param: tag type: str required: True
        • +
      • application_group param: name type: str required: True
        • +
      • application_list param: name type: str required: True
        • +
      • application_name param: name type: str required: True
        • +
      • application_rule-settings param: id type: int required: True
        • +
      • authentication_rule param: name type: str required: True
        • +
      • authentication_scheme param: name type: str required: True
        • +
      • authentication_setting
        • +
      • certificate_ca param: name type: str required: True
        • +
      • certificate_crl param: name type: str required: True
        • +
      • certificate_local param: name type: str required: True
        • +
      • certificate_remote param: name type: str required: True
        • +
      • cifs_domain-controller param: server_name type: str required: True
        • +
      • cifs_profile param: name type: str required: True
        • +
      • credential-store_domain-controller param: server_name type: str required: True
        • +
      • dlp_filepattern param: id type: int required: True
        • +
      • dlp_fp-doc-source param: name type: str required: True
        • +
      • dlp_fp-sensitivity param: name type: str required: True
        • +
      • dlp_sensitivity param: name type: str required: True
        • +
      • dlp_sensor param: name type: str required: True
        • +
      • dlp_settings
        • +
      • dnsfilter_domain-filter param: id type: int required: True
        • +
      • dnsfilter_profile param: name type: str required: True
        • +
      • dpdk_cpus
        • +
      • dpdk_global
        • +
      • emailfilter_block-allow-list param: id type: int required: True
        • +
      • emailfilter_bwl param: id type: int required: True
        • +
      • emailfilter_bword param: id type: int required: True
        • +
      • emailfilter_dnsbl param: id type: int required: True
        • +
      • emailfilter_fortishield
        • +
      • emailfilter_iptrust param: id type: int required: True
        • +
      • emailfilter_mheader param: id type: int required: True
        • +
      • emailfilter_options
        • +
      • emailfilter_profile param: name type: str required: True
        • +
      • endpoint-control_client param: id type: int required: True
        • +
      • endpoint-control_fctems param: name type: str required: True
        • +
      • endpoint-control_forticlient-ems param: name type: str required: True
        • +
      • endpoint-control_forticlient-registration-sync param: peer_name type: str required: True
        • +
      • endpoint-control_profile param: profile_name type: str required: True
        • +
      • endpoint-control_registered-forticlient param: uid type: str required: True
        • +
      • endpoint-control_settings
        • +
      • extender-controller_dataplan param: name type: str required: True
        • +
      • extender-controller_extender param: name type: str required: True
        • +
      • extender-controller_extender-profile param: name type: str required: True
        • +
      • extender_extender-info
        • +
      • extender_lte-carrier-by-mcc-mnc
        • +
      • extender_lte-carrier-list
        • +
      • extender_modem-status
        • +
      • extender_session-info
        • +
      • extender_sys-info
        • +
      • file-filter_profile param: name type: str required: True
        • +
      • firewall.consolidated_policy param: policyid type: int required: True
        • +
      • firewall.ipmacbinding_setting
        • +
      • firewall.ipmacbinding_table param: seq_num type: int required: True
        • +
      • firewall.iprope.appctrl_list
        • +
      • firewall.iprope.appctrl_status
        • +
      • firewall.iprope_list
        • +
      • firewall.schedule_group param: name type: str required: True
        • +
      • firewall.schedule_onetime param: name type: str required: True
        • +
      • firewall.schedule_recurring param: name type: str required: True
        • +
      • firewall.service_category param: name type: str required: True
        • +
      • firewall.service_custom param: name type: str required: True
        • +
      • firewall.service_group param: name type: str required: True
        • +
      • firewall.shaper_per-ip
        • +
      • firewall.shaper_per-ip-shaper param: name type: str required: True
        • +
      • firewall.shaper_traffic
        • +
      • firewall.shaper_traffic-shaper param: name type: str required: True
        • +
      • firewall.ssh_host-key param: name type: str required: True
        • +
      • firewall.ssh_local-ca param: name type: str required: True
        • +
      • firewall.ssh_local-key param: name type: str required: True
        • +
      • firewall.ssh_setting
        • +
      • firewall.ssl_setting
        • +
      • firewall.wildcard-fqdn_custom param: name type: str required: True
        • +
      • firewall.wildcard-fqdn_group param: name type: str required: True
        • +
      • firewall_access-proxy param: name type: str required: True
        • +
      • firewall_access-proxy-ssh-client-cert param: name type: str required: True
        • +
      • firewall_access-proxy-virtual-host param: name type: str required: True
        • +
      • firewall_access-proxy6 param: name type: str required: True
        • +
      • firewall_acl param: policyid type: int required: True
        • +
      • firewall_acl6 param: policyid type: int required: True
        • +
      • firewall_address param: name type: str required: True
        • +
      • firewall_address6 param: name type: str required: True
        • +
      • firewall_address6-template param: name type: str required: True
        • +
      • firewall_addrgrp param: name type: str required: True
        • +
      • firewall_addrgrp6 param: name type: str required: True
        • +
      • firewall_auth-portal
        • +
      • firewall_carrier-endpoint-bwl param: id type: int required: True
        • +
      • firewall_central-snat-map param: policyid type: int required: True
        • +
      • firewall_city param: id type: int required: True
        • +
      • firewall_country param: id type: int required: True
        • +
      • firewall_decrypted-traffic-mirror param: name type: str required: True
        • +
      • firewall_dnstranslation param: id type: int required: True
        • +
      • firewall_DoS-policy param: policyid type: int required: True
        • +
      • firewall_DoS-policy6 param: policyid type: int required: True
        • +
      • firewall_gtp param: name type: str required: True
        • +
      • firewall_identity-based-route param: name type: str required: True
        • +
      • firewall_interface-policy param: policyid type: int required: True
        • +
      • firewall_interface-policy6 param: policyid type: int required: True
        • +
      • firewall_internet-service param: id type: int required: True
        • +
      • firewall_internet-service-addition param: id type: int required: True
        • +
      • firewall_internet-service-append
        • +
      • firewall_internet-service-botnet param: id type: int required: True
        • +
      • firewall_internet-service-custom param: name type: str required: True
        • +
      • firewall_internet-service-custom-group param: name type: str required: True
        • +
      • firewall_internet-service-definition param: id type: int required: True
        • +
      • firewall_internet-service-extension param: id type: int required: True
        • +
      • firewall_internet-service-group param: name type: str required: True
        • +
      • firewall_internet-service-ipbl-reason param: id type: int required: True
        • +
      • firewall_internet-service-ipbl-vendor param: id type: int required: True
        • +
      • firewall_internet-service-list param: id type: int required: True
        • +
      • firewall_internet-service-name param: name type: str required: True
        • +
      • firewall_internet-service-owner param: id type: int required: True
        • +
      • firewall_internet-service-reputation param: id type: int required: True
        • +
      • firewall_internet-service-sld param: id type: int required: True
        • +
      • firewall_ip-translation param: transid type: int required: True
        • +
      • firewall_ippool param: name type: str required: True
        • +
      • firewall_ippool6 param: name type: str required: True
        • +
      • firewall_ipv6-eh-filter
        • +
      • firewall_ldb-monitor param: name type: str required: True
        • +
      • firewall_local-in-policy param: policyid type: int required: True
        • +
      • firewall_local-in-policy6 param: policyid type: int required: True
        • +
      • firewall_mms-profile param: name type: str required: True
        • +
      • firewall_multicast-address param: name type: str required: True
        • +
      • firewall_multicast-address6 param: name type: str required: True
        • +
      • firewall_multicast-policy param: id type: int required: True
        • +
      • firewall_multicast-policy6 param: id type: int required: True
        • +
      • firewall_pfcp param: name type: str required: True
        • +
      • firewall_policy param: policyid type: int required: True
        • +
      • firewall_policy46 param: policyid type: int required: True
        • +
      • firewall_policy6 param: policyid type: int required: True
        • +
      • firewall_policy64 param: policyid type: int required: True
        • +
      • firewall_profile-group param: name type: str required: True
        • +
      • firewall_profile-protocol-options param: name type: str required: True
        • +
      • firewall_proute
        • +
      • firewall_proute6
        • +
      • firewall_proxy-address param: name type: str required: True
        • +
      • firewall_proxy-addrgrp param: name type: str required: True
        • +
      • firewall_proxy-policy param: policyid type: int required: True
        • +
      • firewall_region param: id type: int required: True
        • +
      • firewall_security-policy param: policyid type: int required: True
        • +
      • firewall_shaping-policy param: id type: int required: True
        • +
      • firewall_shaping-profile param: profile_name type: str required: True
        • +
      • firewall_sniffer param: id type: int required: True
        • +
      • firewall_ssl-server param: name type: str required: True
        • +
      • firewall_ssl-ssh-profile param: name type: str required: True
        • +
      • firewall_traffic-class param: class_id type: int required: True
        • +
      • firewall_ttl-policy param: id type: int required: True
        • +
      • firewall_vendor-mac param: id type: int required: True
        • +
      • firewall_vendor-mac-summary
        • +
      • firewall_vip param: name type: str required: True
        • +
      • firewall_vip46 param: name type: str required: True
        • +
      • firewall_vip6 param: name type: str required: True
        • +
      • firewall_vip64 param: name type: str required: True
        • +
      • firewall_vipgrp param: name type: str required: True
        • +
      • firewall_vipgrp46 param: name type: str required: True
        • +
      • firewall_vipgrp6 param: name type: str required: True
        • +
      • firewall_vipgrp64 param: name type: str required: True
        • +
      • ftp-proxy_explicit
        • +
      • gtp_apn param: name type: str required: True
        • +
      • gtp_apn-shaper param: id type: int required: True
        • +
      • gtp_apngrp param: name type: str required: True
        • +
      • gtp_ie-allow-list param: name type: str required: True
        • +
      • gtp_ie-white-list param: name type: str required: True
        • +
      • gtp_message-filter-v0v1 param: name type: str required: True
        • +
      • gtp_message-filter-v2 param: name type: str required: True
        • +
      • gtp_rat-timeout-profile param: name type: str required: True
        • +
      • gtp_tunnel-limit param: name type: str required: True
        • +
      • hardware.npu.np6_dce
        • +
      • hardware.npu.np6_ipsec-stats
        • +
      • hardware.npu.np6_port-list
        • +
      • hardware.npu.np6_session-stats
        • +
      • hardware.npu.np6_sse-stats
        • +
      • hardware.npu.np6_synproxy-stats
        • +
      • hardware_cpu
        • +
      • hardware_memory
        • +
      • hardware_nic
        • +
      • hardware_status
        • +
      • icap_profile param: name type: str required: True
        • +
      • icap_server param: name type: str required: True
        • +
      • ips_custom param: tag type: str required: True
        • +
      • ips_decoder param: name type: str required: True
        • +
      • ips_global
        • +
      • ips_rule param: name type: str required: True
        • +
      • ips_rule-settings param: id type: int required: True
        • +
      • ips_sensor param: name type: str required: True
        • +
      • ips_session
        • +
      • ips_settings
        • +
      • ips_view-map param: id type: int required: True
        • +
      • ipsec_tunnel
        • +
      • log.disk_filter
        • +
      • log.disk_setting
        • +
      • log.fortianalyzer-cloud_filter
        • +
      • log.fortianalyzer-cloud_override-filter
        • +
      • log.fortianalyzer-cloud_override-setting
        • +
      • log.fortianalyzer-cloud_setting
        • +
      • log.fortianalyzer2_filter
        • +
      • log.fortianalyzer2_override-filter
        • +
      • log.fortianalyzer2_override-setting
        • +
      • log.fortianalyzer2_setting
        • +
      • log.fortianalyzer3_filter
        • +
      • log.fortianalyzer3_override-filter
        • +
      • log.fortianalyzer3_override-setting
        • +
      • log.fortianalyzer3_setting
        • +
      • log.fortianalyzer_filter
        • +
      • log.fortianalyzer_override-filter
        • +
      • log.fortianalyzer_override-setting
        • +
      • log.fortianalyzer_setting
        • +
      • log.fortiguard_filter
        • +
      • log.fortiguard_override-filter
        • +
      • log.fortiguard_override-setting
        • +
      • log.fortiguard_setting
        • +
      • log.memory_filter
        • +
      • log.memory_global-setting
        • +
      • log.memory_setting
        • +
      • log.null-device_filter
        • +
      • log.null-device_setting
        • +
      • log.syslogd2_filter
        • +
      • log.syslogd2_override-filter
        • +
      • log.syslogd2_override-setting
        • +
      • log.syslogd2_setting
        • +
      • log.syslogd3_filter
        • +
      • log.syslogd3_override-filter
        • +
      • log.syslogd3_override-setting
        • +
      • log.syslogd3_setting
        • +
      • log.syslogd4_filter
        • +
      • log.syslogd4_override-filter
        • +
      • log.syslogd4_override-setting
        • +
      • log.syslogd4_setting
        • +
      • log.syslogd_filter
        • +
      • log.syslogd_override-filter
        • +
      • log.syslogd_override-setting
        • +
      • log.syslogd_setting
        • +
      • log.tacacs+accounting2_filter
        • +
      • log.tacacs+accounting2_setting
        • +
      • log.tacacs+accounting3_filter
        • +
      • log.tacacs+accounting3_setting
        • +
      • log.tacacs+accounting_filter
        • +
      • log.tacacs+accounting_setting
        • +
      • log.webtrends_filter
        • +
      • log.webtrends_setting
        • +
      • log_custom-field param: id type: str required: True
        • +
      • log_eventfilter
        • +
      • log_gui-display
        • +
      • log_setting
        • +
      • log_threat-weight
        • +
      • mgmt-data_status
        • +
      • monitoring_np6-ipsec-engine
        • +
      • monitoring_npu-hpe
        • +
      • nsxt_service-chain param: id type: int required: True
        • +
      • nsxt_setting
        • +
      • pfcp_message-filter param: name type: str required: True
        • +
      • report.sql_status
        • +
      • report_chart param: name type: str required: True
        • +
      • report_dataset param: name type: str required: True
        • +
      • report_layout param: name type: str required: True
        • +
      • report_setting
        • +
      • report_style param: name type: str required: True
        • +
      • report_theme param: name type: str required: True
        • +
      • router_access-list param: name type: str required: True
        • +
      • router_access-list6 param: name type: str required: True
        • +
      • router_aspath-list param: name type: str required: True
        • +
      • router_auth-path param: name type: str required: True
        • +
      • router_bfd
        • +
      • router_bfd6
        • +
      • router_bgp
        • +
      • router_community-list param: name type: str required: True
        • +
      • router_info
        • +
      • router_info6
        • +
      • router_isis
        • +
      • router_key-chain param: name type: str required: True
        • +
      • router_multicast
        • +
      • router_multicast-flow param: name type: str required: True
        • +
      • router_multicast6
        • +
      • router_ospf
        • +
      • router_ospf6
        • +
      • router_policy param: seq_num type: int required: True
        • +
      • router_policy6 param: seq_num type: int required: True
        • +
      • router_prefix-list param: name type: str required: True
        • +
      • router_prefix-list6 param: name type: str required: True
        • +
      • router_rip
        • +
      • router_ripng
        • +
      • router_route-map param: name type: str required: True
        • +
      • router_setting
        • +
      • router_static param: seq_num type: int required: True
        • +
      • router_static6 param: seq_num type: int required: True
        • +
      • sctp-filter_profile param: name type: str required: True
        • +
      • spamfilter_bwl param: id type: int required: True
        • +
      • spamfilter_bword param: id type: int required: True
        • +
      • spamfilter_dnsbl param: id type: int required: True
        • +
      • spamfilter_fortishield
        • +
      • spamfilter_iptrust param: id type: int required: True
        • +
      • spamfilter_mheader param: id type: int required: True
        • +
      • spamfilter_options
        • +
      • spamfilter_profile param: name type: str required: True
        • +
      • ssh-filter_profile param: name type: str required: True
        • +
      • switch-controller.auto-config_custom param: name type: str required: True
        • +
      • switch-controller.auto-config_default
        • +
      • switch-controller.auto-config_policy param: name type: str required: True
        • +
      • switch-controller.initial-config_template param: name type: str required: True
        • +
      • switch-controller.initial-config_vlans
        • +
      • switch-controller.ptp_policy param: name type: str required: True
        • +
      • switch-controller.ptp_settings
        • +
      • switch-controller.qos_dot1p-map param: name type: str required: True
        • +
      • switch-controller.qos_ip-dscp-map param: name type: str required: True
        • +
      • switch-controller.qos_qos-policy param: name type: str required: True
        • +
      • switch-controller.qos_queue-policy param: name type: str required: True
        • +
      • switch-controller.security-policy_802-1X param: name type: str required: True
        • +
      • switch-controller.security-policy_captive-portal param: name type: str required: True
        • +
      • switch-controller.security-policy_local-access param: name type: str required: True
        • +
      • switch-controller_802-1X-settings
        • +
      • switch-controller_custom-command param: command_name type: str required: True
        • +
      • switch-controller_dynamic-port-policy param: name type: str required: True
        • +
      • switch-controller_flow-tracking
        • +
      • switch-controller_fortilink-settings param: name type: str required: True
        • +
      • switch-controller_global
        • +
      • switch-controller_igmp-snooping
        • +
      • switch-controller_lldp-profile param: name type: str required: True
        • +
      • switch-controller_lldp-settings
        • +
      • switch-controller_location param: name type: str required: True
        • +
      • switch-controller_mac-policy param: name type: str required: True
        • +
      • switch-controller_mac-sync-settings
        • +
      • switch-controller_managed-switch param: switch_id type: str required: True
        • +
      • switch-controller_nac-device param: id type: int required: True
        • +
      • switch-controller_nac-settings param: name type: str required: True
        • +
      • switch-controller_network-monitor-settings
        • +
      • switch-controller_poe
        • +
      • switch-controller_port-policy param: name type: str required: True
        • +
      • switch-controller_quarantine
        • +
      • switch-controller_remote-log param: name type: str required: True
        • +
      • switch-controller_sflow
        • +
      • switch-controller_snmp-community param: id type: int required: True
        • +
      • switch-controller_snmp-sysinfo
        • +
      • switch-controller_snmp-trap-threshold
        • +
      • switch-controller_snmp-user param: name type: str required: True
        • +
      • switch-controller_storm-control
        • +
      • switch-controller_storm-control-policy param: name type: str required: True
        • +
      • switch-controller_stp-instance param: id type: str required: True
        • +
      • switch-controller_stp-settings
        • +
      • switch-controller_switch-group param: name type: str required: True
        • +
      • switch-controller_switch-interface-tag param: name type: str required: True
        • +
      • switch-controller_switch-log
        • +
      • switch-controller_switch-profile param: name type: str required: True
        • +
      • switch-controller_system
        • +
      • switch-controller_traffic-policy param: name type: str required: True
        • +
      • switch-controller_traffic-sniffer
        • +
      • switch-controller_virtual-port-pool param: name type: str required: True
        • +
      • switch-controller_vlan param: name type: str required: True
        • +
      • switch-controller_vlan-policy param: name type: str required: True
        • +
      • system.3g-modem_custom param: id type: int required: True
        • +
      • system.auto-update_status
        • +
      • system.auto-update_versions
        • +
      • system.autoupdate_push-update
        • +
      • system.autoupdate_schedule
        • +
      • system.autoupdate_tunneling
        • +
      • system.checksum_status
        • +
      • system.dhcp6_server param: id type: int required: True
        • +
      • system.dhcp_server param: id type: int required: True
        • +
      • system.info.admin_ssh
        • +
      • system.info.admin_status
        • +
      • system.ip-conflict_status
        • +
      • system.lldp_network-policy param: name type: str required: True
        • +
      • system.performance.firewall_packet-distribution
        • +
      • system.performance.firewall_statistics
        • +
      • system.performance_status
        • +
      • system.performance_top
        • +
      • system.replacemsg_admin param: msg_type type: str required: True
        • +
      • system.replacemsg_alertmail param: msg_type type: str required: True
        • +
      • system.replacemsg_auth param: msg_type type: str required: True
        • +
      • system.replacemsg_automation param: msg_type type: str required: True
        • +
      • system.replacemsg_device-detection-portal param: msg_type type: str required: True
        • +
      • system.replacemsg_ec param: msg_type type: str required: True
        • +
      • system.replacemsg_fortiguard-wf param: msg_type type: str required: True
        • +
      • system.replacemsg_ftp param: msg_type type: str required: True
        • +
      • system.replacemsg_http param: msg_type type: str required: True
        • +
      • system.replacemsg_icap param: msg_type type: str required: True
        • +
      • system.replacemsg_mail param: msg_type type: str required: True
        • +
      • system.replacemsg_mm1 param: msg_type type: str required: True
        • +
      • system.replacemsg_mm3 param: msg_type type: str required: True
        • +
      • system.replacemsg_mm4 param: msg_type type: str required: True
        • +
      • system.replacemsg_mm7 param: msg_type type: str required: True
        • +
      • system.replacemsg_mms param: msg_type type: str required: True
        • +
      • system.replacemsg_nac-quar param: msg_type type: str required: True
        • +
      • system.replacemsg_nntp param: msg_type type: str required: True
        • +
      • system.replacemsg_spam param: msg_type type: str required: True
        • +
      • system.replacemsg_sslvpn param: msg_type type: str required: True
        • +
      • system.replacemsg_traffic-quota param: msg_type type: str required: True
        • +
      • system.replacemsg_utm param: msg_type type: str required: True
        • +
      • system.replacemsg_webproxy param: msg_type type: str required: True
        • +
      • system.session-helper-info_list
        • +
      • system.session-info_expectation
        • +
      • system.session-info_full-stat
        • +
      • system.session-info_list
        • +
      • system.session-info_statistics
        • +
      • system.session-info_ttl
        • +
      • system.snmp_community param: id type: int required: True
        • +
      • system.snmp_sysinfo
        • +
      • system.snmp_user param: name type: str required: True
        • +
      • system.source-ip_status
        • +
      • system_accprofile param: name type: str required: True
        • +
      • system_acme
        • +
      • system_admin param: name type: str required: True
        • +
      • system_affinity-interrupt param: id type: int required: True
        • +
      • system_affinity-packet-redistribution param: id type: int required: True
        • +
      • system_alarm
        • +
      • system_alias param: name type: str required: True
        • +
      • system_api-user param: name type: str required: True
        • +
      • system_arp
        • +
      • system_arp-table param: id type: int required: True
        • +
      • system_auto-install
        • +
      • system_auto-script param: name type: str required: True
        • +
      • system_automation-action param: name type: str required: True
        • +
      • system_automation-destination param: name type: str required: True
        • +
      • system_automation-stitch param: name type: str required: True
        • +
      • system_automation-trigger param: name type: str required: True
        • +
      • system_central-management
        • +
      • system_central-mgmt
        • +
      • system_cluster-sync param: sync_id type: int required: True
        • +
      • system_cmdb
        • +
      • system_console
        • +
      • system_csf
        • +
      • system_custom-language param: name type: str required: True
        • +
      • system_ddns param: ddnsid type: int required: True
        • +
      • system_dedicated-mgmt
        • +
      • system_dns
        • +
      • system_dns-database param: name type: str required: True
        • +
      • system_dns-server param: name type: str required: True
        • +
      • system_dns64
        • +
      • system_dscp-based-priority param: id type: int required: True
        • +
      • system_email-server
        • +
      • system_external-resource param: name type: str required: True
        • +
      • system_federated-upgrade
        • +
      • system_fips-cc
        • +
      • system_fm
        • +
      • system_fortiai
        • +
      • system_fortianalyzer-connectivity
        • +
      • system_fortiguard
        • +
      • system_fortiguard-log-service
        • +
      • system_fortiguard-service
        • +
      • system_fortimanager
        • +
      • system_fortisandbox
        • +
      • system_fsso-polling
        • +
      • system_ftm-push
        • +
      • system_geneve param: name type: str required: True
        • +
      • system_geoip-country param: id type: str required: True
        • +
      • system_geoip-override param: name type: str required: True
        • +
      • system_gi-gk
        • +
      • system_global
        • +
      • system_gre-tunnel param: name type: str required: True
        • +
      • system_ha
        • +
      • system_ha-monitor
        • +
      • system_ha-nonsync-csum
        • +
      • system_ike
        • +
      • system_interface param: name type: str required: True
        • +
      • system_ipam
        • +
      • system_ipip-tunnel param: name type: str required: True
        • +
      • system_ips
        • +
      • system_ips-urlfilter-dns param: address type: str required: True
        • +
      • system_ips-urlfilter-dns6 param: address6 type: str required: True
        • +
      • system_ipsec-aggregate param: name type: str required: True
        • +
      • system_ipv6-neighbor-cache param: id type: int required: True
        • +
      • system_ipv6-tunnel param: name type: str required: True
        • +
      • system_isf-queue-profile param: name type: str required: True
        • +
      • system_link-monitor param: name type: str required: True
        • +
      • system_lte-modem
        • +
      • system_mac-address-table param: mac type: str required: True
        • +
      • system_management-tunnel
        • +
      • system_mem-mgr
        • +
      • system_mgmt-csum
        • +
      • system_mobile-tunnel param: name type: str required: True
        • +
      • system_modem
        • +
      • system_nat64
        • +
      • system_nd-proxy
        • +
      • system_netflow
        • +
      • system_network-visibility
        • +
      • system_np6 param: name type: str required: True
        • +
      • system_npu
        • +
      • system_ntp
        • +
      • system_object-tagging param: category type: str required: True
        • +
      • system_password-policy
        • +
      • system_password-policy-guest-admin
        • +
      • system_physical-switch param: name type: str required: True
        • +
      • system_pppoe-interface param: name type: str required: True
        • +
      • system_probe-response
        • +
      • system_proxy-arp param: id type: int required: True
        • +
      • system_ptp
        • +
      • system_replacemsg-group param: name type: str required: True
        • +
      • system_replacemsg-image param: name type: str required: True
        • +
      • system_resource-limits
        • +
      • system_saml
        • +
      • system_sdn-connector param: name type: str required: True
        • +
      • system_sdwan
        • +
      • system_session
        • +
      • system_session-helper param: id type: int required: True
        • +
      • system_session-ttl
        • +
      • system_session6
        • +
      • system_settings
        • +
      • system_sflow
        • +
      • system_sit-tunnel param: name type: str required: True
        • +
      • system_smc-ntp
        • +
      • system_sms-server param: name type: str required: True
        • +
      • system_speed-test-schedule param: interface type: str required: True
        • +
      • system_speed-test-server param: name type: str required: True
        • +
      • system_sso-admin param: name type: str required: True
        • +
      • system_sso-forticloud-admin param: name type: str required: True
        • +
      • system_standalone-cluster
        • +
      • system_startup-error-log
        • +
      • system_status
        • +
      • system_storage param: name type: str required: True
        • +
      • system_stp
        • +
      • system_switch-interface param: name type: str required: True
        • +
      • system_tos-based-priority param: id type: int required: True
        • +
      • system_vdom param: name type: str required: True
        • +
      • system_vdom-dns
        • +
      • system_vdom-exception param: id type: int required: True
        • +
      • system_vdom-link param: name type: str required: True
        • +
      • system_vdom-netflow
        • +
      • system_vdom-property param: name type: str required: True
        • +
      • system_vdom-radius-server param: name type: str required: True
        • +
      • system_vdom-sflow
        • +
      • system_virtual-switch param: name type: str required: True
        • +
      • system_virtual-wan-link
        • +
      • system_virtual-wire-pair param: name type: str required: True
        • +
      • system_vne-tunnel
        • +
      • system_vxlan param: name type: str required: True
        • +
      • system_wccp param: service_id type: str required: True
        • +
      • system_zone param: name type: str required: True
        • +
      • user_adgrp param: name type: str required: True
        • +
      • user_certificate param: name type: str required: True
        • +
      • user_device param: alias type: str required: True
        • +
      • user_device-access-list param: name type: str required: True
        • +
      • user_device-category param: name type: str required: True
        • +
      • user_device-group param: name type: str required: True
        • +
      • user_domain-controller param: name type: str required: True
        • +
      • user_exchange param: name type: str required: True
        • +
      • user_fortitoken param: serial_number type: str required: True
        • +
      • user_fsso param: name type: str required: True
        • +
      • user_fsso-polling param: id type: int required: True
        • +
      • user_group param: name type: str required: True
        • +
      • user_krb-keytab param: name type: str required: True
        • +
      • user_ldap param: name type: str required: True
        • +
      • user_local param: name type: str required: True
        • +
      • user_nac-policy param: name type: str required: True
        • +
      • user_password-policy param: name type: str required: True
        • +
      • user_peer param: name type: str required: True
        • +
      • user_peergrp param: name type: str required: True
        • +
      • user_pop3 param: name type: str required: True
        • +
      • user_quarantine
        • +
      • user_radius param: name type: str required: True
        • +
      • user_saml param: name type: str required: True
        • +
      • user_security-exempt-list param: name type: str required: True
        • +
      • user_setting
        • +
      • user_tacacs+ param: name type: str required: True
        • +
      • videofilter_profile param: name type: str required: True
        • +
      • videofilter_youtube-channel-filter param: id type: int required: True
        • +
      • videofilter_youtube-key param: id type: int required: True
        • +
      • voip_profile param: name type: str required: True
        • +
      • vpn.certificate_ca param: name type: str required: True
        • +
      • vpn.certificate_crl param: name type: str required: True
        • +
      • vpn.certificate_local param: name type: str required: True
        • +
      • vpn.certificate_ocsp-server param: name type: str required: True
        • +
      • vpn.certificate_remote param: name type: str required: True
        • +
      • vpn.certificate_setting
        • +
      • vpn.ike_gateway
        • +
      • vpn.ipsec.stats_crypto
        • +
      • vpn.ipsec.stats_tunnel
        • +
      • vpn.ipsec.tunnel_details
        • +
      • vpn.ipsec.tunnel_name
        • +
      • vpn.ipsec.tunnel_summary
        • +
      • vpn.ipsec_concentrator param: id type: int required: True
        • +
      • vpn.ipsec_fec param: name type: str required: True
        • +
      • vpn.ipsec_forticlient param: realm type: str required: True
        • +
      • vpn.ipsec_manualkey param: name type: str required: True
        • +
      • vpn.ipsec_manualkey-interface param: name type: str required: True
        • +
      • vpn.ipsec_phase1 param: name type: str required: True
        • +
      • vpn.ipsec_phase1-interface param: name type: str required: True
        • +
      • vpn.ipsec_phase2 param: name type: str required: True
        • +
      • vpn.ipsec_phase2-interface param: name type: str required: True
        • +
      • vpn.ssl.web_host-check-software param: name type: str required: True
        • +
      • vpn.ssl.web_portal param: name type: str required: True
        • +
      • vpn.ssl.web_realm param: url_path type: str required: True
        • +
      • vpn.ssl.web_user-bookmark param: name type: str required: True
        • +
      • vpn.ssl.web_user-group-bookmark param: name type: str required: True
        • +
      • vpn.ssl_client param: name type: str required: True
        • +
      • vpn.ssl_monitor
        • +
      • vpn.ssl_settings
        • +
      • vpn.status.ssl_hw-acceleration-status
        • +
      • vpn.status.ssl_list
        • +
      • vpn.status_l2tp
        • +
      • vpn.status_pptp
        • +
      • vpn_l2tp
        • +
      • vpn_ocvpn
        • +
      • vpn_pptp
        • +
      • waf_main-class param: id type: int required: True
        • +
      • waf_profile param: name type: str required: True
        • +
      • waf_signature param: id type: int required: True
        • +
      • waf_sub-class param: id type: int required: True
        • +
      • wanopt_auth-group param: name type: str required: True
        • +
      • wanopt_cache-service
        • +
      • wanopt_content-delivery-network-rule param: name type: str required: True
        • +
      • wanopt_peer param: peer_host_id type: str required: True
        • +
      • wanopt_profile param: name type: str required: True
        • +
      • wanopt_remote-storage
        • +
      • wanopt_settings
        • +
      • wanopt_webcache
        • +
      • web-proxy_debug-url param: name type: str required: True
        • +
      • web-proxy_explicit
        • +
      • web-proxy_forward-server param: name type: str required: True
        • +
      • web-proxy_forward-server-group param: name type: str required: True
        • +
      • web-proxy_global
        • +
      • web-proxy_profile param: name type: str required: True
        • +
      • web-proxy_url-match param: name type: str required: True
        • +
      • web-proxy_wisp param: name type: str required: True
        • +
      • webfilter_categories
        • +
      • webfilter_content param: id type: int required: True
        • +
      • webfilter_content-header param: id type: int required: True
        • +
      • webfilter_fortiguard
        • +
      • webfilter_ftgd-local-cat param: desc type: str required: True
        • +
      • webfilter_ftgd-local-rating param: url type: str required: True
        • +
      • webfilter_ftgd-statistics
        • +
      • webfilter_ips-urlfilter-cache-setting
        • +
      • webfilter_ips-urlfilter-setting
        • +
      • webfilter_ips-urlfilter-setting6
        • +
      • webfilter_override param: id type: int required: True
        • +
      • webfilter_override-usr
        • +
      • webfilter_profile param: name type: str required: True
        • +
      • webfilter_search-engine param: name type: str required: True
        • +
      • webfilter_status
        • +
      • webfilter_urlfilter param: id type: int required: True
        • +
      • wireless-controller.hotspot20_anqp-3gpp-cellular param: name type: str required: True
        • +
      • wireless-controller.hotspot20_anqp-ip-address-type param: name type: str required: True
        • +
      • wireless-controller.hotspot20_anqp-nai-realm param: name type: str required: True
        • +
      • wireless-controller.hotspot20_anqp-network-auth-type param: name type: str required: True
        • +
      • wireless-controller.hotspot20_anqp-roaming-consortium param: name type: str required: True
        • +
      • wireless-controller.hotspot20_anqp-venue-name param: name type: str required: True
        • +
      • wireless-controller.hotspot20_anqp-venue-url param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-advice-of-charge param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-conn-capability param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-operator-name param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-osu-provider param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-osu-provider-nai param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-terms-and-conditions param: name type: str required: True
        • +
      • wireless-controller.hotspot20_h2qp-wan-metric param: name type: str required: True
        • +
      • wireless-controller.hotspot20_hs-profile param: name type: str required: True
        • +
      • wireless-controller.hotspot20_icon param: name type: str required: True
        • +
      • wireless-controller.hotspot20_qos-map param: name type: str required: True
        • +
      • wireless-controller_access-control-list param: name type: str required: True
        • +
      • wireless-controller_address param: id type: str required: True
        • +
      • wireless-controller_addrgrp param: id type: str required: True
        • +
      • wireless-controller_ap-status param: id type: int required: True
        • +
      • wireless-controller_apcfg-profile param: name type: str required: True
        • +
      • wireless-controller_arrp-profile param: name type: str required: True
        • +
      • wireless-controller_ble-profile param: name type: str required: True
        • +
      • wireless-controller_bonjour-profile param: name type: str required: True
        • +
      • wireless-controller_client-info
        • +
      • wireless-controller_global
        • +
      • wireless-controller_inter-controller
        • +
      • wireless-controller_log
        • +
      • wireless-controller_mpsk-profile param: name type: str required: True
        • +
      • wireless-controller_nac-profile param: name type: str required: True
        • +
      • wireless-controller_qos-profile param: name type: str required: True
        • +
      • wireless-controller_region param: name type: str required: True
        • +
      • wireless-controller_rf-analysis
        • +
      • wireless-controller_scan
        • +
      • wireless-controller_setting
        • +
      • wireless-controller_snmp
        • +
      • wireless-controller_spectral-info
        • +
      • wireless-controller_ssid-policy param: name type: str required: True
        • +
      • wireless-controller_status
        • +
      • wireless-controller_syslog-profile param: name type: str required: True
        • +
      • wireless-controller_timers
        • +
      • wireless-controller_utm-profile param: name type: str required: True
        • +
      • wireless-controller_vap param: name type: str required: True
        • +
      • wireless-controller_vap-group param: name type: str required: True
        • +
      • wireless-controller_vap-status
        • +
      • wireless-controller_wag-profile param: name type: str required: True
        • +
      • wireless-controller_wids-profile param: name type: str required: True
        • +
      • wireless-controller_wlchanlistlic
        • +
      • wireless-controller_wtp param: wtp_id type: str required: True
        • +
      • wireless-controller_wtp-group param: name type: str required: True
        • +
      • wireless-controller_wtp-profile param: name type: str required: True
        • +
      • wireless-controller_wtp-status
        • +
      +
      +
      +
    • params - the parameter for each selector, see definition in above list.type: dict
      • +
    • selectors - selectors list allows to pass more than one selector and its parameters in a task.type: list
      • +
    • output_path - The path that is used to save the generated playbooks.type: str
      • + +Notes +----- + +.. note:: + + - Different ``selector`` may have different parameters, users are expected to look up them for a specific selector. + + - For some selectors, the objects are global, no ``params`` are allowed to appear. + + - If ``params`` is empty a non-unique object, the whole object list is returned. + + - This module has support for all configuration API, excluding any monitor API. + + - The generated playbooks will be stored at the specified output path. + + - The default value for state is present, please set the value to absent if needed. + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigateslab + connection: httpapi + collections: + - fortinet.fortios + vars: + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + vdom: "root" + tasks: + - name: Export multiple palybooks + fortios_export_config_playbook: + selectors: + - selector: firewall_address + params: + name: "gmail.com" + - selector: system.snmp_user + params: + name: "snmp_user_test" + output_path: "./" + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
        + +
      • build - Build number of the fortigate image returned: always type: str sample: 1547
        • +
      • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
        • +
      • name - Name of the table used to fulfill the request returned: always type: str sample: firmware
        • +
      • path - Path of the table used to fulfill the request returned: always type: str sample: system
        • +
      • results - Object list retrieved from device. returned: always type: list
        • +
      • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
        • +
      • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
        • +
      • status - Indication of the operation's result returned: always type: str sample: success
        • +
      • vdom - Virtual domain used returned: always type: str sample: root
        • +
      • version - Version of the FortiGate returned: always type: str sample: v5.6.3
        • +
      • ansible_facts - The list of fact subsets collected from the device returned: always type: dict
        • +
      + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@fshen01) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. + +.. _filtering spec: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/597/ diff --git a/fortios_json_generic.rst b/fortios_json_generic.rst new file mode 100644 index 00000000..1b9deaf3 --- /dev/null +++ b/fortios_json_generic.rst @@ -0,0 +1,259 @@ +:source: fortios_json_generic.py + +:orphan: + +.. : + +.. _fortios_json_generic: + +fortios_json_generic -- Configure Fortinet's FortiOS and FortiGate with json generic method. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set any category supported by FortiAPI with raw json. All parameters and values included in examples need to be adjusted to datasources before usage. + + +Requirements +------------- +The below requirements are needed on the host that executes this module. + +- install galaxy collection ``fortinet.fortios`` >= 2.0.0 + + +Parameters +---------- + +.. raw:: html + +
        + +
      • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
        • +
      • enable_log - Enable/Disable logging for task. type: bool required: False default: False
        • +
      • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
        • +
      • json_generic - json generic default: null type: dict
        • +
          +
        • dictbody - Body with YAML list of key/value format type: dict
          • +
        • jsonbody - Body with JSON string format, will always give priority to jsonbody type: str
          • +
        • method - HTTP methods type: str choices: GET, PUT, POST, DELETE
          • +
        • path - URL path, e.g./api/v2/cmdb/firewall/address type: str
          • +
        • specialparams - Extra URL parameters, e.g.start=1&count=10 type: str +
        + +
      + + + + +Examples +-------- + +**host** + +.. code-block:: yaml+jinja + + [fortigates] + fortigate01 ansible_host=192.168.52.177 ansible_user="admin" ansible_password="admin" + + [fortigates:vars] + ansible_network_os=fortios + + +**sample1.yml** + +.. code-block:: yaml+jinja + + --- + - hosts: fortigates + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + + tasks: + - name: test add with string + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "POST" + path: "/api/v2/cmdb/firewall/address" + jsonbody: | + { + "name": "111", + "type": "geography", + "fqdn": "", + "country": "AL", + "comment": "ccc", + "visibility": "enable", + "associated-interface": "port1", + "allow-routing": "disable" + } + register: info + + - name: display vars + debug: msg="{{info}}" + +**sample2.yml** + +.. code-block:: yaml+jinja + + --- + - hosts: fortigates + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + + tasks: + - name: test delete + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "DELETE" + path: "/api/v2/cmdb/firewall/address/111" + specialparams: "testpara1=1&testpara2=2" + register: info + + - name: display vars + debug: msg="{{info}}" + + - name: test add with dict + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "POST" + path: "/api/v2/cmdb/firewall/address" + dictbody: + name: "111" + type: "geography" + fqdn: "" + country: "AL" + comment: "ccc" + visibility: "enable" + associated-interface: "port1" + allow-routing: "disable" + register: info + + - name: display vars + debug: msg="{{info}}" + + - name: test delete + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "DELETE" + path: "/api/v2/cmdb/firewall/address/111" + register: info + + - name: display vars + debug: msg="{{info}}" + + - name: test add with string + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "POST" + path: "/api/v2/cmdb/firewall/address" + jsonbody: | + { + "name": "111", + "type": "geography", + "fqdn": "", + "country": "AL", + "comment": "ccc", + "visibility": "enable", + "associated-interface": "port1", + "allow-routing": "disable" + } + register: info + + - name: display vars + debug: msg="{{info}}" + + +**sample3.yml** + +.. code-block:: yaml+jinja + + --- + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + + tasks: + - name: test firewall policy order modification + fortios_json_generic: + vdom: "{{ vdom }}" + json_generic: + method: "PUT" + path: "/api/v2/cmdb/firewall/policy/1" + specialparams: "action=move&after=2" + register: info + + - name: display vars + debug: msg="{{info}}" + + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
        + +
      • build - Build number of the fortigate image returned: always type: str sample: '1547'
        • +
      • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: 'PUT'
        • +
      • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
        • +
      • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
        • +
      • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
        • +
      • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
        • +
      • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
        • +
      • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
        • +
      • status - Indication of the operation's result returned: always type: str sample: success
        • +
      • vdom - Virtual domain used returned: always type: str sample: root
        • +
      • version - Version of the FortiGate returned: always type: str sample: v5.6.3
        • +
      + + + +Status +------ + +- This module is ported from https://github.com/fortinet/ansible-fortios-generic + + +Authors +------- +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Frank Shen (@fshen01) +- Hongbin Lu (@fgtdev-hblu) + + + + +Warning +------- +It's preferred to use ``FortiOS Ansible Collection Included Modules`` unless some features are not available there. diff --git a/fortios_log_fact.rst b/fortios_log_fact.rst new file mode 100644 index 00000000..932e98f6 --- /dev/null +++ b/fortios_log_fact.rst @@ -0,0 +1,2185 @@ +:source: fortios_log_fact.py + +:orphan: + +.. : + +fortios_log_fact -- Retrieve Log Data of Fortios Log Objects. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Collects log data from network devices running the fortios operating system. This module will only collect the log data specified in the playbook. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- install galaxy collection fortinet.fortios >= ``2.1.0``. + + +Parameters +---------- + + +.. raw:: html + +
        +
      • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
        • +
      • enable_log - Enable/Disable logging for task. type: bool required: False default: False
        • +
      • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
        • +
      • filters - A list of expressions to filter the returned results. type: list required: False + more... + +
        • +
      • sorters - A list of expressions to sort the returned results. type: list required: False + more... + +
        • +
      • formatters - A list of fields to display for returned results. type: list required: False
        • +
      • selector - selector of the retrieved log data type: str choices:
        • +
      • + +

        + +

        +
        +
          + disk_anomaly_raw +
        • disk_anomaly_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_app-ctrl_archive +
        • disk_app-ctrl_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + disk_app-ctrl_archive-download +
        • disk_app-ctrl_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + disk_app-ctrl_raw +
        • disk_app-ctrl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_cifs_raw +
        • disk_cifs_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_dlp_raw +
        • disk_dlp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_dns_raw +
        • disk_dns_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_emailfilter_raw +
        • disk_emailfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_compliance-check +
        • disk_event_compliance-check - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_connector +
        • disk_event_connector - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_endpoint +
        • disk_event_endpoint - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_fortiextender +
        • disk_event_fortiextender - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_ha +
        • disk_event_ha - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_router +
        • disk_event_router - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_security-rating +
        • disk_event_security-rating - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_system +
        • disk_event_system - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_user +
        • disk_event_user - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_vpn +
        • disk_event_vpn - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_wad +
        • disk_event_wad - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_event_wireless +
        • disk_event_wireless - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_file-filter_raw +
        • disk_file-filter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_gtp_raw +
        • disk_gtp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_ips_archive +
        • disk_ips_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + disk_ips_archive-download +
        • disk_ips_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + disk_ips_raw +
        • disk_ips_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_ssh_raw +
        • disk_ssh_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_ssl_raw +
        • disk_ssl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_traffic_fortiview +
        • disk_traffic_fortiview - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_traffic_forward +
        • disk_traffic_forward - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_traffic_local +
        • disk_traffic_local - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_traffic_multicast +
        • disk_traffic_multicast - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_traffic_sniffer +
        • disk_traffic_sniffer - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_traffic_threat +
        • disk_traffic_threat - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_virus_archive +
        • disk_virus_archive - Return a description of the quarantined virus file. +
            +
          • mkey - checksum column from the virus log. type: int
            • +
          • filename - Filename of the antivirus archive. (virus type only) type: string
            • + +
          + +
          • + disk_virus_raw +
        • disk_virus_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_voip_raw +
        • disk_voip_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_waf_raw +
        • disk_waf_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + disk_webfilter_raw +
        • disk_webfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_anomaly_raw +
        • fortianalyzer_anomaly_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_app-ctrl_archive +
        • fortianalyzer_app-ctrl_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + fortianalyzer_app-ctrl_archive-download +
        • fortianalyzer_app-ctrl_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + fortianalyzer_app-ctrl_raw +
        • fortianalyzer_app-ctrl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_cifs_raw +
        • fortianalyzer_cifs_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_dlp_raw +
        • fortianalyzer_dlp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_dns_raw +
        • fortianalyzer_dns_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_emailfilter_raw +
        • fortianalyzer_emailfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_compliance-check +
        • fortianalyzer_event_compliance-check - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_connector +
        • fortianalyzer_event_connector - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_endpoint +
        • fortianalyzer_event_endpoint - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_fortiextender +
        • fortianalyzer_event_fortiextender - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_ha +
        • fortianalyzer_event_ha - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_router +
        • fortianalyzer_event_router - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_security-rating +
        • fortianalyzer_event_security-rating - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_system +
        • fortianalyzer_event_system - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_user +
        • fortianalyzer_event_user - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_vpn +
        • fortianalyzer_event_vpn - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_wad +
        • fortianalyzer_event_wad - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_event_wireless +
        • fortianalyzer_event_wireless - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_file-filter_raw +
        • fortianalyzer_file-filter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_gtp_raw +
        • fortianalyzer_gtp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_ips_archive +
        • fortianalyzer_ips_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + fortianalyzer_ips_archive-download +
        • fortianalyzer_ips_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + fortianalyzer_ips_raw +
        • fortianalyzer_ips_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_ssh_raw +
        • fortianalyzer_ssh_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_ssl_raw +
        • fortianalyzer_ssl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_traffic_fortiview +
        • fortianalyzer_traffic_fortiview - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_traffic_forward +
        • fortianalyzer_traffic_forward - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_traffic_local +
        • fortianalyzer_traffic_local - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_traffic_multicast +
        • fortianalyzer_traffic_multicast - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_traffic_sniffer +
        • fortianalyzer_traffic_sniffer - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_traffic_threat +
        • fortianalyzer_traffic_threat - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_virus_archive +
        • fortianalyzer_virus_archive - Return a description of the quarantined virus file. +
            +
          • mkey - checksum column from the virus log. type: int
            • +
          • filename - Filename of the antivirus archive. (virus type only) type: string
            • + +
          + +
          • + fortianalyzer_virus_raw +
        • fortianalyzer_virus_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_voip_raw +
        • fortianalyzer_voip_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_waf_raw +
        • fortianalyzer_waf_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + fortianalyzer_webfilter_raw +
        • fortianalyzer_webfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_anomaly_raw +
        • forticloud_anomaly_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_app-ctrl_archive +
        • forticloud_app-ctrl_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + forticloud_app-ctrl_archive-download +
        • forticloud_app-ctrl_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + forticloud_app-ctrl_raw +
        • forticloud_app-ctrl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_cifs_raw +
        • forticloud_cifs_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_dlp_raw +
        • forticloud_dlp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_dns_raw +
        • forticloud_dns_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_emailfilter_raw +
        • forticloud_emailfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_compliance-check +
        • forticloud_event_compliance-check - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_connector +
        • forticloud_event_connector - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_endpoint +
        • forticloud_event_endpoint - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_fortiextender +
        • forticloud_event_fortiextender - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_ha +
        • forticloud_event_ha - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_router +
        • forticloud_event_router - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_security-rating +
        • forticloud_event_security-rating - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_system +
        • forticloud_event_system - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_user +
        • forticloud_event_user - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_vpn +
        • forticloud_event_vpn - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_wad +
        • forticloud_event_wad - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_event_wireless +
        • forticloud_event_wireless - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_file-filter_raw +
        • forticloud_file-filter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_gtp_raw +
        • forticloud_gtp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_ips_archive +
        • forticloud_ips_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + forticloud_ips_archive-download +
        • forticloud_ips_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + forticloud_ips_raw +
        • forticloud_ips_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_ssh_raw +
        • forticloud_ssh_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_ssl_raw +
        • forticloud_ssl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_traffic_fortiview +
        • forticloud_traffic_fortiview - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_traffic_forward +
        • forticloud_traffic_forward - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_traffic_local +
        • forticloud_traffic_local - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_traffic_multicast +
        • forticloud_traffic_multicast - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_traffic_sniffer +
        • forticloud_traffic_sniffer - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_traffic_threat +
        • forticloud_traffic_threat - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_virus_archive +
        • forticloud_virus_archive - Return a description of the quarantined virus file. +
            +
          • mkey - checksum column from the virus log. type: int
            • +
          • filename - Filename of the antivirus archive. (virus type only) type: string
            • + +
          + +
          • + forticloud_virus_raw +
        • forticloud_virus_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_voip_raw +
        • forticloud_voip_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_waf_raw +
        • forticloud_waf_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + forticloud_webfilter_raw +
        • forticloud_webfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_anomaly_raw +
        • memory_anomaly_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_app-ctrl_archive +
        • memory_app-ctrl_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + memory_app-ctrl_archive-download +
        • memory_app-ctrl_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + memory_app-ctrl_raw +
        • memory_app-ctrl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_cifs_raw +
        • memory_cifs_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_dlp_raw +
        • memory_dlp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_dns_raw +
        • memory_dns_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_emailfilter_raw +
        • memory_emailfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_compliance-check +
        • memory_event_compliance-check - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_connector +
        • memory_event_connector - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_endpoint +
        • memory_event_endpoint - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_fortiextender +
        • memory_event_fortiextender - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_ha +
        • memory_event_ha - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_router +
        • memory_event_router - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_security-rating +
        • memory_event_security-rating - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_system +
        • memory_event_system - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_user +
        • memory_event_user - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_vpn +
        • memory_event_vpn - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_wad +
        • memory_event_wad - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_event_wireless +
        • memory_event_wireless - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_file-filter_raw +
        • memory_file-filter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_gtp_raw +
        • memory_gtp_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_ips_archive +
        • memory_ips_archive - Return a list of archived items for the desired type. :type can be app-ctrl or ips +
            +
          • roll - Log roll number. (required if source is not fortianalyzer) type: int
            • +
          • mkey - Archive identifier. type: int
            • + +
          + +
          • + memory_ips_archive-download +
        • memory_ips_archive-download - Download an archived file. +
            +
          • roll - Log roll number (required if source is not fortianalyzer). type: int
            • +
          • mkey - Archive identifier. type: int
            • +
          • filename - File name to use when saving the file in the browser. type: string
            • + +
          + +
          • + memory_ips_raw +
        • memory_ips_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_ssh_raw +
        • memory_ssh_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_ssl_raw +
        • memory_ssl_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_traffic_fortiview +
        • memory_traffic_fortiview - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_traffic_forward +
        • memory_traffic_forward - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_traffic_local +
        • memory_traffic_local - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_traffic_multicast +
        • memory_traffic_multicast - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_traffic_sniffer +
        • memory_traffic_sniffer - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_traffic_threat +
        • memory_traffic_threat - Log data for the given log type (and subtype). Append '/raw' to retrieve in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • extra - Flag(s) for extra data to be included [reverse_lookup|country_id]. type: string
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_virus_archive +
        • memory_virus_archive - Return a description of the quarantined virus file. +
            +
          • mkey - checksum column from the virus log. type: int
            • +
          • filename - Filename of the antivirus archive. (virus type only) type: string
            • + +
          + +
          • + memory_virus_raw +
        • memory_virus_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_voip_raw +
        • memory_voip_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_waf_raw +
        • memory_waf_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • + memory_webfilter_raw +
        • memory_webfilter_raw - Log data for the given log type in raw format. +
            +
          • rows - Number of rows to return. type: int
            • +
          • serial_no - Retrieve log from the specified device. type: string
            • +
          • session_id - Provide a session_id to continue getting data for that request. type: int
            • +
          • filter - Filter expression(s). type: string
            • +
          • start - Row number for the first row to return. type: int
            • +
          • is_ha_member - Is the specified device an HA member. type: boolean
            • + +
          + +
          • +
        +
        +
        +
      • params - the parameter for each selector, see definition in above list.type: dict
        • + + +Notes +----- + +.. note:: + + - Different ``selector`` may have different parameters, users are expected to look up them for a specific selector. + + - For some selectors, the objects are global, no ``params`` are allowed to appear. + + - Not all parameters are required for a slector. + + - This module is exclusivly for FortiOS monitor API. + + - The result of API request is stored in ``results``. + + - There are three filtering parameters: ``filters``, ``sorters`` and ``formatters``, please see `filtering spec`_ for more information. + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigate03 + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Get system event log with logid==0100032038 + fortios_log_fact: + filters: + - logid==0100032038 + selector: "disk_event_system" + params: + rows: 100 + + - name: Get a description of the quarantined virus file + fortios_log_fact: + selector: "forticloud_virus_archive" + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
          + +
        • build - Build number of the fortigate image returned: always type: str sample: 1547
          • +
        • rows - Number of rows to return returned: always type: int sample: 400
          • +
        • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
          • +
        • session_id - Session id for the request returned: always type: int sample: 7
          • +
        • start - Row number for the first row to return returned: always type: int sample: 0
          • +
        • status - Indication of the operation's result returned: always type: str sample: success
          • +
        • subcategory - Type of log that can be retrieved returned: always type: str sample: system
          • +
        • total_lines - Total lines returned from the result returned: always type: int sample: 510
          • +
        • vdom - Virtual domain used returned: always type: str sample: root
          • +
        • version - Version of the FortiGate returned: always type: str sample: v5.6.3
          • +
        + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@fshen01) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. + +.. _filtering spec: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/597/ \ No newline at end of file diff --git a/fortios_monitor.rst b/fortios_monitor.rst new file mode 100644 index 00000000..3ca70078 --- /dev/null +++ b/fortios_monitor.rst @@ -0,0 +1,1486 @@ +:source: fortios_monitor.py + +:orphan: + +.. : + +fortios_monitor -- Ansible Module for FortiOS Monitor API. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Request FortiOS appliances to perform specific actions or procedures. This module contain all the FortiOS monitor API. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- install galaxy collection fortinet.fortios >= ``2.0.0``. + + +Parameters +---------- + + +.. raw:: html + +
          +
        • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
          • +
        • enable_log - Enable/Disable logging for task. type: bool required: False default: False
          • +
        • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
          • +
        • selector - Action taken in FortiOS appliance. type: str choices:
          • +
        • + +

          + +

          +
          +
            +
          • abort.user.query - Abort a running user device unified query. +
              +
            • query_id - Provide a query ID to abort an unified type query. type: int required: True
              • + +
            + +
            • +
          • activate.user.fortitoken - Activate a set of FortiTokens by serial number. +
              +
            • tokens - List of FortiToken serial numbers to activate. If omitted, all tokens will be used. type: array required: False
              • + +
            + +
            • +
          • add-license.registration.forticare - Add a FortiCare license. +
              +
            • registration_code - FortiCare contract number. type: string required: True
              • + +
            + +
            • +
          • add-license.registration.vdom - Add a VDOM license. +
              +
            • license - VDOM license key. type: string required: True
              • + +
            + +
            • +
          • add.firewall.clearpass-address - Add ClearPass address with SPT (System Posture Token) value. +
              +
            • endpoint_ip - Endpoint IPv4 address. type: array required: True
              • +
            • spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
              • + +
            + +
            • +
          • add.nsx.service - Add NSX service to connector. +
              +
            • mkey - NSX connector name. type: string required: True
              • + +
            + +
            • +
          • add_users.user.banned - Immediately add one or more users to the banned list. +
              +
            • ip_addresses - List of IP Addresses to ban. IPv4 and IPv6 addresses are allowed. type: array required: True
              • +
            • expiry - Time until expiry in seconds. 0 for indefinite ban. type: int required: False
              • + +
            + +
            • +
          • auth.user.firewall - Trigger authentication for a single firewall user. +
              +
            • username - User name. type: string required: True
              • +
            • ip - User IP address. type: string required: True
              • +
            • ip_version - IP version [ip4|ip6]. type: string required: False
              • +
            • server - Name of an existing LDAP server entry. If supplied, authenticate that user against any matched groups on that LDAP server. type: string required: False
              • + +
            + +
            • +
          • backup-action.system.fortimanager - Import or update from FortiManager objects. +
              +
            • operation - Operation to perform on the given CMDB objects [import|update]. type: string required: True
              • +
            • objects - Array of CMDB tables and mkeys. type: array required: True
              • + +
            + +
            • +
          • backup.system.config - Backup system config +
              +
            • password - Password to encrypt configuration data. type: string required: False
              • +
            • usb_filename - When using 'usb' destination: the filename to save to on the connected USB device type: string required: False
              • +
            • destination - Configuration file destination [file* | usb] type: string required: False
              • +
            • vdom - If 'vdom' scope specified, the name of the VDOM to backup configuration. type: string required: False
              • +
            • scope - Specify global or VDOM only backup [global | vdom]. type: string required: True
              • + +
            + +
            • +
          • block.endpoint-control.registration - Block endpoint by FortiClient UID or MAC. +
              +
            • mac - Single MAC to block. type: string required: False
              • +
            • uid - Single FortiClient UID to block. type: string required: False
              • + +
            + +
            • +
          • cancel.fortiview.session - Cancel a FortiView request session. +
              +
            • device - FortiView request session's device. [disk|faz] type: string required: False
              • +
            • sessionid - Session ID to cancel. type: int required: False
              • +
            • view_level - FortiView View level. type: string required: False
              • +
            • report_by - Report by field. type: string required: False
              • + +
            + +
            • +
          • change-vdom-mode.system.admin - Switch between VDOM modes. +
              +
            • vdom-mode - VDOM mode [no-vdom|split-vdom|multi-vdom] type: string required: True
              • + +
            + +
            • +
          • check.endpoint-control.registration-password - Check if provided registration password is valid for current VDOM. +
              +
            • password - Registration password to test. type: string required: True
              • + +
            + +
            • +
          • clear-counters.firewall.central-snat-map - Reset traffic statistics for one or more firewall central SNAT policy by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear-counters.firewall.dnat - Reset hit count statistics for one or more firewall virtual IP/server by ID. +
              +
            • id - Single IDs to reset. type: int required: False
              • + +
            + +
            • +
          • clear-soft-in.router.bgp - Inbound soft-reconfiguration for BGP peers. + +
            • +
          • clear-soft-out.router.bgp - Outbound soft-reconfiguration for BGP peers. + +
            • +
          • clear-statistics.system.fortiguard - Immediately clear all FortiGuard statistics. + +
            • +
          • clear.system.crash-log - Clear system crash log. + +
            • +
          • clear.system.sniffer - Clear the results of a specified packet capture. +
              +
            • mkey - ID of packet capture entry. type: int required: True
              • + +
            + +
            • +
          • clear.vpn.ike - Clear IKE gateways. +
              +
            • mkey - Name of the IKE gateway to clear. type: string required: True
              • + +
            + +
            • +
          • clear_all.firewall.session - Immediately clear all active IPv4 and IPv6 sessions and IPS sessions of current VDOM. + +
            • +
          • clear_all.user.banned - Immediately clear all banned users. + +
            • +
          • clear_all.wifi.rogue_ap - Clear all detected rogue APs. + +
            • +
          • clear_counters.firewall.acl - Reset counters for one or more IPv4 ACLs by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.acl6 - Reset counters for one or more IPv6 ACLs by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.consolidated-policy - Reset traffic statistics for one or more consolidated policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.multicast-policy - Reset traffic statistics for one or more firewall IPv4 multicast policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.multicast-policy6 - Reset traffic statistics for one or more firewall IPv6 multicast policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.policy - Reset traffic statistics for one or more firewall policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.policy6 - Reset traffic statistics for one or more IPv6 policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.proxy-policy - Reset traffic statistics for one or more explicit proxy policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_counters.firewall.security-policy - Reset traffic statistics for one or more security policies by policy ID. +
              +
            • policy - Single policy ID to reset. type: int required: False
              • + +
            + +
            • +
          • clear_tunnel.vpn.ssl - Remove all active tunnel sessions in current virtual domain. + +
            • +
          • clear_users.user.banned - Immediately clear a list of specific banned users by IP. +
              +
            • ip_addresses - List of banned user IPs to clear. IPv4 and IPv6 addresses are allowed. type: array required: True
              • + +
            + +
            • +
          • close-all.firewall.session - Immediately close all active IPv4 and IPv6 sessions, as well as IPS sessions of the current VDOM. + +
            • +
          • close-multiple.firewall.session - Close multiple IPv4 firewall sessions which match the provided criteria. +
              +
            • nport - NAT'd source port. type: int required: False
              • +
            • proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
              • +
            • daddr - Destination address. type: string required: False
              • +
            • policy - Policy ID. type: int required: False
              • +
            • naddr - NAT'd source IP address. type: string required: False
              • +
            • saddr - Source address. type: string required: False
              • +
            • dport - Destination port. type: int required: False
              • +
            • sport - Source port. type: int required: False
              • + +
            + +
            • +
          • close-multiple.firewall.session6 - Close multiple IPv6 firewall sessions which match the provided criteria. +
              +
            • proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
              • +
            • daddr - Destination address. type: string required: False
              • +
            • policy - Policy ID. type: int required: False
              • +
            • saddr - Source address. type: string required: False
              • +
            • dport - Destination port. type: int required: False
              • +
            • sport - Source port. type: int required: False
              • + +
            + +
            • +
          • close.firewall.session - Close a single firewall session that matches all provided criteria. +
              +
            • daddr - Destination address. type: string required: True
              • +
            • dport - Destination port. type: int required: True
              • +
            • pro - Protocol name [tcp|udp|icmp|...]. type: string required: True
              • +
            • sport - Source port. type: int required: True
              • +
            • saddr - Source address. type: string required: True
              • + +
            + +
            • +
          • config.system.fortimanager - Configure FortiManager IP. Register FortiManager if 'fortimanager_ip' is provided. Unregister FortiManager if only 'unregister' parameter is specified and set to true. +
              +
            • unregister - Unregister the FortiManager (default=false). type: boolean required: False
              • +
            • fortimanager_ip - FortiManager IP address. type: string required: False
              • + +
            + +
            • +
          • connect.system.modem - Trigger a connect for the configured modem. + +
            • +
          • connect.wifi.network - When FortiWiFi is in client mode, connect to the specified network, if configured in the 'wifi' interface. +
              +
            • ssid - SSID of network to connect to. type: string required: True
              • + +
            + +
            • +
          • create.registration.forticare - Create a new FortiCare account. +
              +
            • city - City. type: string required: True
              • +
            • first_name - First name. type: string required: True
              • +
            • last_name - Last name. type: string required: True
              • +
            • industry_id - Industry ID. type: int required: True
              • +
            • orgsize_id - Organization size ID. type: int required: True
              • +
            • title - Title. type: string required: False
              • +
            • industry - Industry. type: string required: True
              • +
            • company - Company. type: string required: True
              • +
            • reseller_id - Reseller ID. type: int required: True
              • +
            • state_code - State/Province code. type: string required: False
              • +
            • phone - Phone number. type: string required: True
              • +
            • state - State/Province. type: string required: True
              • +
            • postal_code - Postal code. type: string required: True
              • +
            • country_code - Country code. type: int required: True
              • +
            • address - Address. type: string required: True
              • +
            • reseller_name - Reseller name. type: string required: True
              • +
            • password - Account password. type: string required: True
              • +
            • email - Account email. type: string required: True
              • + +
            + +
            • +
          • create.registration.forticloud - Create a FortiCloud account. +
              +
            • send_logs - Send logs to FortiCloud. type: boolean required: False
              • +
            • password - Account password. type: string required: True
              • +
            • email - Account email. type: string required: True
              • + +
            + +
            • +
          • create.vpn-certificate.local - Generate a new certificate signed by Fortinet_CA_SSL. +
              +
            • common_name - Certificate common name. type: string required: True
              • +
            • scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators. type: string required: True
              • +
            • certname - Certificate name. type: string required: True
              • + +
            + +
            • +
          • create.web-ui.custom-language - Upload custom language file to this Fortigate. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • lang_name - Name of custom language entry. type: string required: True
              • +
            • lang_comments - Comments of custom language entry. type: string required: False
              • +
            • filename - Name of custom language file. type: string required: True
              • + +
            + +
            • +
          • deauth.user.firewall - Deauthenticate single, multiple, or all firewall users. +
              +
            • all - Set to true to deauthenticate all users. Other parameters will be ignored. type: boolean required: False
              • +
            • users - Array of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties. type: array required: False
              • +
            • ip - User IP address. Required for both proxy and firewall users. type: string required: False
              • +
            • user_type - User type [proxy|firewall]. Required for both proxy and firewall users. type: string required: False
              • +
            • id - User ID. Required for both proxy and firewall users. type: int required: False
              • +
            • ip_version - IP version [ip4|ip6]. Only required if user_type is firewall. type: string required: False
              • +
            • method - Authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall. type: string required: False
              • + +
            + +
            • +
          • delete.firewall.clearpass-address - Delete ClearPass address with SPT (System Posture Token) value. +
              +
            • endpoint_ip - Endpoint IPv4 address. type: array required: True
              • +
            • spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
              • + +
            + +
            • +
          • delete.log.local-report - Delete a local report. +
              +
            • mkeys - Local Report Name. type: array required: True
              • + +
            + +
            • +
          • delete.system.config-revision - Deletes one or more system configuration revisions. +
              +
            • config_ids - List of configuration ids. type: array required: True
              • + +
            + +
            • +
          • delete.system.config-script - Delete the history of config scripts. +
              +
            • id_list - List of config script history ids to delete. type: array required: True
              • + +
            + +
            • +
          • delete.vpn.ssl - Terminate the provided SSL-VPN session. +
              +
            • index - The session index. type: int required: True
              • +
            • type - The session type [websession|subsession]. type: string required: True
              • + +
            + +
            • +
          • delete.webfilter.override - Delete a configured webfilter override. +
              +
            • mkey - ID of webfilter override to delete. type: string required: False
              • + +
            + +
            • +
          • deregister.endpoint-control.registration - Deregister endpoint by FortiClient UID or MAC. +
              +
            • mac - Single MAC to deregister. type: string required: False
              • +
            • uid - Single FortiClient UID to deregister. type: string required: False
              • + +
            + +
            • +
          • dhcp-renew.system.interface - Renew DHCP lease of an interface. +
              +
            • mkey - Name of the interface. type: string required: True
              • +
            • ipv6 - Renew the DHCPv6 lease. type: boolean required: False
              • + +
            + +
            • +
          • diagnose.extender-controller.extender - Execute diagnotic commands. +
              +
            • cmd - Command to execute. type: string required: True
              • +
            • id - FortiExtender ID. type: string required: True
              • + +
            + +
            • +
          • disassociate.wifi.client - Disassociate a WiFi client from the FortiAP it's currently connected to. The client will need to reassociate with the same FortiAP or another to resume connectivity. +
              +
            • mac - MAC address. type: string required: True
              • + +
            + +
            • +
          • disconnect.system.ha-peer - Update configuration of peer in HA cluster. +
              +
            • interface - Name of the interface which should be assigned for management. type: string required: True
              • +
            • ip - IP to assign to the selected interface. type: string required: True
              • +
            • serial_no - Serial number of the HA member. type: string required: True
              • +
            • mask - Full network mask to assign to the selected interface. type: string required: True
              • + +
            + +
            • +
          • disconnect.system.modem - Trigger a disconnect for the configured modem. + +
            • +
          • download.switch-controller.fsw-firmware - Download FortiSwitch firmware from FortiGuard to the FortiGate according to FortiSwitch image ID. +
              +
            • image_id - FortiSwitch image ID. type: string required: True
              • + +
            + +
            • +
          • download.wifi.firmware - Download FortiAP firmware from FortiGuard to the FortiGate according to FortiAP image ID. +
              +
            • image_id - FortiAP image ID. type: string required: True
              • + +
            + +
            • +
          • dump.system.com-log - Dump system com-log to file. + +
            • +
          • eject.system.usb-device - Eject USB drives for safe removal. + +
            • +
          • email.user.guest - Sent guest login details via email. +
              +
            • group - Guest group name. type: string required: True
              • +
            • guest - Guest user IDs. type: array required: True
              • + +
            + +
            • +
          • enable-app-bandwidth-tracking.system.traffic-history - Enable FortiView application bandwidth tracking. + +
            • +
          • factory-reset.switch-controller.managed-switch - Send 'Factory Reset' command to a given FortiSwitch. +
              +
            • mkey - Name of managed FortiSwitch. type: string required: True
              • + +
            + +
            • +
          • flush.firewall.gtp - Flush GTP tunnels. +
              +
            • fteid_addr - Filter: Data plane TEID IP address. type: string required: False
              • +
            • ms_addr - Filter: Mobile user IP address. type: string required: False
              • +
            • msisdn - Filter: Mobile station international subscriber directory number type: string required: False
              • +
            • cteid_addr - Filter: Control plane TEID IP address. type: string required: False
              • +
            • cteid_addr6 - Filter: Control plane TEID IPv6 address. type: string required: False
              • +
            • version - Filter: GTP version. type: int required: False
              • +
            • apn - Filter: Access point name. type: string required: False
              • +
            • gtp_profile - Filter: GTP profile. type: string required: False
              • +
            • fteid_addr6 - Filter: Data plane TEID IPv6 address. type: string required: False
              • +
            • ms_addr6 - Filter: Mobile user IPv6 address. type: string required: False
              • +
            • scope - Scope from which to flush tunnels from [global|*vdom]. type: string required: False
              • +
            • cteid - Filter: Control plane fully qualified tunnel endpoint identifier. type: int required: False
              • +
            • imsi - Filter: International mobile subscriber identity. type: string required: False
              • +
            • fteid - Filter: Data plane fully qualified tunnel endpoint identifier. type: int required: False
              • + +
            + +
            • +
          • format.system.logdisk - Format log disk. + +
            • +
          • generate-key.system.api-user - Generate a new api-key for the specified api-key-auth admin. The old api-key will be replaced. The response contains the only chance to read the new api-key plaintext in the api_key field. +
              +
            • api-user - Generate a new token for this api-user. type: string required: True
              • + +
            + +
            • +
          • generate-keys.wifi.ssid - Generate pre-shared keys for specific multi pre-shared key profile. +
              +
            • count - Number of keys to be generated [1-512]. type: int required: True
              • +
            • prefix - Prefix to be added at the start of the generated key's name. type: string required: True
              • +
            • group - Multi pre-shared key group to add keys to. type: string required: True
              • +
            • key_length - Length of the keys to be generated [8-63]. type: int required: True
              • +
            • mpsk_profile - Multi pre-shared key profile to add keys to. type: string required: True
              • + +
            + +
            • +
          • generate.vpn-certificate.csr - Generate a certificate signing request (CSR) and a private key. The CSR can be retrieved / downloaded from CLI, GUI and REST API. +
              +
            • city - Locality (L) of the certificate subject. type: string required: False
              • +
            • orgunits - List of organization units. Organization Units (OU) of the certificate subject. type: array required: False
              • +
            • subject_alt_name - Subject alternative name (SAN) of the certificate. type: string required: False
              • +
            • countrycode - Country (C) of the certificate subject. type: string required: False
              • +
            • scep_url - SCEP server URL. If provided, use the url to enroll the csr through SCEP. type: string required: False
              • +
            • curvename - Elliptic curve name. [secp256r1|secp384r1|secp521r1]. Unavailable if the FortiGate is a Low Encryption Device (LENC). Required when keytype is ec. type: string required: False
              • +
            • keytype - Generate a RSA or an elliptic curve certificate request [rsa|ec]. The Elliptic Curve option is unavailable if the FortiGate is a Low Encryption Device (LENC) type: string required: True
              • +
            • certname - Certicate name. Used to retrieve / download the CSR. Not included in CSR and key content. type: string required: True
              • +
            • scep_password - SCEP challenge password. Some SCEP servers may require challege password. Provide it when SCEP server requires. type: string required: False
              • +
            • state - State (ST) of the certificate subject. type: string required: False
              • +
            • keysize - Key size.[1024|1536|2048|4096]. 512 only if the FortiGate is a Low Encryption Device (LENC). Required when keytype is RSA. type: int required: False
              • +
            • scope - Scope of CSR [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
              • +
            • org - Organization (O) of the certificate subject. type: string required: False
              • +
            • password - Password / pass phrase for the private key. If not provided, FortiGate generates a random one. type: string required: False
              • +
            • email - Email of the certificate subject. type: string required: False
              • +
            • subject - Subject (Host IP/Domain Name/E-Mail). Common Name (CN) of the certificate subject. type: string required: True
              • + +
            + +
            • +
          • geoip.geoip-query - Retrieve location details for IPs queried against FortiGuard's geoip service. +
              +
            • ip_addresses - One or more IP address strings to query for location details. type: array required: True
              • + +
            + +
            • +
          • import-mobile.user.fortitoken - Import a list of tokens from FortiGuard to the FortiGate unit. +
              +
            • code - Activation code on redemption certificate. type: string required: True
              • + +
            + +
            • +
          • import-seed.user.fortitoken - Import a FortiToken seed file. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • + +
            + +
            • +
          • import-trial.user.fortitoken - Import trial mobile FortiTokens. + +
            • +
          • import.vpn-certificate.ca - Import CA certificate. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • scope - Scope of CA certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
              • +
            • import_method - Method of importing CA certificate.[file|scep] type: string required: True
              • +
            • scep_ca_id - SCEP server CA identifier for import via SCEP. type: string required: False
              • +
            • scep_url - SCEP server URL. Required for import via SCEP type: string required: False
              • + +
            + +
            • +
          • import.vpn-certificate.crl - Import certificate revocation lists (CRL) from file content. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
              • + +
            + +
            • +
          • import.vpn-certificate.local - Import local certificate. +
              +
            • acme_rsa_key_size - Length of the RSA private key for the generated cert. type: int required: False
              • +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • acme_ca_url - URL for the ACME CA server. type: string required: False
              • +
            • acme_renew_window - Certificate renewal window in days. type: int required: False
              • +
            • certname - Certificate name for pkcs12 and regular certificate types. type: string required: False
              • +
            • key_file_content - Key content encoded in BASE64 for regular certificate type. type: string required: False
              • +
            • acme_email - Contact email address that is required by some CAs such as LetsEncrypt. type: string required: False
              • +
            • scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
              • +
            • password - Optional password for pkcs12 and regular certificate types. type: string required: False
              • +
            • type - Type of certificate.[local|pkcs12|regular] type: string required: True
              • +
            • acme_domain - A valid domain that resolves to an IP whose TCP port 443 reaches this FortiGate. type: string required: False
              • + +
            + +
            • +
          • import.vpn-certificate.remote - Import remote certificate. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
              • + +
            + +
            • +
          • import.web-ui.language - Import localization language file to this FortiGate. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • + +
            + +
            • +
          • keep-alive.wifi.spectrum - Extend duration of an existing spectrum analysis for a specific FortiAP. +
              +
            • radio_id - Radio ID. type: int required: True
              • +
            • duration - Duration in seconds. type: int required: True
              • +
            • wtp_id - FortiAP ID. type: string required: True
              • + +
            + +
            • +
          • kill.system.process - Kill a running process. +
              +
            • signal - Signal to use when killing the process [9 (SIGKILL) | 11 (SIGSEGV) | 15 (SIGTERM)]. Defaults to 15. type: int required: False
              • +
            • pid - The process ID. type: int required: True
              • + +
            + +
            • +
          • led-blink.wifi.managed_ap - Turn a managed FortiAP's LED blinking on or off. +
              +
            • serials - FortiAP IDs to turn LED blink on/off. type: array required: True
              • +
            • duration - Time to blink, in seconds. 0 or omit for indefinite. type: int required: False
              • +
            • blink - True to turn on blinking, false to turn off. type: boolean required: True
              • + +
            + +
            • +
          • login.registration.forticare - Login to FortiCare. +
              +
            • reseller_name - Reseller name. type: string required: True
              • +
            • password - Account password. type: string required: True
              • +
            • email - Account email. type: string required: True
              • +
            • reseller_id - Reseller ID. type: int required: True
              • + +
            + +
            • +
          • login.registration.forticloud - Login to FortiCloud. +
              +
            • send_logs - Send logs to FortiCloud. type: boolean required: False
              • +
            • domain - FortiCloud domain. type: string required: False
              • +
            • password - Account password. type: string required: True
              • +
            • email - Account email. type: string required: True
              • + +
            + +
            • +
          • logout.registration.forticloud - Logout from FortiCloud. + +
            • +
          • migrate.registration.forticloud - Migrate standalone FortiGate Cloud account to FortiCloud. +
              +
            • password - Account password. type: string required: True
              • +
            • email - Account email. type: string required: True
              • + +
            + +
            • +
          • poe-reset.switch-controller.managed-switch - Reset PoE on a given FortiSwitch's port. +
              +
            • port - Name of port to reset PoE on. type: string required: True
              • +
            • mkey - Name of managed FortiSwitch. type: string required: True
              • + +
            + +
            • +
          • provision-user.vpn.ssl - Provision SSL-VPN users with target applications. The provisioning message (email or SMS) is sent with no confirmation of success. +
              +
            • sms_server - The SMS server to be used for sending SMS messages, required if "custom" SMS method is chosen. type: string required: False
              • +
            • vpn_name - The name of the VPN configuration. type: string required: True
              • +
            • phone_user_list - The user that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
              • +
            • method - Method to send [email|sms]. If not set, email will be the default. type: string required: False
              • +
            • email_list - The email address that the VPN configuration message should be sent to. Required if "method" is "email". type: string required: False
              • +
            • host - The hostname/IP address of the VPN server. type: string required: True
              • +
            • sms_method - The method to be used for sending the SMS [fortiguard|custom]. Default is "fortiguard". type: string required: False
              • +
            • port - The port of the VPN server. type: int required: True
              • +
            • phone_number_list - The phone number that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
              • + +
            + +
            • +
          • provision.user.fortitoken - Provision a set of FortiTokens by serial number. +
              +
            • tokens - List of FortiToken serial numbers to provision. If omitted, all tokens will be used. type: array required: False
              • + +
            + +
            • +
          • push.switch-controller.fsw-firmware - Push FortiSwitch firmware to the given device. +
              +
            • image_id - FortiSwitch image ID. type: string required: True
              • +
            • serial - The target device's serial. type: string required: True
              • + +
            + +
            • +
          • push.wifi.firmware - Push FortiAP firmware to the given device. +
              +
            • image_id - FortiAP image ID. type: string required: True
              • +
            • serial - The target device's serial. type: string required: True
              • + +
            + +
            • +
          • quarantine.endpoint-control.registration - Quarantine endpoint by FortiClient UID or MAC. +
              +
            • mac - Single MAC to quarantine. type: string required: False
              • +
            • uid - Single FortiClient UID to quarantine. type: string required: False
              • + +
            + +
            • +
          • read-info.system.certificate - Get certificate information from a certificate string. +
              +
            • value - PEM formatted certificate. type: string required: True
              • + +
            + +
            • +
          • reboot.system.os - Immediately reboot this device. +
              +
            • event_log_message - Message to be logged in event log. type: string required: False
              • + +
            + +
            • +
          • refresh-server.user.fsso - Refresh remote agent group list for all fsso agents. + +
            • +
          • refresh.azure.application-list - Update the Azure application list data or get the status of an update. +
              +
            • last_update_time - Timestamp of a previous update request. If this is not provided then it will refresh the Azure application list data. type: int required: False
              • + +
            + +
            • +
          • refresh.system.external-resource - Fetch the external resource file and refresh status for the specified external resource. +
              +
            • last_connection_time - The timestamp of last connection to the resource; used for checking refresh status. type: int required: False
              • +
            • mkey - The name of the external resource to query. type: string required: True
              • +
            • check_status_only - Set to true to return only the refresh status. type: boolean required: False
              • + +
            + +
            • +
          • refresh.user.fortitoken - Refresh a set of FortiTokens by serial number. +
              +
            • tokens - List of FortiToken serial numbers to refresh. If omitted, all tokens will be used. type: array required: False
              • + +
            + +
            • +
          • register-appliance.system.csf - Register appliance to Security Fabric. +
              +
            • mgmt_ip - Management IP or FQDN. type: string required: True
              • +
            • mgmt_port - Management port. type: int required: False
              • +
            • hostname - Host name. type: string required: False
              • +
            • mgmt_url_parameters - Array of URL parameters. Each item is a key/value pair. If provided, the URL parameters will be included in the management IP URL. type: array required: False
              • +
            • serial - Serial number. type: string required: True
              • +
            • type - Appliance type (Example: 'faz'). type: string required: True
              • + +
            + +
            • +
          • register-device.registration.forticloud - Register a device to FortiCloud through FortiGate. Currently FortiSwitch and FortiAP are supported. +
              +
            • country - Country. type: string required: True
              • +
            • serial - Device serial number type: string required: True
              • +
            • password - Password. type: string required: True
              • +
            • email - FortiCloud email. type: string required: True
              • +
            • reseller - Reseller. type: string required: True
              • + +
            + +
            • +
          • remove.user.device - Remove single or multiple user devices specified by host MAC addresses. +
              +
            • macs - An array of host MAC addresses to be removed. type: array required: False
              • + +
            + +
            • +
          • reset.extender-controller.extender - Reset a specific FortiExtender unit. +
              +
            • id - FortiExtender ID to reset. type: string required: True
              • + +
            + +
            • +
          • reset.firewall.central-snat-map - Reset traffic statistics for all firewall central SNAT policies. + +
            • +
          • reset.firewall.consolidated-policy - Reset traffic statistics for all consolidated policies. + +
            • +
          • reset.firewall.dnat - Reset hit count statistics for all firewall virtual IPs/servers. + +
            • +
          • reset.firewall.multicast-policy - Reset traffic statistics for all IPv4 firewall multicast policies. + +
            • +
          • reset.firewall.multicast-policy6 - Reset traffic statistics for all IPv6 firewall multicast policies. + +
            • +
          • reset.firewall.per-ip-shaper - Reset statistics for all configured firewall per-IP traffic shapers. + +
            • +
          • reset.firewall.policy - Reset traffic statistics for all firewall policies. + +
            • +
          • reset.firewall.policy6 - Reset traffic statistics for all IPv6 policies. + +
            • +
          • reset.firewall.shaper - Reset statistics for all configured traffic shapers. + +
            • +
          • reset.log.stats - Reset logging statistics for all log devices. + +
            • +
          • reset.system.modem - Reset statistics for internal/external configured modem. + +
            • +
          • reset.wanopt.history - Reset WAN opt. statistics. + +
            • +
          • reset.wanopt.peer_stats - Reset WAN opt peer statistics. + +
            • +
          • reset.wanopt.webcache - Reset webcache statistics. + +
            • +
          • reset.webcache.stats - Reset all webcache statistics. + +
            • +
          • reset.webfilter.category-quota - Reset webfilter quota for user or IP. +
              +
            • profile - Webfilter profile to reset. type: string required: False
              • +
            • user - User or IP to reset with. type: string required: False
              • + +
            + +
            • +
          • reset.wifi.euclid - Reset presence analytics statistics. + +
            • +
          • restart.switch-controller.managed-switch - Restart a given FortiSwitch. +
              +
            • mkey - Name of managed FortiSwitch. type: string required: True
              • + +
            + +
            • +
          • restart.system.sniffer - Restart specified packet capture. +
              +
            • mkey - ID of packet capture entry. type: int required: True
              • + +
            + +
            • +
          • restart.wifi.managed_ap - Restart a given FortiAP. +
              +
            • wtpname - FortiAP name. type: string required: False
              • + +
            + +
            • +
          • restore.system.config - Restore system configuration from uploaded file or from USB. +
              +
            • config_id - When using 'revision' source: valid ID of configuration stored on disk to revert to. type: int required: False
              • +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • usb_filename - When using 'usb' source: the filename to restore from the connected USB device. type: string required: False
              • +
            • source - Configuration file data source [upload | usb | revision]. type: string required: True
              • +
            • scope - Specify global or VDOM only restore [global | vdom]. type: string required: True
              • +
            • password - Password to decrypt configuration data. type: string required: False
              • +
            • vdom - If 'vdom' scope specified, the name of the VDOM to restore configuration. type: string required: False
              • + +
            + +
            • +
          • revoke.system.dhcp - Revoke IPv4 DHCP leases. +
              +
            • ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
              • + +
            + +
            • +
          • revoke.system.dhcp6 - Revoke IPv6 DHCP leases. +
              +
            • ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
              • + +
            + +
            • +
          • run.system.compliance - Immediately run compliance checks for the selected VDOM. + +
            • +
          • run.system.config-script - Run remote config scripts. +
              +
            • remote_script - Name of remote config script to run. type: string required: True
              • + +
            + +
            • +
          • save.system.config - Explicitly save all configuration. + +
            • +
          • save.system.config-revision - Create a new config revision checkpoint. +
              +
            • comments - Optional revision comments type: string required: False
              • + +
            + +
            • +
          • scan.wifi.network - When FortiWiFi is in client mode, start a scan for local WiFi networks. + +
            • +
          • send-activation.user.fortitoken - Send a FortiToken activation code to a user via SMS or Email. +
              +
            • token - FortiToken serial number. The token must be assigned to a user/admin. type: string required: True
              • +
            • sms_phone - Override SMS phone number. SMS provider must be set in the assigned user/admin. type: string required: False
              • +
            • method - Method to send activation code [email|sms]. If not set, SMS will be attempted first, then email. type: string required: False
              • +
            • email - Override email address. type: string required: False
              • + +
            + +
            • +
          • set.system.time - Sets current system time stamp. +
              +
            • hour - Specifies the hour (0 - 23) for setting/updating time manually. type: int required: True
              • +
            • month - Specifies the month (0 - 11) for setting/updating time manually. type: int required: True
              • +
            • second - Specifies the second (0 - 59) for setting/updating time manually. type: int required: True
              • +
            • year - Specifies the year for setting/updating time manually. type: int required: True
              • +
            • day - Specifies the day for setting/updating time manually. type: int required: True
              • +
            • minute - Specifies the minute (0 - 59) for setting/updating time manually. type: int required: True
              • + +
            + +
            • +
          • set_status.wifi.managed_ap - Update administrative state for a given FortiAP (enable or disable authorization). +
              +
            • admin - New FortiAP administrative state [enable|disable|discovered]. type: string required: False
              • +
            • wtpname - FortiAP name. type: string required: False
              • + +
            + +
            • +
          • set_status.wifi.rogue_ap - Mark detected APs as rogue APs. +
              +
            • status - Status to assign matching APs [unclassified|rogue|accepted|suppressed]. type: string required: False
              • +
            • ssid - Corresponding list of rogue AP SSIDs. type: array required: False
              • +
            • bssid - List of rogue AP MAC addresses. type: array required: False
              • + +
            + +
            • +
          • shutdown.system.os - Immediately shutdown this device. +
              +
            • event_log_message - Message to be logged in event log. type: string required: False
              • + +
            + +
            • +
          • sms.user.guest - Sent guest login details via SMS. +
              +
            • group - Guest group name. type: string required: True
              • +
            • guest - Guest user IDs. type: array required: True
              • + +
            + +
            • +
          • speed-test-trigger.system.interface - Run a speed-test on the given interface. +
              +
            • mkey - Name of the interface. type: string required: True
              • + +
            + +
            • +
          • start.system.fsck - Set file system check flag so that it will be executed on next device reboot. + +
            • +
          • start.system.sniffer - Start specified packet capture. +
              +
            • mkey - ID of packet capture entry. type: int required: True
              • + +
            + +
            • +
          • start.system.usb-log - Start backup of logs from current VDOM to USB drive. + +
            • +
          • start.wifi.spectrum - Start spectrum analysis for a specific FortiAP for a duration of time. +
              +
            • radio_id - Radio ID. type: int required: True
              • +
            • channels - Channels. type: array required: True
              • +
            • duration - Duration in seconds. type: int required: True
              • +
            • wtp_id - FortiAP ID. type: string required: True
              • + +
            + +
            • +
          • start.wifi.vlan-probe - Start a VLAN probe. +
              +
            • wtp - FortiAP ID. type: string required: True
              • +
            • retries - Number of times to retry a probe for a particular VLAN. type: int required: True
              • +
            • start_vlan_id - The starting VLAN ID for the probe. type: int required: True
              • +
            • end_vlan_id - The ending VLAN ID for the probe. type: int required: True
              • +
            • timeout - Timeout duration (in seconds) to wait for a VLAN probe response. type: int required: True
              • +
            • ap_interface - FortiAP interface to send the probe on. type: int required: True
              • + +
            + +
            • +
          • stop.system.sniffer - Stop specified packet capture. +
              +
            • mkey - ID of packet capture entry. type: int required: True
              • + +
            + +
            • +
          • stop.system.usb-log - Stop backup of logs to USB drive. + +
            • +
          • stop.wifi.spectrum - Stop spectrum analysis for a specific FortiAP. +
              +
            • radio_id - Radio ID. type: int required: True
              • +
            • wtp_id - FortiAP ID. type: string required: True
              • + +
            + +
            • +
          • stop.wifi.vlan-probe - Stop a VLAN probe. +
              +
            • wtp - FortiAP ID. type: string required: True
              • +
            • ap_interface - FortiAP interface to send the probe on. type: int required: True
              • + +
            + +
            • +
          • system.change-password - Save admin and guest-admin passwords. +
              +
            • new_password - New password. type: string required: True
              • +
            • old_password - Old password. type: string required: False
              • +
            • mkey - User ID for password change. type: string required: False
              • + +
            + +
            • +
          • system.disconnect-admins - Disconnects logged in administrators. +
              +
            • admins - List of objects with admin id and method. type: array required: False
              • +
            • id - Admin ID type: int required: False
              • +
            • method - Login method used to connect admin to FortiGate. type: string required: False
              • + +
            + +
            • +
          • system.password-policy-conform - Check whether password conforms to the password policy. +
              +
            • apply_to - Password Policy ID. type: string required: False
              • +
            • password - Password. type: string required: False
              • +
            • old_password - Old password. type: string required: False
              • +
            • mkey - User ID for password change. type: string required: False
              • + +
            + +
            • +
          • test-availability.system.fortiguard - Test availability of FortiGuard services. +
              +
            • protocol - Protocol to check. [https | udp | http] type: string required: True
              • +
            • port - Port to check. type: int required: True
              • +
            • service - Service to check. [emailfilter | webfilter] type: string required: True
              • + +
            + +
            • +
          • test-connect.user.radius - Test the connectivity of the given RADIUS server and, optionally, the validity of a username & password. +
              +
            • ordinal - If 'mkey' is provided, the server-secret pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
              • +
            • auth_type - Authentication protocol to use [auto|ms_chap_v2|ms_chap|chap|pap]. If 'mkey' is provided, this overrides the 'auth-type' value in the object. type: string required: False
              • +
            • server - Host name or IP of a RADIUS server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
              • +
            • secret - Secret password for the RADIUS server. If 'mkey' is provided, this overrides the 'secret' value in the object. type: string required: False
              • +
            • user - User name whose access to check. type: string required: False
              • +
            • password - User's password. type: string required: False
              • +
            • mkey - Name of FortiGate's RADIUS object whose settings to test. type: string required: False
              • + +
            + +
            • +
          • test.system.automation-stitch - Triggers an automation stitch for testing purposes. +
              +
            • log - Message to store in the log buffer when triggering an event. For example, "logid=\"32102\" eventtime=1528840790000000000 logdesc=\"Sample description\" msg=\"Sample message\"". This parameter is required for the 'event-log' event type. For the test to run, the 'logid' argument value must match the trigger-defined value. If 'logid' is not provided, the test will use the trigger-defined value. type: string required: False
              • +
            • mkey - ID of automation stitch to trigger. type: string required: True
              • + +
            + +
            • +
          • test.user.tacacs-plus - Test the connectivity of the given TACACS+ server. +
              +
            • ordinal - If 'mkey' is provided, the server-key pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
              • +
            • source_ip - Source IP for communications to TACACS+ server. If 'mkey' is provided, this overrides the 'source-ip' value in the object. type: string required: False
              • +
            • server - Host name of IP of a TACACS+ server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
              • +
            • secret - Secret key for the TACACS+ server. If 'mkey' is provided, this overrides the 'key' value in the object. type: string required: False
              • +
            • port - Port number of the TACACS+ server. If 'mkey' is provided, this overrides the 'port' value in the object. Defaults to 49. type: int required: False
              • +
            • mkey - Name of FortiGate's TACACS+ object whose settings to test. type: string required: False
              • + +
            + +
            • +
          • toggle-vdom-mode.system.admin - Toggles VDOM mode on/off. Enables or disables VDOM mode if it is disabled or enabled respectively. + +
            • +
          • transfer.registration.forticare - Transfer to a new FortiCare account. +
              +
            • password - Account password. type: string required: True
              • +
            • old_password - Old account password. type: string required: True
              • +
            • email - Account email. type: string required: True
              • +
            • old_email - Old account email. type: string required: True
              • + +
            + +
            • +
          • trigger.system.security-rating - Run a Security Rating report. +
              +
            • report_types - Multiple Security Rating reports to run, run all reports when unspecified. type: array required: False
              • +
            • report_type - Security Rating report to run, run all reports when unspecified. type: string required: False
              • + +
            + +
            • +
          • tunnel_down.vpn.ipsec - Bring down a specific IPsec VPN tunnel. +
              +
            • p2name - IPsec phase2 name. type: string required: True
              • +
            • p2serial - IPsec phase2 serial. type: int required: False
              • +
            • p1name - IPsec phase1 name. type: string required: True
              • + +
            + +
            • +
          • tunnel_reset_stats.vpn.ipsec - Reset statistics for a specific IPsec VPN tunnel. +
              +
            • p1name - IPsec phase1 name. type: string required: True
              • + +
            + +
            • +
          • tunnel_up.vpn.ipsec - Bring up a specific IPsec VPN tunnel. +
              +
            • p2name - IPsec phase2 name. type: string required: True
              • +
            • p2serial - IPsec phase2 serial. type: int required: False
              • +
            • p1name - IPsec phase1 name. type: string required: True
              • + +
            + +
            • +
          • unblock.endpoint-control.registration - Unblock endpoint by FortiClient UID or MAC. +
              +
            • mac - Single MAC to unblock. type: string required: False
              • +
            • uid - Single FortiClient UID to unblock. type: string required: False
              • + +
            + +
            • +
          • unquarantine.endpoint-control.registration - Unquarantine endpoint by FortiClient UID or MAC. +
              +
            • mac - Single MAC to unquarantine. type: string required: False
              • +
            • uid - Single FortiClient UID to unquarantine. type: string required: False
              • + +
            + +
            • +
          • update-comments.system.config-revision - Updates comments for a system configuration file. +
              +
            • config_id - Configuration id. type: int required: False
              • +
            • comments - Configuration comments. type: string required: False
              • + +
            + +
            • +
          • update.switch-controller.managed-switch - Update administrative state for a given FortiSwitch (enable or disable authorization). +
              +
            • admin - New FortiSwitch administrative state [enable|disable|discovered]. type: string required: False
              • +
            • mkey - FortiSwitch name. type: string required: False
              • + +
            + +
            • +
          • update.system.fortiguard - Immediately update status for FortiGuard services. + +
            • +
          • update.system.ha-peer - Update configuration of peer in HA cluster. +
              +
            • priority - Priority to assign to HA member. type: int required: False
              • +
            • serial_no - Serial number of the HA member. type: string required: True
              • +
            • hostname - Name to assign the HA member. type: string required: False
              • +
            • vcluster_id - Virtual cluster number. type: int required: False
              • + +
            + +
            • +
          • update.system.modem - Update supported modem list from FortiGuard. + +
            • +
          • update.system.sdn-connector - Update an SDN connector's connection status. +
              +
            • mkey - SDN connector name. type: string required: True
              • + +
            + +
            • +
          • update.web-ui.custom-language - Update custom language file to this Fortigate. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • filename - Name of custom language file. type: string required: False
              • +
            • lang_comments - Comments of custom language entry. type: string required: False
              • +
            • mkey - Name of custom language entry. type: string required: True
              • +
            • lang_name - New name of custom language entry. type: string required: False
              • + +
            + +
            • +
          • upgrade.extender-controller.extender - Upgrade FortiExtender. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • id - FortiExtender ID to upgrade. type: string required: True
              • + +
            + +
            • +
          • upgrade.license.database - Upgrade or downgrade UTM engine or signature package (IPS/AntiVirus/Application Control/Industrial database/Security Rating) using uploaded file. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • db_name - Security service database name [ips|appctrl|industrial_db|antivirus|security_rating] type: string required: True
              • + +
            + +
            • +
          • upgrade.system.firmware - Upgrade firmware image on this device using uploaded file. +
              +
            • format_partition - Set to true to format boot partition before upgrade. type: boolean required: False
              • +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • filename - Name of file on fortiguard or USB disk to upgrade to. type: string required: False
              • +
            • source - Firmware file data source [upload|usb|fortiguard]. type: string required: True
              • +
            • file_id - File ID of the uploaded firmware image to allow upgrade of firmware images with invalid signatures. type: string required: False
              • +
            • ignore_invalid_signature - Set to true to allow upgrade of firmware images with invalid signatures. type: boolean required: False
              • + +
            + +
            • +
          • upload.switch-controller.fsw-firmware - Upload FortiSwitch firmware to the management FortiGate and then push to target FortiSwitches. +
              +
            • serials - The target device's serial. type: string required: False
              • +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • + +
            + +
            • +
          • upload.system.config-script - Upload and run a new configuration script file. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • filename - Name of configuration script file. type: string required: False
              • + +
            + +
            • +
          • upload.system.vmlicense - Update VM license using uploaded file. Reboots immediately if successful. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • + +
            + +
            • +
          • upload.webproxy.pacfile - Upload webproxy PAC file. +
              +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • filename - Name of PAC file. type: string required: False
              • + +
            + +
            • +
          • upload.wifi.firmware - Upload FortiAP firmware to the management FortiGate and then push to target FortiAPs. +
              +
            • serials - The target device's serial. type: string required: False
              • +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • + +
            + +
            • +
          • upload.wifi.region-image - Saves a floorplan/region image to an existing region. +
              +
            • image_type - MIME type of the image (png|jpeg|gif). type: string required: True
              • +
            • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
              • +
            • region_name - Region name to save image to. type: string required: True
              • + +
            + +
            • +
          • utm.rating-lookup - Lookup FortiGuard rating for a specific URL. +
              +
            • url - List of URLs to query. type: array required: False
              • +
            • lang - Language for the rating response. type: string required: False
              • + +
            + +
            • +
          • validate-gcp-key.system.sdn-connector - Validate a string representing a private key from GCP in PEM format. +
              +
            • private-key - Private key in PEM format. type: string required: True
              • + +
            + +
            • +
          • verify-cert.endpoint-control.ems - Verify EMS server certificate for a specific EMS. +
              +
            • ems_name - EMS server name (as defined in CLI table endpoint-control.fctems). type: string required: True
              • +
            • fingerprint - EMS server certificate fingerprint to check with. type: string required: True
              • + +
            + +
            • +
          • webhook.system.automation-stitch - Triggers an incoming webhook for an automation stitch. +
              +
            • mkey - The incoming webhook name to trigger. type: string required: True
              • + +
            + +
            • +
          +
          +
          +
        • params - the parameter for each action, see definition in above list.type: dict
          • + + +Notes +----- + +.. note:: + + - Different ``selector`` may have different parameters, users are expected to look up them in the dropdown list above.. + + - For some selectors, no ``params`` are allowed to appear. + + - Not all parameters are required for a selector. + + - This module is exclusivly for FortiOS monitor API. + + - The result of API request is stored in ``results``. + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigate03 + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + + - name: Activate FortiToken + fortios_monitor: + vdom: "root" + access_token: "" + selector: 'activate.user.fortitoken' + params: + tokens: '' + + - name: Reboot This Device + fortios_monitor: + vdom: "root" + access_token: "" + selector: 'reboot.system.os' + params: + event_log_message: 'Reboot Request From Ansible' + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
            + +
          • build - Build number of the fortigate image returned: always type: str sample: 1547
            • +
          • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
            • +
          • name - Name of the table used to fulfill the request returned: always type: str sample: firmware
            • +
          • path - Path of the table used to fulfill the request returned: always type: str sample: system
            • +
          • results - Object list retrieved from device. returned: always type: list
            • +
          • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
            • +
          • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
            • +
          • status - Indication of the operation's result returned: always type: str sample: success
            • +
          • vdom - Virtual domain used returned: always type: str sample: root
            • +
          • version - Version of the FortiGate returned: always type: str sample: v5.6.3
            • +
          • ansible_facts - The list of fact subsets collected from the device returned: always type: dict
            • +
          + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@fshen01) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. \ No newline at end of file diff --git a/fortios_monitor_fact.rst b/fortios_monitor_fact.rst new file mode 100644 index 00000000..04ef20a3 --- /dev/null +++ b/fortios_monitor_fact.rst @@ -0,0 +1,2156 @@ +:source: fortios_monitor_fact.py + +:orphan: + +.. : + +fortios_monitor_fact -- Retrieve Facts of FortiOS Monitor Objects. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Collects monitor facts from network devices running the fortios operating system. This facts module will only collect those facts which user specified in playbook. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- install galaxy collection fortinet.fortios >= ``2.0.0``. + + +Parameters +---------- + + +.. raw:: html + +
            +
          • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
            • +
          • enable_log - Enable/Disable logging for task. type: bool required: False default: False
            • +
          • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
            • +
          • filters - A list of expressions to filter the returned results. type: list required: False + more... + +
            • +
          • sorters - A list of expressions to sort the returned results. type: list required: False + more... + +
            • +
          • formatters - A list of fields to display for returned results. type: list required: False
            • +
          • selector - selector of the retrieved fortigate facts type: str choices:
            • +
          • + +

            + +

            +
            +
              + azure_application-list +
            • azure_application-list + +
              • + endpoint-control_avatar_download +
            • endpoint-control_avatar_download - Download an endpoint avatar image. +
                +
              • default - Default avatar name ['authuser'|'unauthuser'|'authuser_72'|'unauthuser_72']. Default avatar when endpoint / device avatar is not available. If default is not set, Not found 404 is returned. type: string required: False
                • +
              • fingerprint - Avatar fingerprint. type: string required: False
                • +
              • uid - Single FortiClient UID. type: string required: False
                • +
              • user - User name of the endpoint. type: string required: False
                • + +
              + +
              • + endpoint-control_ems_cert-status +
            • endpoint-control_ems_cert-status - Retrieve authentication status of the EMS server certificate for a specific EMS. +
                +
              • with_cert - Return detailed certificate information. Available when the certificate is authenticated by installed CA certificates. type: boolean required: False
                • +
              • ems_name - EMS server name (as defined in CLI table endpoint-control.fctems). type: string required: True
                • + +
              + +
              • + endpoint-control_ems_status +
            • endpoint-control_ems_status - Retrieve EMS connection status for a specific EMS. +
                +
              • ems_name - EMS server name (as defined in CLI table endpoint-control.fctems). type: string required: False
                • +
              • ems_serial - EMS serial type: string required: False
                • + +
              + +
              • + endpoint-control_ems_status-summary +
            • endpoint-control_ems_status-summary + +
              • + endpoint-control_installer +
            • endpoint-control_installer - List available FortiClient installers. +
                +
              • min_version - Filter: Minimum installer version. (String of the format n[.n[.n]]). type: string required: False
                • + +
              + +
              • + endpoint-control_installer_download +
            • endpoint-control_installer_download - Download a FortiClient installer via FortiGuard. +
                +
              • mkey - Name of installer (image_id). type: string required: True
                • + +
              + +
              • + endpoint-control_profile_xml +
            • endpoint-control_profile_xml - List XML representation for each endpoint-control profile. +
                +
              • mkey - Name of endpoint-control profile. type: string required: False
                • + +
              + +
              • + endpoint-control_record-list +
            • endpoint-control_record-list - List endpoint records. This should only be used when you need to retrieve endpoint information from FortiEMS. +
                +
              • intf_name - Filter: Name of interface where the endpoint was detected. type: string required: False
                • + +
              + +
              • + endpoint-control_registration_summary +
            • endpoint-control_registration_summary + +
              • + endpoint-control_summary +
            • endpoint-control_summary + +
              • + extender-controller_extender +
            • extender-controller_extender - Retrieve statistics for specific configured FortiExtender units. +
                +
              • type - Statistic type.'type' options are [system | modem | usage | last]. If 'type' is not specified, all types of statistics are retrieved. type: string required: False
                • +
              • id - List of FortiExtender names. type: array required: False
                • +
              • name - List of FortiExtender names. type: array required: False
                • + +
              + +
              • + firewall_acl +
            • firewall_acl + +
              • + firewall_acl6 +
            • firewall_acl6 + +
              • + firewall_address-dynamic +
            • firewall_address-dynamic - List of Fabric Connector address objects and the IPs they resolve to. +
                +
              • mkey - Name of the dynamic address to retrieve. If this is not provided, all dynamic addresses will be retrieved. type: string required: False
                • + +
              + +
              • + firewall_address-fqdns +
            • firewall_address-fqdns + +
              • + firewall_address-fqdns6 +
            • firewall_address-fqdns6 + +
              • + firewall_address6-dynamic +
            • firewall_address6-dynamic - List of IPv6 Fabric Connector address objects and the IPs they resolve to. +
                +
              • mkey - Name of the dynamic address to retrieve. If this is not provided, all dynamic addresses will be retrieved. type: string required: False
                • + +
              + +
              • + firewall_central-snat-map +
            • firewall_central-snat-map - List traffic statistics for firewall central SNAT policies. +
                +
              • ip_version - Filter: Traffic IP Version. [ ipv4 | ipv6 ], if left empty, will retrieve data for both IPv4 and IPv6. type: string required: False
                • +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_consolidated-policy +
            • firewall_consolidated-policy - List traffic statistics for consolidated policies. +
                +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_dnat +
            • firewall_dnat - List hit count statistics for firewall virtual IP/server. +
                +
              • ip_version - Filter: Traffic IP Version. [ ipv4 | ipv6 ], if left empty, will retrieve data for both IPv4 and IPv6. type: string required: False
                • +
              • uuid - Filter: Virtual IP's UUID. type: string required: False
                • + +
              + +
              • + firewall_gtp +
            • firewall_gtp + +
              • + firewall_gtp-runtime-statistics +
            • firewall_gtp-runtime-statistics + +
              • + firewall_gtp-statistics +
            • firewall_gtp-statistics + +
              • + firewall_health +
            • firewall_health + +
              • + firewall_internet-service-details +
            • firewall_internet-service-details - List all details for a given Internet Service ID. +
                +
              • count - Maximum number of entries to return. Valid range is [20, 1000]; if a value is specified out of that range, it will be rounded up or down. Default value is 1000. type: int required: False
                • +
              • region_id - Filter: Region ID. type: int required: False
                • +
              • summary_only - Only return number of entries instead of entries. type: boolean required: False
                • +
              • city_id - Filter: City ID. type: int required: False
                • +
              • country_id - Filter: Country ID. type: int required: False
                • +
              • start - Starting entry index. If a value is less than zero, it will be set to zero. type: int required: False
                • +
              • id - ID of the Internet Service to get details for. type: int required: True
                • + +
              + +
              • + firewall_internet-service-match +
            • firewall_internet-service-match - List internet services that exist at a given IP or Subnet. +
                +
              • ip - IP (in dot-decimal notation). type: string required: True
                • +
              • mask - IP Mask (in dot-decimal notation). type: string required: True
                • + +
              + +
              • + firewall_internet-service-reputation +
            • firewall_internet-service-reputation - List internet services with reputation information that exist at a given IP. +
                +
              • ip - IP (in dot-decimal notation). type: string required: True
                • + +
              + +
              • + firewall_ippool +
            • firewall_ippool + +
              • + firewall_ippool_mapping +
            • firewall_ippool_mapping - Get the list of IPv4 mappings for the specified IP pool. +
                +
              • mkey - The IP pool name. type: string required: True
                • + +
              + +
              • + firewall_load-balance +
            • firewall_load-balance - List all firewall load balance servers. +
                +
              • count - Maximum number of entries to return. type: int required: True
                • +
              • start - Starting entry index. type: int required: False
                • + +
              + +
              • + firewall_local-in +
            • firewall_local-in + +
              • + firewall_multicast-policy +
            • firewall_multicast-policy - List traffic statistics for IPv4 firewall multicast policies. +
                +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_multicast-policy6 +
            • firewall_multicast-policy6 - List traffic statistics for IPv6 firewall multicast policies. +
                +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_per-ip-shaper +
            • firewall_per-ip-shaper + +
              • + firewall_policy +
            • firewall_policy - List traffic statistics for firewall policies. +
                +
              • ip_version - Filter: Traffic IP Version. [ ipv4 | ipv6 ], if left empty, will retrieve data for both ipv4 and ipv6. type: string required: False
                • +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_policy-lookup +
            • firewall_policy-lookup - Performs a policy lookup by creating a dummy packet and asking the kernel which policy would be hit. +
                +
              • protocol - Protocol. type: string required: True
                • +
              • dest - Destination IP/FQDN. type: string required: True
                • +
              • icmpcode - ICMP code. type: int required: False
                • +
              • icmptype - ICMP type. type: int required: False
                • +
              • srcintf - Source interface. type: string required: True
                • +
              • ipv6 - Perform an IPv6 lookup? type: boolean required: False
                • +
              • sourceport - Source port. type: int required: False
                • +
              • sourceip - Source IP. type: string required: False
                • +
              • destport - Destination port. type: int required: False
                • + +
              + +
              • + firewall_policy6 +
            • firewall_policy6 - List traffic statistics for IPv6 policies. +
                +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_proxy-policy +
            • firewall_proxy-policy - List traffic statistics for all explicit proxy policies. +
                +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_proxy_sessions +
            • firewall_proxy_sessions - List all active proxy sessions (optionally filtered). +
                +
              • src_uuid - UUID of source. type: object required: False
                • +
              • protocol - Protocol type. type: object required: False
                • +
              • owner - Owner. type: object required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • since - Time when the session is established. type: object required: False
                • +
              • application - Web application type. type: object required: False
                • +
              • dstport - Destination TCP port number. type: object required: False
                • +
              • username - Session login user name. type: object required: False
                • +
              • seconds - Time in seconds, since the session is established. type: object required: False
                • +
              • dstaddr6 - Destination IPv6 address. type: object required: False
                • +
              • srcaddr - Source IPv4 address. type: object required: False
                • +
              • dst_uuid - UUID of destination. type: object required: False
                • +
              • dstintf - Destination interface name. type: object required: False
                • +
              • srcintf - Source interface name. type: object required: False
                • +
              • proxy-policyid - Explicit proxy policy ID. type: object required: False
                • +
              • count - Maximum number of entries to return. Valid range is [20, 1000]; if a value is specified out of that range, it will be rounded up or down. type: int required: True
                • +
              • dstaddr - Destination IPv4 address. type: object required: False
                • +
              • country - Geographic location. type: object required: False
                • +
              • srcport - Source TCP port number. type: object required: False
                • +
              • summary - Enable/disable inclusion of session summary (setup rate, total sessions, etc). type: boolean required: False
                • +
              • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
                • +
              • srcaddr6 - Source IPv6 address. type: object required: False
                • +
              • policyid - Firewall policy ID. type: object required: False
                • + +
              + +
              • + firewall_sdn-connector-filters +
            • firewall_sdn-connector-filters - List all available filters for a specified SDN Fabric Connector. Used for Fabric Connector address objects. +
                +
              • connector - Name of the SDN Fabric Connector to get the filters from. type: string required: True
                • + +
              + +
              • + firewall_security-policy +
            • firewall_security-policy - List IPS engine statistics for security policies. +
                +
              • policyid - Filter: Policy ID. type: int required: False
                • + +
              + +
              • + firewall_session +
            • firewall_session - List all active firewall sessions (optionally filtered). +
                +
              • since - Filter: Only return sessions generated since this Unix timestamp. type: int required: False
                • +
              • protocol - Filter: Protocol name [all|igmp|tcp|udp|icmp|etc]. type: string required: False
                • +
              • web-domain - Filter: Web domain. type: string required: False
                • +
              • srcintfrole - Filter: Source interface roles. type: string required: False
                • +
              • owner - Filter: Destination owner. type: string required: False
                • +
              • srcuuid - Filter: Source UUID. type: string required: False
                • +
              • dstintfrole - Filter: Destination interface roles. type: string required: False
                • +
              • security-policyid - Filter: Security Policy ID. type: int required: False
                • +
              • natsourceaddress - Filter: NAT source address. type: string required: False
                • +
              • source - Filter: Source IP address. type: string required: False
                • +
              • destination - Filter: Destination IP address. type: string required: False
                • +
              • application - Filter: Application PROTO/PORT. (e.g. "TCP/443") type: string required: False
                • +
              • sourceport - Filter: Source port. type: int required: False
                • +
              • natsourceport - Filter: NAT source port. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • dstuuid - Filter: Destination UUID. type: string required: False
                • +
              • username - Filter: Authenticated username. type: string required: False
                • +
              • seconds - Filter: Only return sessions generated in the last N seconds. type: int required: False
                • +
              • policyid - Filter: Policy ID. type: int required: False
                • +
              • srcintf - Filter: Source interface name. type: string required: False
                • +
              • destport - Filter: Destination port. type: int required: False
                • +
              • count - Maximum number of entries to return. Valid range is [20, 1000]; if a value is specified out of that range, it will be rounded up or down. type: int required: True
                • +
              • filter-csf - Filter: Include sessions from downstream fortigates. type: boolean required: False
                • +
              • country - Filter: Destination country name. type: string required: False
                • +
              • summary - Enable/disable inclusion of session summary (setup rate, total sessions, etc). type: boolean required: False
                • +
              • shaper - Filter: Forward traffic shaper name. type: string required: False
                • +
              • web-category - Filter: Web category. type: string required: False
                • +
              • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
                • +
              • dstintf - Filter: Destination interface name. type: string required: False
                • + +
              + +
              • + firewall_shaper +
            • firewall_shaper + +
              • + firewall_shaper_multi-class-shaper +
            • firewall_shaper_multi-class-shaper + +
              • + firewall_uuid-list +
            • firewall_uuid-list + +
              • + firewall_uuid-type-lookup +
            • firewall_uuid-type-lookup - Retrieve a mapping of UUIDs to their firewall object type for given UUIDs. +
                +
              • uuids - List of UUIDs to be resolved. type: array required: False
                • + +
              + +
              • + fortiguard_redirect-portal +
            • fortiguard_redirect-portal + +
              • + fortiguard_service-communication-stats +
            • fortiguard_service-communication-stats - Retrieve historical statistics for communication with FortiGuard services. +
                +
              • service_type - To get stats for [forticare|fortiguard_download|fortiguard_query|forticloud_log|fortisandbox_cloud|fortiguard.com|ocvpn|sdns|fortitoken_registration|sms_service]. Defaults to all stats if not provided. type: string required: False
                • +
              • timeslot - History timeslot of stats [1_hour|24_hour|1_week]. Defaults to all timeslots if not provided. type: string required: False
                • + +
              + +
              • + fortiview_proxy-statistics +
            • fortiview_proxy-statistics - Retrieve drill-down and summary data for realtime proxy session FortiView statistics. +
                +
              • protocol - Protocol type. type: object required: False
                • +
              • owner - Owner. type: object required: False
                • +
              • srcuuid - UUID of source. type: object required: False
                • +
              • since - Time when the session is established. type: object required: False
                • +
              • application - Web application type. type: object required: False
                • +
              • dstport - Destination TCP port number. type: object required: False
                • +
              • dstuuid - UUID of destination. type: object required: False
                • +
              • username - Session login user name. type: object required: False
                • +
              • seconds - Time in seconds, since the session is established. type: object required: False
                • +
              • dstaddr6 - Destination IPv6 address. type: object required: False
                • +
              • srcaddr - Source IPv4 address. type: object required: False
                • +
              • dstintf - Destination interface name. type: object required: False
                • +
              • srcintf - Source interface name. type: object required: False
                • +
              • proxy-policyid - Explicit proxy policy ID. type: object required: False
                • +
              • count - Maximum number of details to return. type: int required: False
                • +
              • dstaddr - Destination IPv4 address. type: object required: False
                • +
              • country - Geographic location. type: object required: False
                • +
              • srcport - Source TCP port number. type: object required: False
                • +
              • sort_by - Sort by field. type: string required: False
                • +
              • report_by - Report by field. type: string required: False
                • +
              • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
                • +
              • srcaddr6 - Source IPv6 address. type: object required: False
                • +
              • policyid - Firewall policy ID. type: object required: False
                • + +
              + +
              • + fortiview_sandbox-file-details +
            • fortiview_sandbox-file-details - Retrieve FortiSandbox analysis details for a specific file checksum. +
                +
              • checksum - Checksum of a specific file that has been analyzed by the connected FortiSandbox. type: string required: True
                • + +
              + +
              • + fortiview_sandbox-file-list +
            • fortiview_sandbox-file-list + +
              • + fortiview_statistics +
            • fortiview_statistics - Retrieve drill-down and summary data for FortiView (both realtime and historical). +
                +
              • count - Maximum number of details to return. type: int required: False
                • +
              • end - End timestamp. type: int required: False
                • +
              • realtime - Set to true to retrieve realtime results (from kernel). type: boolean required: False
                • +
              • chart_only - Only return graph values in results. type: boolean required: False
                • +
              • sort_by - Sort by field. type: string required: False
                • +
              • filter - A map of filter keys to arrays of values. type: object required: False
                • +
              • start - Start timestamp. type: int required: False
                • +
              • sessionid - FortiView request Session ID. type: int required: False
                • +
              • report_by - Report by field. type: string required: False
                • +
              • device - FortiView source device [disk|fortianalyzer|forticloud]. type: string required: False
                • +
              • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
                • + +
              + +
              • + ips_anomaly +
            • ips_anomaly + +
              • + ips_exceed-scan-range +
            • ips_exceed-scan-range - Returns a list of applications that exceed the scan range from a list of application IDs. +
                +
              • ids - List of application IDs. type: array required: True
                • + +
              + +
              • + ips_hold-signatures +
            • ips_hold-signatures - Return a list of IPS signatures that are on hold due to active hold time. +
                +
              • ips_sensor - Optional filter: Provide the name of the IPS sensor to retrieve only the hold signatures being used by that sensor. type: string required: False
                • + +
              + +
              • + ips_metadata +
            • ips_metadata + +
              • + ips_rate-based +
            • ips_rate-based + +
              • + license_fortianalyzer-status +
            • license_fortianalyzer-status + +
              • + license_forticare-org-list +
            • license_forticare-org-list + +
              • + license_forticare-resellers +
            • license_forticare-resellers - Get current FortiCare resellers for the requested country. +
                +
              • country_code - FortiGuard country code type: int required: False
                • + +
              + +
              • + license_status +
            • license_status + +
              • + log_av-archive_download +
            • log_av-archive_download - Download file quarantined by AntiVirus. +
                +
              • mkey - Checksum for quarantined file. type: string required: True
                • + +
              + +
              • + log_current-disk-usage +
            • log_current-disk-usage + +
              • + log_device_state +
            • log_device_state + +
              • + log_event +
            • log_event + +
              • + log_fortianalyzer +
            • log_fortianalyzer - Return FortiAnalyzer/FortiManager log status. +
                +
              • srcip - The IP to use to make the request to the FortiAnalyzer [|auto]. When set to "auto" it will use the FortiGate's routing table to determine the IP to make the request from. type: string required: False
                • +
              • scope - Scope from which to test the connectivity of the FortiAnalyzer address [vdom|global]. type: string required: False
                • +
              • server - FortiAnalyzer/FortiManager address. type: string required: False
                • + +
              + +
              • + log_fortianalyzer-queue +
            • log_fortianalyzer-queue - Retrieve information on FortiAnalyzer's queue state. Note:- FortiAnalyzer logs are queued only if upload-option is realtime. +
                +
              • scope - Scope from which to retrieve FortiAnalyzer's queue state [vdom*|global]. type: string required: False
                • + +
              + +
              • + log_forticloud +
            • log_forticloud + +
              • + log_forticloud-report-list +
            • log_forticloud-report-list + +
              • + log_forticloud-report_download +
            • log_forticloud-report_download - Download PDF report from FortiCloud. +
                +
              • inline - Set to 1 to download the report inline. type: int required: False
                • +
              • mkey - FortiCloud Report ID. type: int required: True
                • +
              • report_name - Full filename of the report. type: string required: True
                • + +
              + +
              • + log_forticloud_connection +
            • log_forticloud_connection + +
              • + log_historic-daily-remote-logs +
            • log_historic-daily-remote-logs - Returns the amount of logs in bytes sent daily to a remote logging service (FortiCloud or FortiAnalyzer). +
                +
              • server - Service name [forticloud | fortianalyzer]. type: string required: True
                • + +
              + +
              • + log_hourly-disk-usage +
            • log_hourly-disk-usage + +
              • + log_ips-archive_download +
            • log_ips-archive_download - Download IPS/application control packet capture files. Uses configured log display device. +
                +
              • pcap_no - Packet capture roll number (required when log device is 'disk') type: int required: False
                • +
              • pcap_category - Packet capture category (required when log device is 'disk') type: int required: False
                • +
              • mkey - IPS archive ID. type: int required: True
                • + +
              + +
              • + log_local-report-list +
            • log_local-report-list + +
              • + log_local-report_download +
            • log_local-report_download - Download local report +
                +
              • mkey - Local Report Name. type: string required: True
                • + +
              + +
              • + log_policy-archive_download +
            • log_policy-archive_download - Download policy-based packet capture archive. +
                +
              • srcip - Source IP. type: string required: True
                • +
              • dstip - Destination IP. type: string required: True
                • +
              • mkey - Session ID (from traffic log). type: int required: True
                • + +
              + +
              • + log_stats +
            • log_stats - Return number of logs sent by category per day for a specific log device. +
                +
              • dev - Log device [*memory | disk | fortianalyzer | forticloud]. type: string required: False
                • + +
              + +
              • + network_arp +
            • network_arp + +
              • + network_ddns_lookup +
            • network_ddns_lookup - Check DDNS FQDN availability. +
                +
              • domain - Filter: domain to check. type: string required: True
                • + +
              + +
              • + network_ddns_servers +
            • network_ddns_servers + +
              • + network_dns_latency +
            • network_dns_latency + +
              • + network_fortiguard_live-services-latency +
            • network_fortiguard_live-services-latency + +
              • + network_lldp_neighbors +
            • network_lldp_neighbors + +
              • + network_lldp_ports +
            • network_lldp_ports - List all active LLDP ports. +
                +
              • mkey - Filter: specific port name. type: string required: False
                • + +
              + +
              • + network_reverse-ip-lookup +
            • network_reverse-ip-lookup - Retrieve the resolved DNS domain name for a given IP address. +
                +
              • ip - IP address (in dot-decimal notation). type: string required: True
                • + +
              + +
              • + nsx_instance +
            • nsx_instance - List NSX instances and their resource statistics. +
                +
              • mkey - Filter: NSX SDN name. type: string required: False
                • + +
              + +
              • + nsx_service_status +
            • nsx_service_status - Retrieve NSX service status. +
                +
              • mkey - Filter: NSX SDN name. type: string required: False
                • + +
              + +
              • + registration_forticloud_device-status +
            • registration_forticloud_device-status - Fetch device registration status from FortiCloud. Currently FortiSwitch and FortiAP are supported. +
                +
              • serials - Serials of FortiSwitch and FortiAP to fetch registration status. type: array required: True
                • +
              • update_cache - Clear cache and retrieve updated data. type: boolean required: False
                • + +
              + +
              • + registration_forticloud_disclaimer +
            • registration_forticloud_disclaimer + +
              • + registration_forticloud_domains +
            • registration_forticloud_domains + +
              • + router_bgp_neighbors +
            • router_bgp_neighbors + +
              • + router_bgp_neighbors6 +
            • router_bgp_neighbors6 + +
              • + router_bgp_paths +
            • router_bgp_paths - List all discovered BGP paths. +
                +
              • count - Maximum number of entries to return (Default behavior will return all BGP Paths). type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • + +
              + +
              • + router_bgp_paths-statistics +
            • router_bgp_paths-statistics - Retrieve BGP paths statistics, including number of IPv4 or IPv6 BGP paths. +
                +
              • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
                • + +
              + +
              • + router_bgp_paths6 +
            • router_bgp_paths6 - List all discovered IPv6 BGP paths. +
                +
              • count - Maximum number of entries to return (Default behavior will return all BGP Paths). type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • + +
              + +
              • + router_ipv4 +
            • router_ipv4 - List all active IPv4 routing table entries. +
                +
              • count - Maximum number of entries to return (Default for all routes). type: int required: False
                • +
              • ip_mask - Filter: IP/netmask. type: string required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • interface - Filter: interface name. type: string required: False
                • +
              • type - Filter: route type. type: string required: False
                • +
              • gateway - Filter: gateway. type: string required: False
                • + +
              + +
              • + router_ipv6 +
            • router_ipv6 - List all active IPv6 routing table entries. +
                +
              • count - Maximum number of entries to return (Default for all routes). type: int required: False
                • +
              • ip_mask - Filter: IP/netmask. type: string required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • interface - Filter: interface name. type: string required: False
                • +
              • type - Filter: route type. type: string required: False
                • +
              • gateway - Filter: gateway. type: string required: False
                • + +
              + +
              • + router_lookup +
            • router_lookup - Performs a route lookup by querying the routing table. +
                +
              • destination - Destination IP/FQDN. type: string required: True
                • +
              • ipv6 - Perform an IPv6 lookup. type: boolean required: False
                • + +
              + +
              • + router_lookup-policy +
            • router_lookup-policy - Performs a route lookup by querying the policy routing table. +
                +
              • protocol_number - IP Protocol Number. type: int required: False
                • +
              • destination - Destination IP/FQDN. type: string required: True
                • +
              • source - Source IP/FQDN. type: string required: False
                • +
              • ipv6 - Perform an IPv6 lookup. type: boolean required: False
                • +
              • destination_port - Destination Port. type: int required: False
                • +
              • interface_name - Incoming Interface. type: string required: False
                • + +
              + +
              • + router_ospf_neighbors +
            • router_ospf_neighbors + +
              • + router_policy +
            • router_policy - Retrieve a list of active IPv4 policy routes. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • count_only - Returns the number of IPv4 policy routes only. type: boolean required: False
                • + +
              + +
              • + router_policy6 +
            • router_policy6 - Retrieve a list of active IPv6 policy routes. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • count_only - Returns the number of IPv6 policy routes only. type: boolean required: False
                • + +
              + +
              • + router_statistics +
            • router_statistics - Retrieve routing table statistics, including number of matched routes. +
                +
              • ip_version - IP version (4|6). If not present, IPv4 and IPv6 will be returned. type: int required: False
                • +
              • ip_mask - Filter: IP/netmask. type: string required: False
                • +
              • interface - Filter: interface name. type: string required: False
                • +
              • type - Filter: route type. type: string required: False
                • +
              • gateway - Filter: gateway. type: string required: False
                • + +
              + +
              • + switch-controller_detected-device +
            • switch-controller_detected-device + +
              • + switch-controller_fsw-firmware +
            • switch-controller_fsw-firmware - Retrieve a list of recommended firmware for managed FortiSwitches. +
                +
              • version - Target firmware version of the parent FortiGate. type: object required: False
                • +
              • timeout - FortiGuard connection timeout (defaults to 3 seconds). type: int required: False
                • +
              • mkey - Filter: FortiSwitch ID. type: string required: False
                • + +
              + +
              • + switch-controller_managed-switch +
            • switch-controller_managed-switch - Retrieve statistics for configured FortiSwitches. Deprecated. It will be removed in 7.2. It's replaced by /api/v2/monitor/switch-controller/managed-switch/status for faster performance. +
                +
              • port_stats - Filter: Retrieve tx/rx statistics for ports of configured FortiSwitches. type: boolean required: False
                • +
              • stp_status - Filter: Retrieve STP status for ports of configured FortiSwitches. type: boolean required: False
                • +
              • igmp_snooping_group - Filter: Retrieve IGMP Snooping group for configured FortiSwitches. type: boolean required: False
                • +
              • qos_stats - Filter: Retrieve QoS statistics for ports of configured FortiSwitches. type: boolean required: False
                • +
              • transceiver - Filter: Retrieve transceiver information for ports of configured FortiSwitches. type: boolean required: False
                • +
              • poe - Filter: Retrieve PoE statistics for ports of configured FortiSwitches. Port power usage is in Watt units. type: boolean required: False
                • +
              • mkey - Filter: FortiSwitch ID. type: string required: False
                • + +
              + +
              • + switch-controller_managed-switch_cable-status +
            • switch-controller_managed-switch_cable-status - Diagnose cable information for a port. Virtual FortiSwitches and FortiLink ports are not supported. +
                +
              • port - Name of managed FortiSwitch port. type: string required: True
                • +
              • mkey - Name of managed FortiSwitch. type: string required: True
                • + +
              + +
              • + switch-controller_managed-switch_dhcp-snooping +
            • switch-controller_managed-switch_dhcp-snooping + +
              • + switch-controller_managed-switch_faceplate-xml +
            • switch-controller_managed-switch_faceplate-xml - Retrieve XML for rendering FortiSwitch faceplate widget. +
                +
              • mkey - Name of managed FortiSwitch. type: string required: True
                • + +
              + +
              • + switch-controller_managed-switch_health +
            • switch-controller_managed-switch_health - Retrieve health-check statistics for managed FortiSwitches. +
                +
              • mkey - Filter: FortiSwitch ID. type: string required: False
                • + +
              + +
              • + switch-controller_managed-switch_models +
            • switch-controller_managed-switch_models + +
              • + switch-controller_managed-switch_port-stats +
            • switch-controller_managed-switch_port-stats - Retrieve port statistics for configured FortiSwitches. +
                +
              • mkey - Filter: FortiSwitch ID. type: string required: False
                • + +
              + +
              • + switch-controller_managed-switch_status +
            • switch-controller_managed-switch_status - Retrieve statistics for configured FortiSwitches. +
                +
              • mkey - Filter: FortiSwitch ID. type: string required: False
                • + +
              + +
              • + switch-controller_managed-switch_transceivers +
            • switch-controller_managed-switch_transceivers + +
              • + switch-controller_matched-devices +
            • switch-controller_matched-devices - Return a list of devices that match NAC and/or dynamic port policies. +
                +
              • include_dynamic - If true, include devices that match dynamic port policies. Default value is false. type: boolean required: False
                • +
              • mkey - FortiSwitch ID. Will return all devices if no ID is provided. type: string required: False
                • + +
              + +
              • + switch-controller_mclag-icl_eligible-peer +
            • switch-controller_mclag-icl_eligible-peer - Find a pair of FortiSwitches that are eligible to form a tier-1 MCLAG. +
                +
              • fortilink - FortiLink interface name. type: string required: True
                • + +
              + +
              • + switch-controller_validate-switch-prefix +
            • switch-controller_validate-switch-prefix - Validate a FortiSwitch serial number prefix. Deprecated in 7.2 replaced by /api/v2/monitor/switch-controller/managed-switch/models. +
                +
              • prefix - Prefix of FortiSwitch serial number. type: string required: False
                • + +
              + +
              • + system_3g-modem +
            • system_3g-modem + +
              • + system_acme-certificate-status +
            • system_acme-certificate-status - Get ACME certificate status. +
                +
              • scope - Scope of certificate [vdom*|global]. type: string required: False
                • +
              • mkey - Check if specific certificate is available. type: string required: True
                • + +
              + +
              • + system_acquired-dns +
            • system_acquired-dns + +
              • + system_automation-action_stats +
            • system_automation-action_stats - Statistics for automation actions. +
                +
              • mkey - Filter: Automation action name. type: string required: False
                • + +
              + +
              • + system_automation-stitch_stats +
            • system_automation-stitch_stats - Statistics for automation stitches. +
                +
              • mkey - Filter: Automation stitch name. type: string required: False
                • + +
              + +
              • + system_available-certificates +
            • system_available-certificates - Get available certificates. +
                +
              • with_crl - Include certificate revocation lists. type: boolean required: False
                • +
              • find_all_references - Include reference counts across all VDOMs when scope is global. type: boolean required: False
                • +
              • with_remote - Include remote certificates. type: boolean required: False
                • +
              • with_ca - Include certificate authorities. type: boolean required: False
                • +
              • scope - Scope of certificate [vdom*|global]. type: string required: False
                • +
              • mkey - Check if specific certificate is available. type: string required: False
                • + +
              + +
              • + system_available-interfaces +
            • system_available-interfaces - Retrieve a list of all interfaces along with some meta information regarding their availability. +
                +
              • scope - Scope of interface list [vdom|global] type: string required: False
                • +
              • view_type - Optionally include additional information for interfaces. This parameter can be repeated multiple times. 'ha': Includes extra meta information useful when dealing with interfaces related to HA configuration. Interfaces that are used by an HA cluster as management interfaces are also included in this view. 'zone': Includes extra meta information for determining zone membership eligibility. 'vwp': Includes extra meta information for determining virtual wire pair eligibility. 'sdwan': Includes extra meta information for determining SD-WAN eligibility. 'switch': Includes extra meta information for determining switch eligibility. 'hard-switch': Includes extra meta information for determining hard-switch eligibility. 'limited': Includes limited information on parent interfaces that are in another VDOM. 'stat': Includes TX/RX statistics data. type: string required: False
                • + +
              + +
              • + system_botnet +
            • system_botnet - List all known IP-based botnet entries in FortiGuard botnet database. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • include_hit_only - Include entries with hits only. type: boolean required: False
                • + +
              + +
              • + system_botnet-domains +
            • system_botnet-domains - List all known domain-based botnet entries in FortiGuard botnet database. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • + +
              + +
              • + system_botnet-domains_hits +
            • system_botnet-domains_hits + +
              • + system_botnet-domains_stat +
            • system_botnet-domains_stat + +
              • + system_botnet_stat +
            • system_botnet_stat + +
              • + system_certificate_download +
            • system_certificate_download - Download certificate. +
                +
              • scope - Scope of certificate [vdom*|global]. type: string required: False
                • +
              • type - Type of certificate [local-cer|remote-cer|local-ca|remote-ca|local-csr|crl]. type: string required: True
                • +
              • mkey - Name of certificate. type: string required: True
                • + +
              + +
              • + system_check-port-availability +
            • system_check-port-availability - Check whether a list of TCP port ranges is available for a certain service. +
                +
              • port_ranges - List of TCP port range objects to check against. type: array required: True
                • +
              • service - The service in which the ports could be available. 'service' options are [reserved | sysglobal | webproxy | ftpproxy | sslvpn | slaprobe | fsso | ftm_push]. If 'service' is not specified, the port ranges availability is checked against all services. type: string required: False
                • + +
              + +
              • + system_com-log_download +
            • system_com-log_download + +
              • + system_com-log_update +
            • system_com-log_update + +
              • + system_config-error-log_download +
            • system_config-error-log_download + +
              • + system_config-revision +
            • system_config-revision + +
              • + system_config-revision_file +
            • system_config-revision_file - Download a specific configuration revision. +
                +
              • config_id - Configuration id. type: int required: False
                • + +
              + +
              • + system_config-revision_info +
            • system_config-revision_info - Retrieve meta information for a specific configuration revision. +
                +
              • config_id - Configuration id. type: int required: False
                • + +
              + +
              • + system_config-script +
            • system_config-script + +
              • + system_config-sync_status +
            • system_config-sync_status + +
              • + system_config_restore-status +
            • system_config_restore-status - Check the status of the restoring system configuration session. +
                +
              • session_id - Session ID for restoring configuration. type: string required: True
                • + +
              + +
              • + system_config_usb-filelist +
            • system_config_usb-filelist + +
              • + system_crash-log_download +
            • system_crash-log_download + +
              • + system_csf +
            • system_csf - Retrieve a full tree of downstream FortiGates registered to the Security Fabric. +
                +
              • scope - Scope from which to retrieve the Security Fabric tree [vdom*|global]. type: string required: False
                • + +
              + +
              • + system_csf_pending-authorizations +
            • system_csf_pending-authorizations + +
              • + system_current-admins +
            • system_current-admins + +
              • + system_debug_download +
            • system_debug_download + +
              • + system_dhcp +
            • system_dhcp - List all DHCP and DHCPv6 leases. +
                +
              • interface - Filter: Retrieve DHCP leases for this interface only. type: string required: False
                • +
              • scope - Scope from which to retrieve DHCP leases [vdom*|global]. Global scope is only accessible for global administrators. type: string required: False
                • +
              • ipv6 - Include IPv6 addresses in the response. type: boolean required: False
                • + +
              + +
              • + system_external-resource_entry-list +
            • system_external-resource_entry-list - Retrieve resource file status with a list of valid/invalid entries for the specific external resource. Empty lines and comment lines are not returned. +
                +
              • status_only - Set to true to retrieve resource file status only. (Skip valid/invalid entries.) type: boolean required: False
                • +
              • mkey - The external resource name to query. type: string required: True
                • +
              • include_notes - Set to true to retrieve notes on the resource file. type: boolean required: False
                • + +
              + +
              • + system_firmware +
            • system_firmware + +
              • + system_firmware_upgrade-paths +
            • system_firmware_upgrade-paths + +
              • + system_fortiguard-blacklist +
            • system_fortiguard-blacklist - Retrieve blacklist information for a specified IP. +
                +
              • ip - IPv4 address to check against. type: string required: True
                • +
              • timeout - Timeout period in seconds (defaults to 5). type: int required: False
                • + +
              + +
              • + system_fortiguard_server-info +
            • system_fortiguard_server-info + +
              • + system_fortimanager_backup-details +
            • system_fortimanager_backup-details - Get the properties of a FortiManager object. +
                +
              • datasource - Object datasource. type: string required: True
                • +
              • mkey - Object name. type: string required: True
                • + +
              + +
              • + system_fortimanager_backup-summary +
            • system_fortimanager_backup-summary + +
              • + system_fortimanager_status +
            • system_fortimanager_status + +
              • + system_global-resources +
            • system_global-resources + +
              • + system_global-search +
            • system_global-search - Search for CMDB table objects based on search phrase. +
                +
              • scope - Search scope [vdom|global]. type: string required: False
                • +
              • search - Phrase used for searching. type: string required: True
                • +
              • skip_tables - Array of CMDB tables to be skipped when doing global search. E.g. ['firewall.address', 'firewall.address6']. type: array required: False
                • +
              • search_tables - Array of CMDB tables to search on. If not defined, global search function will do a search on all tables that the current user has read permission on. E.g ['firewall.address', 'firewall.address6']. type: array required: False
                • + +
              + +
              • + system_ha-checksums +
            • system_ha-checksums + +
              • + system_ha-history +
            • system_ha-history + +
              • + system_ha-peer +
            • system_ha-peer - Get configuration of peer(s) in HA cluster. Uptime is expressed in seconds. +
                +
              • serial_no - Serial number of the HA member. If not specified, fetch information for all HA members type: string required: False
                • +
              • vcluster_id - Virtual cluster number. If not specified, fetch information for all active vclusters type: int required: False
                • + +
              + +
              • + system_ha-statistics +
            • system_ha-statistics + +
              • + system_ha-table-checksums +
            • system_ha-table-checksums - List of table checksums for members of HA cluster. +
                +
              • vdom_name - VDOM name of the HA member. If not specified, fetch table checksums for global. type: string required: False
                • +
              • serial_no - Serial number of the HA member. type: string required: True
                • + +
              + +
              • + system_interface +
            • system_interface - Retrieve statistics for all system interfaces. +
                +
              • scope - Scope from which to retrieve the interface stats from [vdom|global]. type: string required: False
                • +
              • interface_name - Filter: interface name. type: string required: False
                • +
              • include_vlan - Enable to include VLANs in result list. type: boolean required: False
                • +
              • include_aggregate - Enable to include Aggregate interfaces in result list. type: boolean required: False
                • + +
              + +
              • + system_interface-connected-admins-info +
            • system_interface-connected-admins-info - Return admins info that are connected to current interface. +
                +
              • interface - Interface that admins is connected through. type: string required: True
                • + +
              + +
              • + system_interface_dhcp-status +
            • system_interface_dhcp-status - Retrieve the DHCP client status of an interface. +
                +
              • mkey - Name of the interface. type: string required: True
                • +
              • ipv6 - Retrieve the DHCPv6 client status. type: boolean required: False
                • + +
              + +
              • + system_interface_kernel-interfaces +
            • system_interface_kernel-interfaces + +
              • + system_interface_poe +
            • system_interface_poe - Retrieve PoE statistics for system interfaces. +
                +
              • scope - Scope from which to retrieve the interface stats from [vdom|global] (default=vdom). type: string required: False
                • +
              • mkey - Filter: Name of the interface to fetch PoE statistics for. type: string required: False
                • + +
              + +
              • + system_interface_speed-test-status +
            • system_interface_speed-test-status - Retrieve the current status of a speed-test with the results if finished. +
                +
              • id - ID of the speed test. type: int required: True
                • + +
              + +
              • + system_interface_transceivers +
            • system_interface_transceivers - Get a list of transceivers being used by the FortiGate. +
                +
              • scope - Scope from which to retrieve the transceiver information from [vdom|global]. type: string required: False
                • + +
              + +
              • + system_ipam_list +
            • system_ipam_list + +
              • + system_ipam_status +
            • system_ipam_status + +
              • + system_ipconf +
            • system_ipconf - Determine if there is an IP conflict for a specific IP using ARP. +
                +
              • devs - List of interfaces to check for conflict. type: array required: True
                • +
              • ipaddr - IPv4 address to check for conflict. type: string required: True
                • + +
              + +
              • + system_link-monitor +
            • system_link-monitor - Retrieve per-interface statistics for active link monitors. +
                +
              • mkey - Name of link monitor. type: string required: False
                • + +
              + +
              • + system_lte-modem_status +
            • system_lte-modem_status + +
              • + system_modem +
            • system_modem + +
              • + system_nat46-ippools +
            • system_nat46-ippools + +
              • + system_ntp_status +
            • system_ntp_status + +
              • + system_object-tagging_usage +
            • system_object-tagging_usage + +
              • + system_object_usage +
            • system_object_usage - Retrieve all objects that are currently using as well as objects that can use the given object. +
                +
              • scope - Scope of resource [vdom|global]. type: string required: False
                • +
              • q_name - The CMDB table's name type: string required: False
                • +
              • mkey - The mkey for the object type: string required: True
                • +
              • qtypes - List of CMDB table qTypes type: array required: False
                • +
              • q_path - The CMDB table's path type: string required: False
                • + +
              + +
              • + system_performance_status +
            • system_performance_status + +
              • + system_resolve-fqdn +
            • system_resolve-fqdn - Resolves the provided FQDNs to FQDN -> IP mappings. +
                +
              • fqdn - List of FQDNs to be resolved type: array required: False
                • +
              • ipv6 - Resolve for the AAAA record? type: boolean required: False
                • + +
              + +
              • + system_resource_usage +
            • system_resource_usage - Retreive current and historical usage data for a provided resource. +
                +
              • scope - Scope of resource [vdom|global]. This parameter is only applicable if the FGT is in VDOM mode. type: string required: False
                • +
              • interval - Time interval of resource usage [1-min|10-min|30-min|1-hour|12-hour|24-hour]. Defaults to all intervals if not provided. type: string required: False
                • +
              • resource - Resource to get usage data for [cpu|mem|disk|session|session6|setuprate|setuprate6|disk_lograte|faz_lograte|forticloud_lograte|gtp_tunnel|gtp_tunnel_setup_rate]. Defaults to all resources if not provided. Additionally, [npu_session|npu_session6] data is available for devices that have an NPU and [nturbo_session|nturbo_session6] data is available for NP6 devices that support NTurbo. [gtp_tunnel|gtp_tunnel_setup_rate] data is available for carrier platforms only. type: string required: False
                • + +
              + +
              • + system_running-processes +
            • system_running-processes + +
              • + system_sandbox_cloud-regions +
            • system_sandbox_cloud-regions + +
              • + system_sandbox_connection +
            • system_sandbox_connection - Test the connection to FortiSandbox. +
                +
              • server - IP/FQDN of the FortiSandbox to test. Uses the configured FortiSandbox IP/FQDN if no server is provided. type: string required: False
                • + +
              + +
              • + system_sandbox_stats +
            • system_sandbox_stats + +
              • + system_sandbox_status +
            • system_sandbox_status + +
              • + system_sandbox_test-connect +
            • system_sandbox_test-connect - Test the connectivity of a given FortiSandbox IP. +
                +
              • server - IP/FQDN of the FortiSandbox to test. type: string required: True
                • + +
              + +
              • + system_sdn-connector_nsx-security-tags +
            • system_sdn-connector_nsx-security-tags - Retrieve a list of NSX security tags for connected NSX servers. +
                +
              • mkey - Filter: NSX SDN connector name. type: string required: False
                • + +
              + +
              • + system_sdn-connector_status +
            • system_sdn-connector_status - Retrieve connection status for SDN connectors. +
                +
              • type - Filter: SDN connector type. Ignored if mkey is specified. type: string required: False
                • +
              • mkey - Filter: SDN connector name. type: string required: False
                • + +
              + +
              • + system_security-rating +
            • system_security-rating - Retrieve a Security Rating report result. Without ID specified, returns the most recent result. +
                +
              • scope - Scope of the report [vdom*|global]. Global scope is only accessible for global administrators. type: string required: False
                • +
              • id - Report ID. type: int required: False
                • +
              • report_type - Report type to view, Security Report when unspecified. type: string required: False
                • + +
              + +
              • + system_security-rating_history +
            • system_security-rating_history - Retrieve Security Rating history. +
                +
              • report_type - Security Rating report history to view, view Security Report when unspecified. type: string required: False
                • + +
              + +
              • + system_security-rating_lang +
            • system_security-rating_lang - Returns the requested Security Rating language mapping. +
                +
              • key - Requested language mapping (en, fr, big5, euc-kr, GB2312, pg, sp, x-sjis). type: string required: False
                • + +
              + +
              • + system_security-rating_status +
            • system_security-rating_status - Check if a Security Rating report is currently running. +
                +
              • progress - Query report progress. type: boolean required: False
                • +
              • id - Report ID. type: int required: False
                • +
              • report_type - Report type to view, Security Report when unspecified. type: string required: False
                • + +
              + +
              • + system_security-rating_supported-reports +
            • system_security-rating_supported-reports + +
              • + system_sensor-info +
            • system_sensor-info + +
              • + system_sniffer +
            • system_sniffer + +
              • + system_sniffer_download +
            • system_sniffer_download - Download a stored packet capture. +
                +
              • mkey - ID of packet capture entry. type: int required: True
                • + +
              + +
              • + system_status +
            • system_status + +
              • + system_storage +
            • system_storage + +
              • + system_time +
            • system_time + +
              • + system_timezone +
            • system_timezone + +
              • + system_traffic-history_interface +
            • system_traffic-history_interface - Retrieve history traffic stats for an interface. +
                +
              • interface - Interface name. type: string required: True
                • +
              • time_period - Time period to retrieve data for [hour | day | week]. type: string required: True
                • + +
              + +
              • + system_traffic-history_top-applications +
            • system_traffic-history_top-applications - Retrieve top FortiView applications traffic stats by bandwidth. +
                +
              • time_period - Time period to retrieve data for [hour | day | week]. type: string required: True
                • + +
              + +
              • + system_trusted-cert-authorities +
            • system_trusted-cert-authorities - Get trusted certifiate authorities. +
                +
              • scope - Scope of certificate [vdom*|global]. type: string required: False
                • + +
              + +
              • + system_usb-log +
            • system_usb-log + +
              • + system_vdom-link +
            • system_vdom-link - Gets a list of all NPU VDOM Links and VDOM Links. +
                +
              • scope - Scope from which to retrieve the VDOM link informaton from [vdom|global]. type: string required: False
                • + +
              + +
              • + system_vdom-resource +
            • system_vdom-resource + +
              • + system_vm-information +
            • system_vm-information + +
              • + user_banned +
            • user_banned + +
              • + user_banned_check +
            • user_banned_check - Check if an IPv4 or IPv6 address is banned administratively. +
                +
              • ip_address - IPv4 or IPv6 Address to check. type: string required: True
                • + +
              + +
              • + user_collected-email +
            • user_collected-email - List email addresses collected from captive portal. +
                +
              • ipv6 - Include collected email from IPv6 users. type: boolean required: False
                • + +
              + +
              • + user_detected-device +
            • user_detected-device - Retrieve a list of detected devices. +
                +
              • with_fortiap - Retrieve FortiAP information. type: boolean required: False
                • +
              • with_user - Retrieve authenticated user information. type: boolean required: False
                • +
              • with_endpoint - Retrieve FortiClient endpoint information. type: boolean required: False
                • +
              • with_dhcp - Retrieve DHCP lease information. type: boolean required: False
                • +
              • expand_child_macs - Include child devices as separate entries in the list. type: boolean required: False
                • +
              • with_fortilink - Retrieve FortiLink information. type: boolean required: False
                • + +
              + +
              • + user_device +
            • user_device - Retrieve a list of detected devices. +
                +
              • master_mac - Filter: Master MAC of a device. Multiple entries could be returned. type: string required: False
                • +
              • master_only - List of master device only. type: boolean required: False
                • + +
              + +
              • + user_device-category +
            • user_device-category + +
              • + user_device-type +
            • user_device-type + +
              • + user_device_query +
            • user_device_query - Retrieve user devices from user device store. List all the user devices if there is no filter set. +
                +
              • timestamp_from - To get entries since the timestamp for unified historical query. type: int required: False
                • +
              • query_type - Query type [latest|unified_latest|unified_history]. Default is latest. type: string required: False
                • +
              • number - Maximum number of entries to return. type: int required: False
                • +
              • start - Number of entries to skip from the beginning. type: int required: False
                • +
              • query_id - Provide a query ID to continue getting data for that unified request. Only available for unified query types. type: int required: False
                • +
              • filter_logic - The logic between filters [and|or]). Default is and. type: string required: False
                • +
              • filters - A list of filters. Type: {"type": string, "value": string, "op": string}. Op: filter operator [exact|contains|greaterThanEqualTo|lessThanEqualTo]. Default is exact. type: array required: False
                • +
              • timestamp_to - To get entries before the timestamp for unified historical query. type: int required: False
                • +
              • cache_query - Cache query result for 5 mins and return query ID. Only available for unified query types. Default is false. type: boolean required: False
                • +
              • key_only - Return primary key fields only. Default is false. type: boolean required: False
                • + +
              + +
              • + user_firewall +
            • user_firewall - List authenticated firewall users. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • ipv4 - Include IPv4 user (default=true). type: boolean required: False
                • +
              • ipv6 - Include IPv6 users. type: boolean required: False
                • + +
              + +
              • + user_fortitoken +
            • user_fortitoken + +
              • + user_fortitoken-cloud_status +
            • user_fortitoken-cloud_status + +
              • + user_fsso +
            • user_fsso - Get a list of fsso and fsso polling status. +
                +
              • type - Filter: Get the status for this type of FSSO entry [fsso|fsso-polling]. type: string required: False
                • +
              • mkey - Filter: Get the status for a specific FSSO entry. `type` is required if this is set. type: string required: False
                • + +
              + +
              • + user_info_query +
            • user_info_query - Query user info. +
                +
              • timestamp_from - To get entries since the timestamp for unified historical query. type: int required: False
                • +
              • query_type - Query type [latest|unified_latest|unified_history]. Default is latest. type: string required: False
                • +
              • number - Maximum number of entries to return. type: int required: False
                • +
              • start - Number of entries to skip from the beginning. type: int required: False
                • +
              • query_id - Provide a query ID to continue getting data for that unified request. Only available for unified query types. type: int required: False
                • +
              • filter_logic - The logic between filters [and|or]). Default is and. type: string required: False
                • +
              • filters - A list of filters. Type: {"type": string, "value": string, "op": string}. Op: filter operator [exact|contains|greaterThanEqualTo|lessThanEqualTo]. Default is exact. type: array required: False
                • +
              • timestamp_to - To get entries before the timestamp for unified historical query. type: int required: False
                • +
              • cache_query - Cache query result for 5 mins and return query ID. Only available for unified query types. Default is false. type: boolean required: False
                • +
              • key_only - Return primary key fields only. Default is false. type: boolean required: False
                • + +
              + +
              • + user_info_thumbnail +
            • user_info_thumbnail - Get user info thumbnail. Returns the first match to the filter. +
                +
              • filters - A list of filters. Type: {"type": string, "value": string} type: array required: True
                • + +
              + +
              • + user_info_thumbnail-file +
            • user_info_thumbnail-file - Get user info thumbnail by given file name. +
                +
              • filename - Thumbnail file name. The file name is from thumbnailPhoto field of user info query. type: string required: True
                • + +
              + +
              • + utm_antivirus_stats +
            • utm_antivirus_stats + +
              • + utm_app-lookup +
            • utm_app-lookup - Query remote FortiFlow database to resolve hosts to application control entries. +
                +
              • hosts - List of hosts to resolve. type: array required: False
                • + +
              + +
              • + utm_application-categories +
            • utm_application-categories + +
              • + utm_blacklisted-certificates +
            • utm_blacklisted-certificates - Retrieve a list of blacklisted SSL certificates. +
                +
              • count - Maximum number of entries to return. Limit is set to 2000. type: int required: True
                • +
              • start - Starting entry index. type: int required: True
                • + +
              + +
              • + utm_blacklisted-certificates_statistics +
            • utm_blacklisted-certificates_statistics + +
              • + videofilter_fortiguard-categories +
            • videofilter_fortiguard-categories + +
              • + virtual-wan_health-check +
            • virtual-wan_health-check + +
              • + virtual-wan_interface-log +
            • virtual-wan_interface-log - Retrieve log of SD-WAN interface quality information. +
                +
              • interface - Filter: Interface name. type: string required: False
                • +
              • seconds - Filter: Only return SLA logs generated in the last N seconds. type: int required: False
                • +
              • since - Filter: Only return SLA logs generated since this Unix timestamp. type: int required: False
                • + +
              + +
              • + virtual-wan_members +
            • virtual-wan_members + +
              • + virtual-wan_sla-log +
            • virtual-wan_sla-log - Retrieve log of SLA probe results for for each SD-WAN SLA rule. +
                +
              • interface - Filter: Interface name. type: string required: False
                • +
              • seconds - Filter: Only return SLA logs generated in the last N seconds. type: int required: False
                • +
              • since - Filter: Only return SLA logs generated since this Unix timestamp. type: int required: False
                • +
              • sla - Filter: SLA name. type: string required: False
                • +
              • sampling_interval - The interval to be used for sampling SLA logs, in seconds (default=5). type: int required: False
                • + +
              + +
              • + vpn-certificate_cert-name-available +
            • vpn-certificate_cert-name-available - Check if the local certificate name is available to use. +
                +
              • scope - Scope of certificate name [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
                • +
              • mkey - The certificate name to be checked. type: string required: True
                • + +
              + +
              • + vpn_ipsec +
            • vpn_ipsec - Return an array of active IPsec VPNs. +
                +
              • tunnel - Filter for a specific IPsec tunnel name. type: string required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • count - Maximum number of entries to return. type: int required: False
                • + +
              + +
              • + vpn_ocvpn_members +
            • vpn_ocvpn_members + +
              • + vpn_ocvpn_meta +
            • vpn_ocvpn_meta + +
              • + vpn_ocvpn_status +
            • vpn_ocvpn_status + +
              • + vpn_one-click_members +
            • vpn_one-click_members + +
              • + vpn_one-click_status +
            • vpn_one-click_status + +
              • + vpn_ssl +
            • vpn_ssl + +
              • + vpn_ssl_stats +
            • vpn_ssl_stats + +
              • + wanopt_history +
            • wanopt_history - Retrieve WAN opt. statistics history. +
                +
              • period - Statistics period [10-min*|hour|day|week|30-day]. type: string required: False
                • + +
              + +
              • + wanopt_peer_stats +
            • wanopt_peer_stats + +
              • + wanopt_webcache +
            • wanopt_webcache - Retrieve webcache statistics history. +
                +
              • period - Statistics period [10-min*|hour|day|week|30-day]. type: string required: False
                • + +
              + +
              • + web-ui_custom-language_download +
            • web-ui_custom-language_download - Download a custom language file. +
                +
              • filename - Name of custom language entry. type: string required: True
                • + +
              + +
              • + webcache_stats +
            • webcache_stats - Retrieve webcache statistics. +
                +
              • period - Statistics period [10min|hour|day|month]. type: string required: False
                • + +
              + +
              • + webfilter_category-quota +
            • webfilter_category-quota - Retrieve quota usage statistics for webfilter categories. +
                +
              • profile - Webfilter profile. type: string required: False
                • +
              • user - User or IP (required if profile specified). type: string required: False
                • + +
              + +
              • + webfilter_fortiguard-categories +
            • webfilter_fortiguard-categories - Return FortiGuard web filter categories. +
                +
              • convert_unrated_id - Convert Unrated category id to the one for CLI use. type: boolean required: False
                • +
              • include_unrated - Include Unrated category in result list. type: boolean required: False
                • + +
              + +
              • + webfilter_malicious-urls +
            • webfilter_malicious-urls + +
              • + webfilter_malicious-urls_stat +
            • webfilter_malicious-urls_stat + +
              • + webfilter_override +
            • webfilter_override + +
              • + webfilter_trusted-urls +
            • webfilter_trusted-urls + +
              • + webproxy_pacfile_download +
            • webproxy_pacfile_download + +
              • + wifi_ap-names +
            • wifi_ap-names + +
              • + wifi_ap_channels +
            • wifi_ap_channels - Retrieve the set of channel lists for all possible band/configurations for the given FortiAP platform. +
                +
              • country - Two-letter code for the country the AP is operating in. type: string required: False
                • +
              • indoor_outdoor - FortiAP indoor/outdoor configuration value (0 for indoor, 1 for outdoor, 2 for default). type: int required: False
                • +
              • platform_type - Short name for platform type (e.g. '220A') type: string required: True
                • + +
              + +
              • + wifi_ap_status +
            • wifi_ap_status + +
              • + wifi_client +
            • wifi_client - Retrieve a list of connected WiFi clients. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • with_triangulation - Enable to include regions of FortiAP detecting the client. type: boolean required: False
                • +
              • type - Request type [all*|fail-login]. type: string required: False
                • + +
              + +
              • + wifi_euclid +
            • wifi_euclid + +
              • + wifi_firmware +
            • wifi_firmware - Retrieve a list of current and recommended firmware for FortiAPs in use. +
                +
              • version - Target firmware version of the parent FortiGate. type: object required: False
                • +
              • timeout - FortiGuard connection timeout (defaults to 2 seconds). type: int required: False
                • + +
              + +
              • + wifi_interfering_ap +
            • wifi_interfering_ap - Retrieve a list of interfering APs for one FortiAP radio. +
                +
              • wtp - FortiAP ID to query. type: string required: False
                • +
              • start - Starting entry index. type: int required: False
                • +
              • radio - Radio ID. type: int required: False
                • +
              • count - Maximum number of entries to return. type: int required: False
                • + +
              + +
              • + wifi_managed_ap +
            • wifi_managed_ap - Retrieve a list of managed FortiAPs. +
                +
              • incl_local - Enable to include the local FortiWiFi device in the results. type: boolean required: False
                • +
              • wtp_id - Filter: single managed FortiAP by ID. type: string required: False
                • + +
              + +
              • + wifi_matched-devices +
            • wifi_matched-devices + +
              • + wifi_meta +
            • wifi_meta + +
              • + wifi_network_list +
            • wifi_network_list + +
              • + wifi_network_status +
            • wifi_network_status + +
              • + wifi_region-image +
            • wifi_region-image - Retrieves a floorplan/region image from a configured FortiAP region. +
                +
              • region_name - Region name to retrieve image from. type: string required: True
                • + +
              + +
              • + wifi_rogue_ap +
            • wifi_rogue_ap - Retrieve a list of detected rogue APs. +
                +
              • count - Maximum number of entries to return. type: int required: False
                • +
              • managed_ssid_only - Filter: True to include only WiFi controller managed SSIDs. type: boolean required: False
                • +
              • start - Starting entry index. type: int required: False
                • + +
              + +
              • + wifi_spectrum +
            • wifi_spectrum - Retrieve spectrum analysis information for a specific FortiAP. +
                +
              • wtp_id - FortiAP ID to query. type: string required: True
                • + +
              + +
              • + wifi_unassociated-devices +
            • wifi_unassociated-devices - Retrieve a list of unassociated and BLE devices +
                +
              • with_triangulation - Enable to include regions of FortiAP detecting the device. type: boolean required: False
                • + +
              + +
              • + wifi_vlan-probe +
            • wifi_vlan-probe - Retrieve the VLAN probe results. +
                +
              • wtp - FortiAP ID. type: string required: True
                • +
              • ap_interface - FortiAP interface to send the probe on. type: int required: True
                • + +
              + +
              • +
            +
            +
            +
          • params - the parameter for each selector, see definition in above list.type: dict
            • + + +Notes +----- + +.. note:: + + - Different ``selector`` may have different parameters, users are expected to look up them for a specific selector. + + - For some selectors, the objects are global, no ``params`` are allowed to appear. + + - Not all parameters are required for a slector. + + - This module is exclusivly for FortiOS monitor API. + + - The result of API request is stored in ``results``. + + - There are three filtering parameters: ``filters``, ``sorters`` and ``formatters``, please see `filtering spec`_ for more information. + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigate03 + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + + - fortios_monitor_fact: + vdom: "" + enable_log: true + formatters: + - model_name + filters: + - model_name==FortiGat + selector: 'system_status' + + - name: fact gathering + fortios_monitor_fact: + vdom: "" + access_token: "" + selector: 'firewall_acl' + + - name: fact gathering + fortios_monitor_fact: + vdom: "" + access_token: "" + selector: 'firewall_security-policy' + params: + policyid: '1' + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: firmware
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: system
              • +
            • results - Object list retrieved from device. returned: always type: list
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            • ansible_facts - The list of fact subsets collected from the device returned: always type: dict
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@fshen01) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. + +.. _filtering spec: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/597/ \ No newline at end of file diff --git a/gen/fortios_alertemail_setting.rst b/gen/fortios_alertemail_setting.rst new file mode 100644 index 00000000..d902ef40 --- /dev/null +++ b/gen/fortios_alertemail_setting.rst @@ -0,0 +1,2781 @@ +:source: fortios_alertemail_setting.py + +:orphan: + +.. fortios_alertemail_setting: + +fortios_alertemail_setting -- Configure alert email settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify alertemail feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_alertemail_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • alertemail_setting - Configure alert email settings. type: dict + more... + +
              • +
                +
              • admin_login_logs - Enable/disable administrator login/logout logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • alert_interval - Alert alert interval in minutes. type: int + more... + +
                • +
              • amc_interface_bypass_mode - Enable/disable Fortinet Advanced Mezzanine Card (AMC) interface bypass mode logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • antivirus_logs - Enable/disable antivirus logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • configuration_changes_logs - Enable/disable configuration change logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • critical_interval - Critical alert interval in minutes. type: int + more... + +
                • +
              • debug_interval - Debug alert interval in minutes. type: int + more... + +
                • +
              • email_interval - Interval between sending alert emails (1 - 99999 min). type: int + more... + +
                • +
              • emergency_interval - Emergency alert interval in minutes. type: int + more... + +
                • +
              • error_interval - Error alert interval in minutes. type: int + more... + +
                • +
              • FDS_license_expiring_days - Number of days to send alert email prior to FortiGuard license expiration (1 - 100 days). type: int + more... + +
                • +
              • FDS_license_expiring_warning - Enable/disable FortiGuard license expiration warnings in alert email. type: str choices: enable, disable + more... + +
                • +
              • FDS_update_logs - Enable/disable FortiGuard update logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • filter_mode - How to filter log messages that are sent to alert emails. type: str choices: category, threshold + more... + +
                • +
              • FIPS_CC_errors - Enable/disable FIPS and Common Criteria error logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • firewall_authentication_failure_logs - Enable/disable firewall authentication failure logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • fortiguard_log_quota_warning - Enable/disable FortiCloud log quota warnings in alert email. type: str choices: enable, disable + more... + +
                • +
              • FSSO_disconnect_logs - Enable/disable logging of FSSO collector agent disconnect. type: str choices: enable, disable + more... + +
                • +
              • HA_logs - Enable/disable HA logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • information_interval - Information alert interval in minutes. type: int + more... + +
                • +
              • IPS_logs - Enable/disable IPS logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • IPsec_errors_logs - Enable/disable IPsec error logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • local_disk_usage - Disk usage percentage at which to send alert email (1 - 99 percent). type: int + more... + +
                • +
              • log_disk_usage_warning - Enable/disable disk usage warnings in alert email. type: str choices: enable, disable + more... + +
                • +
              • mailto1 - Email address to send alert email to (usually a system administrator) (max. 63 characters). type: str + more... + +
                • +
              • mailto2 - Optional second email address to send alert email to (max. 63 characters). type: str + more... + +
                • +
              • mailto3 - Optional third email address to send alert email to (max. 63 characters). type: str + more... + +
                • +
              • notification_interval - Notification alert interval in minutes. type: int + more... + +
                • +
              • PPP_errors_logs - Enable/disable PPP error logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • ssh_logs - Enable/disable SSH logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_authentication_errors_logs - Enable/disable SSL-VPN authentication error logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • username - Name that appears in the From: field of alert emails (max. 63 characters). type: str + more... + +
                • +
              • violation_traffic_logs - Enable/disable violation traffic logs in alert email. type: str choices: enable, disable + more... + +
                • +
              • warning_interval - Warning alert interval in minutes. type: int + more... + +
                • +
              • webfilter_logs - Enable/disable web filter logs in alert email. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure alert email settings. + fortios_alertemail_setting: + vdom: "{{ vdom }}" + alertemail_setting: + admin_login_logs: "enable" + alert_interval: "4" + amc_interface_bypass_mode: "enable" + antivirus_logs: "enable" + configuration_changes_logs: "enable" + critical_interval: "8" + debug_interval: "9" + email_interval: "10" + emergency_interval: "11" + error_interval: "12" + FDS_license_expiring_days: "13" + FDS_license_expiring_warning: "enable" + FDS_update_logs: "enable" + filter_mode: "category" + FIPS_CC_errors: "enable" + firewall_authentication_failure_logs: "enable" + fortiguard_log_quota_warning: "enable" + FSSO_disconnect_logs: "enable" + HA_logs: "enable" + information_interval: "22" + IPS_logs: "enable" + IPsec_errors_logs: "enable" + local_disk_usage: "25" + log_disk_usage_warning: "enable" + mailto1: "" + mailto2: "" + mailto3: "" + notification_interval: "30" + PPP_errors_logs: "enable" + severity: "emergency" + ssh_logs: "enable" + sslvpn_authentication_errors_logs: "enable" + username: "" + violation_traffic_logs: "enable" + warning_interval: "37" + webfilter_logs: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_antivirus_heuristic.rst b/gen/fortios_antivirus_heuristic.rst new file mode 100644 index 00000000..58560b73 --- /dev/null +++ b/gen/fortios_antivirus_heuristic.rst @@ -0,0 +1,262 @@ +:source: fortios_antivirus_heuristic.py + +:orphan: + +.. fortios_antivirus_heuristic: + +fortios_antivirus_heuristic -- Configure global heuristic options in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and heuristic category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_antivirus_heuristicyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • antivirus_heuristic - Configure global heuristic options. type: dict + more... + +
              • +
                +
              • mode - Enable/disable heuristics and determine how the system behaves if heuristics detects a problem. type: str choices: pass, block, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global heuristic options. + fortios_antivirus_heuristic: + vdom: "{{ vdom }}" + antivirus_heuristic: + mode: "pass" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_antivirus_mms_checksum.rst b/gen/fortios_antivirus_mms_checksum.rst new file mode 100644 index 00000000..047c13a5 --- /dev/null +++ b/gen/fortios_antivirus_mms_checksum.rst @@ -0,0 +1,399 @@ +:source: fortios_antivirus_mms_checksum.py + +:orphan: + +.. fortios_antivirus_mms_checksum: + +fortios_antivirus_mms_checksum -- Configure MMS content checksum list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and mms_checksum category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_antivirus_mms_checksumyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • antivirus_mms_checksum - Configure MMS content checksum list. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - modify this MMS content checksum list type: list member_path: entries:name + more... + +
                • +
                  +
                • checksum - MMS attachment checksum value (CRC32) type: str + more... + +
                  • +
                • name - entry name, for administrator reference type: str required: true + more... + +
                  • +
                • status - apply this entry during attachment inspection type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MMS content checksum list. + fortios_antivirus_mms_checksum: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + antivirus_mms_checksum: + comment: "Optional comments." + entries: + - + checksum: "" + name: "default_name_6" + status: "enable" + id: "8" + name: "default_name_9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_antivirus_notification.rst b/gen/fortios_antivirus_notification.rst new file mode 100644 index 00000000..a5c95a80 --- /dev/null +++ b/gen/fortios_antivirus_notification.rst @@ -0,0 +1,419 @@ +:source: fortios_antivirus_notification.py + +:orphan: + +.. fortios_antivirus_notification: + +fortios_antivirus_notification -- Configure AntiVirus notification lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and notification category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_antivirus_notificationyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • antivirus_notification - Configure AntiVirus notification lists. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - modify this antivirus notification list type: list member_path: entries:name + more... + +
                • +
                  +
                • name - virus name or prefix type: str required: true + more... + +
                  • +
                • prefix - enable prefix matches based on this name type: str choices: enable, disable + more... + +
                  • +
                • status - enable this entry for notifications type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiVirus notification lists. + fortios_antivirus_notification: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + antivirus_notification: + comment: "Optional comments." + entries: + - + name: "default_name_5" + prefix: "enable" + status: "enable" + id: "8" + name: "default_name_9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_antivirus_profile.rst b/gen/fortios_antivirus_profile.rst new file mode 100644 index 00000000..33704495 --- /dev/null +++ b/gen/fortios_antivirus_profile.rst @@ -0,0 +1,15324 @@ +:source: fortios_antivirus_profile.py + +:orphan: + +.. fortios_antivirus_profile: + +fortios_antivirus_profile -- Configure AntiVirus profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_antivirus_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • antivirus_profile - Configure AntiVirus profiles. type: dict + more... + +
              • +
                +
              • analytics_accept_filetype - Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. type: int + more... + +
                • +
              • analytics_bl_filetype - Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. type: int + more... + +
                • +
              • analytics_db - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. type: str choices: disable, enable + more... + +
                • +
              • analytics_ignore_filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. type: int + more... + +
                • +
              • analytics_max_upload - Maximum size of files that can be uploaded to FortiSandbox. type: int + more... + +
                • +
              • analytics_wl_filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. type: int + more... + +
                • +
              • av_block_log - Enable/disable logging for AntiVirus file blocking. type: str choices: enable, disable + more... + +
                • +
              • av_virus_log - Enable/disable AntiVirus logging. type: str choices: enable, disable + more... + +
                • +
              • cifs - Configure CIFS AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • content_disarm - AV Content Disarm and Reconstruction settings. type: dict + more... + +
                • +
                  +
                • cover_page - Enable/disable inserting a cover page into the disarmed document. type: str choices: disable, enable + more... + +
                  • +
                • detect_only - Enable/disable only detect disarmable files, do not alter content. type: str choices: disable, enable + more... + +
                  • +
                • error_action - Action to be taken if CDR engine encounters an unrecoverable error. type: str choices: block, log-only, ignore + more... + +
                  • +
                • office_action - Enable/disable stripping of PowerPoint action events in Microsoft Office documents. type: str choices: disable, enable + more... + +
                  • +
                • office_dde - Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents. type: str choices: disable, enable + more... + +
                  • +
                • office_embed - Enable/disable stripping of embedded objects in Microsoft Office documents. type: str choices: disable, enable + more... + +
                  • +
                • office_hylink - Enable/disable stripping of hyperlinks in Microsoft Office documents. type: str choices: disable, enable + more... + +
                  • +
                • office_linked - Enable/disable stripping of linked objects in Microsoft Office documents. type: str choices: disable, enable + more... + +
                  • +
                • office_macro - Enable/disable stripping of macros in Microsoft Office documents. type: str choices: disable, enable + more... + +
                  • +
                • original_file_destination - Destination to send original file if active content is removed. type: str choices: fortisandbox, quarantine, discard + more... + +
                  • +
                • pdf_act_form - Enable/disable stripping of PDF document actions that submit data to other targets. type: str choices: disable, enable + more... + +
                  • +
                • pdf_act_gotor - Enable/disable stripping of PDF document actions that access other PDF documents. type: str choices: disable, enable + more... + +
                  • +
                • pdf_act_java - Enable/disable stripping of PDF document actions that execute JavaScript code. type: str choices: disable, enable + more... + +
                  • +
                • pdf_act_launch - Enable/disable stripping of PDF document actions that launch other applications. type: str choices: disable, enable + more... + +
                  • +
                • pdf_act_movie - Enable/disable stripping of PDF document actions that play a movie. type: str choices: disable, enable + more... + +
                  • +
                • pdf_act_sound - Enable/disable stripping of PDF document actions that play a sound. type: str choices: disable, enable + more... + +
                  • +
                • pdf_embedfile - Enable/disable stripping of embedded files in PDF documents. type: str choices: disable, enable + more... + +
                  • +
                • pdf_hyperlink - Enable/disable stripping of hyperlinks from PDF documents. type: str choices: disable, enable + more... + +
                  • +
                • pdf_javacode - Enable/disable stripping of JavaScript code in PDF documents. type: str choices: disable, enable + more... + +
                  • +
                +
              • ems_threat_feed - Enable/disable use of EMS threat feed when performing AntiVirus scan. Analyzes files including the content of archives. type: str choices: disable, enable + more... + +
                • +
              • extended_log - Enable/disable extended logging for antivirus. type: str choices: enable, disable + more... + +
                • +
              • external_blocklist - One or more external malware block lists. type: list member_path: external_blocklist:name + more... + +
                • +
                  +
                • name - External blocklist. Source system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • external_blocklist_archive_scan - Enable/disable external-blocklist archive scanning. type: str choices: disable, enable + more... + +
                • +
              • external_blocklist_enable_all - Enable/disable all external blocklists. type: str choices: disable, enable + more... + +
                • +
              • feature_set - Flow/proxy feature set. type: str choices: flow, proxy + more... + +
                • +
              • fortiai_error_action - Action to take if FortiAI encounters an error. type: str choices: log-only, block, ignore + more... + +
                • +
              • fortiai_timeout_action - Action to take if FortiAI encounters a scan timeout. type: str choices: log-only, block, ignore + more... + +
                • +
              • ftgd_analytics - Settings to control which files are uploaded to FortiSandbox. type: str choices: disable, suspicious, everything + more... + +
                • +
              • ftp - Configure FTP AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • http - Configure HTTP AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • content_disarm - Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. type: str choices: disable, enable + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • imap - Configure IMAP AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • content_disarm - Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. type: str choices: disable, enable + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • inspection_mode - Inspection mode. type: str choices: proxy, flow-based + more... + +
                • +
              • mapi - Configure MAPI AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • mobile_malware_db - Enable/disable using the mobile malware signature database. type: str choices: disable, enable + more... + +
                • +
              • nac_quar - Configure AntiVirus quarantine settings. type: dict + more... + +
                • +
                  +
                • expiry - Duration of quarantine. type: str + more... + +
                  • +
                • infected - Enable/Disable quarantining infected hosts to the banned user list. type: str choices: none, quar-src-ip + more... + +
                  • +
                • log - Enable/disable AntiVirus quarantine logging. type: str choices: enable, disable + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • nntp - Configure NNTP AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • outbreak_prevention - Configure Virus Outbreak Prevention settings. type: dict + more... + +
                • +
                  +
                • external_blocklist - Enable/disable external malware blocklist. type: str choices: disable, enable + more... + +
                  • +
                • ftgd_service - Enable/disable FortiGuard Virus outbreak prevention service. type: str choices: disable, enable + more... + +
                  • +
                +
              • outbreak_prevention_archive_scan - Enable/disable outbreak-prevention archive scanning. type: str choices: disable, enable + more... + +
                • +
              • pop3 - Configure POP3 AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • content_disarm - Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. type: str choices: disable, enable + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • replacemsg_group - Replacement message group customized for this profile. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • scan_mode - Configure scan mode . type: str choices: default, legacy, quick, full + more... + +
                • +
              • smb - Configure SMB AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled + more... + +
                  • +
                • archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • options - Enable/disable SMB AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive + more... + +
                  • +
                +
              • smtp - Configure SMTP AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • content_disarm - Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. type: str choices: disable, enable + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              • ssh - Configure SFTP and SCP AntiVirus options. type: dict + more... + +
                • +
                  +
                • archive_block - Select the archive types to block. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • archive_log - Select the archive types to log. type: list choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, timeout, unhandled, fileslimit + more... + +
                  • +
                • av_scan - Enable AntiVirus scan service. type: str choices: disable, block, monitor + more... + +
                  • +
                • emulator - Enable/disable the virus emulator. type: str choices: enable, disable + more... + +
                  • +
                • external_blocklist - Enable external-blocklist. Analyzes files including the content of archives. type: str choices: disable, block, monitor + more... + +
                  • +
                • fortiai - Enable/disable scanning of files by FortiAI. type: str choices: disable, block, monitor + more... + +
                  • +
                • options - Enable/disable SFTP and SCP AntiVirus scanning, monitoring, and quarantine. type: list choices: scan, avmonitor, quarantine + more... + +
                  • +
                • outbreak_prevention - Enable virus outbreak prevention service. type: str choices: disable, block, monitor, disabled, files, full-archive + more... + +
                  • +
                • quarantine - Enable/disable quarantine for infected files. type: str choices: disable, enable + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiVirus profiles. + fortios_antivirus_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + antivirus_profile: + analytics_accept_filetype: "3 (source dlp.filepattern.id)" + analytics_bl_filetype: "4 (source dlp.filepattern.id)" + analytics_db: "disable" + analytics_ignore_filetype: "6 (source dlp.filepattern.id)" + analytics_max_upload: "7" + analytics_wl_filetype: "8 (source dlp.filepattern.id)" + av_block_log: "enable" + av_virus_log: "enable" + cifs: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + emulator: "enable" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + comment: "Comment." + content_disarm: + cover_page: "disable" + detect_only: "disable" + error_action: "block" + office_action: "disable" + office_dde: "disable" + office_embed: "disable" + office_hylink: "disable" + office_linked: "disable" + office_macro: "disable" + original_file_destination: "fortisandbox" + pdf_act_form: "disable" + pdf_act_gotor: "disable" + pdf_act_java: "disable" + pdf_act_launch: "disable" + pdf_act_movie: "disable" + pdf_act_sound: "disable" + pdf_embedfile: "disable" + pdf_hyperlink: "disable" + pdf_javacode: "disable" + ems_threat_feed: "disable" + extended_log: "enable" + external_blocklist: + - + name: "default_name_45 (source system.external-resource.name)" + external_blocklist_archive_scan: "disable" + external_blocklist_enable_all: "disable" + feature_set: "flow" + fortiai_error_action: "log-only" + fortiai_timeout_action: "log-only" + ftgd_analytics: "disable" + ftp: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + emulator: "enable" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + http: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + content_disarm: "disable" + emulator: "enable" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + imap: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + content_disarm: "disable" + emulator: "enable" + executables: "default" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + inspection_mode: "proxy" + mapi: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + emulator: "enable" + executables: "default" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + mobile_malware_db: "disable" + nac_quar: + expiry: "" + infected: "none" + log: "enable" + name: "default_name_102" + nntp: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + emulator: "enable" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + outbreak_prevention: + external_blocklist: "disable" + ftgd_service: "disable" + outbreak_prevention_archive_scan: "disable" + pop3: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + content_disarm: "disable" + emulator: "enable" + executables: "default" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + replacemsg_group: " (source system.replacemsg-group.name)" + scan_mode: "default" + smb: + archive_block: "encrypted" + archive_log: "encrypted" + emulator: "enable" + options: "scan" + outbreak_prevention: "disabled" + smtp: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + content_disarm: "disable" + emulator: "enable" + executables: "default" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + ssh: + archive_block: "encrypted" + archive_log: "encrypted" + av_scan: "disable" + emulator: "enable" + external_blocklist: "disable" + fortiai: "disable" + options: "scan" + outbreak_prevention: "disable" + quarantine: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_antivirus_quarantine.rst b/gen/fortios_antivirus_quarantine.rst new file mode 100644 index 00000000..96d0fcc5 --- /dev/null +++ b/gen/fortios_antivirus_quarantine.rst @@ -0,0 +1,3608 @@ +:source: fortios_antivirus_quarantine.py + +:orphan: + +.. fortios_antivirus_quarantine: + +fortios_antivirus_quarantine -- Configure quarantine options in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_antivirus_quarantineyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • antivirus_quarantine - Configure quarantine options. type: dict + more... + +
              • +
                +
              • agelimit - Age limit for quarantined files (0 - 479 hours, 0 means forever). type: int + more... + +
                • +
              • destination - Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them. type: str choices: None, disk, FortiAnalyzer + more... + +
                • +
              • drop_blocked - Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, ftps, mapi, cifs, ssh, mm1, mm3, mm4, mm7 + more... + +
                • +
              • drop_heuristic - Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, ssh, mm1, mm3, mm4, mm7 + more... + +
                • +
              • drop_infected - Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, ssh, mm1, mm3, mm4, mm7 + more... + +
                • +
              • drop_intercepted - drop intercepted from a protocol type: list choices: imap, smtp, pop3, http, ftp, imaps, smtps, pop3s, https, ftps, mapi, mm1, mm3, mm4, mm7 + more... + +
                • +
              • drop_machine_learning - Do not quarantine files detected by machine learning found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, ssh + more... + +
                • +
              • lowspace - Select the method for handling additional files when running low on disk space. type: str choices: drop-new, ovrw-old + more... + +
                • +
              • maxfilesize - Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). type: int + more... + +
                • +
              • quarantine_quota - The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). type: int + more... + +
                • +
              • store_blocked - Quarantine blocked files found in sessions using the selected protocols. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, ftps, mapi, cifs, ssh, mm1, mm3, mm4, mm7 + more... + +
                • +
              • store_heuristic - Quarantine files detected by heuristics found in sessions using the selected protocols. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, ssh, mm1, mm3, mm4, mm7 + more... + +
                • +
              • store_infected - Quarantine infected files found in sessions using the selected protocols. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, ssh, mm1, mm3, mm4, mm7 + more... + +
                • +
              • store_intercepted - quarantine intercepted from a protocol type: list choices: imap, smtp, pop3, http, ftp, imaps, smtps, pop3s, https, ftps, mapi, mm1, mm3, mm4, mm7 + more... + +
                • +
              • store_machine_learning - Quarantine files detected by machine learning found in sessions using the selected protocols. type: list choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, ssh + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure quarantine options. + fortios_antivirus_quarantine: + vdom: "{{ vdom }}" + antivirus_quarantine: + agelimit: "3" + destination: "NULL" + drop_blocked: "imap" + drop_heuristic: "imap" + drop_infected: "imap" + drop_intercepted: "imap" + drop_machine_learning: "imap" + lowspace: "drop-new" + maxfilesize: "11" + quarantine_quota: "12" + store_blocked: "imap" + store_heuristic: "imap" + store_infected: "imap" + store_intercepted: "imap" + store_machine_learning: "imap" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_antivirus_settings.rst b/gen/fortios_antivirus_settings.rst new file mode 100644 index 00000000..1bb63ae0 --- /dev/null +++ b/gen/fortios_antivirus_settings.rst @@ -0,0 +1,756 @@ +:source: fortios_antivirus_settings.py + +:orphan: + +.. fortios_antivirus_settings: + +fortios_antivirus_settings -- Configure AntiVirus settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_antivirus_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • antivirus_settings - Configure AntiVirus settings. type: dict + more... + +
              • +
                +
              • cache_clean_result - Enable/disable cache of clean scan results . type: str choices: enable, disable + more... + +
                • +
              • cache_infected_result - Enable/disable cache of infected scan results . type: str choices: enable, disable + more... + +
                • +
              • default_db - Select the AV database to be used for AV scanning. type: str choices: normal, extended, extreme + more... + +
                • +
              • grayware - Enable/disable grayware detection when an AntiVirus profile is applied to traffic. type: str choices: enable, disable + more... + +
                • +
              • machine_learning_detection - Use machine learning based malware detection. type: str choices: enable, monitor, disable + more... + +
                • +
              • override_timeout - Override the large file scan timeout value in seconds (30 - 3600). Zero is the default value and is used to disable this command. When disabled, the daemon adjusts the large file scan timeout based on the file size. type: int + more... + +
                • +
              • use_extreme_db - Enable/disable the use of Extreme AVDB. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiVirus settings. + fortios_antivirus_settings: + vdom: "{{ vdom }}" + antivirus_settings: + cache_clean_result: "enable" + cache_infected_result: "enable" + default_db: "normal" + grayware: "enable" + machine_learning_detection: "enable" + override_timeout: "8" + use_extreme_db: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_application_custom.rst b/gen/fortios_application_custom.rst new file mode 100644 index 00000000..5037ee2f --- /dev/null +++ b/gen/fortios_application_custom.rst @@ -0,0 +1,654 @@ +:source: fortios_application_custom.py + +:orphan: + +.. fortios_application_custom: + +fortios_application_custom -- Configure custom application signatures in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_application_customyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • application_custom - Configure custom application signatures. type: dict + more... + +
              • +
                +
              • behavior - Custom application signature behavior. type: str + more... + +
                • +
              • category - Custom application category ID (use ? to view available options). type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • id - Custom application category ID (use ? to view available options). type: int + more... + +
                • +
              • name - Name of this custom application signature. type: str + more... + +
                • +
              • protocol - Custom application signature protocol. type: str + more... + +
                • +
              • signature - The text that makes up the actual custom application signature. type: str + more... + +
                • +
              • tag - Signature tag. type: str required: true + more... + +
                • +
              • technology - Custom application signature technology. type: str + more... + +
                • +
              • vendor - Custom application signature vendor. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom application signatures. + fortios_application_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_custom: + behavior: "" + category: "4" + comment: "Comment." + id: "6" + name: "default_name_7" + protocol: "" + signature: "" + tag: "" + technology: "" + vendor: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_application_group.rst b/gen/fortios_application_group.rst new file mode 100644 index 00000000..f423a293 --- /dev/null +++ b/gen/fortios_application_group.rst @@ -0,0 +1,825 @@ +:source: fortios_application_group.py + +:orphan: + +.. fortios_application_group: + +fortios_application_group -- Configure firewall application groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_application_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • application_group - Configure firewall application groups. type: dict + more... + +
              • +
                +
              • application - Application ID list. type: list member_path: application:id + more... + +
                • +
                  +
                • id - Application IDs. type: int required: true + more... + +
                  • +
                +
              • behavior - Application behavior filter. type: list
                • +
              • category - Application category ID list. type: list member_path: category:id + more... + +
                • +
                  +
                • id - Category IDs. type: int required: true + more... + +
                  • +
                +
              • comment - Comments. type: str + more... + +
                • +
              • name - Application group name. type: str required: true + more... + +
                • +
              • popularity - Application popularity filter (1 - 5, from least to most popular). type: list choices: 1, 2, 3, 4, 5 + more... + +
                • +
              • protocols - Application protocol filter. type: list
                • +
              • risk - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). type: list member_path: risk:level + more... + +
                • +
                  +
                • level - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). type: int required: true + more... + +
                  • +
                +
              • technology - Application technology filter. type: list
                • +
              • type - Application group type. type: str choices: application, filter, category + more... + +
                • +
              • vendor - Application vendor filter. type: list
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure firewall application groups. + fortios_application_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_group: + application: + - + id: "4" + behavior: "" + category: + - + id: "7" + comment: "Comments." + name: "default_name_9" + popularity: "1" + protocols: "" + risk: + - + level: "13" + technology: "" + type: "application" + vendor: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_application_list.rst b/gen/fortios_application_list.rst new file mode 100644 index 00000000..555ddf8a --- /dev/null +++ b/gen/fortios_application_list.rst @@ -0,0 +1,3865 @@ +:source: fortios_application_list.py + +:orphan: + +.. fortios_application_list: + +fortios_application_list -- Configure application control lists in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_application_listyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • application_list - Configure application control lists. type: dict + more... + +
              • +
                +
              • app_replacemsg - Enable/disable replacement messages for blocked applications. type: str choices: disable, enable + more... + +
                • +
              • comment - Comments. type: str + more... + +
                • +
              • control_default_network_services - Enable/disable enforcement of protocols over selected ports. type: str choices: disable, enable + more... + +
                • +
              • deep_app_inspection - Enable/disable deep application inspection. type: str choices: disable, enable + more... + +
                • +
              • default_network_services - Default network service entries. type: list member_path: default_network_services:id + more... + +
                • +
                  +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • port - Port number. type: int + more... + +
                  • +
                • services - Network protocols. type: str choices: http, ssh, telnet, ftp, dns, smtp, pop3, imap, snmp, nntp, https + more... + +
                  • +
                • violation_action - Action for protocols not in the allowlist for selected port. type: str choices: pass, monitor, block + more... + +
                  • +
                +
              • enforce_default_app_port - Enable/disable default application port enforcement for allowed applications. type: str choices: disable, enable + more... + +
                • +
              • entries - Application list entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Pass or block traffic, or reset connection for traffic from this application. type: str choices: pass, block, reset + more... + +
                  • +
                • application - ID of allowed applications. type: list member_path: entries:id/application:id + more... + +
                  • +
                    +
                  • id - Application IDs. type: int required: true + more... + +
                    • +
                  +
                • behavior - Application behavior filter. type: list
                  • +
                • category - Category ID list. type: list member_path: entries:id/category:id + more... + +
                  • +
                    +
                  • id - Application category ID. type: int required: true + more... + +
                    • +
                  +
                • exclusion - ID of excluded applications. type: list member_path: entries:id/exclusion:id + more... + +
                  • +
                    +
                  • id - Excluded application IDs. type: int required: true + more... + +
                    • +
                  +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • log - Enable/disable logging for this application list. type: str choices: disable, enable + more... + +
                  • +
                • log_packet - Enable/disable packet logging. type: str choices: disable, enable + more... + +
                  • +
                • parameters - Application parameters. type: list member_path: entries:id/parameters:id + more... + +
                  • +
                    +
                  • id - Parameter tuple ID. type: int required: true + more... + +
                    • +
                  • members - Parameter tuple members. type: list member_path: entries:id/parameters:id/members:id + more... + +
                    • +
                      +
                    • id - Parameter. type: int required: true + more... + +
                      • +
                    • name - Parameter name. type: str + more... + +
                      • +
                    • value - Parameter value. type: str + more... + +
                      • +
                    +
                  • value - Parameter value. type: str + more... + +
                    • +
                  +
                • per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                  • +
                • popularity - Application popularity filter (1 - 5, from least to most popular). type: list choices: 1, 2, 3, 4, 5 + more... + +
                  • +
                • protocols - Application protocol filter. type: list
                  • +
                • quarantine - Quarantine method. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine. (Format type: str + more... + +
                  • +
                • quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable + more... + +
                  • +
                • rate_count - Count of the rate. type: int + more... + +
                  • +
                • rate_duration - Duration (sec) of the rate. type: int + more... + +
                  • +
                • rate_mode - Rate limit mode. type: str choices: periodical, continuous + more... + +
                  • +
                • rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip, dhcp-client-mac, dns-domain + more... + +
                  • +
                • risk - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). type: list member_path: entries:id/risk:level + more... + +
                  • +
                    +
                  • level - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). type: int required: true + more... + +
                    • +
                  +
                • session_ttl - Session TTL (0 = default). type: int + more... + +
                  • +
                • shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                  • +
                • shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                  • +
                • sub_category - Application Sub-category ID list. type: list member_path: entries:id/sub_category:id + more... + +
                  • +
                    +
                  • id - Application sub-category ID. type: int required: true + more... + +
                    • +
                  +
                • technology - Application technology filter. type: list
                  • +
                • vendor - Application vendor filter. type: list
                  • +
                +
              • extended_log - Enable/disable extended logging. type: str choices: enable, disable + more... + +
                • +
              • force_inclusion_ssl_di_sigs - Enable/disable forced inclusion of SSL deep inspection signatures. type: str choices: disable, enable + more... + +
                • +
              • name - List name. type: str required: true + more... + +
                • +
              • options - Basic application protocol signatures allowed by default. type: list choices: allow-dns, allow-icmp, allow-http, allow-ssl, allow-quic + more... + +
                • +
              • other_application_action - Action for other applications. type: str choices: pass, block + more... + +
                • +
              • other_application_log - Enable/disable logging for other applications. type: str choices: disable, enable + more... + +
                • +
              • p2p_black_list - P2P applications to be black listed. type: list choices: skype, edonkey, bittorrent + more... + +
                • +
              • p2p_block_list - P2P applications to be block listed. type: list choices: skype, edonkey, bittorrent + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • unknown_application_action - Pass or block traffic from unknown applications. type: str choices: pass, block + more... + +
                • +
              • unknown_application_log - Enable/disable logging for unknown applications. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure application control lists. + fortios_application_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_list: + app_replacemsg: "disable" + comment: "Comments." + control_default_network_services: "disable" + deep_app_inspection: "disable" + default_network_services: + - + id: "8" + port: "9" + services: "http" + violation_action: "pass" + enforce_default_app_port: "disable" + entries: + - + action: "pass" + application: + - + id: "16" + behavior: "" + category: + - + id: "19" + exclusion: + - + id: "21" + id: "22" + log: "disable" + log_packet: "disable" + parameters: + - + id: "26" + members: + - + id: "28" + name: "default_name_29" + value: "" + value: "" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + popularity: "1" + protocols: "" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + rate_count: "38" + rate_duration: "39" + rate_mode: "periodical" + rate_track: "none" + risk: + - + level: "43" + session_ttl: "44" + shaper: " (source firewall.shaper.traffic-shaper.name)" + shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + sub_category: + - + id: "48" + technology: "" + vendor: "" + extended_log: "enable" + force_inclusion_ssl_di_sigs: "disable" + name: "default_name_53" + options: "allow-dns" + other_application_action: "pass" + other_application_log: "disable" + p2p_black_list: "skype" + p2p_block_list: "skype" + replacemsg_group: " (source system.replacemsg-group.name)" + unknown_application_action: "pass" + unknown_application_log: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_application_name.rst b/gen/fortios_application_name.rst new file mode 100644 index 00000000..78f2fcde --- /dev/null +++ b/gen/fortios_application_name.rst @@ -0,0 +1,1032 @@ +:source: fortios_application_name.py + +:orphan: + +.. fortios_application_name: + +fortios_application_name -- Configure application signatures in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_application_nameyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • application_name - Configure application signatures. type: dict + more... + +
              • +
                +
              • behavior - Application behavior. type: str + more... + +
                • +
              • category - Application category ID. type: int + more... + +
                • +
              • id - Application ID. type: int + more... + +
                • +
              • metadata - Meta data. type: list member_path: metadata:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • metaid - Meta ID. type: int + more... + +
                  • +
                • valueid - Value ID. type: int + more... + +
                  • +
                +
              • name - Application name. type: str required: true + more... + +
                • +
              • parameter - Application parameter name. type: str + more... + +
                • +
              • parameters - Application parameters. type: list member_path: parameters:name + more... + +
                • +
                  +
                • default value - Parameter default value. type: str + more... + +
                  • +
                • name - Parameter name. type: str required: true + more... + +
                  • +
                +
              • popularity - Application popularity. type: int + more... + +
                • +
              • protocol - Application protocol. type: str + more... + +
                • +
              • risk - Application risk. type: int + more... + +
                • +
              • sub_category - Application sub-category ID. type: int + more... + +
                • +
              • technology - Application technology. type: str + more... + +
                • +
              • vendor - Application vendor. type: str + more... + +
                • +
              • weight - Application weight. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure application signatures. + fortios_application_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_name: + behavior: "" + category: "4" + id: "5" + metadata: + - + id: "7" + metaid: "8" + valueid: "9" + name: "default_name_10" + parameter: "" + parameters: + - + default value: "" + name: "default_name_14" + popularity: "15" + protocol: "" + risk: "17" + sub_category: "18" + technology: "" + vendor: "" + weight: "21" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_application_rule_settings.rst b/gen/fortios_application_rule_settings.rst new file mode 100644 index 00000000..ccd8d675 --- /dev/null +++ b/gen/fortios_application_rule_settings.rst @@ -0,0 +1,262 @@ +:source: fortios_application_rule_settings.py + +:orphan: + +.. fortios_application_rule_settings: + +fortios_application_rule_settings -- Configure application rule settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and rule_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_application_rule_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • application_rule_settings - Configure application rule settings. type: dict + more... + +
              • +
                +
              • id - Rule ID. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure application rule settings. + fortios_application_rule_settings: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_rule_settings: + id: "3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_authentication_rule.rst b/gen/fortios_authentication_rule.rst new file mode 100644 index 00000000..cde9f181 --- /dev/null +++ b/gen/fortios_authentication_rule.rst @@ -0,0 +1,1359 @@ +:source: fortios_authentication_rule.py + +:orphan: + +.. fortios_authentication_rule: + +fortios_authentication_rule -- Configure Authentication Rules in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and rule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_authentication_ruleyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • authentication_rule - Configure Authentication Rules. type: dict + more... + +
              • +
                +
              • active_auth_method - Select an active authentication method. Source authentication.scheme.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Select an IPv4 destination address from available options. Required for web proxy authentication. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr6 - Select an IPv6 destination address from available options. Required for web proxy authentication. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • ip_based - Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted. type: str choices: enable, disable + more... + +
                • +
              • name - Authentication rule name. type: str required: true + more... + +
                • +
              • protocol - Authentication is required for the selected protocol . type: str choices: http, ftp, socks, ssh + more... + +
                • +
              • srcaddr - Authentication is required for the selected IPv4 source address. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr6 - Authentication is required for the selected IPv6 source address. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Incoming (ingress) interface. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • sso_auth_method - Select a single-sign on (SSO) authentication method. Source authentication.scheme.name. type: str + more... + +
                • +
              • status - Enable/disable this authentication rule. type: str choices: enable, disable + more... + +
                • +
              • transaction_based - Enable/disable transaction based authentication . type: str choices: enable, disable + more... + +
                • +
              • web_auth_cookie - Enable/disable Web authentication cookies . type: str choices: enable, disable + more... + +
                • +
              • web_portal - Enable/disable web portal for proxy transparent policy . type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Authentication Rules. + fortios_authentication_rule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + authentication_rule: + active_auth_method: " (source authentication.scheme.name)" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system + .external-resource.name)" + dstaddr6: + - + name: "default_name_8 (source firewall.address6.name firewall.addrgrp6.name)" + ip_based: "enable" + name: "default_name_10" + protocol: "http" + srcaddr: + - + name: "default_name_13 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system + .external-resource.name)" + srcaddr6: + - + name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: + - + name: "default_name_17 (source system.interface.name system.zone.name)" + sso_auth_method: " (source authentication.scheme.name)" + status: "enable" + transaction_based: "enable" + web_auth_cookie: "enable" + web_portal: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_authentication_scheme.rst b/gen/fortios_authentication_scheme.rst new file mode 100644 index 00000000..ae2b56aa --- /dev/null +++ b/gen/fortios_authentication_scheme.rst @@ -0,0 +1,1269 @@ +:source: fortios_authentication_scheme.py + +:orphan: + +.. fortios_authentication_scheme: + +fortios_authentication_scheme -- Configure Authentication Schemes in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and scheme category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_authentication_schemeyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • authentication_scheme - Configure Authentication Schemes. type: dict + more... + +
              • +
                +
              • domain_controller - Domain controller setting. Source user.domain-controller.name. type: str + more... + +
                • +
              • ems_device_owner - Enable/disable SSH public-key authentication with device owner . type: str choices: enable, disable + more... + +
                • +
              • fsso_agent_for_ntlm - FSSO agent to use for NTLM authentication. Source user.fsso.name. type: str + more... + +
                • +
              • fsso_guest - Enable/disable user fsso-guest authentication . type: str choices: enable, disable + more... + +
                • +
              • kerberos_keytab - Kerberos keytab setting. Source user.krb-keytab.name. type: str + more... + +
                • +
              • method - Authentication methods . type: list choices: ntlm, basic, digest, form, negotiate, fsso, rsso, ssh-publickey, cert, saml + more... + +
                • +
              • name - Authentication scheme name. type: str required: true + more... + +
                • +
              • negotiate_ntlm - Enable/disable negotiate authentication for NTLM . type: str choices: enable, disable + more... + +
                • +
              • require_tfa - Enable/disable two-factor authentication . type: str choices: enable, disable + more... + +
                • +
              • saml_server - SAML configuration. Source user.saml.name. type: str + more... + +
                • +
              • saml_timeout - SAML authentication timeout in seconds. type: int + more... + +
                • +
              • ssh_ca - SSH CA name. Source firewall.ssh.local-ca.name. type: str + more... + +
                • +
              • user_cert - Enable/disable authentication with user certificate . type: str choices: enable, disable + more... + +
                • +
              • user_database - Authentication server to contain user information; "local" (default) or "123" (for LDAP). type: list member_path: user_database:name + more... + +
                • +
                  +
                • name - Authentication server name. Source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Authentication Schemes. + fortios_authentication_scheme: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + authentication_scheme: + domain_controller: " (source user.domain-controller.name)" + ems_device_owner: "enable" + fsso_agent_for_ntlm: " (source user.fsso.name)" + fsso_guest: "enable" + kerberos_keytab: " (source user.krb-keytab.name)" + method: "ntlm" + name: "default_name_9" + negotiate_ntlm: "enable" + require_tfa: "enable" + saml_server: " (source user.saml.name)" + saml_timeout: "13" + ssh_ca: " (source firewall.ssh.local-ca.name)" + user_cert: "enable" + user_database: + - + name: "default_name_17 (source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_authentication_setting.rst b/gen/fortios_authentication_setting.rst new file mode 100644 index 00000000..21b01d5f --- /dev/null +++ b/gen/fortios_authentication_setting.rst @@ -0,0 +1,1094 @@ +:source: fortios_authentication_setting.py + +:orphan: + +.. fortios_authentication_setting: + +fortios_authentication_setting -- Configure authentication setting in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_authentication_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • authentication_setting - Configure authentication setting. type: dict + more... + +
              • +
                +
              • active_auth_scheme - Active authentication method (scheme name). Source authentication.scheme.name. type: str + more... + +
                • +
              • auth_https - Enable/disable redirecting HTTP user authentication to HTTPS. type: str choices: enable, disable + more... + +
                • +
              • captive_portal - Captive portal host name. Source firewall.address.name. type: str + more... + +
                • +
              • captive_portal_ip - Captive portal IP address. type: str + more... + +
                • +
              • captive_portal_ip6 - Captive portal IPv6 address. type: str + more... + +
                • +
              • captive_portal_port - Captive portal port number (1 - 65535). type: int + more... + +
                • +
              • captive_portal_ssl_port - Captive portal SSL port number (1 - 65535). type: int + more... + +
                • +
              • captive_portal_type - Captive portal type. type: str choices: fqdn, ip + more... + +
                • +
              • captive_portal6 - IPv6 captive portal host name. Source firewall.address6.name. type: str + more... + +
                • +
              • cert_auth - Enable/disable redirecting certificate authentication to HTTPS portal. type: str choices: enable, disable + more... + +
                • +
              • cert_captive_portal - Certificate captive portal host name. Source firewall.address.name. type: str + more... + +
                • +
              • cert_captive_portal_ip - Certificate captive portal IP address. type: str + more... + +
                • +
              • cert_captive_portal_port - Certificate captive portal port number (1 - 65535). type: int + more... + +
                • +
              • dev_range - Address range for the IP based device query. type: list member_path: dev_range:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • sso_auth_scheme - Single-Sign-On authentication method (scheme name). Source authentication.scheme.name. type: str + more... + +
                • +
              • user_cert_ca - CA certificate used for client certificate verification. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure authentication setting. + fortios_authentication_setting: + vdom: "{{ vdom }}" + authentication_setting: + active_auth_scheme: " (source authentication.scheme.name)" + auth_https: "enable" + captive_portal: " (source firewall.address.name)" + captive_portal_ip: "" + captive_portal_ip6: "" + captive_portal_port: "8" + captive_portal_ssl_port: "9" + captive_portal_type: "fqdn" + captive_portal6: " (source firewall.address6.name)" + cert_auth: "enable" + cert_captive_portal: " (source firewall.address.name)" + cert_captive_portal_ip: "" + cert_captive_portal_port: "15" + dev_range: + - + name: "default_name_17 (source firewall.address.name firewall.addrgrp.name)" + sso_auth_scheme: " (source authentication.scheme.name)" + user_cert_ca: + - + name: "default_name_20 (source vpn.certificate.ca.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_certificate_ca.rst b/gen/fortios_certificate_ca.rst new file mode 100644 index 00000000..7753c839 --- /dev/null +++ b/gen/fortios_certificate_ca.rst @@ -0,0 +1,865 @@ +:source: fortios_certificate_ca.py + +:orphan: + +.. fortios_certificate_ca: + +fortios_certificate_ca -- CA certificate in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and ca category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_certificate_cayesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • certificate_ca - CA certificate. type: dict + more... + +
              • +
                +
              • auto_update_days - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). type: int + more... + +
                • +
              • auto_update_days_warning - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). type: int + more... + +
                • +
              • ca - CA certificate as a PEM file. type: str + more... + +
                • +
              • ca_identifier - CA identifier of the SCEP server. type: str + more... + +
                • +
              • last_updated - Time at which CA was last updated. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • range - Either global or VDOM IP address range for the CA certificate. type: str choices: global, vdom + more... + +
                • +
              • scep_url - URL of the SCEP server. type: str + more... + +
                • +
              • source - CA certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              • source_ip - Source IP address for communications to the SCEP server. type: str + more... + +
                • +
              • ssl_inspection_trusted - Enable/disable this CA as a trusted CA for SSL inspection. type: str choices: enable, disable + more... + +
                • +
              • trusted - Enable/disable as a trusted CA. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: CA certificate. + fortios_certificate_ca: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_ca: + auto_update_days: "3" + auto_update_days_warning: "4" + ca: "" + ca_identifier: "myId_6" + last_updated: "7" + name: "default_name_8" + range: "global" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + ssl_inspection_trusted: "enable" + trusted: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_certificate_crl.rst b/gen/fortios_certificate_crl.rst new file mode 100644 index 00000000..f9755e38 --- /dev/null +++ b/gen/fortios_certificate_crl.rst @@ -0,0 +1,933 @@ +:source: fortios_certificate_crl.py + +:orphan: + +.. fortios_certificate_crl: + +fortios_certificate_crl -- Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and crl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_certificate_crlyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • certificate_crl - Certificate Revocation List as a PEM file. type: dict + more... + +
              • +
                +
              • crl - Certificate Revocation List as a PEM file. type: str + more... + +
                • +
              • http_url - HTTP server URL for CRL auto-update. type: str + more... + +
                • +
              • last_updated - Time at which CRL was last updated. type: int + more... + +
                • +
              • ldap_password - LDAP server user password. type: str + more... + +
                • +
              • ldap_server - LDAP server name for CRL auto-update. type: str + more... + +
                • +
              • ldap_username - LDAP server user name. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • range - Either global or VDOM IP address range for the certificate. type: str choices: global, vdom + more... + +
                • +
              • scep_cert - Local certificate for SCEP communication for CRL auto-update. Source certificate.local.name. type: str + more... + +
                • +
              • scep_url - SCEP server URL for CRL auto-update. type: str + more... + +
                • +
              • source - Certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              • source_ip - Source IP address for communications to a HTTP or SCEP CA server. type: str + more... + +
                • +
              • update_interval - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. type: int + more... + +
                • +
              • update_vdom - VDOM for CRL update. Source system.vdom.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Certificate Revocation List as a PEM file. + fortios_certificate_crl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_crl: + crl: "" + http_url: "" + last_updated: "5" + ldap_password: "" + ldap_server: "" + ldap_username: "" + name: "default_name_9" + range: "global" + scep_cert: " (source certificate.local.name)" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + update_interval: "15" + update_vdom: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_certificate_local.rst b/gen/fortios_certificate_local.rst new file mode 100644 index 00000000..335d97ca --- /dev/null +++ b/gen/fortios_certificate_local.rst @@ -0,0 +1,1813 @@ +:source: fortios_certificate_local.py + +:orphan: + +.. fortios_certificate_local: + +fortios_certificate_local -- Local keys and certificates in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_certificate_localyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • certificate_local - Local keys and certificates. type: dict + more... + +
              • +
                +
              • acme_ca_url - The URL for the ACME CA server (Let"s Encrypt is the ). type: str + more... + +
                • +
              • acme_domain - A valid domain that resolves to this FortiGate unit. type: str + more... + +
                • +
              • acme_email - Contact email address that is required by some CAs like LetsEncrypt. type: str + more... + +
                • +
              • acme_renew_window - Beginning of the renewal window (in days before certificate expiration, 30 by default). type: int + more... + +
                • +
              • acme_rsa_key_size - Length of the RSA private key of the generated cert (Minimum 2048 bits). type: int + more... + +
                • +
              • auto_regenerate_days - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). type: int + more... + +
                • +
              • auto_regenerate_days_warning - Number of days to wait before an expiry warning message is generated (0 = disabled). type: int + more... + +
                • +
              • ca_identifier - CA identifier of the CA server for signing via SCEP. type: str + more... + +
                • +
              • certificate - PEM format certificate. type: str + more... + +
                • +
              • cmp_path - Path location inside CMP server. type: str + more... + +
                • +
              • cmp_regeneration_method - CMP auto-regeneration method. type: str choices: keyupate, renewal + more... + +
                • +
              • cmp_server - Address and port for CMP server (format = address:port). type: str + more... + +
                • +
              • cmp_server_cert - CMP server certificate. Source certificate.ca.name certificate.remote.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • csr - Certificate Signing Request. type: str + more... + +
                • +
              • enroll_protocol - Certificate enrollment protocol. type: str choices: none, scep, cmpv2, acme2 + more... + +
                • +
              • ike_localid - Local ID the FortiGate uses for authentication as a VPN client. type: str + more... + +
                • +
              • ike_localid_type - IKE local ID type. type: str choices: asn1dn, fqdn + more... + +
                • +
              • last_updated - Time at which certificate was last updated. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • name_encoding - Name encoding method for auto-regeneration. type: str choices: printable, utf8 + more... + +
                • +
              • password - Password as a PEM file. type: str + more... + +
                • +
              • private_key - PEM format key encrypted with a password. type: str + more... + +
                • +
              • range - Either a global or VDOM IP address range for the certificate. type: str choices: global, vdom + more... + +
                • +
              • scep_password - SCEP server challenge password for auto-regeneration. type: str + more... + +
                • +
              • scep_url - SCEP server URL. type: str + more... + +
                • +
              • source - Certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              • source_ip - Source IP address for communications to the SCEP server. type: str + more... + +
                • +
              • state - Certificate Signing Request State. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Local keys and certificates. + fortios_certificate_local: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_local: + acme_ca_url: "" + acme_domain: "" + acme_email: "" + acme_renew_window: "6" + acme_rsa_key_size: "7" + auto_regenerate_days: "8" + auto_regenerate_days_warning: "9" + ca_identifier: "myId_10" + certificate: "" + cmp_path: "" + cmp_regeneration_method: "keyupate" + cmp_server: "" + cmp_server_cert: " (source certificate.ca.name certificate.remote.name)" + comments: "" + csr: "" + enroll_protocol: "none" + ike_localid: "" + ike_localid_type: "asn1dn" + last_updated: "21" + name: "default_name_22" + name_encoding: "printable" + password: "" + private_key: "" + range: "global" + scep_password: "" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + state: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_certificate_remote.rst b/gen/fortios_certificate_remote.rst new file mode 100644 index 00000000..38d7b45c --- /dev/null +++ b/gen/fortios_certificate_remote.rst @@ -0,0 +1,444 @@ +:source: fortios_certificate_remote.py + +:orphan: + +.. fortios_certificate_remote: + +fortios_certificate_remote -- Remote certificate as a PEM file in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and remote category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_certificate_remoteyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • certificate_remote - Remote certificate as a PEM file. type: dict + more... + +
              • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • range - Either the global or VDOM IP address range for the remote certificate. type: str choices: global, vdom + more... + +
                • +
              • remote - Remote certificate. type: str + more... + +
                • +
              • source - Remote certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Remote certificate as a PEM file. + fortios_certificate_remote: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_remote: + name: "default_name_3" + range: "global" + remote: "" + source: "factory" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_cifs_domain_controller.rst b/gen/fortios_cifs_domain_controller.rst new file mode 100644 index 00000000..4703f4f7 --- /dev/null +++ b/gen/fortios_cifs_domain_controller.rst @@ -0,0 +1,340 @@ +:source: fortios_cifs_domain_controller.py + +:orphan: + +.. fortios_cifs_domain_controller: + +fortios_cifs_domain_controller -- Define known domain controller servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify cifs feature and domain_controller category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1
            fortios_cifs_domain_controlleryesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • cifs_domain_controller - Define known domain controller servers. type: dict + more... + +
              • +
                +
              • domain_name - Fully qualified domain name (FQDN). E.g. "EXAMPLE.COM". type: str + more... + +
                • +
              • ip - IPv4 server address. type: str + more... + +
                • +
              • ip6 - IPv6 server address. type: str + more... + +
                • +
              • password - Password for specified username. type: str + more... + +
                • +
              • port - Port number of service. Port number 0 indicates automatic discovery. type: int + more... + +
                • +
              • server_name - Name of the server to connect to. type: str + more... + +
                • +
              • username - User name to sign in with. Must have proper permissions for service. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define known domain controller servers. + fortios_cifs_domain_controller: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + cifs_domain_controller: + domain_name: "" + ip: "" + ip6: "" + password: "" + port: "7" + server_name: "" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_cifs_profile.rst b/gen/fortios_cifs_profile.rst new file mode 100644 index 00000000..b28e30ff --- /dev/null +++ b/gen/fortios_cifs_profile.rst @@ -0,0 +1,610 @@ +:source: fortios_cifs_profile.py + +:orphan: + +.. fortios_cifs_profile: + +fortios_cifs_profile -- Configure CIFS profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify cifs feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1
            fortios_cifs_profileyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • cifs_profile - Configure CIFS profile. type: dict + more... + +
              • +
                +
              • domain_controller - Domain for which to decrypt CIFS traffic. Source credential-store.domain-controller.server-name. type: str + more... + +
                • +
              • file_filter - File filter. type: dict + more... + +
                • +
                  +
                • entries - File filter entries. type: list member_path: file_filter/entries:filter + more... + +
                  • +
                    +
                  • action - Action taken for matched file. type: str choices: log, block + more... + +
                    • +
                  • comment - Comment. type: str + more... + +
                    • +
                  • direction - Match files transmitted in the session"s originating or reply direction. type: str choices: incoming, outgoing, any + more... + +
                    • +
                  • file_type - Select file type. type: list member_path: file_filter/entries:filter/file_type:name + more... + +
                    • +
                      +
                    • name - File type name. Source antivirus.filetype.name. type: str required: true + more... + +
                      • +
                    +
                  • filter - Add a file filter. type: str required: true + more... + +
                    • +
                  • protocol - Protocols to apply with. type: str choices: cifs + more... + +
                    • +
                  +
                • log - Enable/disable file filter logging. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable file filter. type: str choices: enable, disable + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • server_credential_type - CIFS server credential type. type: str choices: none, credential-replication, credential-keytab + more... + +
                • +
              • server_keytab - Server keytab. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure CIFS profile. + fortios_cifs_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + cifs_profile: + domain_controller: " (source credential-store.domain-controller.server-name)" + file_filter: + entries: + - + action: "log" + comment: "Comment." + direction: "incoming" + file_type: + - + name: "default_name_10 (source antivirus.filetype.name)" + filter: "" + protocol: "cifs" + log: "enable" + status: "enable" + name: "default_name_15" + server_credential_type: "none" + server_keytab: + - + keytab: "" + password: "" + principal: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_credential_store_domain_controller.rst b/gen/fortios_credential_store_domain_controller.rst new file mode 100644 index 00000000..20c91700 --- /dev/null +++ b/gen/fortios_credential_store_domain_controller.rst @@ -0,0 +1,324 @@ +:source: fortios_credential_store_domain_controller.py + +:orphan: + +.. fortios_credential_store_domain_controller: + +fortios_credential_store_domain_controller -- Define known domain controller servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify credential_store feature and domain_controller category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4
            fortios_credential_store_domain_controlleryesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • credential_store_domain_controller - Define known domain controller servers. type: dict + more... + +
              • +
                +
              • domain_name - Fully qualified domain name (FQDN). type: str + more... + +
                • +
              • hostname - Hostname of the server to connect to. type: str + more... + +
                • +
              • ip - IPv4 server address. type: str + more... + +
                • +
              • ip6 - IPv6 server address. type: str + more... + +
                • +
              • password - Password for specified username. type: str + more... + +
                • +
              • port - Port number of service. Port number 0 indicates automatic discovery. type: int + more... + +
                • +
              • server_name - Name of the domain controller. type: str + more... + +
                • +
              • username - User name to sign in with. Must have proper permissions for service. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define known domain controller servers. + fortios_credential_store_domain_controller: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + credential_store_domain_controller: + domain_name: "" + hostname: "myhostname" + ip: "" + ip6: "" + password: "" + port: "8" + server_name: "" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dlp_filepattern.rst b/gen/fortios_dlp_filepattern.rst new file mode 100644 index 00000000..ea668406 --- /dev/null +++ b/gen/fortios_dlp_filepattern.rst @@ -0,0 +1,1719 @@ +:source: fortios_dlp_filepattern.py + +:orphan: + +.. fortios_dlp_filepattern: + +fortios_dlp_filepattern -- Configure file patterns used by DLP blocking in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and filepattern category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dlp_filepatternyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dlp_filepattern - Configure file patterns used by DLP blocking. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Configure file patterns used by DLP blocking. type: list member_path: entries:pattern + more... + +
                • +
                  +
                • file_type - Select a file type. type: str choices: 7z, arj, cab, lzh, rar, tar, zip, bzip, gzip, bzip2, xz, bat, uue, mime, base64, binhex, elf, exe, hta, html, jad, class, cod, javascript, msoffice, msofficex, fsg, upx, petite, aspack, sis, hlp, activemime, jpeg, gif, tiff, png, bmp, unknown, mpeg, mov, mp3, wma, wav, pdf, avi, rm, torrent, hibun, msi, mach-o, dmg, .net, xar, chm, iso, crx, flac, msc, ignored + more... + +
                  • +
                • filter_type - Filter by file name pattern or by file type. type: str choices: pattern, type + more... + +
                  • +
                • pattern - Add a file name pattern. type: str required: true + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table containing the file pattern list. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure file patterns used by DLP blocking. + fortios_dlp_filepattern: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_filepattern: + comment: "Optional comments." + entries: + - + file_type: "7z" + filter_type: "pattern" + pattern: "" + id: "8" + name: "default_name_9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dlp_fp_doc_source.rst b/gen/fortios_dlp_fp_doc_source.rst new file mode 100644 index 00000000..8535c905 --- /dev/null +++ b/gen/fortios_dlp_fp_doc_source.rst @@ -0,0 +1,1462 @@ +:source: fortios_dlp_fp_doc_source.py + +:orphan: + +.. fortios_dlp_fp_doc_source: + +fortios_dlp_fp_doc_source -- Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and fp_doc_source category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dlp_fp_doc_sourceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dlp_fp_doc_source - Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. type: dict + more... + +
              • +
                +
              • date - Day of the month on which to scan the server (1 - 31). type: int + more... + +
                • +
              • file_path - Path on the server to the fingerprint files (max 119 characters). type: str + more... + +
                • +
              • file_pattern - Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. type: str + more... + +
                • +
              • keep_modified - Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database. type: str choices: enable, disable + more... + +
                • +
              • name - Name of the DLP fingerprint database. type: str required: true + more... + +
                • +
              • password - Password required to log into the file server. type: str + more... + +
                • +
              • period - Frequency for which the FortiGate checks the server for new or changed files. type: str choices: none, daily, weekly, monthly + more... + +
                • +
              • remove_deleted - Enable to keep the fingerprint database up to date when a file is deleted from the server. type: str choices: enable, disable + more... + +
                • +
              • scan_on_creation - Enable to keep the fingerprint database up to date when a file is added or changed on the server. type: str choices: enable, disable + more... + +
                • +
              • scan_subdirectories - Enable/disable scanning subdirectories to find files to create fingerprints from. type: str choices: enable, disable + more... + +
                • +
              • sensitivity - Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using sensitivity. Source dlp .sensitivity.name. type: str + more... + +
                • +
              • server - IPv4 or IPv6 address of the server. type: str + more... + +
                • +
              • server_type - Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported. type: str choices: samba + more... + +
                • +
              • tod_hour - Hour of the day on which to scan the server (0 - 23). type: int + more... + +
                • +
              • tod_min - Minute of the hour on which to scan the server (0 - 59). type: int + more... + +
                • +
              • username - User name required to log into the file server. type: str + more... + +
                • +
              • vdom - Select the VDOM that can communicate with the file server. type: str choices: mgmt, current + more... + +
                • +
              • weekday - Day of the week on which to scan the server. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. + fortios_dlp_fp_doc_source: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_fp_doc_source: + date: "3" + file_path: "" + file_pattern: "" + keep_modified: "enable" + name: "default_name_7" + password: "" + period: "none" + remove_deleted: "enable" + scan_on_creation: "enable" + scan_subdirectories: "enable" + sensitivity: " (source dlp.sensitivity.name)" + server: "192.168.100.40" + server_type: "samba" + tod_hour: "16" + tod_min: "17" + username: "" + vdom: "mgmt" + weekday: "sunday" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dlp_fp_sensitivity.rst b/gen/fortios_dlp_fp_sensitivity.rst new file mode 100644 index 00000000..ce2c1927 --- /dev/null +++ b/gen/fortios_dlp_fp_sensitivity.rst @@ -0,0 +1,184 @@ +:source: fortios_dlp_fp_sensitivity.py + +:orphan: + +.. fortios_dlp_fp_sensitivity: + +fortios_dlp_fp_sensitivity -- Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and fp_sensitivity category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_dlp_fp_sensitivityyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dlp_fp_sensitivity - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. type: dict + more... + +
              • +
                +
              • name - DLP Sensitivity Levels. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. + fortios_dlp_fp_sensitivity: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_fp_sensitivity: + name: "default_name_3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dlp_sensitivity.rst b/gen/fortios_dlp_sensitivity.rst new file mode 100644 index 00000000..32e77a2a --- /dev/null +++ b/gen/fortios_dlp_sensitivity.rst @@ -0,0 +1,244 @@ +:source: fortios_dlp_sensitivity.py + +:orphan: + +.. fortios_dlp_sensitivity: + +fortios_dlp_sensitivity -- Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and sensitivity category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dlp_sensitivityyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dlp_sensitivity - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. type: dict + more... + +
              • +
                +
              • name - DLP Sensitivity Levels. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. + fortios_dlp_sensitivity: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_sensitivity: + name: "default_name_3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dlp_sensor.rst b/gen/fortios_dlp_sensor.rst new file mode 100644 index 00000000..364f207b --- /dev/null +++ b/gen/fortios_dlp_sensor.rst @@ -0,0 +1,2864 @@ +:source: fortios_dlp_sensor.py + +:orphan: + +.. fortios_dlp_sensor: + +fortios_dlp_sensor -- Configure DLP sensors in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and sensor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dlp_sensoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dlp_sensor - Configure DLP sensors. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • dlp_log - Enable/disable DLP logging. type: str choices: enable, disable + more... + +
                • +
              • extended_log - Enable/disable extended logging for data leak prevention. type: str choices: enable, disable + more... + +
                • +
              • feature_set - Flow/proxy feature set. type: str choices: flow, proxy + more... + +
                • +
              • filter - Set up DLP filters for this sensor. type: list member_path: filter:id + more... + +
                • +
                  +
                • action - Action to take with content that this DLP sensor matches. type: str choices: allow, log-only, block, quarantine-ip + more... + +
                  • +
                • archive - Enable/disable DLP archiving. type: str choices: disable, enable + more... + +
                  • +
                • company_identifier - Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. type: str + more... + +
                  • +
                • expiry - Quarantine duration in days, hours, minutes (format = dddhhmm). type: str + more... + +
                  • +
                • file_size - Match files this size or larger (0 - 4294967295 kbytes). type: int + more... + +
                  • +
                • file_type - Select the number of a DLP file pattern table to match. Source dlp.filepattern.id. type: int + more... + +
                  • +
                • filter_by - Select the type of content to match. type: str choices: credit-card, ssn, regexp, file-type, file-size, fingerprint, watermark, encrypted + more... + +
                  • +
                • fp_sensitivity - Select a DLP file pattern sensitivity to match. type: list member_path: filter:id/fp_sensitivity:name + more... + +
                  • +
                    +
                  • name - Select a DLP sensitivity. Source dlp.fp-sensitivity.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • match_percentage - Percentage of fingerprints in the fingerprint databases designated with the selected sensitivity to match. type: int + more... + +
                  • +
                • name - Filter name. type: str + more... + +
                  • +
                • proto - Check messages or files over one or more of these protocols. type: list choices: smtp, pop3, imap, http-get, http-post, ftp, nntp, mapi, ssh, cifs, mm1, mm3, mm4, mm7 + more... + +
                  • +
                • regexp - Enter a regular expression to match (max. 255 characters). type: str + more... + +
                  • +
                • sensitivity - Select a DLP file pattern sensitivity to match. type: list member_path: filter:id/sensitivity:name + more... + +
                  • +
                    +
                  • name - Select a DLP sensitivity. Source dlp.sensitivity.name. type: str required: true + more... + +
                    • +
                  +
                • severity - Select the severity or threat level that matches this filter. type: str choices: info, low, medium, high, critical + more... + +
                  • +
                • type - Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). type: str choices: file, message + more... + +
                  • +
                +
              • flow_based - Enable/disable flow-based DLP. type: str choices: enable, disable + more... + +
                • +
              • full_archive_proto - Protocols to always content archive. type: list choices: smtp, pop3, imap, http-get, http-post, ftp, nntp, mapi, ssh, cifs, mm1, mm3, mm4, mm7 + more... + +
                • +
              • nac_quar_log - Enable/disable NAC quarantine logging. type: str choices: enable, disable + more... + +
                • +
              • name - Name of the DLP sensor. type: str required: true + more... + +
                • +
              • options - Configure DLP options. type: str + more... + +
                • +
              • replacemsg_group - Replacement message group used by this DLP sensor. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • summary_proto - Protocols to always log summary. type: list choices: smtp, pop3, imap, http-get, http-post, ftp, nntp, mapi, ssh, cifs, mm1, mm3, mm4, mm7 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DLP sensors. + fortios_dlp_sensor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_sensor: + comment: "Comment." + dlp_log: "enable" + extended_log: "enable" + feature_set: "flow" + filter: + - + action: "allow" + archive: "disable" + company_identifier: "myId_10" + expiry: "" + file_size: "12" + file_type: "13 (source dlp.filepattern.id)" + filter_by: "credit-card" + fp_sensitivity: + - + name: "default_name_16 (source dlp.fp-sensitivity.name)" + id: "17" + match_percentage: "18" + name: "default_name_19" + proto: "smtp" + regexp: "" + sensitivity: + - + name: "default_name_23 (source dlp.sensitivity.name)" + severity: "info" + type: "file" + flow_based: "enable" + full_archive_proto: "smtp" + nac_quar_log: "enable" + name: "default_name_29" + options: "" + replacemsg_group: " (source system.replacemsg-group.name)" + summary_proto: "smtp" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dlp_settings.rst b/gen/fortios_dlp_settings.rst new file mode 100644 index 00000000..375963bc --- /dev/null +++ b/gen/fortios_dlp_settings.rst @@ -0,0 +1,500 @@ +:source: fortios_dlp_settings.py + +:orphan: + +.. fortios_dlp_settings: + +fortios_dlp_settings -- Designate logical storage for DLP fingerprint database in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dlp_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • dlp_settings - Designate logical storage for DLP fingerprint database. type: dict + more... + +
              • +
                +
              • cache_mem_percent - Maximum percentage of available memory allocated to caching (1 - 15). type: int + more... + +
                • +
              • chunk_size - Maximum fingerprint chunk size. Caution, changing this setting will flush the entire database. type: int + more... + +
                • +
              • db_mode - Behavior when the maximum size is reached. type: str choices: stop-adding, remove-modified-then-oldest, remove-oldest + more... + +
                • +
              • size - Maximum total size of files within the storage (MB). type: int + more... + +
                • +
              • storage_device - Storage device name. Source system.storage.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Designate logical storage for DLP fingerprint database. + fortios_dlp_settings: + vdom: "{{ vdom }}" + dlp_settings: + cache_mem_percent: "3" + chunk_size: "4" + db_mode: "stop-adding" + size: "6" + storage_device: " (source system.storage.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dnsfilter_domain_filter.rst b/gen/fortios_dnsfilter_domain_filter.rst new file mode 100644 index 00000000..a6915478 --- /dev/null +++ b/gen/fortios_dnsfilter_domain_filter.rst @@ -0,0 +1,785 @@ +:source: fortios_dnsfilter_domain_filter.py + +:orphan: + +.. fortios_dnsfilter_domain_filter: + +fortios_dnsfilter_domain_filter -- Configure DNS domain filters in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dnsfilter feature and domain_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dnsfilter_domain_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dnsfilter_domain_filter - Configure DNS domain filters. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - DNS domain filter entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Action to take for domain filter matches. type: str choices: block, allow, monitor + more... + +
                  • +
                • domain - Domain entries to be filtered. type: str + more... + +
                  • +
                • id - Id. type: int required: true + more... + +
                  • +
                • status - Enable/disable this domain filter. type: str choices: enable, disable + more... + +
                  • +
                • type - DNS domain filter type. type: str choices: simple, regex, wildcard + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS domain filters. + fortios_dnsfilter_domain_filter: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dnsfilter_domain_filter: + comment: "Optional comments." + entries: + - + action: "block" + domain: "" + id: "7" + status: "enable" + type: "simple" + id: "10" + name: "default_name_11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dnsfilter_profile.rst b/gen/fortios_dnsfilter_profile.rst new file mode 100644 index 00000000..e9c7d7fa --- /dev/null +++ b/gen/fortios_dnsfilter_profile.rst @@ -0,0 +1,2110 @@ +:source: fortios_dnsfilter_profile.py + +:orphan: + +.. fortios_dnsfilter_profile: + +fortios_dnsfilter_profile -- Configure DNS domain filter profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dnsfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dnsfilter_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • dnsfilter_profile - Configure DNS domain filter profile. type: dict + more... + +
              • +
                +
              • block_action - Action to take for blocked domains. type: str choices: block, redirect, block-sevrfail + more... + +
                • +
              • block_botnet - Enable/disable blocking botnet C&C DNS lookups. type: str choices: disable, enable + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • dns_translation - DNS translation settings. type: list member_path: dns_translation:id + more... + +
                • +
                  +
                • addr_type - DNS translation type (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                  • +
                • dst - IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src. type: str + more... + +
                  • +
                • dst6 - IPv6 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src6. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • netmask - If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst. type: str + more... + +
                  • +
                • prefix - If src6 and dst6 are subnets rather than single IP addresses, enter the prefix for both src6 and dst6 (1 - 128). type: int + more... + +
                  • +
                • src - IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst. type: str + more... + +
                  • +
                • src6 - IPv6 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst6. type: str + more... + +
                  • +
                • status - Enable/disable this DNS translation entry. type: str choices: enable, disable + more... + +
                  • +
                +
              • domain_filter - Domain filter settings. type: dict + more... + +
                • +
                  +
                • domain_filter_table - DNS domain filter table ID. Source dnsfilter.domain-filter.id. type: int + more... + +
                  • +
                +
              • external_ip_blocklist - One or more external IP block lists. type: list member_path: external_ip_blocklist:name + more... + +
                • +
                  +
                • name - External domain block list name. Source system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • ftgd_dns - FortiGuard DNS Filter settings. type: dict + more... + +
                • +
                  +
                • filters - FortiGuard DNS domain filters. type: list member_path: ftgd_dns/filters:id + more... + +
                  • +
                    +
                  • action - Action to take for DNS requests matching the category. type: str choices: block, monitor + more... + +
                    • +
                  • category - Category number. type: int + more... + +
                    • +
                  • id - ID number. type: int required: true + more... + +
                    • +
                  • log - Enable/disable DNS filter logging for this DNS profile. type: str choices: enable, disable + more... + +
                    • +
                  +
                • options - FortiGuard DNS filter options. type: str choices: error-allow, ftgd-disable + more... + +
                  • +
                +
              • log_all_domain - Enable/disable logging of all domains visited (detailed DNS logging). type: str choices: enable, disable + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • redirect_portal - IPv4 address of the SDNS redirect portal. type: str + more... + +
                • +
              • redirect_portal6 - IPv6 address of the SDNS redirect portal. type: str + more... + +
                • +
              • safe_search - Enable/disable Google, Bing, YouTube, Qwant, DuckDuckGo safe search. type: str choices: disable, enable + more... + +
                • +
              • sdns_domain_log - Enable/disable domain filtering and botnet domain logging. type: str choices: enable, disable + more... + +
                • +
              • sdns_ftgd_err_log - Enable/disable FortiGuard SDNS rating error logging. type: str choices: enable, disable + more... + +
                • +
              • youtube_restrict - Set safe search for YouTube restriction level. type: str choices: strict, moderate + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS domain filter profile. + fortios_dnsfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dnsfilter_profile: + block_action: "block" + block_botnet: "disable" + comment: "Comment." + dns_translation: + - + addr_type: "ipv4" + dst: "" + dst6: "" + id: "10" + netmask: "" + prefix: "12" + src: "" + src6: "" + status: "enable" + domain_filter: + domain_filter_table: "17 (source dnsfilter.domain-filter.id)" + external_ip_blocklist: + - + name: "default_name_19 (source system.external-resource.name)" + ftgd_dns: + filters: + - + action: "block" + category: "23" + id: "24" + log: "enable" + options: "error-allow" + log_all_domain: "enable" + name: "default_name_28" + redirect_portal: "" + redirect_portal6: "" + safe_search: "disable" + sdns_domain_log: "enable" + sdns_ftgd_err_log: "enable" + youtube_restrict: "strict" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dpdk_cpus.rst b/gen/fortios_dpdk_cpus.rst new file mode 100644 index 00000000..e6ad96a0 --- /dev/null +++ b/gen/fortios_dpdk_cpus.rst @@ -0,0 +1,303 @@ +:source: fortios_dpdk_cpus.py + +:orphan: + +.. fortios_dpdk_cpus: + +fortios_dpdk_cpus -- Configure CPUs enabled to run engines in each DPDK stage in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dpdk feature and cpus category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dpdk_cpusyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • dpdk_cpus - Configure CPUs enabled to run engines in each DPDK stage. type: dict + more... + +
              • +
                +
              • ips_cpus - CPUs enabled to run DPDK IPS engines. type: str + more... + +
                • +
              • isolated_cpus - CPUs isolated to run only the DPDK engines with the exception of processes that have affinity explicitly set by either a user configuration or by their implementation. type: str + more... + +
                • +
              • rx_cpus - CPUs enabled to run DPDK RX engines. type: str + more... + +
                • +
              • tx_cpus - CPUs enabled to run DPDK TX engines. type: str + more... + +
                • +
              • vnp_cpus - CPUs enabled to run DPDK VNP engines. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure CPUs enabled to run engines in each DPDK stage. + fortios_dpdk_cpus: + vdom: "{{ vdom }}" + dpdk_cpus: + ips_cpus: "" + isolated_cpus: "" + rx_cpus: "" + tx_cpus: "" + vnp_cpus: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_dpdk_global.rst b/gen/fortios_dpdk_global.rst new file mode 100644 index 00000000..a6cbe921 --- /dev/null +++ b/gen/fortios_dpdk_global.rst @@ -0,0 +1,509 @@ +:source: fortios_dpdk_global.py + +:orphan: + +.. fortios_dpdk_global: + +fortios_dpdk_global -- Configure global DPDK options in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dpdk feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_dpdk_globalyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • dpdk_global - Configure global DPDK options. type: dict + more... + +
              • +
                +
              • elasticbuffer - Enable/disable elasticbuffer support for all DPDK ports. type: str choices: disable, enable + more... + +
                • +
              • hugepage_percentage - Percentage of main memory allocated to hugepages, which are available for DPDK operation. type: int + more... + +
                • +
              • interface - Physical interfaces that enable DPDK. type: list + more... + +
                • +
                  +
                • interface_name - Physical interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • mbufpool_percentage - Percentage of main memory allocated to DPDK packet buffer. type: int + more... + +
                • +
              • multiqueue - Enable/disable multi-queue RX/TX support for all DPDK ports. type: str choices: disable, enable + more... + +
                • +
              • per_session_accounting - Enable/disable per-session accounting. type: str choices: disable, traffic-log-only, enable + more... + +
                • +
              • sleep_on_idle - Enable/disable sleep-on-idle support for all FDH engines. type: str choices: disable, enable + more... + +
                • +
              • status - Enable/disable DPDK operation for the entire system. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global DPDK options. + fortios_dpdk_global: + vdom: "{{ vdom }}" + dpdk_global: + elasticbuffer: "disable" + hugepage_percentage: "4" + interface: + - + interface_name: " (source system.interface.name)" + mbufpool_percentage: "7" + multiqueue: "disable" + per_session_accounting: "disable" + sleep_on_idle: "disable" + status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_block_allow_list.rst b/gen/fortios_emailfilter_block_allow_list.rst new file mode 100644 index 00000000..061c0b93 --- /dev/null +++ b/gen/fortios_emailfilter_block_allow_list.rst @@ -0,0 +1,616 @@ +:source: fortios_emailfilter_block_allow_list.py + +:orphan: + +.. fortios_emailfilter_block_allow_list: + +fortios_emailfilter_block_allow_list -- Configure anti-spam block/allow list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and block_allow_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_block_allow_listyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_block_allow_list - Configure anti-spam block/allow list. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Anti-spam block/allow entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Reject, mark as spam or good email. type: str choices: reject, spam, clear + more... + +
                  • +
                • addr_type - IP address type. type: str choices: ipv4, ipv6 + more... + +
                  • +
                • email_pattern - Email address pattern. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • ip4_subnet - IPv4 network address/subnet mask bits. type: str + more... + +
                  • +
                • ip6_subnet - IPv6 network address/subnet mask bits. type: str + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                • type - Entry type. type: str choices: ip, email + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure anti-spam block/allow list. + fortios_emailfilter_block_allow_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_block_allow_list: + comment: "Optional comments." + entries: + - + action: "reject" + addr_type: "ipv4" + email_pattern: "" + id: "8" + ip4_subnet: "" + ip6_subnet: "" + pattern_type: "wildcard" + status: "enable" + type: "ip" + id: "14" + name: "default_name_15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_bwl.rst b/gen/fortios_emailfilter_bwl.rst new file mode 100644 index 00000000..547eb172 --- /dev/null +++ b/gen/fortios_emailfilter_bwl.rst @@ -0,0 +1,657 @@ +:source: fortios_emailfilter_bwl.py + +:orphan: + +.. fortios_emailfilter_bwl: + +fortios_emailfilter_bwl -- Configure anti-spam black/white list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and bwl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_emailfilter_bwlyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_bwl - Configure anti-spam black/white list. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Anti-spam black/white list entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Reject, mark as spam or good email. type: str choices: reject, spam, clear + more... + +
                  • +
                • addr_type - IP address type. type: str choices: ipv4, ipv6 + more... + +
                  • +
                • email_pattern - Email address pattern. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • ip4_subnet - IPv4 network address/subnet mask bits. type: str + more... + +
                  • +
                • ip6_subnet - IPv6 network address/subnet mask bits. type: str + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                • type - Entry type. type: str choices: ip, email + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure anti-spam black/white list. + fortios_emailfilter_bwl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_bwl: + comment: "Optional comments." + entries: + - + action: "reject" + addr_type: "ipv4" + email_pattern: "" + id: "8" + ip4_subnet: "" + ip6_subnet: "" + pattern_type: "wildcard" + status: "enable" + type: "ip" + id: "14" + name: "default_name_15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_bword.rst b/gen/fortios_emailfilter_bword.rst new file mode 100644 index 00000000..ace17260 --- /dev/null +++ b/gen/fortios_emailfilter_bword.rst @@ -0,0 +1,959 @@ +:source: fortios_emailfilter_bword.py + +:orphan: + +.. fortios_emailfilter_bword: + +fortios_emailfilter_bword -- Configure AntiSpam banned word list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and bword category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_bwordyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_bword - Configure AntiSpam banned word list. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter banned word. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Mark spam or good. type: str choices: spam, clear + more... + +
                  • +
                • id - Banned word entry ID. type: int required: true + more... + +
                  • +
                • language - Language for the banned word. type: str choices: western, simch, trach, japanese, korean, french, thai, spanish + more... + +
                  • +
                • pattern - Pattern for the banned word. type: str + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • score - Score value. type: int + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                • where - Component of the email to be scanned. type: str choices: subject, body, all + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam banned word list. + fortios_emailfilter_bword: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_bword: + comment: "Optional comments." + entries: + - + action: "spam" + id: "6" + language: "western" + pattern: "" + pattern_type: "wildcard" + score: "10" + status: "enable" + where: "subject" + id: "13" + name: "default_name_14" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_dnsbl.rst b/gen/fortios_emailfilter_dnsbl.rst new file mode 100644 index 00000000..52bee4ed --- /dev/null +++ b/gen/fortios_emailfilter_dnsbl.rst @@ -0,0 +1,591 @@ +:source: fortios_emailfilter_dnsbl.py + +:orphan: + +.. fortios_emailfilter_dnsbl: + +fortios_emailfilter_dnsbl -- Configure AntiSpam DNSBL/ORBL in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and dnsbl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_dnsblyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_dnsbl - Configure AntiSpam DNSBL/ORBL. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter DNSBL and ORBL server. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Reject connection or mark as spam email. type: str choices: reject, spam + more... + +
                  • +
                • id - DNSBL/ORBL entry ID. type: int required: true + more... + +
                  • +
                • server - DNSBL or ORBL server name. type: str + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam DNSBL/ORBL. + fortios_emailfilter_dnsbl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_dnsbl: + comment: "Optional comments." + entries: + - + action: "reject" + id: "6" + server: "192.168.100.40" + status: "enable" + id: "9" + name: "default_name_10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_fortishield.rst b/gen/fortios_emailfilter_fortishield.rst new file mode 100644 index 00000000..e762934c --- /dev/null +++ b/gen/fortios_emailfilter_fortishield.rst @@ -0,0 +1,385 @@ +:source: fortios_emailfilter_fortishield.py + +:orphan: + +.. fortios_emailfilter_fortishield: + +fortios_emailfilter_fortishield -- Configure FortiGuard - AntiSpam in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and fortishield category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_fortishieldyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • emailfilter_fortishield - Configure FortiGuard - AntiSpam. type: dict + more... + +
              • +
                +
              • spam_submit_force - Enable/disable force insertion of a new mime entity for the submission text. type: str choices: enable, disable + more... + +
                • +
              • spam_submit_srv - Hostname of the spam submission server. type: str + more... + +
                • +
              • spam_submit_txt2htm - Enable/disable conversion of text email to HTML email. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard - AntiSpam. + fortios_emailfilter_fortishield: + vdom: "{{ vdom }}" + emailfilter_fortishield: + spam_submit_force: "enable" + spam_submit_srv: "" + spam_submit_txt2htm: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_iptrust.rst b/gen/fortios_emailfilter_iptrust.rst new file mode 100644 index 00000000..254315ae --- /dev/null +++ b/gen/fortios_emailfilter_iptrust.rst @@ -0,0 +1,631 @@ +:source: fortios_emailfilter_iptrust.py + +:orphan: + +.. fortios_emailfilter_iptrust: + +fortios_emailfilter_iptrust -- Configure AntiSpam IP trust in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and iptrust category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_iptrustyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_iptrust - Configure AntiSpam IP trust. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter trusted IP addresses. type: list member_path: entries:id + more... + +
                • +
                  +
                • addr_type - Type of address. type: str choices: ipv4, ipv6 + more... + +
                  • +
                • id - Trusted IP entry ID. type: int required: true + more... + +
                  • +
                • ip4_subnet - IPv4 network address or network address/subnet mask bits. type: str + more... + +
                  • +
                • ip6_subnet - IPv6 network address/subnet mask bits. type: str + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam IP trust. + fortios_emailfilter_iptrust: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_iptrust: + comment: "Optional comments." + entries: + - + addr_type: "ipv4" + id: "6" + ip4_subnet: "" + ip6_subnet: "" + status: "enable" + id: "10" + name: "default_name_11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_mheader.rst b/gen/fortios_emailfilter_mheader.rst new file mode 100644 index 00000000..6b0eec77 --- /dev/null +++ b/gen/fortios_emailfilter_mheader.rst @@ -0,0 +1,703 @@ +:source: fortios_emailfilter_mheader.py + +:orphan: + +.. fortios_emailfilter_mheader: + +fortios_emailfilter_mheader -- Configure AntiSpam MIME header in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and mheader category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_mheaderyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_mheader - Configure AntiSpam MIME header. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter mime header content. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Mark spam or good. type: str choices: spam, clear + more... + +
                  • +
                • fieldbody - Pattern for the header field body. type: str + more... + +
                  • +
                • fieldname - Pattern for header field name. type: str + more... + +
                  • +
                • id - Mime header entry ID. type: int required: true + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam MIME header. + fortios_emailfilter_mheader: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_mheader: + comment: "Optional comments." + entries: + - + action: "spam" + fieldbody: "" + fieldname: "" + id: "8" + pattern_type: "wildcard" + status: "enable" + id: "11" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_options.rst b/gen/fortios_emailfilter_options.rst new file mode 100644 index 00000000..79fb0693 --- /dev/null +++ b/gen/fortios_emailfilter_options.rst @@ -0,0 +1,241 @@ +:source: fortios_emailfilter_options.py + +:orphan: + +.. fortios_emailfilter_options: + +fortios_emailfilter_options -- Configure AntiSpam options in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_optionsyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • emailfilter_options - Configure AntiSpam options. type: dict + more... + +
              • +
                +
              • dns_timeout - DNS query time out (1 - 30 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam options. + fortios_emailfilter_options: + vdom: "{{ vdom }}" + emailfilter_options: + dns_timeout: "3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_emailfilter_profile.rst b/gen/fortios_emailfilter_profile.rst new file mode 100644 index 00000000..e33a1530 --- /dev/null +++ b/gen/fortios_emailfilter_profile.rst @@ -0,0 +1,3579 @@ +:source: fortios_emailfilter_profile.py + +:orphan: + +.. fortios_emailfilter_profile: + +fortios_emailfilter_profile -- Configure Email Filter profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify emailfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_emailfilter_profileyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • emailfilter_profile - Configure Email Filter profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • external - Enable/disable external Email inspection. type: str choices: enable, disable + more... + +
                • +
              • feature_set - Flow/proxy feature set. type: str choices: flow, proxy + more... + +
                • +
              • file_filter - File filter. type: dict + more... + +
                • +
                  +
                • entries - File filter entries. type: list member_path: file_filter/entries:filter + more... + +
                  • +
                    +
                  • action - Action taken for matched file. type: str choices: log, block + more... + +
                    • +
                  • comment - Comment. type: str + more... + +
                    • +
                  • file_type - Select file type. type: list member_path: file_filter/entries:filter/file_type:name + more... + +
                    • +
                      +
                    • name - File type name. Source antivirus.filetype.name. type: str required: true + more... + +
                      • +
                    +
                  • filter - Add a file filter. type: str required: true + more... + +
                    • +
                  • password_protected - Match password-protected files. type: str choices: True, any + more... + +
                    • +
                  • protocol - Protocols to apply with. type: str choices: smtp, imap, pop3 + more... + +
                    • +
                  +
                • log - Enable/disable file filter logging. type: str choices: enable, disable + more... + +
                  • +
                • scan_archive_contents - Enable/disable file filter archive contents scan. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable file filter. type: str choices: enable, disable + more... + +
                  • +
                +
              • gmail - Gmail. type: dict + more... + +
                • +
                  +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                +
              • imap - IMAP. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, tag + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                • tag_msg - Subject text or header added to spam email. type: str + more... + +
                  • +
                • tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo + more... + +
                  • +
                +
              • mapi - MAPI. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, discard + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                +
              • msn_hotmail - MSN Hotmail. type: dict + more... + +
                • +
                  +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • options - Options. type: list choices: bannedword, spambal, spamfsip, spamfssubmit, spamfschksum, spamfsurl, spamhelodns, spamraddrdns, spamrbl, spamhdrcheck, spamfsphish, spambwl + more... + +
                • +
              • other_webmails - Other supported webmails. type: dict + more... + +
                • +
                  +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                +
              • pop3 - POP3. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, tag + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                • tag_msg - Subject text or header added to spam email. type: str + more... + +
                  • +
                • tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo + more... + +
                  • +
                +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • smtp - SMTP. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, tag, discard + more... + +
                  • +
                • hdrip - Enable/disable SMTP email header IP checks for spamfsip, spamrbl, and spambal filters. type: str choices: disable, enable + more... + +
                  • +
                • local_override - Enable/disable local filter to override SMTP remote check result. type: str choices: disable, enable + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                • tag_msg - Subject text or header added to spam email. type: str + more... + +
                  • +
                • tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo + more... + +
                  • +
                +
              • spam_bal_table - Anti-spam block/allow list table ID. Source emailfilter.block-allow-list.id. type: int + more... + +
                • +
              • spam_bwl_table - Anti-spam black/white list table ID. Source emailfilter.bwl.id. type: int + more... + +
                • +
              • spam_bword_table - Anti-spam banned word table ID. Source emailfilter.bword.id. type: int + more... + +
                • +
              • spam_bword_threshold - Spam banned word threshold. type: int + more... + +
                • +
              • spam_filtering - Enable/disable spam filtering. type: str choices: enable, disable + more... + +
                • +
              • spam_iptrust_table - Anti-spam IP trust table ID. Source emailfilter.iptrust.id. type: int + more... + +
                • +
              • spam_log - Enable/disable spam logging for email filtering. type: str choices: disable, enable + more... + +
                • +
              • spam_log_fortiguard_response - Enable/disable logging FortiGuard spam response. type: str choices: disable, enable + more... + +
                • +
              • spam_mheader_table - Anti-spam MIME header table ID. Source emailfilter.mheader.id. type: int + more... + +
                • +
              • spam_rbl_table - Anti-spam DNSBL table ID. Source emailfilter.dnsbl.id. type: int + more... + +
                • +
              • yahoo_mail - Yahoo! Mail. type: dict + more... + +
                • +
                  +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • log_all - Enable/disable logging of all email traffic. type: str choices: disable, enable + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Email Filter profiles. + fortios_emailfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + emailfilter_profile: + comment: "Comment." + external: "enable" + feature_set: "flow" + file_filter: + entries: + - + action: "log" + comment: "Comment." + file_type: + - + name: "default_name_11 (source antivirus.filetype.name)" + filter: "" + password_protected: "yes" + protocol: "smtp" + log: "enable" + scan_archive_contents: "enable" + status: "enable" + gmail: + log: "enable" + log_all: "disable" + imap: + action: "pass" + log: "enable" + log_all: "disable" + tag_msg: "" + tag_type: "subject" + mapi: + action: "pass" + log: "enable" + log_all: "disable" + msn_hotmail: + log: "enable" + log_all: "disable" + name: "default_name_34" + options: "bannedword" + other_webmails: + log_all: "disable" + pop3: + action: "pass" + log: "enable" + log_all: "disable" + tag_msg: "" + tag_type: "subject" + replacemsg_group: " (source system.replacemsg-group.name)" + smtp: + action: "pass" + hdrip: "disable" + local_override: "disable" + log: "enable" + log_all: "disable" + tag_msg: "" + tag_type: "subject" + spam_bal_table: "53 (source emailfilter.block-allow-list.id)" + spam_bwl_table: "54 (source emailfilter.bwl.id)" + spam_bword_table: "55 (source emailfilter.bword.id)" + spam_bword_threshold: "56" + spam_filtering: "enable" + spam_iptrust_table: "58 (source emailfilter.iptrust.id)" + spam_log: "disable" + spam_log_fortiguard_response: "disable" + spam_mheader_table: "61 (source emailfilter.mheader.id)" + spam_rbl_table: "62 (source emailfilter.dnsbl.id)" + yahoo_mail: + log: "enable" + log_all: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_client.rst b/gen/fortios_endpoint_control_client.rst new file mode 100644 index 00000000..bfa7d869 --- /dev/null +++ b/gen/fortios_endpoint_control_client.rst @@ -0,0 +1,300 @@ +:source: fortios_endpoint_control_client.py + +:orphan: + +.. fortios_endpoint_control_client: + +fortios_endpoint_control_client -- Configure endpoint control client lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and client category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.3
            fortios_endpoint_control_clientyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • endpoint_control_client - Configure endpoint control client lists. type: dict + more... + +
              • +
                +
              • ad_groups - Endpoint client AD logon groups. type: str + more... + +
                • +
              • ftcl_uid - Endpoint FortiClient UID. type: str + more... + +
                • +
              • id - Endpoint client ID. type: int required: true + more... + +
                • +
              • info - Endpoint client information. type: str + more... + +
                • +
              • src_ip - Endpoint client IP address. type: str + more... + +
                • +
              • src_mac - Endpoint client MAC address. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure endpoint control client lists. + fortios_endpoint_control_client: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_client: + ad_groups: "" + ftcl_uid: "" + id: "5" + info: "" + src_ip: "" + src_mac: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_fctems.rst b/gen/fortios_endpoint_control_fctems.rst new file mode 100644 index 00000000..3ca3948a --- /dev/null +++ b/gen/fortios_endpoint_control_fctems.rst @@ -0,0 +1,1326 @@ +:source: fortios_endpoint_control_fctems.py + +:orphan: + +.. fortios_endpoint_control_fctems: + +fortios_endpoint_control_fctems -- Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and fctems category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_endpoint_control_fctemsyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • endpoint_control_fctems - Configure FortiClient Enterprise Management Server (EMS) entries. type: dict + more... + +
              • +
                +
              • admin_password - FortiClient EMS admin password. type: str + more... + +
                • +
              • admin_username - FortiClient EMS admin username. type: str + more... + +
                • +
              • call_timeout - FortiClient EMS call timeout in seconds (1 - 180 seconds). type: int + more... + +
                • +
              • capabilities - List of EMS capabilities. type: list choices: fabric-auth, silent-approval, websocket, websocket-malware, push-ca-certs, common-tags-api + more... + +
                • +
              • certificate - FortiClient EMS certificate. Source certificate.remote.name. type: str + more... + +
                • +
              • cloud_server_type - Cloud server type. type: str choices: production, alpha, beta + more... + +
                • +
              • fortinetone_cloud_authentication - Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account. type: str choices: enable, disable + more... + +
                • +
              • https_port - FortiClient EMS HTTPS access port number. (1 - 65535). type: int + more... + +
                • +
              • name - FortiClient Enterprise Management Server (EMS) name. type: str required: true + more... + +
                • +
              • preserve_ssl_session - Enable/disable preservation of EMS SSL session connection. Warning, most users should not touch this setting. type: str choices: enable, disable + more... + +
                • +
              • pull_avatars - Enable/disable pulling avatars from EMS. type: str choices: enable, disable + more... + +
                • +
              • pull_malware_hash - Enable/disable pulling FortiClient malware hash from EMS. type: str choices: enable, disable + more... + +
                • +
              • pull_sysinfo - Enable/disable pulling SysInfo from EMS. type: str choices: enable, disable + more... + +
                • +
              • pull_tags - Enable/disable pulling FortiClient user tags from EMS. type: str choices: enable, disable + more... + +
                • +
              • pull_vulnerabilities - Enable/disable pulling vulnerabilities from EMS. type: str choices: enable, disable + more... + +
                • +
              • serial_number - FortiClient EMS Serial Number. type: str + more... + +
                • +
              • server - FortiClient EMS FQDN or IPv4 address. type: str + more... + +
                • +
              • source_ip - REST API call source IP. type: str + more... + +
                • +
              • status_check_interval - FortiClient EMS call timeout in seconds (1 - 120 seconds). type: int + more... + +
                • +
              • websocket_override - Enable/disable override behavior for how this FortiGate unit connects to EMS using a WebSocket connection. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient Enterprise Management Server (EMS) entries. + fortios_endpoint_control_fctems: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_fctems: + admin_password: "" + admin_username: "" + call_timeout: "5" + capabilities: "fabric-auth" + certificate: " (source certificate.remote.name)" + cloud_server_type: "production" + fortinetone_cloud_authentication: "enable" + https_port: "10" + name: "default_name_11" + preserve_ssl_session: "enable" + pull_avatars: "enable" + pull_malware_hash: "enable" + pull_sysinfo: "enable" + pull_tags: "enable" + pull_vulnerabilities: "enable" + serial_number: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status_check_interval: "21" + websocket_override: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_forticlient_ems.rst b/gen/fortios_endpoint_control_forticlient_ems.rst new file mode 100644 index 00000000..eaff3c96 --- /dev/null +++ b/gen/fortios_endpoint_control_forticlient_ems.rst @@ -0,0 +1,388 @@ +:source: fortios_endpoint_control_forticlient_ems.py + +:orphan: + +.. fortios_endpoint_control_forticlient_ems: + +fortios_endpoint_control_forticlient_ems -- Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and forticlient_ems category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_endpoint_control_forticlient_emsyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • endpoint_control_forticlient_ems - Configure FortiClient Enterprise Management Server (EMS) entries. type: dict + more... + +
              • +
                +
              • address - Firewall address name. Source firewall.address.name. type: str + more... + +
                • +
              • admin_password - FortiClient EMS admin password. type: str + more... + +
                • +
              • admin_type - FortiClient EMS admin type. type: str choices: Windows, LDAP + more... + +
                • +
              • admin_username - FortiClient EMS admin username. type: str + more... + +
                • +
              • https_port - FortiClient EMS HTTPS access port number. (1 - 65535). type: int + more... + +
                • +
              • listen_port - FortiClient EMS telemetry listen port number. (1 - 65535). type: int + more... + +
                • +
              • name - FortiClient Enterprise Management Server (EMS) name. type: str required: true + more... + +
                • +
              • rest_api_auth - FortiClient EMS REST API authentication. type: str choices: disable, userpass + more... + +
                • +
              • serial_number - FortiClient EMS Serial Number. type: str + more... + +
                • +
              • upload_port - FortiClient EMS telemetry upload port number. (1 - 65535). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient Enterprise Management Server (EMS) entries. + fortios_endpoint_control_forticlient_ems: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_forticlient_ems: + address: " (source firewall.address.name)" + admin_password: "" + admin_type: "Windows" + admin_username: "" + https_port: "7" + listen_port: "8" + name: "default_name_9" + rest_api_auth: "disable" + serial_number: "" + upload_port: "12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_forticlient_registration_sync.rst b/gen/fortios_endpoint_control_forticlient_registration_sync.rst new file mode 100644 index 00000000..029ab512 --- /dev/null +++ b/gen/fortios_endpoint_control_forticlient_registration_sync.rst @@ -0,0 +1,204 @@ +:source: fortios_endpoint_control_forticlient_registration_sync.py + +:orphan: + +.. fortios_endpoint_control_forticlient_registration_sync: + +fortios_endpoint_control_forticlient_registration_sync -- Configure FortiClient registration synchronization settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and forticlient_registration_sync category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_endpoint_control_forticlient_registration_syncyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • endpoint_control_forticlient_registration_sync - Configure FortiClient registration synchronization settings. type: dict + more... + +
              • +
                +
              • peer_ip - IP address of the peer FortiGate for endpoint license synchronization. type: str + more... + +
                • +
              • peer_name - Peer name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient registration synchronization settings. + fortios_endpoint_control_forticlient_registration_sync: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_forticlient_registration_sync: + peer_ip: "" + peer_name: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_profile.rst b/gen/fortios_endpoint_control_profile.rst new file mode 100644 index 00000000..a4a5c099 --- /dev/null +++ b/gen/fortios_endpoint_control_profile.rst @@ -0,0 +1,2794 @@ +:source: fortios_endpoint_control_profile.py + +:orphan: + +.. fortios_endpoint_control_profile: + +fortios_endpoint_control_profile -- Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_endpoint_control_profileyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • endpoint_control_profile - Configure FortiClient endpoint control profiles. type: dict + more... + +
              • +
                +
              • description - Description. type: str + more... + +
                • +
              • device_groups - Device groups. type: list member_path: device_groups:name + more... + +
                • +
                  +
                • name - Device group object from available options. Source user.device-group.name user.device-category.name. type: str required: true + more... + +
                  • +
                +
              • forticlient_android_settings - FortiClient settings for Android platform. type: dict + more... + +
                • +
                  +
                • disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_advanced_vpn - Enable/disable advanced FortiClient VPN configuration. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_advanced_vpn_buffer - Advanced FortiClient VPN configuration. type: str + more... + +
                  • +
                • forticlient_vpn_provisioning - Enable/disable FortiClient VPN provisioning. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_vpn_settings - FortiClient VPN settings. type: list member_path: forticlient_android_settings/forticlient_vpn_settings:name + more... + +
                  • +
                    +
                  • auth_method - Authentication method. type: str choices: psk, certificate + more... + +
                    • +
                  • name - VPN name. type: str required: true + more... + +
                    • +
                  • preshared_key - Pre-shared secret for PSK authentication. type: str + more... + +
                    • +
                  • remote_gw - IP address or FQDN of the remote VPN gateway. type: str + more... + +
                    • +
                  • sslvpn_access_port - SSL VPN access port (1 - 65535). type: int + more... + +
                    • +
                  • sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable + more... + +
                    • +
                  • type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl + more... + +
                    • +
                  +
                • forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str + more... + +
                  • +
                +
              • forticlient_ios_settings - FortiClient settings for iOS platform. type: dict + more... + +
                • +
                  +
                • client_vpn_provisioning - FortiClient VPN provisioning. type: str choices: enable, disable + more... + +
                  • +
                • client_vpn_settings - FortiClient VPN settings. type: list member_path: forticlient_ios_settings/client_vpn_settings:name + more... + +
                  • +
                    +
                  • auth_method - Authentication method. type: str choices: psk, certificate + more... + +
                    • +
                  • name - VPN name. type: str required: true + more... + +
                    • +
                  • preshared_key - Pre-shared secret for PSK authentication. type: str + more... + +
                    • +
                  • remote_gw - IP address or FQDN of the remote VPN gateway. type: str + more... + +
                    • +
                  • sslvpn_access_port - SSL VPN access port (1 - 65535). type: int + more... + +
                    • +
                  • sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable + more... + +
                    • +
                  • type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl + more... + +
                    • +
                  • vpn_configuration_content - Content of VPN configuration. type: str + more... + +
                    • +
                  • vpn_configuration_name - Name of VPN configuration. type: str + more... + +
                    • +
                  +
                • configuration_content - Content of configuration profile. type: str + more... + +
                  • +
                • configuration_name - Name of configuration profile. type: str + more... + +
                  • +
                • disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable + more... + +
                  • +
                • distribute_configuration_profile - Enable/disable configuration profile (.mobileconfig file) distribution. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str + more... + +
                  • +
                +
              • forticlient_winmac_settings - FortiClient settings for Windows/Mac platform. type: dict + more... + +
                • +
                  +
                • av_realtime_protection - Enable/disable FortiClient AntiVirus real-time protection. type: str choices: enable, disable + more... + +
                  • +
                • av_signature_up_to_date - Enable/disable FortiClient AV signature updates. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_application_firewall - Enable/disable the FortiClient application firewall. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_application_firewall_list - FortiClient application firewall rule list. Source application.list.name. type: str + more... + +
                  • +
                • forticlient_av - Enable/disable FortiClient AntiVirus scanning. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_ems_compliance - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_ems_compliance_action - FortiClient EMS compliance action. type: str choices: block, warning + more... + +
                  • +
                • forticlient_ems_entries - FortiClient EMS entries. type: list member_path: forticlient_winmac_settings/forticlient_ems_entries:name + more... + +
                  • +
                    +
                  • name - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. type: str required: true + more... + +
                    • +
                  +
                • forticlient_linux_ver - Minimum FortiClient Linux version. type: str + more... + +
                  • +
                • forticlient_log_upload - Enable/disable uploading FortiClient logs. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_log_upload_level - Select the FortiClient logs to upload. type: str choices: traffic, vulnerability, event + more... + +
                  • +
                • forticlient_log_upload_server - IP address or FQDN of the server to which to upload FortiClient logs. type: str + more... + +
                  • +
                • forticlient_mac_ver - Minimum FortiClient Mac OS version. type: str + more... + +
                  • +
                • forticlient_minimum_software_version - Enable/disable requiring clients to run FortiClient with a minimum software version number. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_operating_system - FortiClient operating system. type: list member_path: forticlient_winmac_settings/forticlient_operating_system:id + more... + +
                  • +
                    +
                  • id - Operating system entry ID. type: int required: true + more... + +
                    • +
                  • os_name - Customize operating system name or Mac OS format:x.x.x type: str + more... + +
                    • +
                  • os_type - Operating system type. type: str choices: custom, mac-os, win-7, win-80, win-81, win-10, win-2000, win-home-svr, win-svr-10, win-svr-2003, win-svr-2003-r2, win-svr-2008, win-svr-2008-r2, win-svr-2012, win-svr-2012-r2, win-sto-svr-2003, win-vista, win-xp, ubuntu-linux, centos-linux, redhat-linux, fedora-linux + more... + +
                    • +
                  +
                • forticlient_own_file - Checking the path and filename of the FortiClient application. type: list member_path: forticlient_winmac_settings/forticlient_own_file:id + more... + +
                  • +
                    +
                  • file - File path and name. type: str + more... + +
                    • +
                  • id - File ID. type: int required: true + more... + +
                    • +
                  +
                • forticlient_registration_compliance_action - FortiClient registration compliance action. type: str choices: block, warning + more... + +
                  • +
                • forticlient_registry_entry - FortiClient registry entry. type: list member_path: forticlient_winmac_settings/forticlient_registry_entry:id + more... + +
                  • +
                    +
                  • id - Registry entry ID. type: int required: true + more... + +
                    • +
                  • registry_entry - Registry entry. type: str + more... + +
                    • +
                  +
                • forticlient_running_app - Use FortiClient to verify if the listed applications are running on the client. type: list member_path: forticlient_winmac_settings/forticlient_running_app:id + more... + +
                  • +
                    +
                  • app_name - Application name. type: str + more... + +
                    • +
                  • app_sha256_signature - App"s SHA256 signature. type: str + more... + +
                    • +
                  • app_sha256_signature2 - App"s SHA256 Signature. type: str + more... + +
                    • +
                  • app_sha256_signature3 - App"s SHA256 Signature. type: str + more... + +
                    • +
                  • app_sha256_signature4 - App"s SHA256 Signature. type: str + more... + +
                    • +
                  • application_check_rule - Application check rule. type: str choices: present, absent + more... + +
                    • +
                  • id - Application ID. type: int required: true + more... + +
                    • +
                  • process_name - Process name. type: str + more... + +
                    • +
                  • process_name2 - Process name. type: str + more... + +
                    • +
                  • process_name3 - Process name. type: str + more... + +
                    • +
                  • process_name4 - Process name. type: str + more... + +
                    • +
                  +
                • forticlient_security_posture - Enable/disable FortiClient security posture check options. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_security_posture_compliance_action - FortiClient security posture compliance action. type: str choices: block, warning + more... + +
                  • +
                • forticlient_system_compliance - Enable/disable enforcement of FortiClient system compliance. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_system_compliance_action - Block or warn clients not compliant with FortiClient requirements. type: str choices: block, warning + more... + +
                  • +
                • forticlient_vuln_scan - Enable/disable FortiClient vulnerability scanning. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_vuln_scan_compliance_action - FortiClient vulnerability compliance action. type: str choices: block, warning + more... + +
                  • +
                • forticlient_vuln_scan_enforce - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. type: str choices: critical, high, medium, low, info + more... + +
                  • +
                • forticlient_vuln_scan_enforce_grace - FortiClient vulnerability scan enforcement grace period (0 - 30 days). type: int + more... + +
                  • +
                • forticlient_vuln_scan_exempt - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable + more... + +
                  • +
                • forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str + more... + +
                  • +
                • forticlient_win_ver - Minimum FortiClient Windows version. type: str + more... + +
                  • +
                • os_av_software_installed - Enable/disable checking for OS recognized AntiVirus software. type: str choices: enable, disable + more... + +
                  • +
                • sandbox_address - FortiSandbox address. type: str + more... + +
                  • +
                • sandbox_analysis - Enable/disable sending files to FortiSandbox for analysis. type: str choices: enable, disable + more... + +
                  • +
                +
              • on_net_addr - Addresses for on-net detection. type: list member_path: on_net_addr:name + more... + +
                • +
                  +
                • name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • profile_name - Profile name. type: str + more... + +
                • +
              • replacemsg_override_group - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • src_addr - Source addresses. type: list member_path: src_addr:name + more... + +
                • +
                  +
                • name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • user_groups - User groups. type: list member_path: user_groups:name + more... + +
                • +
                  +
                • name - User group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • users - Users. type: list member_path: users:name + more... + +
                • +
                  +
                • name - User name. Source user.local.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient endpoint control profiles. + fortios_endpoint_control_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_profile: + description: "" + device_groups: + - + name: "default_name_5 (source user.device-group.name user.device-category.name)" + forticlient_android_settings: + disable_wf_when_protected: "enable" + forticlient_advanced_vpn: "enable" + forticlient_advanced_vpn_buffer: "" + forticlient_vpn_provisioning: "enable" + forticlient_vpn_settings: + - + auth_method: "psk" + name: "default_name_13" + preshared_key: "" + remote_gw: "" + sslvpn_access_port: "16" + sslvpn_require_certificate: "enable" + type: "ipsec" + forticlient_wf: "enable" + forticlient_wf_profile: " (source webfilter.profile.name)" + forticlient_ios_settings: + client_vpn_provisioning: "enable" + client_vpn_settings: + - + auth_method: "psk" + name: "default_name_25" + preshared_key: "" + remote_gw: "" + sslvpn_access_port: "28" + sslvpn_require_certificate: "enable" + type: "ipsec" + vpn_configuration_content: "" + vpn_configuration_name: "" + configuration_content: "" + configuration_name: "" + disable_wf_when_protected: "enable" + distribute_configuration_profile: "enable" + forticlient_wf: "enable" + forticlient_wf_profile: " (source webfilter.profile.name)" + forticlient_winmac_settings: + av_realtime_protection: "enable" + av_signature_up_to_date: "enable" + forticlient_application_firewall: "enable" + forticlient_application_firewall_list: " (source application.list.name)" + forticlient_av: "enable" + forticlient_ems_compliance: "enable" + forticlient_ems_compliance_action: "block" + forticlient_ems_entries: + - + name: "default_name_48 (source endpoint-control.forticlient-ems.name)" + forticlient_linux_ver: "" + forticlient_log_upload: "enable" + forticlient_log_upload_level: "traffic" + forticlient_log_upload_server: "" + forticlient_mac_ver: "" + forticlient_minimum_software_version: "enable" + forticlient_operating_system: + - + id: "56" + os_name: "" + os_type: "custom" + forticlient_own_file: + - + file: "" + id: "61" + forticlient_registration_compliance_action: "block" + forticlient_registry_entry: + - + id: "64" + registry_entry: "" + forticlient_running_app: + - + app_name: "" + app_sha256_signature: "" + app_sha256_signature2: "" + app_sha256_signature3: "" + app_sha256_signature4: "" + application_check_rule: "present" + id: "73" + process_name: "" + process_name2: "" + process_name3: "" + process_name4: "" + forticlient_security_posture: "enable" + forticlient_security_posture_compliance_action: "block" + forticlient_system_compliance: "enable" + forticlient_system_compliance_action: "block" + forticlient_vuln_scan: "enable" + forticlient_vuln_scan_compliance_action: "block" + forticlient_vuln_scan_enforce: "critical" + forticlient_vuln_scan_enforce_grace: "85" + forticlient_vuln_scan_exempt: "enable" + forticlient_wf: "enable" + forticlient_wf_profile: " (source webfilter.profile.name)" + forticlient_win_ver: "" + os_av_software_installed: "enable" + sandbox_address: "" + sandbox_analysis: "enable" + on_net_addr: + - + name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)" + profile_name: "" + replacemsg_override_group: " (source system.replacemsg-group.name)" + src_addr: + - + name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)" + user_groups: + - + name: "default_name_100 (source user.group.name)" + users: + - + name: "default_name_102 (source user.local.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_registered_forticlient.rst b/gen/fortios_endpoint_control_registered_forticlient.rst new file mode 100644 index 00000000..490e2430 --- /dev/null +++ b/gen/fortios_endpoint_control_registered_forticlient.rst @@ -0,0 +1,304 @@ +:source: fortios_endpoint_control_registered_forticlient.py + +:orphan: + +.. fortios_endpoint_control_registered_forticlient: + +fortios_endpoint_control_registered_forticlient -- Registered FortiClient list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and registered_forticlient category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_endpoint_control_registered_forticlientyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • endpoint_control_registered_forticlient - Registered FortiClient list. type: dict + more... + +
              • +
                +
              • flag - FortiClient registration flag. type: int + more... + +
                • +
              • ip - Endpoint IP address. type: str + more... + +
                • +
              • mac - Endpoint MAC address. type: str + more... + +
                • +
              • reg_fortigate - Registering FortiGate SN. type: str + more... + +
                • +
              • status - FortiClient registration status. type: int + more... + +
                • +
              • uid - FortiClient UID. type: str required: true + more... + +
                • +
              • vdom - Registering vdom. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Registered FortiClient list. + fortios_endpoint_control_registered_forticlient: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_registered_forticlient: + flag: "3" + ip: "" + mac: "" + reg_fortigate: "" + status: "7" + uid: "" + vdom: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_endpoint_control_settings.rst b/gen/fortios_endpoint_control_settings.rst new file mode 100644 index 00000000..400caf08 --- /dev/null +++ b/gen/fortios_endpoint_control_settings.rst @@ -0,0 +1,597 @@ +:source: fortios_endpoint_control_settings.py + +:orphan: + +.. fortios_endpoint_control_settings: + +fortios_endpoint_control_settings -- Configure endpoint control settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_endpoint_control_settingsyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • endpoint_control_settings - Configure endpoint control settings. type: dict + more... + +
              • +
                +
              • download_custom_link - Customized URL for downloading FortiClient. type: str + more... + +
                • +
              • download_location - FortiClient download location (FortiGuard or custom). type: str choices: fortiguard, custom + more... + +
                • +
              • forticlient_avdb_update_interval - Period of time between FortiClient AntiVirus database updates (0 - 24 hours). type: int + more... + +
                • +
              • forticlient_dereg_unsupported_client - Enable/disable deregistering unsupported FortiClient endpoints. type: str choices: enable, disable + more... + +
                • +
              • forticlient_disconnect_unsupported_client - Enable/disable disconnecting of unsupported FortiClient endpoints. type: str choices: enable, disable + more... + +
                • +
              • forticlient_ems_rest_api_call_timeout - FortiClient EMS call timeout in milliseconds (500 - 30000 milliseconds). type: int + more... + +
                • +
              • forticlient_keepalive_interval - Interval between two KeepAlive messages from FortiClient (20 - 300 sec). type: int + more... + +
                • +
              • forticlient_offline_grace - Enable/disable grace period for offline registered clients. type: str choices: enable, disable + more... + +
                • +
              • forticlient_offline_grace_interval - Grace period for offline registered FortiClient (60 - 600 sec). type: int + more... + +
                • +
              • forticlient_reg_key - FortiClient registration key. type: str + more... + +
                • +
              • forticlient_reg_key_enforce - Enable/disable requiring or enforcing FortiClient registration keys. type: str choices: enable, disable + more... + +
                • +
              • forticlient_reg_timeout - FortiClient registration license timeout (days, min = 1, max = 180, 0 means unlimited). type: int + more... + +
                • +
              • forticlient_sys_update_interval - Interval between two system update messages from FortiClient (30 - 1440 min). type: int + more... + +
                • +
              • forticlient_user_avatar - Enable/disable uploading FortiClient user avatars. type: str choices: enable, disable + more... + +
                • +
              • forticlient_warning_interval - Period of time between FortiClient portal warnings (0 - 24 hours). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure endpoint control settings. + fortios_endpoint_control_settings: + vdom: "{{ vdom }}" + endpoint_control_settings: + download_custom_link: "" + download_location: "fortiguard" + forticlient_avdb_update_interval: "5" + forticlient_dereg_unsupported_client: "enable" + forticlient_disconnect_unsupported_client: "enable" + forticlient_ems_rest_api_call_timeout: "8" + forticlient_keepalive_interval: "9" + forticlient_offline_grace: "enable" + forticlient_offline_grace_interval: "11" + forticlient_reg_key: "" + forticlient_reg_key_enforce: "enable" + forticlient_reg_timeout: "14" + forticlient_sys_update_interval: "15" + forticlient_user_avatar: "enable" + forticlient_warning_interval: "17" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_controller_dataplan.rst b/gen/fortios_extender_controller_dataplan.rst new file mode 100644 index 00000000..886542ca --- /dev/null +++ b/gen/fortios_extender_controller_dataplan.rst @@ -0,0 +1,1007 @@ +:source: fortios_extender_controller_dataplan.py + +:orphan: + +.. fortios_extender_controller_dataplan: + +fortios_extender_controller_dataplan -- FortiExtender dataplan configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender_controller feature and dataplan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_controller_dataplanyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • extender_controller_dataplan - FortiExtender dataplan configuration. type: dict + more... + +
              • +
                +
              • APN - APN configuration. type: str + more... + +
                • +
              • apn - APN configuration. type: str + more... + +
                • +
              • auth_type - Authentication type. type: str choices: none, pap, chap + more... + +
                • +
              • billing_date - Billing day of the month (1 - 31). type: int + more... + +
                • +
              • capacity - Capacity in MB (0 - 102400000). type: int + more... + +
                • +
              • carrier - Carrier configuration. type: str + more... + +
                • +
              • iccid - ICCID configuration. type: str + more... + +
                • +
              • modem_id - Dataplan"s modem specifics, if any. type: str choices: modem1, modem2, all + more... + +
                • +
              • monthly_fee - Monthly fee of dataplan (0 - 100000, in local currency). type: int + more... + +
                • +
              • name - FortiExtender data plan name. type: str required: true + more... + +
                • +
              • overage - Enable/disable dataplan overage detection. type: str choices: disable, enable + more... + +
                • +
              • password - Password. type: str + more... + +
                • +
              • PDN - PDN type. type: str choices: ipv4-only, ipv6-only, ipv4-ipv6 + more... + +
                • +
              • pdn - PDN type. type: str choices: ipv4-only, ipv6-only, ipv4-ipv6 + more... + +
                • +
              • preferred_subnet - Preferred subnet mask (0 - 32). type: int + more... + +
                • +
              • private_network - Enable/disable dataplan private network support. type: str choices: disable, enable + more... + +
                • +
              • signal_period - Signal period (600 to 18000 seconds). type: int + more... + +
                • +
              • signal_threshold - Signal threshold. Specify the range between 50 - 100, where 50/100 means -50/-100 dBm. type: int + more... + +
                • +
              • slot - SIM slot configuration. type: str choices: sim1, sim2 + more... + +
                • +
              • type - Type preferences configuration. type: str choices: carrier, slot, iccid, generic + more... + +
                • +
              • username - Username. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: FortiExtender dataplan configuration. + fortios_extender_controller_dataplan: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + extender_controller_dataplan: + APN: "" + apn: "" + auth_type: "none" + billing_date: "6" + capacity: "7" + carrier: "" + iccid: "" + modem_id: "modem1" + monthly_fee: "11" + name: "default_name_12" + overage: "disable" + password: "" + PDN: "ipv4-only" + pdn: "ipv4-only" + preferred_subnet: "17" + private_network: "disable" + signal_period: "19" + signal_threshold: "20" + slot: "sim1" + type: "carrier" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_controller_extender.rst b/gen/fortios_extender_controller_extender.rst new file mode 100644 index 00000000..2c609d33 --- /dev/null +++ b/gen/fortios_extender_controller_extender.rst @@ -0,0 +1,4389 @@ +:source: fortios_extender_controller_extender.py + +:orphan: + +.. fortios_extender_controller_extender: + +fortios_extender_controller_extender -- Extender controller configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender_controller feature and extender category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_controller_extenderyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • extender_controller_extender - Extender controller configuration. type: dict + more... + +
              • +
                +
              • aaa_shared_secret - AAA shared secret. type: str + more... + +
                • +
              • access_point_name - Access point name(APN). type: str + more... + +
                • +
              • admin - FortiExtender Administration (enable or disable). type: str choices: disable, discovered, enable + more... + +
                • +
              • allowaccess - Control management access to the managed extender. Separate entries with a space. type: list choices: ping, telnet, http, https, ssh, snmp + more... + +
                • +
              • at_dial_script - Initialization AT commands specific to the MODEM. type: str + more... + +
                • +
              • authorized - FortiExtender Administration (enable or disable). type: str choices: disable, enable + more... + +
                • +
              • bandwidth_limit - FortiExtender LAN extension bandwidth limit (Mbps). type: int + more... + +
                • +
              • billing_start_day - Billing start day. type: int + more... + +
                • +
              • cdma_aaa_spi - CDMA AAA SPI. type: str + more... + +
                • +
              • cdma_ha_spi - CDMA HA SPI. type: str + more... + +
                • +
              • cdma_nai - NAI for CDMA MODEMS. type: str + more... + +
                • +
              • conn_status - Connection status. type: int + more... + +
                • +
              • controller_report - FortiExtender controller report configuration. type: dict + more... + +
                • +
                  +
                • interval - Controller report interval. type: int + more... + +
                  • +
                • signal_threshold - Controller report signal threshold. type: int + more... + +
                  • +
                • status - FortiExtender controller report status. type: str choices: disable, enable + more... + +
                  • +
                +
              • description - Description. type: str + more... + +
                • +
              • device_id - Device ID. type: int + more... + +
                • +
              • dial_mode - Dial mode (dial-on-demand or always-connect). type: str choices: dial-on-demand, always-connect + more... + +
                • +
              • dial_status - Dial status. type: int + more... + +
                • +
              • enforce_bandwidth - Enable/disable enforcement of bandwidth on LAN extension interface. type: str choices: enable, disable + more... + +
                • +
              • ext_name - FortiExtender name. type: str + more... + +
                • +
              • extension_type - Extension type for this FortiExtender. type: str choices: wan-extension, lan-extension + more... + +
                • +
              • ha_shared_secret - HA shared secret. type: str + more... + +
                • +
              • id - FortiExtender serial number. type: str + more... + +
                • +
              • ifname - FortiExtender interface name. Source system.interface.name. type: str + more... + +
                • +
              • initiated_update - Allow/disallow network initiated updates to the MODEM. type: str choices: enable, disable + more... + +
                • +
              • login_password - Set the managed extender"s administrator password. type: str + more... + +
                • +
              • login_password_change - Change or reset the administrator password of a managed extender (yes, default, or no). type: str choices: True, default, False + more... + +
                • +
              • mode - FortiExtender mode. type: str choices: standalone, redundant + more... + +
                • +
              • modem_passwd - MODEM password. type: str + more... + +
                • +
              • modem_type - MODEM type (CDMA, GSM/LTE or WIMAX). type: str choices: cdma, gsm/lte, wimax + more... + +
                • +
              • modem1 - Configuration options for modem 1. type: dict + more... + +
                • +
                  +
                • auto_switch - FortiExtender auto switch configuration. type: dict + more... + +
                  • +
                    +
                  • dataplan - Automatically switch based on data usage. type: str choices: disable, enable + more... + +
                    • +
                  • disconnect - Auto switch by disconnect. type: str choices: disable, enable + more... + +
                    • +
                  • disconnect_period - Automatically switch based on disconnect period. type: int + more... + +
                    • +
                  • disconnect_threshold - Automatically switch based on disconnect threshold. type: int + more... + +
                    • +
                  • signal - Automatically switch based on signal strength. type: str choices: disable, enable + more... + +
                    • +
                  • switch_back - Auto switch with switch back multi-options. type: str choices: time, timer + more... + +
                    • +
                  • switch_back_time - Automatically switch over to preferred SIM/carrier at a specified time in UTC (HH:MM). type: str + more... + +
                    • +
                  • switch_back_timer - Automatically switch over to preferred SIM/carrier after the given time (3600 - 2147483647 sec). type: int + more... + +
                    • +
                  +
                • conn_status - Connection status. type: int + more... + +
                  • +
                • default_sim - Default SIM selection. type: str choices: sim1, sim2, carrier, cost + more... + +
                  • +
                • gps - FortiExtender GPS enable/disable. type: str choices: disable, enable + more... + +
                  • +
                • ifname - FortiExtender interface name. Source system.interface.name. type: str + more... + +
                  • +
                • preferred_carrier - Preferred carrier. type: str + more... + +
                  • +
                • redundant_intf - Redundant interface. type: str + more... + +
                  • +
                • redundant_mode - FortiExtender mode. type: str choices: disable, enable + more... + +
                  • +
                • sim1_pin - SIM type: str choices: disable, enable + more... + +
                  • +
                • sim1_pin_code - SIM type: str + more... + +
                  • +
                • sim2_pin - SIM type: str choices: disable, enable + more... + +
                  • +
                • sim2_pin_code - SIM type: str + more... + +
                  • +
                +
              • modem2 - Configuration options for modem 2. type: dict + more... + +
                • +
                  +
                • auto_switch - FortiExtender auto switch configuration. type: dict + more... + +
                  • +
                    +
                  • dataplan - Automatically switch based on data usage. type: str choices: disable, enable + more... + +
                    • +
                  • disconnect - Auto switch by disconnect. type: str choices: disable, enable + more... + +
                    • +
                  • disconnect_period - Automatically switch based on disconnect period. type: int + more... + +
                    • +
                  • disconnect_threshold - Automatically switch based on disconnect threshold. type: int + more... + +
                    • +
                  • signal - Automatically switch based on signal strength. type: str choices: disable, enable + more... + +
                    • +
                  • switch_back - Auto switch with switch back multi-options. type: str choices: time, timer + more... + +
                    • +
                  • switch_back_time - Automatically switch over to preferred SIM/carrier at a specified time in UTC (HH:MM). type: str + more... + +
                    • +
                  • switch_back_timer - Automatically switch over to preferred SIM/carrier after the given time (3600 - 2147483647 sec). type: int + more... + +
                    • +
                  +
                • conn_status - Connection status. type: int + more... + +
                  • +
                • default_sim - Default SIM selection. type: str choices: sim1, sim2, carrier, cost + more... + +
                  • +
                • gps - FortiExtender GPS enable/disable. type: str choices: disable, enable + more... + +
                  • +
                • ifname - FortiExtender interface name. Source system.interface.name. type: str + more... + +
                  • +
                • preferred_carrier - Preferred carrier. type: str + more... + +
                  • +
                • redundant_intf - Redundant interface. type: str + more... + +
                  • +
                • redundant_mode - FortiExtender mode. type: str choices: disable, enable + more... + +
                  • +
                • sim1_pin - SIM type: str choices: disable, enable + more... + +
                  • +
                • sim1_pin_code - SIM type: str + more... + +
                  • +
                • sim2_pin - SIM type: str choices: disable, enable + more... + +
                  • +
                • sim2_pin_code - SIM type: str + more... + +
                  • +
                +
              • multi_mode - MODEM mode of operation(3G,LTE,etc). type: str choices: auto, auto-3g, force-lte, force-3g, force-2g + more... + +
                • +
              • name - FortiExtender entry name. type: str required: true + more... + +
                • +
              • override_allowaccess - Enable to override the extender profile management access configuration. type: str choices: enable, disable + more... + +
                • +
              • override_enforce_bandwidth - Enable to override the extender profile enforce-bandwidth setting. type: str choices: enable, disable + more... + +
                • +
              • override_login_password_change - Enable to override the extender profile login-password (administrator password) setting. type: str choices: enable, disable + more... + +
                • +
              • ppp_auth_protocol - PPP authentication protocol (PAP,CHAP or auto). type: str choices: auto, pap, chap + more... + +
                • +
              • ppp_echo_request - Enable/disable PPP echo request. type: str choices: enable, disable + more... + +
                • +
              • ppp_password - PPP password. type: str + more... + +
                • +
              • ppp_username - PPP username. type: str + more... + +
                • +
              • primary_ha - Primary HA. type: str + more... + +
                • +
              • profile - FortiExtender profile configuration. Source extender-controller.extender-profile.name. type: str + more... + +
                • +
              • quota_limit_mb - Monthly quota limit (MB). type: int + more... + +
                • +
              • redial - Number of redials allowed based on failed attempts. type: str choices: none, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 + more... + +
                • +
              • redundant_intf - Redundant interface. type: str + more... + +
                • +
              • roaming - Enable/disable MODEM roaming. type: str choices: enable, disable + more... + +
                • +
              • role - FortiExtender work role(Primary, Secondary, None). type: str choices: none, primary, secondary + more... + +
                • +
              • secondary_ha - Secondary HA. type: str + more... + +
                • +
              • sim_pin - SIM PIN. type: str + more... + +
                • +
              • vdom - VDOM. type: int + more... + +
                • +
              • wan_extension - FortiExtender wan extension configuration. type: dict + more... + +
                • +
                  +
                • modem1_extension - FortiExtender interface name. Source system.interface.name. type: str + more... + +
                  • +
                • modem2_extension - FortiExtender interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • wimax_auth_protocol - WiMax authentication protocol(TLS or TTLS). type: str choices: tls, ttls + more... + +
                • +
              • wimax_carrier - WiMax carrier. type: str + more... + +
                • +
              • wimax_realm - WiMax realm. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Extender controller configuration. + fortios_extender_controller_extender: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + extender_controller_extender: + aaa_shared_secret: "" + access_point_name: "" + admin: "disable" + allowaccess: "ping" + at_dial_script: "" + authorized: "disable" + bandwidth_limit: "9" + billing_start_day: "10" + cdma_aaa_spi: "" + cdma_ha_spi: "" + cdma_nai: "" + conn_status: "14" + controller_report: + interval: "16" + signal_threshold: "17" + status: "disable" + description: "" + device_id: "20" + dial_mode: "dial-on-demand" + dial_status: "22" + enforce_bandwidth: "enable" + ext_name: "" + extension_type: "wan-extension" + ha_shared_secret: "" + id: "27" + ifname: " (source system.interface.name)" + initiated_update: "enable" + login_password: "" + login_password_change: "yes" + mode: "standalone" + modem_passwd: "" + modem_type: "cdma" + modem1: + auto_switch: + dataplan: "disable" + disconnect: "disable" + disconnect_period: "39" + disconnect_threshold: "40" + signal: "disable" + switch_back: "time" + switch_back_time: "" + switch_back_timer: "44" + conn_status: "45" + default_sim: "sim1" + gps: "disable" + ifname: " (source system.interface.name)" + preferred_carrier: "" + redundant_intf: "" + redundant_mode: "disable" + sim1_pin: "disable" + sim1_pin_code: "" + sim2_pin: "disable" + sim2_pin_code: "" + modem2: + auto_switch: + dataplan: "disable" + disconnect: "disable" + disconnect_period: "60" + disconnect_threshold: "61" + signal: "disable" + switch_back: "time" + switch_back_time: "" + switch_back_timer: "65" + conn_status: "66" + default_sim: "sim1" + gps: "disable" + ifname: " (source system.interface.name)" + preferred_carrier: "" + redundant_intf: "" + redundant_mode: "disable" + sim1_pin: "disable" + sim1_pin_code: "" + sim2_pin: "disable" + sim2_pin_code: "" + multi_mode: "auto" + name: "default_name_78" + override_allowaccess: "enable" + override_enforce_bandwidth: "enable" + override_login_password_change: "enable" + ppp_auth_protocol: "auto" + ppp_echo_request: "enable" + ppp_password: "" + ppp_username: "" + primary_ha: "" + profile: " (source extender-controller.extender-profile.name)" + quota_limit_mb: "88" + redial: "none" + redundant_intf: "" + roaming: "enable" + role: "none" + secondary_ha: "" + sim_pin: "" + vdom: "95" + wan_extension: + modem1_extension: " (source system.interface.name)" + modem2_extension: " (source system.interface.name)" + wimax_auth_protocol: "tls" + wimax_carrier: "" + wimax_realm: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_controller_extender_profile.rst b/gen/fortios_extender_controller_extender_profile.rst new file mode 100644 index 00000000..5be94e8a --- /dev/null +++ b/gen/fortios_extender_controller_extender_profile.rst @@ -0,0 +1,2656 @@ +:source: fortios_extender_controller_extender_profile.py + +:orphan: + +.. fortios_extender_controller_extender_profile: + +fortios_extender_controller_extender_profile -- FortiExtender extender profile configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender_controller feature and extender_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_controller_extender_profileyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • extender_controller_extender_profile - FortiExtender extender profile configuration. type: dict + more... + +
              • +
                +
              • allowaccess - Control management access to the managed extender. Separate entries with a space. type: list choices: ping, telnet, http, https, ssh, snmp + more... + +
                • +
              • bandwidth_limit - FortiExtender LAN extension bandwidth limit (Mbps). type: int + more... + +
                • +
              • cellular - FortiExtender cellular configuration. type: dict + more... + +
                • +
                  +
                • controller_report - FortiExtender controller report configuration. type: dict + more... + +
                  • +
                    +
                  • interval - Controller report interval. type: int + more... + +
                    • +
                  • signal_threshold - Controller report signal threshold. type: int + more... + +
                    • +
                  • status - FortiExtender controller report status. type: str choices: disable, enable + more... + +
                    • +
                  +
                • dataplan - Dataplan names. type: list member_path: cellular/dataplan:name + more... + +
                  • +
                    +
                  • name - Dataplan name. Source extender-controller.dataplan.name. type: str required: true + more... + +
                    • +
                  +
                • modem1 - Configuration options for modem 1. type: dict + more... + +
                  • +
                    +
                  • auto_switch - FortiExtender auto switch configuration. type: dict + more... + +
                    • +
                      +
                    • dataplan - Automatically switch based on data usage. type: str choices: disable, enable + more... + +
                      • +
                    • disconnect - Auto switch by disconnect. type: str choices: disable, enable + more... + +
                      • +
                    • disconnect_period - Automatically switch based on disconnect period. type: int + more... + +
                      • +
                    • disconnect_threshold - Automatically switch based on disconnect threshold. type: int + more... + +
                      • +
                    • signal - Automatically switch based on signal strength. type: str choices: disable, enable + more... + +
                      • +
                    • switch_back - Auto switch with switch back multi-options. type: str choices: time, timer + more... + +
                      • +
                    • switch_back_time - Automatically switch over to preferred SIM/carrier at a specified time in UTC (HH:MM). type: str + more... + +
                      • +
                    • switch_back_timer - Automatically switch over to preferred SIM/carrier after the given time (3600 - 2147483647 sec). type: int + more... + +
                      • +
                    +
                  • conn_status - Connection status. type: int + more... + +
                    • +
                  • default_sim - Default SIM selection. type: str choices: sim1, sim2, carrier, cost + more... + +
                    • +
                  • gps - FortiExtender GPS enable/disable. type: str choices: disable, enable + more... + +
                    • +
                  • preferred_carrier - Preferred carrier. type: str + more... + +
                    • +
                  • redundant_intf - Redundant interface. type: str + more... + +
                    • +
                  • redundant_mode - FortiExtender mode. type: str choices: disable, enable + more... + +
                    • +
                  • sim1_pin - SIM type: str choices: disable, enable + more... + +
                    • +
                  • sim1_pin_code - SIM type: str + more... + +
                    • +
                  • sim2_pin - SIM type: str choices: disable, enable + more... + +
                    • +
                  • sim2_pin_code - SIM type: str + more... + +
                    • +
                  +
                • modem2 - Configuration options for modem 2. type: dict + more... + +
                  • +
                    +
                  • auto_switch - FortiExtender auto switch configuration. type: dict + more... + +
                    • +
                      +
                    • dataplan - Automatically switch based on data usage. type: str choices: disable, enable + more... + +
                      • +
                    • disconnect - Auto switch by disconnect. type: str choices: disable, enable + more... + +
                      • +
                    • disconnect_period - Automatically switch based on disconnect period. type: int + more... + +
                      • +
                    • disconnect_threshold - Automatically switch based on disconnect threshold. type: int + more... + +
                      • +
                    • signal - Automatically switch based on signal strength. type: str choices: disable, enable + more... + +
                      • +
                    • switch_back - Auto switch with switch back multi-options. type: str choices: time, timer + more... + +
                      • +
                    • switch_back_time - Automatically switch over to preferred SIM/carrier at a specified time in UTC (HH:MM). type: str + more... + +
                      • +
                    • switch_back_timer - Automatically switch over to preferred SIM/carrier after the given time (3600 - 2147483647 sec). type: int + more... + +
                      • +
                    +
                  • conn_status - Connection status. type: int + more... + +
                    • +
                  • default_sim - Default SIM selection. type: str choices: sim1, sim2, carrier, cost + more... + +
                    • +
                  • gps - FortiExtender GPS enable/disable. type: str choices: disable, enable + more... + +
                    • +
                  • preferred_carrier - Preferred carrier. type: str + more... + +
                    • +
                  • redundant_intf - Redundant interface. type: str + more... + +
                    • +
                  • redundant_mode - FortiExtender mode. type: str choices: disable, enable + more... + +
                    • +
                  • sim1_pin - SIM type: str choices: disable, enable + more... + +
                    • +
                  • sim1_pin_code - SIM type: str + more... + +
                    • +
                  • sim2_pin - SIM type: str choices: disable, enable + more... + +
                    • +
                  • sim2_pin_code - SIM type: str + more... + +
                    • +
                  +
                • sms_notification - FortiExtender cellular SMS notification configuration. type: dict + more... + +
                  • +
                    +
                  • alert - SMS alert list. type: dict + more... + +
                    • +
                      +
                    • data_exhausted - Display string when data exhausted. type: str + more... + +
                      • +
                    • fgt_backup_mode_switch - Display string when FortiGate backup mode switched. type: str + more... + +
                      • +
                    • low_signal_strength - Display string when signal strength is low. type: str + more... + +
                      • +
                    • mode_switch - Display string when mode is switched. type: str + more... + +
                      • +
                    • os_image_fallback - Display string when falling back to a previous OS image. type: str + more... + +
                      • +
                    • session_disconnect - Display string when session disconnected. type: str + more... + +
                      • +
                    • system_reboot - Display string when system rebooted. type: str + more... + +
                      • +
                    +
                  • receiver - SMS notification receiver list. type: list member_path: cellular/sms_notification/receiver:name + more... + +
                    • +
                      +
                    • alert - Alert multi-options. type: str choices: system-reboot, data-exhausted, session-disconnect, low-signal-strength, mode-switch, os-image-fallback, fgt-backup-mode-switch + more... + +
                      • +
                    • name - FortiExtender SMS notification receiver name. type: str required: true + more... + +
                      • +
                    • phone_number - Receiver phone number. Format: [+][country code][area code][local phone number]. For example, +16501234567. type: str + more... + +
                      • +
                    • status - SMS notification receiver status. type: str choices: disable, enable + more... + +
                      • +
                    +
                  • status - FortiExtender SMS notification status. type: str choices: disable, enable + more... + +
                    • +
                  +
                +
              • enforce_bandwidth - Enable/disable enforcement of bandwidth on LAN extension interface. type: str choices: enable, disable + more... + +
                • +
              • extension - Extension option. type: str choices: wan-extension, lan-extension + more... + +
                • +
              • id - ID. type: int + more... + +
                • +
              • lan_extension - FortiExtender lan extension configuration. type: dict + more... + +
                • +
                  +
                • backhaul - LAN extension backhaul tunnel configuration. type: list member_path: lan_extension/backhaul:name + more... + +
                  • +
                    +
                  • name - FortiExtender LAN extension backhaul name. type: str required: true + more... + +
                    • +
                  • port - FortiExtender uplink port. type: str choices: wan, lte1, lte2, port1, port2, port3, port4, port5, sfp + more... + +
                    • +
                  • role - FortiExtender uplink port. type: str choices: primary, secondary + more... + +
                    • +
                  • weight - WRR weight parameter. type: int + more... + +
                    • +
                  +
                • backhaul_interface - IPsec phase1 interface. Source system.interface.name. type: str + more... + +
                  • +
                • backhaul_ip - IPsec phase1 IPv4/FQDN. Used to specify the external IP/FQDN when the FortiGate unit is behind a NAT device. type: str + more... + +
                  • +
                • ipsec_tunnel - IPsec tunnel name. type: str + more... + +
                  • +
                • link_loadbalance - LAN extension link load balance strategy. type: str choices: activebackup, loadbalance + more... + +
                  • +
                +
              • login_password - Set the managed extender"s administrator password. type: str + more... + +
                • +
              • login_password_change - Change or reset the administrator password of a managed extender (yes, default, or no). type: str choices: True, default, False + more... + +
                • +
              • model - Model. type: str choices: FX201E, FX211E, FX200F, FXA11F, FXE11F, FXA21F, FXE21F, FXA22F, FXE22F, FX212F, FX311F, FX312F, FX511F, FVG21F, FVA21F, FVG22F, FVA22F, FX04DA + more... + +
                • +
              • name - FortiExtender profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: FortiExtender extender profile configuration. + fortios_extender_controller_extender_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + extender_controller_extender_profile: + allowaccess: "ping" + bandwidth_limit: "4" + cellular: + controller_report: + interval: "7" + signal_threshold: "8" + status: "disable" + dataplan: + - + name: "default_name_11 (source extender-controller.dataplan.name)" + modem1: + auto_switch: + dataplan: "disable" + disconnect: "disable" + disconnect_period: "16" + disconnect_threshold: "17" + signal: "disable" + switch_back: "time" + switch_back_time: "" + switch_back_timer: "21" + conn_status: "22" + default_sim: "sim1" + gps: "disable" + preferred_carrier: "" + redundant_intf: "" + redundant_mode: "disable" + sim1_pin: "disable" + sim1_pin_code: "" + sim2_pin: "disable" + sim2_pin_code: "" + modem2: + auto_switch: + dataplan: "disable" + disconnect: "disable" + disconnect_period: "36" + disconnect_threshold: "37" + signal: "disable" + switch_back: "time" + switch_back_time: "" + switch_back_timer: "41" + conn_status: "42" + default_sim: "sim1" + gps: "disable" + preferred_carrier: "" + redundant_intf: "" + redundant_mode: "disable" + sim1_pin: "disable" + sim1_pin_code: "" + sim2_pin: "disable" + sim2_pin_code: "" + sms_notification: + alert: + data_exhausted: "" + fgt_backup_mode_switch: "" + low_signal_strength: "" + mode_switch: "" + os_image_fallback: "" + session_disconnect: "" + system_reboot: "" + receiver: + - + alert: "system-reboot" + name: "default_name_63" + phone_number: "" + status: "disable" + status: "disable" + enforce_bandwidth: "enable" + extension: "wan-extension" + id: "69" + lan_extension: + backhaul: + - + name: "default_name_72" + port: "wan" + role: "primary" + weight: "75" + backhaul_interface: " (source system.interface.name)" + backhaul_ip: "" + ipsec_tunnel: "" + link_loadbalance: "activebackup" + login_password: "" + login_password_change: "yes" + model: "FX201E" + name: "default_name_83" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_extender_info.rst b/gen/fortios_extender_extender_info.rst new file mode 100644 index 00000000..32a06eeb --- /dev/null +++ b/gen/fortios_extender_extender_info.rst @@ -0,0 +1,211 @@ +:source: fortios_extender_extender_info.py + +:orphan: + +.. fortios_extender_extender_info: + +fortios_extender_extender_info -- Display FortiExtender struct information in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender feature and extender_info category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_extender_infoyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • extender_extender_info - Display FortiExtender struct information. type: dict + more... + +
              • +
                +
              • - FortiExtender serial number. Source extender-controller.extender.id. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display FortiExtender struct information. + fortios_extender_extender_info: + vdom: "{{ vdom }}" + extender_extender_info: + : " (source extender-controller.extender.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_lte_carrier_by_mcc_mnc.rst b/gen/fortios_extender_lte_carrier_by_mcc_mnc.rst new file mode 100644 index 00000000..bef7ec9e --- /dev/null +++ b/gen/fortios_extender_lte_carrier_by_mcc_mnc.rst @@ -0,0 +1,211 @@ +:source: fortios_extender_lte_carrier_by_mcc_mnc.py + +:orphan: + +.. fortios_extender_lte_carrier_by_mcc_mnc: + +fortios_extender_lte_carrier_by_mcc_mnc -- Display FortiExtender modem carrier based on MCC and MNC in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender feature and lte_carrier_by_mcc_mnc category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_lte_carrier_by_mcc_mncyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • extender_lte_carrier_by_mcc_mnc - Display FortiExtender modem carrier based on MCC and MNC. type: dict + more... + +
              • +
                +
              • - FortiExtender serial number. Source extender-controller.extender.id. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display FortiExtender modem carrier based on MCC and MNC. + fortios_extender_lte_carrier_by_mcc_mnc: + vdom: "{{ vdom }}" + extender_lte_carrier_by_mcc_mnc: + : " (source extender-controller.extender.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_lte_carrier_list.rst b/gen/fortios_extender_lte_carrier_list.rst new file mode 100644 index 00000000..227c4eaa --- /dev/null +++ b/gen/fortios_extender_lte_carrier_list.rst @@ -0,0 +1,211 @@ +:source: fortios_extender_lte_carrier_list.py + +:orphan: + +.. fortios_extender_lte_carrier_list: + +fortios_extender_lte_carrier_list -- Display FortiExtender modem carrier list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender feature and lte_carrier_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_lte_carrier_listyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • extender_lte_carrier_list - Display FortiExtender modem carrier list. type: dict + more... + +
              • +
                +
              • - FortiExtender serial number. Source extender-controller.extender.id. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display FortiExtender modem carrier list. + fortios_extender_lte_carrier_list: + vdom: "{{ vdom }}" + extender_lte_carrier_list: + : " (source extender-controller.extender.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_modem_status.rst b/gen/fortios_extender_modem_status.rst new file mode 100644 index 00000000..dfc8999f --- /dev/null +++ b/gen/fortios_extender_modem_status.rst @@ -0,0 +1,235 @@ +:source: fortios_extender_modem_status.py + +:orphan: + +.. fortios_extender_modem_status: + +fortios_extender_modem_status -- Display detailed FortiExtender modem status in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender feature and modem_status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_modem_statusyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • extender_modem_status - Display detailed FortiExtender modem status. type: dict + more... + +
              • +
                +
              • - FortiExtender serial number. Source extender-controller.extender.id. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display detailed FortiExtender modem status. + fortios_extender_modem_status: + vdom: "{{ vdom }}" + extender_modem_status: + : " (source extender-controller.extender.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_extender_sys_info.rst b/gen/fortios_extender_sys_info.rst new file mode 100644 index 00000000..afe6c9f0 --- /dev/null +++ b/gen/fortios_extender_sys_info.rst @@ -0,0 +1,235 @@ +:source: fortios_extender_sys_info.py + +:orphan: + +.. fortios_extender_sys_info: + +fortios_extender_sys_info -- Display detailed FortiExtender system information in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender feature and sys_info category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_extender_sys_infoyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • extender_sys_info - Display detailed FortiExtender system information. type: dict + more... + +
              • +
                +
              • - FortiExtender serial number. Source extender-controller.extender.id. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display detailed FortiExtender system information. + fortios_extender_sys_info: + vdom: "{{ vdom }}" + extender_sys_info: + : " (source extender-controller.extender.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_file_filter_profile.rst b/gen/fortios_file_filter_profile.rst new file mode 100644 index 00000000..873a28d9 --- /dev/null +++ b/gen/fortios_file_filter_profile.rst @@ -0,0 +1,982 @@ +:source: fortios_file_filter_profile.py + +:orphan: + +.. fortios_file_filter_profile: + +fortios_file_filter_profile -- Configure file-filter profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify file_filter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_file_filter_profileyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • file_filter_profile - Configure file-filter profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • extended_log - Enable/disable file-filter extended logging. type: str choices: disable, enable + more... + +
                • +
              • feature_set - Flow/proxy feature set. type: str choices: flow, proxy + more... + +
                • +
              • log - Enable/disable file-filter logging. type: str choices: disable, enable + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • rules - File filter rules. type: list member_path: rules:name + more... + +
                • +
                  +
                • action - Action taken for matched file. type: str choices: log-only, block + more... + +
                  • +
                • comment - Comment. type: str + more... + +
                  • +
                • direction - Traffic direction (HTTP, FTP, SSH, CIFS only). type: str choices: incoming, outgoing, any + more... + +
                  • +
                • file_type - Select file type. type: list member_path: rules:name/file_type:name + more... + +
                  • +
                    +
                  • name - File type name. Source antivirus.filetype.name. type: str required: true + more... + +
                    • +
                  +
                • name - File-filter rule name. type: str required: true + more... + +
                  • +
                • password_protected - Match password-protected files. type: str choices: True, any + more... + +
                  • +
                • protocol - Protocols to apply rule to. type: list choices: http, ftp, smtp, imap, pop3, mapi, cifs, ssh + more... + +
                  • +
                +
              • scan_archive_contents - Enable/disable archive contents scan. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure file-filter profiles. + fortios_file_filter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + file_filter_profile: + comment: "Comment." + extended_log: "disable" + feature_set: "flow" + log: "disable" + name: "default_name_7" + replacemsg_group: " (source system.replacemsg-group.name)" + rules: + - + action: "log-only" + comment: "Comment." + direction: "incoming" + file_type: + - + name: "default_name_14 (source antivirus.filetype.name)" + name: "default_name_15" + password_protected: "yes" + protocol: "http" + scan_archive_contents: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_access_proxy.rst b/gen/fortios_firewall_access_proxy.rst new file mode 100644 index 00000000..1568f9ca --- /dev/null +++ b/gen/fortios_firewall_access_proxy.rst @@ -0,0 +1,5436 @@ +:source: fortios_firewall_access_proxy.py + +:orphan: + +.. fortios_firewall_access_proxy: + +fortios_firewall_access_proxy -- Configure IPv4 access proxy in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_access_proxyyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_access_proxy - Configure IPv4 access proxy. type: dict + more... + +
              • +
                +
              • api_gateway - Set IPv4 API Gateway. type: list member_path: api_gateway:id + more... + +
                • +
                  +
                • http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int + more... + +
                  • +
                • http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str + more... + +
                  • +
                • http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable + more... + +
                  • +
                • http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int + more... + +
                  • +
                • http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str + more... + +
                  • +
                • http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip + more... + +
                  • +
                • https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable + more... + +
                  • +
                • id - API Gateway ID. type: int required: true + more... + +
                  • +
                • ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host, least-session, least-rtt + more... + +
                  • +
                • persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie + more... + +
                  • +
                • realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway:id/realservers:id + more... + +
                  • +
                    +
                  • addr_type - Type of address. type: str choices: ip, fqdn + more... + +
                    • +
                  • address - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                    • +
                  • domain - Wildcard domain name of the real server. type: str + more... + +
                    • +
                  • health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable + more... + +
                    • +
                  • health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect + more... + +
                    • +
                  • holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable + more... + +
                    • +
                  • http_host - HTTP server domain name in HTTP header. type: str + more... + +
                    • +
                  • id - Real server ID. type: int required: true + more... + +
                    • +
                  • ip - IP address of the real server. type: str + more... + +
                    • +
                  • mappedport - Port for communicating with the real server. type: str + more... + +
                    • +
                  • port - Port for communicating with the real server. type: int + more... + +
                    • +
                  • ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str + more... + +
                    • +
                  • ssh_host_key - One or more server host key. type: list member_path: api_gateway:id/realservers:id/ssh_host_key:name + more... + +
                    • +
                      +
                    • name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true + more... + +
                      • +
                    +
                  • ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable + more... + +
                    • +
                  • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                    • +
                  • type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh + more... + +
                    • +
                  • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                    • +
                  +
                • saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable + more... + +
                  • +
                • saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str + more... + +
                  • +
                • service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal + more... + +
                  • +
                • ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom + more... + +
                  • +
                • ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway:id/ssl_cipher_suites:priority + more... + +
                  • +
                    +
                  • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                    • +
                  • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                    • +
                  • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                    • +
                  +
                • ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 + more... + +
                  • +
                • ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str + more... + +
                  • +
                • url_map - URL pattern to match. type: str + more... + +
                  • +
                • url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex + more... + +
                  • +
                • virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str + more... + +
                  • +
                +
              • api_gateway6 - Set IPv6 API Gateway. type: list member_path: api_gateway6:id + more... + +
                • +
                  +
                • http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int + more... + +
                  • +
                • http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str + more... + +
                  • +
                • http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable + more... + +
                  • +
                • http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int + more... + +
                  • +
                • http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str + more... + +
                  • +
                • http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip + more... + +
                  • +
                • https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable + more... + +
                  • +
                • id - API Gateway ID. type: int required: true + more... + +
                  • +
                • ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host + more... + +
                  • +
                • persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie + more... + +
                  • +
                • realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway6:id/realservers:id + more... + +
                  • +
                    +
                  • addr_type - Type of address. type: str choices: ip, fqdn + more... + +
                    • +
                  • address - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                    • +
                  • domain - Wildcard domain name of the real server. type: str + more... + +
                    • +
                  • health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable + more... + +
                    • +
                  • health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect + more... + +
                    • +
                  • holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable + more... + +
                    • +
                  • http_host - HTTP server domain name in HTTP header. type: str + more... + +
                    • +
                  • id - Real server ID. type: int required: true + more... + +
                    • +
                  • ip - IPv6 address of the real server. type: str + more... + +
                    • +
                  • mappedport - Port for communicating with the real server. type: str + more... + +
                    • +
                  • port - Port for communicating with the real server. type: int + more... + +
                    • +
                  • ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str + more... + +
                    • +
                  • ssh_host_key - One or more server host key. type: list member_path: api_gateway6:id/realservers:id/ssh_host_key:name + more... + +
                    • +
                      +
                    • name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true + more... + +
                      • +
                    +
                  • ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable + more... + +
                    • +
                  • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                    • +
                  • type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh + more... + +
                    • +
                  • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                    • +
                  +
                • saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable + more... + +
                  • +
                • saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str + more... + +
                  • +
                • service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal + more... + +
                  • +
                • ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low + more... + +
                  • +
                • ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway6:id/ssl_cipher_suites:priority + more... + +
                  • +
                    +
                  • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                    • +
                  • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                    • +
                  • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                    • +
                  +
                • ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 + more... + +
                  • +
                • ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str + more... + +
                  • +
                • url_map - URL pattern to match. type: str + more... + +
                  • +
                • url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex + more... + +
                  • +
                • virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str + more... + +
                  • +
                +
              • auth_portal - Enable/disable authentication portal. type: str choices: disable, enable + more... + +
                • +
              • auth_virtual_host - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str + more... + +
                • +
              • client_cert - Enable/disable to request client certificate. type: str choices: disable, enable + more... + +
                • +
              • decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str + more... + +
                • +
              • empty_cert_action - Action of an empty client certificate. type: str choices: accept, block + more... + +
                • +
              • ldb_method - Method used to distribute sessions to SSL real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive + more... + +
                • +
              • log_blocked_traffic - Enable/disable logging of blocked traffic. type: str choices: enable, disable + more... + +
                • +
              • name - Access Proxy name. type: str required: true + more... + +
                • +
              • realservers - Select the SSL real servers that this Access Proxy will distribute traffic to. type: list member_path: realservers:id + more... + +
                • +
                  +
                • id - Real server ID. type: int required: true + more... + +
                  • +
                • ip - IP address of the real server. type: str + more... + +
                  • +
                • port - Port for communicating with the real server. type: int + more... + +
                  • +
                • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                  • +
                • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                  • +
                +
              • server_pubkey_auth - Enable/disable SSH real server public key authentication. type: str choices: disable, enable + more... + +
                • +
              • server_pubkey_auth_settings - Server SSH public key authentication settings. type: dict + more... + +
                • +
                  +
                • auth_ca - Name of the SSH server public key authentication CA. Source firewall.ssh.local-ca.name. type: str + more... + +
                  • +
                • cert_extension - Configure certificate extension for user certificate. type: list member_path: server_pubkey_auth_settings/cert_extension:name + more... + +
                  • +
                    +
                  • critical - Critical option. type: str choices: False, True + more... + +
                    • +
                  • data - Name of certificate extension. type: str + more... + +
                    • +
                  • name - Name of certificate extension. type: str required: true + more... + +
                    • +
                  • type - Type of certificate extension. type: str choices: fixed, user + more... + +
                    • +
                  +
                • permit_agent_forwarding - Enable/disable appending permit-agent-forwarding certificate extension. type: str choices: enable, disable + more... + +
                  • +
                • permit_port_forwarding - Enable/disable appending permit-port-forwarding certificate extension. type: str choices: enable, disable + more... + +
                  • +
                • permit_pty - Enable/disable appending permit-pty certificate extension. type: str choices: enable, disable + more... + +
                  • +
                • permit_user_rc - Enable/disable appending permit-user-rc certificate extension. type: str choices: enable, disable + more... + +
                  • +
                • permit_x11_forwarding - Enable/disable appending permit-x11-forwarding certificate extension. type: str choices: enable, disable + more... + +
                  • +
                • source_address - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. type: str choices: enable, disable + more... + +
                  • +
                +
              • vip - Virtual IP name. Source firewall.vip.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 access proxy. + fortios_firewall_access_proxy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_access_proxy: + api_gateway: + - + http_cookie_age: "4" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "7" + http_cookie_path: "" + http_cookie_share: "disable" + https_cookie_secure: "disable" + id: "11" + ldb_method: "static" + persistence: "none" + realservers: + - + addr_type: "ip" + address: " (source firewall.address.name firewall.addrgrp.name)" + domain: "" + health_check: "disable" + health_check_proto: "ping" + holddown_interval: "enable" + http_host: "myhostname" + id: "22" + ip: "" + mappedport: "" + port: "25" + ssh_client_cert: " (source firewall.access-proxy-ssh-client-cert.name)" + ssh_host_key: + - + name: "default_name_28 (source firewall.ssh.host-key.name)" + ssh_host_key_validation: "disable" + status: "active" + type: "tcp-forwarding" + weight: "32" + saml_redirect: "disable" + saml_server: " (source user.saml.name)" + service: "http" + ssl_algorithm: "high" + ssl_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "39" + versions: "tls-1.0" + ssl_dh_bits: "768" + ssl_max_version: "tls-1.0" + ssl_min_version: "tls-1.0" + ssl_vpn_web_portal: " (source vpn.ssl.web.portal.name)" + url_map: "" + url_map_type: "sub-string" + virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" + api_gateway6: + - + http_cookie_age: "49" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "52" + http_cookie_path: "" + http_cookie_share: "disable" + https_cookie_secure: "disable" + id: "56" + ldb_method: "static" + persistence: "none" + realservers: + - + addr_type: "ip" + address: " (source firewall.address6.name firewall.addrgrp6.name)" + domain: "" + health_check: "disable" + health_check_proto: "ping" + holddown_interval: "enable" + http_host: "myhostname" + id: "67" + ip: "" + mappedport: "" + port: "70" + ssh_client_cert: " (source firewall.access-proxy-ssh-client-cert.name)" + ssh_host_key: + - + name: "default_name_73 (source firewall.ssh.host-key.name)" + ssh_host_key_validation: "disable" + status: "active" + type: "tcp-forwarding" + weight: "77" + saml_redirect: "disable" + saml_server: " (source user.saml.name)" + service: "http" + ssl_algorithm: "high" + ssl_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "84" + versions: "tls-1.0" + ssl_dh_bits: "768" + ssl_max_version: "tls-1.0" + ssl_min_version: "tls-1.0" + ssl_vpn_web_portal: " (source vpn.ssl.web.portal.name)" + url_map: "" + url_map_type: "sub-string" + virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" + auth_portal: "disable" + auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" + client_cert: "disable" + decrypted_traffic_mirror: " (source firewall.decrypted-traffic-mirror.name)" + empty_cert_action: "accept" + ldb_method: "static" + log_blocked_traffic: "enable" + name: "default_name_100" + realservers: + - + id: "102" + ip: "" + port: "104" + status: "active" + weight: "106" + server_pubkey_auth: "disable" + server_pubkey_auth_settings: + auth_ca: " (source firewall.ssh.local-ca.name)" + cert_extension: + - + critical: "no" + data: "" + name: "default_name_113" + type: "fixed" + permit_agent_forwarding: "enable" + permit_port_forwarding: "enable" + permit_pty: "enable" + permit_user_rc: "enable" + permit_x11_forwarding: "enable" + source_address: "enable" + vip: " (source firewall.vip.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_access_proxy6.rst b/gen/fortios_firewall_access_proxy6.rst new file mode 100644 index 00000000..a01e68ee --- /dev/null +++ b/gen/fortios_firewall_access_proxy6.rst @@ -0,0 +1,4708 @@ +:source: fortios_firewall_access_proxy6.py + +:orphan: + +.. fortios_firewall_access_proxy6: + +fortios_firewall_access_proxy6 -- Configure IPv6 access proxy in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_access_proxy6yesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_access_proxy6 - Configure IPv6 access proxy. type: dict + more... + +
              • +
                +
              • api_gateway - Set IPv4 API Gateway. type: list member_path: api_gateway:id + more... + +
                • +
                  +
                • http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int + more... + +
                  • +
                • http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str + more... + +
                  • +
                • http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable + more... + +
                  • +
                • http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int + more... + +
                  • +
                • http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str + more... + +
                  • +
                • http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip + more... + +
                  • +
                • https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable + more... + +
                  • +
                • id - API Gateway ID. type: int required: true + more... + +
                  • +
                • ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host + more... + +
                  • +
                • persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie + more... + +
                  • +
                • realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway:id/realservers:id + more... + +
                  • +
                    +
                  • addr_type - Type of address. type: str choices: ip, fqdn + more... + +
                    • +
                  • address - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                    • +
                  • domain - Wildcard domain name of the real server. type: str + more... + +
                    • +
                  • health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable + more... + +
                    • +
                  • health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect + more... + +
                    • +
                  • holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable + more... + +
                    • +
                  • http_host - HTTP server domain name in HTTP header. type: str + more... + +
                    • +
                  • id - Real server ID. type: int required: true + more... + +
                    • +
                  • ip - IP address of the real server. type: str + more... + +
                    • +
                  • mappedport - Port for communicating with the real server. type: str + more... + +
                    • +
                  • port - Port for communicating with the real server. type: int + more... + +
                    • +
                  • ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str + more... + +
                    • +
                  • ssh_host_key - One or more server host key. type: list member_path: api_gateway:id/realservers:id/ssh_host_key:name + more... + +
                    • +
                      +
                    • name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true + more... + +
                      • +
                    +
                  • ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable + more... + +
                    • +
                  • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                    • +
                  • type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh + more... + +
                    • +
                  • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                    • +
                  +
                • saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable + more... + +
                  • +
                • saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str + more... + +
                  • +
                • service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal + more... + +
                  • +
                • ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low + more... + +
                  • +
                • ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway:id/ssl_cipher_suites:priority + more... + +
                  • +
                    +
                  • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                    • +
                  • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                    • +
                  • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                    • +
                  +
                • ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 + more... + +
                  • +
                • ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str + more... + +
                  • +
                • url_map - URL pattern to match. type: str + more... + +
                  • +
                • url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex + more... + +
                  • +
                • virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str + more... + +
                  • +
                +
              • api_gateway6 - Set IPv6 API Gateway. type: list member_path: api_gateway6:id + more... + +
                • +
                  +
                • http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int + more... + +
                  • +
                • http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str + more... + +
                  • +
                • http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable + more... + +
                  • +
                • http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int + more... + +
                  • +
                • http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str + more... + +
                  • +
                • http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip + more... + +
                  • +
                • https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable + more... + +
                  • +
                • id - API Gateway ID. type: int required: true + more... + +
                  • +
                • ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host + more... + +
                  • +
                • persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie + more... + +
                  • +
                • realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway6:id/realservers:id + more... + +
                  • +
                    +
                  • addr_type - Type of address. type: str choices: ip, fqdn + more... + +
                    • +
                  • address - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                    • +
                  • domain - Wildcard domain name of the real server. type: str + more... + +
                    • +
                  • health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable + more... + +
                    • +
                  • health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect + more... + +
                    • +
                  • holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable + more... + +
                    • +
                  • http_host - HTTP server domain name in HTTP header. type: str + more... + +
                    • +
                  • id - Real server ID. type: int required: true + more... + +
                    • +
                  • ip - IPv6 address of the real server. type: str + more... + +
                    • +
                  • mappedport - Port for communicating with the real server. type: str + more... + +
                    • +
                  • port - Port for communicating with the real server. type: int + more... + +
                    • +
                  • ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str + more... + +
                    • +
                  • ssh_host_key - One or more server host key. type: list member_path: api_gateway6:id/realservers:id/ssh_host_key:name + more... + +
                    • +
                      +
                    • name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true + more... + +
                      • +
                    +
                  • ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable + more... + +
                    • +
                  • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                    • +
                  • type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh + more... + +
                    • +
                  • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                    • +
                  +
                • saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable + more... + +
                  • +
                • saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str + more... + +
                  • +
                • service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal + more... + +
                  • +
                • ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low + more... + +
                  • +
                • ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway6:id/ssl_cipher_suites:priority + more... + +
                  • +
                    +
                  • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                    • +
                  • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                    • +
                  • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                    • +
                  +
                • ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 + more... + +
                  • +
                • ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str + more... + +
                  • +
                • url_map - URL pattern to match. type: str + more... + +
                  • +
                • url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex + more... + +
                  • +
                • virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str + more... + +
                  • +
                +
              • auth_portal - Enable/disable authentication portal. type: str choices: disable, enable + more... + +
                • +
              • auth_virtual_host - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str + more... + +
                • +
              • client_cert - Enable/disable to request client certificate. type: str choices: disable, enable + more... + +
                • +
              • decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str + more... + +
                • +
              • empty_cert_action - Action of an empty client certificate. type: str choices: accept, block + more... + +
                • +
              • log_blocked_traffic - Enable/disable logging of blocked traffic. type: str choices: enable, disable + more... + +
                • +
              • name - Access Proxy name. type: str required: true + more... + +
                • +
              • vip - Virtual IP name. Source firewall.vip6.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 access proxy. + fortios_firewall_access_proxy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_access_proxy6: + api_gateway: + - + http_cookie_age: "4" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "7" + http_cookie_path: "" + http_cookie_share: "disable" + https_cookie_secure: "disable" + id: "11" + ldb_method: "static" + persistence: "none" + realservers: + - + addr_type: "ip" + address: " (source firewall.address.name firewall.addrgrp.name)" + domain: "" + health_check: "disable" + health_check_proto: "ping" + holddown_interval: "enable" + http_host: "myhostname" + id: "22" + ip: "" + mappedport: "" + port: "25" + ssh_client_cert: " (source firewall.access-proxy-ssh-client-cert.name)" + ssh_host_key: + - + name: "default_name_28 (source firewall.ssh.host-key.name)" + ssh_host_key_validation: "disable" + status: "active" + type: "tcp-forwarding" + weight: "32" + saml_redirect: "disable" + saml_server: " (source user.saml.name)" + service: "http" + ssl_algorithm: "high" + ssl_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "39" + versions: "tls-1.0" + ssl_dh_bits: "768" + ssl_max_version: "tls-1.0" + ssl_min_version: "tls-1.0" + ssl_vpn_web_portal: " (source vpn.ssl.web.portal.name)" + url_map: "" + url_map_type: "sub-string" + virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" + api_gateway6: + - + http_cookie_age: "49" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "52" + http_cookie_path: "" + http_cookie_share: "disable" + https_cookie_secure: "disable" + id: "56" + ldb_method: "static" + persistence: "none" + realservers: + - + addr_type: "ip" + address: " (source firewall.address6.name firewall.addrgrp6.name)" + domain: "" + health_check: "disable" + health_check_proto: "ping" + holddown_interval: "enable" + http_host: "myhostname" + id: "67" + ip: "" + mappedport: "" + port: "70" + ssh_client_cert: " (source firewall.access-proxy-ssh-client-cert.name)" + ssh_host_key: + - + name: "default_name_73 (source firewall.ssh.host-key.name)" + ssh_host_key_validation: "disable" + status: "active" + type: "tcp-forwarding" + weight: "77" + saml_redirect: "disable" + saml_server: " (source user.saml.name)" + service: "http" + ssl_algorithm: "high" + ssl_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "84" + versions: "tls-1.0" + ssl_dh_bits: "768" + ssl_max_version: "tls-1.0" + ssl_min_version: "tls-1.0" + ssl_vpn_web_portal: " (source vpn.ssl.web.portal.name)" + url_map: "" + url_map_type: "sub-string" + virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" + auth_portal: "disable" + auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" + client_cert: "disable" + decrypted_traffic_mirror: " (source firewall.decrypted-traffic-mirror.name)" + empty_cert_action: "accept" + log_blocked_traffic: "enable" + name: "default_name_99" + vip: " (source firewall.vip6.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_access_proxy_ssh_client_cert.rst b/gen/fortios_firewall_access_proxy_ssh_client_cert.rst new file mode 100644 index 00000000..bd87eaf2 --- /dev/null +++ b/gen/fortios_firewall_access_proxy_ssh_client_cert.rst @@ -0,0 +1,615 @@ +:source: fortios_firewall_access_proxy_ssh_client_cert.py + +:orphan: + +.. fortios_firewall_access_proxy_ssh_client_cert: + +fortios_firewall_access_proxy_ssh_client_cert -- Configure Access Proxy SSH client certificate in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy_ssh_client_cert category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_access_proxy_ssh_client_certyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_access_proxy_ssh_client_cert - Configure Access Proxy SSH client certificate. type: dict + more... + +
              • +
                +
              • auth_ca - Name of the SSH server public key authentication CA. Source firewall.ssh.local-ca.name. type: str + more... + +
                • +
              • cert_extension - Configure certificate extension for user certificate. type: list member_path: cert_extension:name + more... + +
                • +
                  +
                • critical - Critical option. type: str choices: False, True + more... + +
                  • +
                • data - Data of certificate extension. type: str + more... + +
                  • +
                • name - Name of certificate extension. type: str required: true + more... + +
                  • +
                • type - Type of certificate extension. type: str choices: fixed, user + more... + +
                  • +
                +
              • name - SSH client certificate name. type: str required: true + more... + +
                • +
              • permit_agent_forwarding - Enable/disable appending permit-agent-forwarding certificate extension. type: str choices: enable, disable + more... + +
                • +
              • permit_port_forwarding - Enable/disable appending permit-port-forwarding certificate extension. type: str choices: enable, disable + more... + +
                • +
              • permit_pty - Enable/disable appending permit-pty certificate extension. type: str choices: enable, disable + more... + +
                • +
              • permit_user_rc - Enable/disable appending permit-user-rc certificate extension. type: str choices: enable, disable + more... + +
                • +
              • permit_x11_forwarding - Enable/disable appending permit-x11-forwarding certificate extension. type: str choices: enable, disable + more... + +
                • +
              • source_address - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Access Proxy SSH client certificate. + fortios_firewall_access_proxy_ssh_client_cert: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_access_proxy_ssh_client_cert: + auth_ca: " (source firewall.ssh.local-ca.name)" + cert_extension: + - + critical: "no" + data: "" + name: "default_name_7" + type: "fixed" + name: "default_name_9" + permit_agent_forwarding: "enable" + permit_port_forwarding: "enable" + permit_pty: "enable" + permit_user_rc: "enable" + permit_x11_forwarding: "enable" + source_address: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_access_proxy_virtual_host.rst b/gen/fortios_firewall_access_proxy_virtual_host.rst new file mode 100644 index 00000000..9286eb91 --- /dev/null +++ b/gen/fortios_firewall_access_proxy_virtual_host.rst @@ -0,0 +1,298 @@ +:source: fortios_firewall_access_proxy_virtual_host.py + +:orphan: + +.. fortios_firewall_access_proxy_virtual_host: + +fortios_firewall_access_proxy_virtual_host -- Configure Access Proxy virtual hosts in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy_virtual_host category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_access_proxy_virtual_hostyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_access_proxy_virtual_host - Configure Access Proxy virtual hosts. type: dict + more... + +
              • +
                +
              • host - The host name. type: str + more... + +
                • +
              • host_type - Type of host pattern. type: str choices: sub-string, wildcard + more... + +
                • +
              • name - Virtual host name. type: str required: true + more... + +
                • +
              • ssl_certificate - SSL certificate for this host. Source vpn.certificate.local.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Access Proxy virtual hosts. + fortios_firewall_access_proxy_virtual_host: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_access_proxy_virtual_host: + host: "myhostname" + host_type: "sub-string" + name: "default_name_5" + ssl_certificate: " (source vpn.certificate.local.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_acl.rst b/gen/fortios_firewall_acl.rst new file mode 100644 index 00000000..75f09acd --- /dev/null +++ b/gen/fortios_firewall_acl.rst @@ -0,0 +1,769 @@ +:source: fortios_firewall_acl.py + +:orphan: + +.. fortios_firewall_acl: + +fortios_firewall_acl -- Configure IPv4 access control list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and acl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_aclyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_acl - Configure IPv4 access control list. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address name. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • interface - Interface name. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • service - Service name. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address name. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable access control list status. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 access control list. + fortios_firewall_acl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_acl: + comments: "" + dstaddr: + - + name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" + interface: " (source system.zone.name system.interface.name)" + name: "default_name_7" + policyid: "8" + service: + - + name: "default_name_10 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_12 (source firewall.address.name firewall.addrgrp.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_acl6.rst b/gen/fortios_firewall_acl6.rst new file mode 100644 index 00000000..4fa61ee4 --- /dev/null +++ b/gen/fortios_firewall_acl6.rst @@ -0,0 +1,769 @@ +:source: fortios_firewall_acl6.py + +:orphan: + +.. fortios_firewall_acl6: + +fortios_firewall_acl6 -- Configure IPv6 access control list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and acl6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_acl6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_acl6 - Configure IPv6 access control list. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address name. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • interface - Interface name. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • service - Service name. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address name. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable access control list status. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 access control list. + fortios_firewall_acl6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_acl6: + comments: "" + dstaddr: + - + name: "default_name_5 (source firewall.address6.name firewall.addrgrp6.name)" + interface: " (source system.zone.name system.interface.name)" + name: "default_name_7" + policyid: "8" + service: + - + name: "default_name_10 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_address.rst b/gen/fortios_firewall_address.rst new file mode 100644 index 00000000..64d65ac8 --- /dev/null +++ b/gen/fortios_firewall_address.rst @@ -0,0 +1,3218 @@ +:source: fortios_firewall_address.py + +:orphan: + +.. fortios_firewall_address: + +fortios_firewall_address -- Configure IPv4 addresses in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_addressyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_address - Configure IPv4 addresses. type: dict + more... + +
              • +
                +
              • allow_routing - Enable/disable use of this address in the static route configuration. type: str choices: enable, disable + more... + +
                • +
              • associated_interface - Network interface associated with address. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • cache_ttl - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. type: int + more... + +
                • +
              • clearpass_spt - SPT (System Posture Token) value. type: str choices: unknown, healthy, quarantine, checkup, transient, infected + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • country - IP addresses associated to a specific country. type: str + more... + +
                • +
              • end_ip - Final IP address (inclusive) in the range for the address. type: str + more... + +
                • +
              • end_mac - Last MAC address in the range. type: str + more... + +
                • +
              • epg_name - Endpoint group name. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • filter - Match criteria filter. type: str + more... + +
                • +
              • fqdn - Fully Qualified Domain Name address. type: str + more... + +
                • +
              • fsso_group - FSSO group(s). type: list member_path: fsso_group:name + more... + +
                • +
                  +
                • name - FSSO group name. Source user.adgrp.name. type: str required: true + more... + +
                  • +
                +
              • interface - Name of interface whose IP address is to be used. Source system.interface.name. type: str + more... + +
                • +
              • list - IP address list. type: list member_path: list:ip + more... + +
                • +
                  +
                • ip - IP. type: str required: true + more... + +
                  • +
                • net_id - Network ID. type: str + more... + +
                  • +
                • obj_id - Object ID. type: str + more... + +
                  • +
                +
              • macaddr - Multiple MAC address ranges. type: list member_path: macaddr:macaddr + more... + +
                • +
                  +
                • macaddr - MAC address ranges [-] separated by space. type: str required: true + more... + +
                  • +
                +
              • name - Address name. type: str required: true + more... + +
                • +
              • node_ip_only - Enable/disable collection of node addresses only in Kubernetes. type: str choices: enable, disable + more... + +
                • +
              • obj_id - Object ID for NSX. type: str + more... + +
                • +
              • obj_tag - Tag of dynamic address object. type: str + more... + +
                • +
              • obj_type - Object type. type: str choices: ip, mac + more... + +
                • +
              • organization - Organization domain name (Syntax: organization/domain). type: str + more... + +
                • +
              • policy_group - Policy group name. type: str + more... + +
                • +
              • sdn - SDN. Source system.sdn-connector.name. type: str choices: aci, aws, azure, gcp, nsx, nuage, oci, openstack + more... + +
                • +
              • sdn_addr_type - Type of addresses to collect. type: str choices: private, public, all + more... + +
                • +
              • sdn_tag - SDN Tag. type: str + more... + +
                • +
              • start_ip - First IP address (inclusive) in the range for the address. type: str + more... + +
                • +
              • start_mac - First MAC address in the range. type: str + more... + +
                • +
              • sub_type - Sub-type of address. type: str choices: sdn, clearpass-spt, fsso, ems-tag, fortivoice-tag, fortinac-tag, swc-tag + more... + +
                • +
              • subnet - IP address and subnet mask of address. type: str + more... + +
                • +
              • subnet_name - Subnet name. type: str + more... + +
                • +
              • tag_detection_level - Tag detection level of dynamic address object. type: str + more... + +
                • +
              • tag_type - Tag type of dynamic address object. type: str + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • tenant - Tenant. type: str + more... + +
                • +
              • type - Type of address. type: str choices: ipmask, iprange, fqdn, geography, wildcard, dynamic, interface-subnet, mac, wildcard-fqdn + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable address visibility in the GUI. type: str choices: enable, disable + more... + +
                • +
              • wildcard - IP address and wildcard netmask. type: str + more... + +
                • +
              • wildcard_fqdn - Fully Qualified Domain Name with wildcard characters. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 addresses. + fortios_firewall_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_address: + allow_routing: "enable" + associated_interface: " (source system.interface.name system.zone.name)" + cache_ttl: "5" + clearpass_spt: "unknown" + color: "7" + comment: "Comment." + country: "" + end_ip: "" + end_mac: "" + epg_name: "" + fabric_object: "enable" + filter: "" + fqdn: "" + fsso_group: + - + name: "default_name_17 (source user.adgrp.name)" + interface: " (source system.interface.name)" + list: + - + ip: "" + net_id: "" + obj_id: "" + macaddr: + - + macaddr: "" + name: "default_name_25" + node_ip_only: "enable" + obj_id: "" + obj_tag: "" + obj_type: "ip" + organization: "" + policy_group: "" + sdn: "aci" + sdn_addr_type: "private" + sdn_tag: "" + start_ip: "" + start_mac: "" + sub_type: "sdn" + subnet: "" + subnet_name: "" + tag_detection_level: "" + tag_type: "" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_44" + tags: + - + name: "default_name_46 (source system.object-tagging.tags.name)" + tenant: "" + type: "ipmask" + uuid: "" + visibility: "enable" + wildcard: "" + wildcard_fqdn: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_address6.rst b/gen/fortios_firewall_address6.rst new file mode 100644 index 00000000..2893cd4d --- /dev/null +++ b/gen/fortios_firewall_address6.rst @@ -0,0 +1,2021 @@ +:source: fortios_firewall_address6.py + +:orphan: + +.. fortios_firewall_address6: + +fortios_firewall_address6 -- Configure IPv6 firewall addresses in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and address6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_address6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_address6 - Configure IPv6 firewall addresses. type: dict + more... + +
              • +
                +
              • cache_ttl - Minimal TTL of individual IPv6 addresses in FQDN cache. type: int + more... + +
                • +
              • color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • country - IPv6 addresses associated to a specific country. type: str + more... + +
                • +
              • end_ip - Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                • +
              • end_mac - Last MAC address in the range. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • fqdn - Fully qualified domain name. type: str + more... + +
                • +
              • host - Host Address. type: str + more... + +
                • +
              • host_type - Host type. type: str choices: any, specific + more... + +
                • +
              • ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str + more... + +
                • +
              • list - IP address list. type: list member_path: list:ip + more... + +
                • +
                  +
                • ip - IP. type: str required: true + more... + +
                  • +
                • net_id - Network ID. type: str + more... + +
                  • +
                • obj_id - Object ID. type: str + more... + +
                  • +
                +
              • macaddr - Multiple MAC address ranges. type: list member_path: macaddr:macaddr + more... + +
                • +
                  +
                • macaddr - MAC address ranges [-] separated by space. type: str required: true + more... + +
                  • +
                +
              • name - Address name. type: str required: true + more... + +
                • +
              • obj_id - Object ID for NSX. type: str + more... + +
                • +
              • sdn - SDN. Source system.sdn-connector.name. type: str choices: nsx + more... + +
                • +
              • start_ip - First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                • +
              • start_mac - First MAC address in the range. type: str + more... + +
                • +
              • subnet_segment - IPv6 subnet segments. type: list member_path: subnet_segment:name + more... + +
                • +
                  +
                • name - Name. type: str required: true + more... + +
                  • +
                • type - Subnet segment type. type: str choices: any, specific + more... + +
                  • +
                • value - Subnet segment value. type: str + more... + +
                  • +
                +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • template - IPv6 address template. Source firewall.address6-template.name. type: str + more... + +
                • +
              • type - Type of IPv6 address object . type: str choices: ipprefix, iprange, fqdn, geography, dynamic, template, mac + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable the visibility of the object in the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 firewall addresses. + fortios_firewall_address6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_address6: + cache_ttl: "3" + color: "4" + comment: "Comment." + country: "" + end_ip: "" + end_mac: "" + fabric_object: "enable" + fqdn: "" + host: "" + host_type: "any" + ip6: "" + list: + - + ip: "" + net_id: "" + obj_id: "" + macaddr: + - + macaddr: "" + name: "default_name_20" + obj_id: "" + sdn: "nsx" + start_ip: "" + start_mac: "" + subnet_segment: + - + name: "default_name_26" + type: "any" + value: "" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_31" + tags: + - + name: "default_name_33 (source system.object-tagging.tags.name)" + template: " (source firewall.address6-template.name)" + type: "ipprefix" + uuid: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_address6_template.rst b/gen/fortios_firewall_address6_template.rst new file mode 100644 index 00000000..d6086cb5 --- /dev/null +++ b/gen/fortios_firewall_address6_template.rst @@ -0,0 +1,850 @@ +:source: fortios_firewall_address6_template.py + +:orphan: + +.. fortios_firewall_address6_template: + +fortios_firewall_address6_template -- Configure IPv6 address templates in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and address6_template category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_address6_templateyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_address6_template - Configure IPv6 address templates. type: dict + more... + +
              • +
                +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • ip6 - IPv6 address prefix. type: str + more... + +
                • +
              • name - IPv6 address template name. type: str required: true + more... + +
                • +
              • subnet_segment - IPv6 subnet segments. type: list member_path: subnet_segment:id + more... + +
                • +
                  +
                • bits - Number of bits. type: int + more... + +
                  • +
                • exclusive - Enable/disable exclusive value. type: str choices: enable, disable + more... + +
                  • +
                • id - Subnet segment ID. type: int required: true + more... + +
                  • +
                • name - Subnet segment name. type: str + more... + +
                  • +
                • values - Subnet segment values. type: list member_path: subnet_segment:id/values:name + more... + +
                  • +
                    +
                  • name - Subnet segment value name. type: str required: true + more... + +
                    • +
                  • value - Subnet segment value. type: str + more... + +
                    • +
                  +
                +
              • subnet_segment_count - Number of IPv6 subnet segments. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 address templates. + fortios_firewall_address6_template: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_address6_template: + fabric_object: "enable" + ip6: "" + name: "default_name_5" + subnet_segment: + - + bits: "7" + exclusive: "enable" + id: "9" + name: "default_name_10" + values: + - + name: "default_name_12" + value: "" + subnet_segment_count: "14" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_addrgrp.rst b/gen/fortios_firewall_addrgrp.rst new file mode 100644 index 00000000..dac6aecc --- /dev/null +++ b/gen/fortios_firewall_addrgrp.rst @@ -0,0 +1,1307 @@ +:source: fortios_firewall_addrgrp.py + +:orphan: + +.. fortios_firewall_addrgrp: + +fortios_firewall_addrgrp -- Configure IPv4 address groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and addrgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_addrgrpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_addrgrp - Configure IPv4 address groups. type: dict + more... + +
              • +
                +
              • allow_routing - Enable/disable use of this group in the static route configuration. type: str choices: enable, disable + more... + +
                • +
              • category - Address group category. type: str choices: default, ztna-ems-tag, ztna-geo-tag + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • exclude - Enable/disable address exclusion. type: str choices: enable, disable + more... + +
                • +
              • exclude_member - Address exclusion member. type: list member_path: exclude_member:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • member - Address objects contained within the group. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • name - Address group name. type: str required: true + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • type - Address group type. type: str choices: default, folder + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable address visibility in the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 address groups. + fortios_firewall_addrgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_addrgrp: + allow_routing: "enable" + category: "default" + color: "5" + comment: "Comment." + exclude: "enable" + exclude_member: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + fabric_object: "enable" + member: + - + name: "default_name_12 (source firewall.address.name firewall.addrgrp.name)" + name: "default_name_13" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_16" + tags: + - + name: "default_name_18 (source system.object-tagging.tags.name)" + type: "default" + uuid: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_addrgrp6.rst b/gen/fortios_firewall_addrgrp6.rst new file mode 100644 index 00000000..74483845 --- /dev/null +++ b/gen/fortios_firewall_addrgrp6.rst @@ -0,0 +1,863 @@ +:source: fortios_firewall_addrgrp6.py + +:orphan: + +.. fortios_firewall_addrgrp6: + +fortios_firewall_addrgrp6 -- Configure IPv6 address groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and addrgrp6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_addrgrp6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_addrgrp6 - Configure IPv6 address groups. type: dict + more... + +
              • +
                +
              • color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • member - Address objects contained within the group. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Address6/addrgrp6 name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • name - IPv6 address group name. type: str required: true + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable address group6 visibility in the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 address groups. + fortios_firewall_addrgrp6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_addrgrp6: + color: "3" + comment: "Comment." + fabric_object: "enable" + member: + - + name: "default_name_7 (source firewall.address6.name firewall.addrgrp6.name)" + name: "default_name_8" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_11" + tags: + - + name: "default_name_13 (source system.object-tagging.tags.name)" + uuid: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_auth_portal.rst b/gen/fortios_firewall_auth_portal.rst new file mode 100644 index 00000000..7ef11cd3 --- /dev/null +++ b/gen/fortios_firewall_auth_portal.rst @@ -0,0 +1,446 @@ +:source: fortios_firewall_auth_portal.py + +:orphan: + +.. fortios_firewall_auth_portal: + +fortios_firewall_auth_portal -- Configure firewall authentication portals in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and auth_portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_auth_portalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_auth_portal - Configure firewall authentication portals. type: dict + more... + +
              • +
                +
              • groups - Firewall user groups permitted to authenticate through this portal. Separate group names with spaces. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • identity_based_route - Name of the identity-based route that applies to this portal. Source firewall.identity-based-route.name. type: str + more... + +
                • +
              • portal_addr - Address (or FQDN) of the authentication portal. type: str + more... + +
                • +
              • portal_addr6 - IPv6 address (or FQDN) of authentication portal. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure firewall authentication portals. + fortios_firewall_auth_portal: + vdom: "{{ vdom }}" + firewall_auth_portal: + groups: + - + name: "default_name_4 (source user.group.name)" + identity_based_route: " (source firewall.identity-based-route.name)" + portal_addr: "" + portal_addr6: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_carrier_endpoint_bwl.rst b/gen/fortios_firewall_carrier_endpoint_bwl.rst new file mode 100644 index 00000000..b7935e8a --- /dev/null +++ b/gen/fortios_firewall_carrier_endpoint_bwl.rst @@ -0,0 +1,525 @@ +:source: fortios_firewall_carrier_endpoint_bwl.py + +:orphan: + +.. fortios_firewall_carrier_endpoint_bwl: + +fortios_firewall_carrier_endpoint_bwl -- Carrier end point black/white list tables in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and carrier_endpoint_bwl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_firewall_carrier_endpoint_bwlyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_carrier_endpoint_bwl - Carrier end point black/white list tables. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Carrier end point black/white list. type: list + more... + +
                • +
                  +
                • action - Action to take on this end point type: list choices: block, exempt, exempt-mass-mms + more... + +
                  • +
                • carrier_endpoint - End point to act on. type: str + more... + +
                  • +
                • log_action - Action to take on this end point type: list choices: archive + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp, simple + more... + +
                  • +
                • status - Enable/disable specified action(s) for this end point. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Carrier end point black/white list tables. + fortios_firewall_carrier_endpoint_bwl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_carrier_endpoint_bwl: + comment: "Optional comments." + entries: + - + action: "block" + carrier_endpoint: "" + log_action: "archive" + pattern_type: "wildcard" + status: "enable" + id: "10" + name: "default_name_11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_central_snat_map.rst b/gen/fortios_firewall_central_snat_map.rst new file mode 100644 index 00000000..12048457 --- /dev/null +++ b/gen/fortios_firewall_central_snat_map.rst @@ -0,0 +1,1646 @@ +:source: fortios_firewall_central_snat_map.py + +:orphan: + +.. fortios_firewall_central_snat_map: + +fortios_firewall_central_snat_map -- Configure IPv4 and IPv6 central SNAT policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and central_snat_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_central_snat_mapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • action - the action indiactor to move an object in the list type: str choices: move
              • +
            • self - mkey of self identifier type: str
              • +
            • after - mkey of target identifier type: str
              • +
            • before - mkey of target identifier type: str
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_central_snat_map - Configure IPv4 and IPv6 central SNAT policies. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • dst_addr - IPv4 Destination address. type: list member_path: dst_addr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • dst_addr6 - IPv6 Destination address. type: list member_path: dst_addr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Destination interface name from available interfaces. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • nat - Enable/disable source NAT. type: str choices: disable, enable + more... + +
                • +
              • nat_ippool - Name of the IP pools to be used to translate addresses from available IP Pools. type: list member_path: nat_ippool:name + more... + +
                • +
                  +
                • name - IP pool name. Source firewall.ippool.name. type: str required: true + more... + +
                  • +
                +
              • nat_ippool6 - IPv6 pools to be used for source NAT. type: list member_path: nat_ippool6:name + more... + +
                • +
                  +
                • name - IPv6 pool name. Source firewall.ippool6.name. type: str required: true + more... + +
                  • +
                +
              • nat_port - Translated port or port range (1 to 65535, 0 means any port). type: str + more... + +
                • +
              • nat46 - Enable/disable NAT46. type: str choices: enable, disable + more... + +
                • +
              • nat64 - Enable/disable NAT64. type: str choices: enable, disable + more... + +
                • +
              • orig_addr - IPv4 Original address. type: list member_path: orig_addr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • orig_addr6 - IPv6 Original address. type: list member_path: orig_addr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • orig_port - Original TCP port (1 to 65535, 0 means any port). type: str + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • protocol - Integer value for the protocol type (0 - 255). type: int + more... + +
                • +
              • srcintf - Source interface name from available interfaces. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable the active status of this policy. type: str choices: enable, disable + more... + +
                • +
              • type - IPv4/IPv6 source NAT. type: str choices: ipv4, ipv6 + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + - Adjust object order by moving self after(before) another. + + - Only one of [after, before] must be specified when action is moving an object. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 and IPv6 central SNAT policies. + fortios_firewall_central_snat_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_central_snat_map: + comments: "" + dst_addr: + - + name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" + dst_addr6: + - + name: "default_name_7 (source firewall.address6.name firewall.addrgrp6.name)" + dstintf: + - + name: "default_name_9 (source system.interface.name system.zone.name)" + nat: "disable" + nat_ippool: + - + name: "default_name_12 (source firewall.ippool.name)" + nat_ippool6: + - + name: "default_name_14 (source firewall.ippool6.name)" + nat_port: "" + nat46: "enable" + nat64: "enable" + orig_addr: + - + name: "default_name_19 (source firewall.address.name firewall.addrgrp.name)" + orig_addr6: + - + name: "default_name_21 (source firewall.address6.name firewall.addrgrp6.name)" + orig_port: "" + policyid: "23" + protocol: "24" + srcintf: + - + name: "default_name_26 (source system.interface.name system.zone.name)" + status: "enable" + type: "ipv4" + uuid: "" + + - name: move firewall.central_snat_map + fortios_firewall_central_snat_map: + vdom: "root" + action: "move" + self: "" + after: "" + #before: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_city.rst b/gen/fortios_firewall_city.rst new file mode 100644 index 00000000..c4166007 --- /dev/null +++ b/gen/fortios_firewall_city.rst @@ -0,0 +1,252 @@ +:source: fortios_firewall_city.py + +:orphan: + +.. fortios_firewall_city: + +fortios_firewall_city -- Define city table in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and city category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_cityyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_city - Define city table. type: dict + more... + +
              • +
                +
              • id - City ID. type: int required: true + more... + +
                • +
              • name - City name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define city table. + fortios_firewall_city: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_city: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_consolidated_policy.rst b/gen/fortios_firewall_consolidated_policy.rst new file mode 100644 index 00000000..b80c9590 --- /dev/null +++ b/gen/fortios_firewall_consolidated_policy.rst @@ -0,0 +1,2983 @@ +:source: fortios_firewall_consolidated_policy.py + +:orphan: + +.. fortios_firewall_consolidated_policy: + +fortios_firewall_consolidated_policy -- Configure consolidated IPv4/IPv6 policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_consolidated feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_firewall_consolidated_policyyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_consolidated_policy - Configure consolidated IPv4/IPv6 policies. type: dict + more... + +
              • +
                +
              • action - Policy action (allow/deny/ipsec). type: str choices: accept, deny, ipsec + more... + +
                • +
              • application_list - Name of an existing Application list. Source application.list.name. type: str + more... + +
                • +
              • auto_asic_offload - Enable/disable policy traffic ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • captive_portal_exempt - Enable exemption of some users from the captive portal. type: str choices: enable, disable + more... + +
                • +
              • cifs_profile - Name of an existing CIFS profile. Source cifs.profile.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable + more... + +
                • +
              • diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable + more... + +
                • +
              • diffservcode_forward - Change packet"s DiffServ to this value. type: str + more... + +
                • +
              • diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str + more... + +
                • +
              • dstaddr_negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • dstaddr4 - Destination IPv4 address name and address group names. type: list member_path: dstaddr4:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource .name. type: str required: true + more... + +
                  • +
                +
              • dstaddr6 - Destination IPv6 address name and address group names. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Outgoing (egress) interface. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • fixedport - Enable to prevent source NAT from changing a session"s source port. type: str choices: enable, disable + more... + +
                • +
              • fsso_groups - Names of FSSO groups. type: list member_path: fsso_groups:name + more... + +
                • +
                  +
                • name - Names of FSSO groups. Source user.adgrp.name. type: str required: true + more... + +
                  • +
                +
              • global_label - Label for the policy that appears when the GUI is in Global View mode. type: str + more... + +
                • +
              • groups - Names of user groups that can authenticate with this policy. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • http_policy_redirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. type: str choices: enable, disable + more... + +
                • +
              • icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str + more... + +
                • +
              • inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: enable, disable + more... + +
                • +
              • inspection_mode - Policy inspection mode (Flow/proxy). Default is Flow mode. type: str choices: proxy, flow + more... + +
                • +
              • internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_custom - Custom Internet Service name. type: list member_path: internet_service_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_custom_group - Custom Internet Service group name. type: list member_path: internet_service_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_group - Internet Service group name. type: list member_path: internet_service_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_id - Internet Service ID. type: list member_path: internet_service_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_negate - When enabled internet-service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src_custom - Custom Internet Service source name. type: list member_path: internet_service_src_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_custom_group - Custom Internet Service source group name. type: list member_path: internet_service_src_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_group - Internet Service source group name. type: list member_path: internet_service_src_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_id - Internet Service source ID. type: list member_path: internet_service_src_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_src_negate - When enabled internet-service-src specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • ippool - Enable to use IP Pools for source NAT. type: str choices: enable, disable + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • logtraffic - Enable or disable logging. Log all sessions or security profile sessions. type: str choices: all, utm, disable + more... + +
                • +
              • logtraffic_start - Record logs when a session starts. type: str choices: enable, disable + more... + +
                • +
              • mms_profile - Name of an existing MMS profile. Source firewall.mms-profile.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • nat - Enable/disable source NAT. type: str choices: enable, disable + more... + +
                • +
              • outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: enable, disable + more... + +
                • +
              • per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                • +
              • policyid - Policy ID (0 - 4294967294). type: int required: true + more... + +
                • +
              • poolname4 - IPv4 pool names. type: list member_path: poolname4:name + more... + +
                • +
                  +
                • name - IPv4 pool name. Source firewall.ippool.name. type: str required: true + more... + +
                  • +
                +
              • poolname6 - IPv6 pool names. type: list member_path: poolname6:name + more... + +
                • +
                  +
                • name - IPv6 pool name. Source firewall.ippool6.name. type: str required: true + more... + +
                  • +
                +
              • profile_group - Name of profile group. Source firewall.profile-group.name. type: str + more... + +
                • +
              • profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str + more... + +
                • +
              • profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group + more... + +
                • +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • service - Service and service group names. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • session_ttl - TTL in seconds for sessions accepted by this policy (0 means use the system ). type: int + more... + +
                • +
              • srcaddr_negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcaddr4 - Source IPv4 address name and address group names. type: list member_path: srcaddr4:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr6 - Source IPv6 address name and address group names. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Incoming (ingress) interface. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str + more... + +
                • +
              • ssh_policy_redirect - Redirect SSH traffic to matching transparent proxy policy. type: str choices: enable, disable + more... + +
                • +
              • ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • status - Enable or disable this policy. type: str choices: enable, disable + more... + +
                • +
              • tcp_mss_receiver - Receiver TCP maximum segment size (MSS). type: int + more... + +
                • +
              • tcp_mss_sender - Sender TCP maximum segment size (MSS). type: int + more... + +
                • +
              • traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • users - Names of individual users that can authenticate with this policy. type: list member_path: users:name + more... + +
                • +
                  +
                • name - User name. Source user.local.name. type: str required: true + more... + +
                  • +
                +
              • utm_status - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str + more... + +
                • +
              • vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name. type: str + more... + +
                • +
              • waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str + more... + +
                • +
              • wanopt - Enable/disable WAN optimization. type: str choices: enable, disable + more... + +
                • +
              • wanopt_detection - WAN optimization auto-detection mode. type: str choices: active, passive, False + more... + +
                • +
              • wanopt_passive_opt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. type: str choices: default, transparent, non-transparent + more... + +
                • +
              • wanopt_peer - WAN optimization peer. Source wanopt.peer.peer-host-id. type: str + more... + +
                • +
              • wanopt_profile - WAN optimization profile. Source wanopt.profile.name. type: str + more... + +
                • +
              • webcache - Enable/disable web cache. type: str choices: enable, disable + more... + +
                • +
              • webcache_https - Enable/disable web cache for HTTPS. type: str choices: disable, enable + more... + +
                • +
              • webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webproxy_forward_server - Webproxy forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str + more... + +
                • +
              • webproxy_profile - Webproxy profile name. Source web-proxy.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure consolidated IPv4/IPv6 policies. + fortios_firewall_consolidated_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_consolidated_policy: + action: "accept" + application_list: " (source application.list.name)" + auto_asic_offload: "enable" + av_profile: " (source antivirus.profile.name)" + captive_portal_exempt: "enable" + cifs_profile: " (source cifs.profile.name)" + comments: "" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + dstaddr_negate: "enable" + dstaddr4: + - + name: "default_name_18 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource.name)" + dstaddr6: + - + name: "default_name_20 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system.external-resource + .name)" + dstintf: + - + name: "default_name_22 (source system.interface.name system.zone.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + fixedport: "enable" + fsso_groups: + - + name: "default_name_26 (source user.adgrp.name)" + global_label: "" + groups: + - + name: "default_name_29 (source user.group.name)" + http_policy_redirect: "enable" + icap_profile: " (source icap.profile.name)" + inbound: "enable" + inspection_mode: "proxy" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_36 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_38 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_40 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "42 (source firewall.internet-service.id)" + internet_service_negate: "enable" + internet_service_src: "enable" + internet_service_src_custom: + - + name: "default_name_46 (source firewall.internet-service-custom.name)" + internet_service_src_custom_group: + - + name: "default_name_48 (source firewall.internet-service-custom-group.name)" + internet_service_src_group: + - + name: "default_name_50 (source firewall.internet-service-group.name)" + internet_service_src_id: + - + id: "52 (source firewall.internet-service.id)" + internet_service_src_negate: "enable" + ippool: "enable" + ips_sensor: " (source ips.sensor.name)" + logtraffic: "all" + logtraffic_start: "enable" + mms_profile: " (source firewall.mms-profile.name)" + name: "default_name_59" + nat: "enable" + outbound: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + policyid: "63" + poolname4: + - + name: "default_name_65 (source firewall.ippool.name)" + poolname6: + - + name: "default_name_67 (source firewall.ippool6.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_73 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "75" + srcaddr_negate: "enable" + srcaddr4: + - + name: "default_name_78 (source firewall.address.name firewall.addrgrp.name system.external-resource.name)" + srcaddr6: + - + name: "default_name_80 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + srcintf: + - + name: "default_name_82 (source system.interface.name system.zone.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssh_policy_redirect: "enable" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + tcp_mss_receiver: "87" + tcp_mss_sender: "88" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + users: + - + name: "default_name_92 (source user.local.name)" + utm_status: "enable" + uuid: "" + voip_profile: " (source voip.profile.name)" + vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" + waf_profile: " (source waf.profile.name)" + wanopt: "enable" + wanopt_detection: "active" + wanopt_passive_opt: "default" + wanopt_peer: " (source wanopt.peer.peer-host-id)" + wanopt_profile: " (source wanopt.profile.name)" + webcache: "enable" + webcache_https: "disable" + webfilter_profile: " (source webfilter.profile.name)" + webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + webproxy_profile: " (source web-proxy.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_country.rst b/gen/fortios_firewall_country.rst new file mode 100644 index 00000000..b6cdfef6 --- /dev/null +++ b/gen/fortios_firewall_country.rst @@ -0,0 +1,319 @@ +:source: fortios_firewall_country.py + +:orphan: + +.. fortios_firewall_country: + +fortios_firewall_country -- Define country table in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and country category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_countryyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_country - Define country table. type: dict + more... + +
              • +
                +
              • id - Country ID. type: int required: true + more... + +
                • +
              • name - Country name. type: str + more... + +
                • +
              • region - Region ID list. type: list member_path: region:id + more... + +
                • +
                  +
                • id - Region ID. type: int required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define country table. + fortios_firewall_country: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_country: + id: "3" + name: "default_name_4" + region: + - + id: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_decrypted_traffic_mirror.rst b/gen/fortios_firewall_decrypted_traffic_mirror.rst new file mode 100644 index 00000000..c07e0fce --- /dev/null +++ b/gen/fortios_firewall_decrypted_traffic_mirror.rst @@ -0,0 +1,443 @@ +:source: fortios_firewall_decrypted_traffic_mirror.py + +:orphan: + +.. fortios_firewall_decrypted_traffic_mirror: + +fortios_firewall_decrypted_traffic_mirror -- Configure decrypted traffic mirror in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and decrypted_traffic_mirror category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_decrypted_traffic_mirroryesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_decrypted_traffic_mirror - Configure decrypted traffic mirror. type: dict + more... + +
              • +
                +
              • dstmac - Set destination MAC address for mirrored traffic. type: str + more... + +
                • +
              • interface - Decrypted traffic mirror interface. type: list member_path: interface:name + more... + +
                • +
                  +
                • name - Decrypted traffic mirror interface. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • traffic_source - Source of decrypted traffic to be mirrored. type: str choices: client, server, both + more... + +
                • +
              • traffic_type - Types of decrypted traffic to be mirrored. type: list choices: ssl, ssh + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure decrypted traffic mirror. + fortios_firewall_decrypted_traffic_mirror: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_decrypted_traffic_mirror: + dstmac: "" + interface: + - + name: "default_name_5 (source system.interface.name)" + name: "default_name_6" + traffic_source: "client" + traffic_type: "ssl" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_dnstranslation.rst b/gen/fortios_firewall_dnstranslation.rst new file mode 100644 index 00000000..30ea8ca1 --- /dev/null +++ b/gen/fortios_firewall_dnstranslation.rst @@ -0,0 +1,400 @@ +:source: fortios_firewall_dnstranslation.py + +:orphan: + +.. fortios_firewall_dnstranslation: + +fortios_firewall_dnstranslation -- Configure DNS translation in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and dnstranslation category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_dnstranslationyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_dnstranslation - Configure DNS translation. type: dict + more... + +
              • +
                +
              • dst - IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src. type: str + more... + +
                • +
              • id - ID. type: int required: true + more... + +
                • +
              • netmask - If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst. type: str + more... + +
                • +
              • src - IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS translation. + fortios_firewall_dnstranslation: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_dnstranslation: + dst: "" + id: "4" + netmask: "" + src: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_dos_policy.rst b/gen/fortios_firewall_dos_policy.rst new file mode 100644 index 00000000..9964297d --- /dev/null +++ b/gen/fortios_firewall_dos_policy.rst @@ -0,0 +1,1441 @@ +:source: fortios_firewall_dos_policy.py + +:orphan: + +.. fortios_firewall_dos_policy: + +fortios_firewall_dos_policy -- Configure IPv4 DoS policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and dos_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_dos_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_dos_policy - Configure IPv4 DoS policies. type: dict + more... + +
              • +
                +
              • anomaly - Anomaly name. type: list member_path: anomaly:name + more... + +
                • +
                  +
                • action - Action taken when the threshold is reached. type: str choices: pass, block, proxy + more... + +
                  • +
                • log - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                  • +
                • name - Anomaly name. type: str required: true + more... + +
                  • +
                • quarantine - Quarantine method. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine. (Format type: str + more... + +
                  • +
                • quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable + more... + +
                  • +
                • status - Enable/disable this anomaly. type: str choices: disable, enable + more... + +
                  • +
                • threshold - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. type: int + more... + +
                  • +
                • threshold(default) - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int + more... + +
                  • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address name from available addresses. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • interface - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • service - Service object from available options. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address name from available addresses. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 DoS policies. + fortios_firewall_dos_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_dos_policy: + anomaly: + - + action: "pass" + log: "enable" + name: "default_name_6" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + status: "disable" + threshold: "11" + threshold(default): "12" + comments: "" + dstaddr: + - + name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)" + interface: " (source system.zone.name system.interface.name)" + name: "default_name_17" + policyid: "18" + service: + - + name: "default_name_20 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_dos_policy6.rst b/gen/fortios_firewall_dos_policy6.rst new file mode 100644 index 00000000..5ffa8f3d --- /dev/null +++ b/gen/fortios_firewall_dos_policy6.rst @@ -0,0 +1,1441 @@ +:source: fortios_firewall_dos_policy6.py + +:orphan: + +.. fortios_firewall_dos_policy6: + +fortios_firewall_dos_policy6 -- Configure IPv6 DoS policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and dos_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_dos_policy6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_dos_policy6 - Configure IPv6 DoS policies. type: dict + more... + +
              • +
                +
              • anomaly - Anomaly name. type: list member_path: anomaly:name + more... + +
                • +
                  +
                • action - Action taken when the threshold is reached. type: str choices: pass, block, proxy + more... + +
                  • +
                • log - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                  • +
                • name - Anomaly name. type: str required: true + more... + +
                  • +
                • quarantine - Quarantine method. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine. (Format type: str + more... + +
                  • +
                • quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable + more... + +
                  • +
                • status - Enable/disable this anomaly. type: str choices: disable, enable + more... + +
                  • +
                • threshold - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. type: int + more... + +
                  • +
                • threshold(default) - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int + more... + +
                  • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address name from available addresses. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • interface - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • service - Service object from available options. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address name from available addresses. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 DoS policies. + fortios_firewall_dos_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_dos_policy6: + anomaly: + - + action: "pass" + log: "enable" + name: "default_name_6" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + status: "disable" + threshold: "11" + threshold(default): "12" + comments: "" + dstaddr: + - + name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)" + interface: " (source system.zone.name system.interface.name)" + name: "default_name_17" + policyid: "18" + service: + - + name: "default_name_20 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_22 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_gtp.rst b/gen/fortios_firewall_gtp.rst new file mode 100644 index 00000000..19a1200c --- /dev/null +++ b/gen/fortios_firewall_gtp.rst @@ -0,0 +1,14123 @@ +:source: fortios_firewall_gtp.py + +:orphan: + +.. fortios_firewall_gtp: + +fortios_firewall_gtp -- Configure GTP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and gtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_gtpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_gtp - Configure GTP. type: dict + more... + +
              • +
                +
              • addr_notify - overbilling notify address type: str + more... + +
                • +
              • apn - APN. type: list member_path: apn:id + more... + +
                • +
                  +
                • action - Action. type: str choices: allow, deny + more... + +
                  • +
                • apnmember - APN member. type: list member_path: apn:id/apnmember:name + more... + +
                  • +
                    +
                  • name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • selection_mode - APN selection mode. type: list choices: ms, net, vrf + more... + +
                  • +
                +
              • apn_filter - apn filter type: str choices: enable, disable + more... + +
                • +
              • authorized_ggsns - Authorized GGSN/PGW group. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • authorized_ggsns6 - Authorized GGSN/PGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • authorized_sgsns - Authorized SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • authorized_sgsns6 - Authorized SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • context_id - Overbilling context. type: int + more... + +
                • +
              • control_plane_message_rate_limit - control plane message rate limit type: int + more... + +
                • +
              • default_apn_action - default apn action type: str choices: allow, deny + more... + +
                • +
              • default_imsi_action - default imsi action type: str choices: allow, deny + more... + +
                • +
              • default_ip_action - default action for encapsulated IP traffic type: str choices: allow, deny + more... + +
                • +
              • default_noip_action - default action for encapsulated non-IP traffic type: str choices: allow, deny + more... + +
                • +
              • default_policy_action - default advanced policy action type: str choices: allow, deny + more... + +
                • +
              • denied_log - log denied type: str choices: enable, disable + more... + +
                • +
              • echo_request_interval - echo request interval (in seconds) type: int + more... + +
                • +
              • extension_log - log in extension format type: str choices: enable, disable + more... + +
                • +
              • forwarded_log - log forwarded type: str choices: enable, disable + more... + +
                • +
              • global_tunnel_limit - Global tunnel limit. Source gtp.tunnel-limit.name. type: str + more... + +
                • +
              • gtp_in_gtp - gtp in gtp type: str choices: allow, deny + more... + +
                • +
              • gtpu_denied_log - Enable/disable logging of denied GTP-U packets. type: str choices: enable, disable + more... + +
                • +
              • gtpu_forwarded_log - Enable/disable logging of forwarded GTP-U packets. type: str choices: enable, disable + more... + +
                • +
              • gtpu_log_freq - Logging of frequency of GTP-U packets. type: int + more... + +
                • +
              • half_close_timeout - Half-close tunnel timeout (in seconds). type: int + more... + +
                • +
              • half_open_timeout - Half-open tunnel timeout (in seconds). type: int + more... + +
                • +
              • handover_group - Handover SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • handover_group6 - Handover SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ie_allow_list_v0v1 - IE allow list. Source gtp.ie-allow-list.name. type: str + more... + +
                • +
              • ie_allow_list_v2 - IE allow list. Source gtp.ie-allow-list.name. type: str + more... + +
                • +
              • ie_remove_policy - IE remove policy. type: list member_path: ie_remove_policy:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • remove_ies - GTP IEs to be removed. type: str choices: apn-restriction, rat-type, rai, uli, imei + more... + +
                  • +
                • sgsn_addr - SGSN address name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                  • +
                • sgsn_addr6 - SGSN IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                  • +
                +
              • ie_remover - IE removal policy. type: str choices: enable, disable + more... + +
                • +
              • ie_validation - IE validation. type: dict + more... + +
                • +
                  +
                • apn_restriction - Validate APN restriction. type: str choices: enable, disable + more... + +
                  • +
                • charging_gateway_addr - Validate charging gateway address. type: str choices: enable, disable + more... + +
                  • +
                • charging_ID - Validate charging ID. type: str choices: enable, disable + more... + +
                  • +
                • end_user_addr - Validate end user address. type: str choices: enable, disable + more... + +
                  • +
                • gsn_addr - Validate GSN address. type: str choices: enable, disable + more... + +
                  • +
                • imei - Validate IMEI(SV). type: str choices: enable, disable + more... + +
                  • +
                • imsi - Validate IMSI. type: str choices: enable, disable + more... + +
                  • +
                • mm_context - Validate MM context. type: str choices: enable, disable + more... + +
                  • +
                • ms_tzone - Validate MS time zone. type: str choices: enable, disable + more... + +
                  • +
                • ms_validated - Validate MS validated. type: str choices: enable, disable + more... + +
                  • +
                • msisdn - Validate MSISDN. type: str choices: enable, disable + more... + +
                  • +
                • nsapi - Validate NSAPI. type: str choices: enable, disable + more... + +
                  • +
                • pdp_context - Validate PDP context. type: str choices: enable, disable + more... + +
                  • +
                • qos_profile - Validate Quality of Service(QoS) profile. type: str choices: enable, disable + more... + +
                  • +
                • rai - Validate RAI. type: str choices: enable, disable + more... + +
                  • +
                • rat_type - Validate RAT type. type: str choices: enable, disable + more... + +
                  • +
                • reordering_required - Validate re-ordering required. type: str choices: enable, disable + more... + +
                  • +
                • selection_mode - Validate selection mode. type: str choices: enable, disable + more... + +
                  • +
                • uli - Validate user location information. type: str choices: enable, disable + more... + +
                  • +
                +
              • ie_white_list_v0v1 - IE white list. Source gtp.ie-white-list.name. type: str + more... + +
                • +
              • ie_white_list_v2 - IE white list. Source gtp.ie-white-list.name. type: str + more... + +
                • +
              • imsi - IMSI. type: list member_path: imsi:id + more... + +
                • +
                  +
                • action - Action. type: str choices: allow, deny + more... + +
                  • +
                • apnmember - APN member. type: list member_path: imsi:id/apnmember:name + more... + +
                  • +
                    +
                  • name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • mcc_mnc - MCC MNC. type: str + more... + +
                  • +
                • msisdn_prefix - MSISDN prefix. type: str + more... + +
                  • +
                • selection_mode - APN selection mode. type: list choices: ms, net, vrf + more... + +
                  • +
                +
              • imsi_filter - imsi filter type: str choices: enable, disable + more... + +
                • +
              • interface_notify - overbilling interface Source system.interface.name. type: str + more... + +
                • +
              • invalid_reserved_field - Invalid reserved field in GTP header type: str choices: allow, deny + more... + +
                • +
              • invalid_sgsns_to_log - Invalid SGSN group to be logged Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • invalid_sgsns6_to_log - Invalid SGSN IPv6 group to be logged. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ip_filter - IP filter for encapsulted traffic type: str choices: enable, disable + more... + +
                • +
              • ip_policy - IP policy. type: list member_path: ip_policy:id + more... + +
                • +
                  +
                • action - Action. type: str choices: allow, deny + more... + +
                  • +
                • dstaddr - Destination address name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                  • +
                • dstaddr6 - Destination IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • srcaddr - Source address name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                  • +
                • srcaddr6 - Source IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                  • +
                +
              • log_freq - Logging of frequency of GTP-C packets. type: int + more... + +
                • +
              • log_gtpu_limit - the user data log limit (0-512 bytes) type: int + more... + +
                • +
              • log_imsi_prefix - IMSI prefix for selective logging. type: str + more... + +
                • +
              • log_msisdn_prefix - the msisdn prefix for selective logging type: str + more... + +
                • +
              • max_message_length - max message length type: int + more... + +
                • +
              • message_filter_v0v1 - Message filter. Source gtp.message-filter-v0v1.name. type: str + more... + +
                • +
              • message_filter_v2 - Message filter. Source gtp.message-filter-v2.name. type: str + more... + +
                • +
              • message_rate_limit - Message rate limiting. type: dict + more... + +
                • +
                  +
                • create_aa_pdp_request - Rate limit for create AA PDP context request (packets per second). type: int + more... + +
                  • +
                • create_aa_pdp_response - Rate limit for create AA PDP context response (packets per second). type: int + more... + +
                  • +
                • create_mbms_request - Rate limit for create MBMS context request (packets per second). type: int + more... + +
                  • +
                • create_mbms_response - Rate limit for create MBMS context response (packets per second). type: int + more... + +
                  • +
                • create_pdp_request - Rate limit for create PDP context request (packets per second). type: int + more... + +
                  • +
                • create_pdp_response - Rate limit for create PDP context response (packets per second). type: int + more... + +
                  • +
                • delete_aa_pdp_request - Rate limit for delete AA PDP context request (packets per second). type: int + more... + +
                  • +
                • delete_aa_pdp_response - Rate limit for delete AA PDP context response (packets per second). type: int + more... + +
                  • +
                • delete_mbms_request - Rate limit for delete MBMS context request (packets per second). type: int + more... + +
                  • +
                • delete_mbms_response - Rate limit for delete MBMS context response (packets per second). type: int + more... + +
                  • +
                • delete_pdp_request - Rate limit for delete PDP context request (packets per second). type: int + more... + +
                  • +
                • delete_pdp_response - Rate limit for delete PDP context response (packets per second). type: int + more... + +
                  • +
                • echo_reponse - Rate limit for echo response (packets per second). type: int + more... + +
                  • +
                • echo_request - Rate limit for echo requests (packets per second). type: int + more... + +
                  • +
                • error_indication - Rate limit for error indication (packets per second). type: int + more... + +
                  • +
                • failure_report_request - Rate limit for failure report request (packets per second). type: int + more... + +
                  • +
                • failure_report_response - Rate limit for failure report response (packets per second). type: int + more... + +
                  • +
                • fwd_reloc_complete_ack - Rate limit for forward relocation complete acknowledge (packets per second). type: int + more... + +
                  • +
                • fwd_relocation_complete - Rate limit for forward relocation complete (packets per second). type: int + more... + +
                  • +
                • fwd_relocation_request - Rate limit for forward relocation request (packets per second). type: int + more... + +
                  • +
                • fwd_relocation_response - Rate limit for forward relocation response (packets per second). type: int + more... + +
                  • +
                • fwd_srns_context - Rate limit for forward SRNS context (packets per second). type: int + more... + +
                  • +
                • fwd_srns_context_ack - Rate limit for forward SRNS context acknowledge (packets per second). type: int + more... + +
                  • +
                • g_pdu - Rate limit for G-PDU (packets per second). type: int + more... + +
                  • +
                • identification_request - Rate limit for identification request (packets per second). type: int + more... + +
                  • +
                • identification_response - Rate limit for identification response (packets per second). type: int + more... + +
                  • +
                • mbms_de_reg_request - Rate limit for MBMS de-registration request (packets per second). type: int + more... + +
                  • +
                • mbms_de_reg_response - Rate limit for MBMS de-registration response (packets per second). type: int + more... + +
                  • +
                • mbms_notify_rej_request - Rate limit for MBMS notification reject request (packets per second). type: int + more... + +
                  • +
                • mbms_notify_rej_response - Rate limit for MBMS notification reject response (packets per second). type: int + more... + +
                  • +
                • mbms_notify_request - Rate limit for MBMS notification request (packets per second). type: int + more... + +
                  • +
                • mbms_notify_response - Rate limit for MBMS notification response (packets per second). type: int + more... + +
                  • +
                • mbms_reg_request - Rate limit for MBMS registration request (packets per second). type: int + more... + +
                  • +
                • mbms_reg_response - Rate limit for MBMS registration response (packets per second). type: int + more... + +
                  • +
                • mbms_ses_start_request - Rate limit for MBMS session start request (packets per second). type: int + more... + +
                  • +
                • mbms_ses_start_response - Rate limit for MBMS session start response (packets per second). type: int + more... + +
                  • +
                • mbms_ses_stop_request - Rate limit for MBMS session stop request (packets per second). type: int + more... + +
                  • +
                • mbms_ses_stop_response - Rate limit for MBMS session stop response (packets per second). type: int + more... + +
                  • +
                • note_ms_request - Rate limit for note MS GPRS present request (packets per second). type: int + more... + +
                  • +
                • note_ms_response - Rate limit for note MS GPRS present response (packets per second). type: int + more... + +
                  • +
                • pdu_notify_rej_request - Rate limit for PDU notify reject request (packets per second). type: int + more... + +
                  • +
                • pdu_notify_rej_response - Rate limit for PDU notify reject response (packets per second). type: int + more... + +
                  • +
                • pdu_notify_request - Rate limit for PDU notify request (packets per second). type: int + more... + +
                  • +
                • pdu_notify_response - Rate limit for PDU notify response (packets per second). type: int + more... + +
                  • +
                • ran_info - Rate limit for RAN information relay (packets per second). type: int + more... + +
                  • +
                • relocation_cancel_request - Rate limit for relocation cancel request (packets per second). type: int + more... + +
                  • +
                • relocation_cancel_response - Rate limit for relocation cancel response (packets per second). type: int + more... + +
                  • +
                • send_route_request - Rate limit for send routing information for GPRS request (packets per second). type: int + more... + +
                  • +
                • send_route_response - Rate limit for send routing information for GPRS response (packets per second). type: int + more... + +
                  • +
                • sgsn_context_ack - Rate limit for SGSN context acknowledgement (packets per second). type: int + more... + +
                  • +
                • sgsn_context_request - Rate limit for SGSN context request (packets per second). type: int + more... + +
                  • +
                • sgsn_context_response - Rate limit for SGSN context response (packets per second). type: int + more... + +
                  • +
                • support_ext_hdr_notify - Rate limit for support extension headers notification (packets per second). type: int + more... + +
                  • +
                • update_mbms_request - Rate limit for update MBMS context request (packets per second). type: int + more... + +
                  • +
                • update_mbms_response - Rate limit for update MBMS context response (packets per second). type: int + more... + +
                  • +
                • update_pdp_request - Rate limit for update PDP context request (packets per second). type: int + more... + +
                  • +
                • update_pdp_response - Rate limit for update PDP context response (packets per second). type: int + more... + +
                  • +
                • version_not_support - Rate limit for version not supported (packets per second). type: int + more... + +
                  • +
                +
              • message_rate_limit_v0 - Message rate limiting for GTP version 0. type: dict + more... + +
                • +
                  +
                • create_pdp_request - Rate limit (packets/s) for create PDP context request. type: int + more... + +
                  • +
                • delete_pdp_request - Rate limit (packets/s) for delete PDP context request. type: int + more... + +
                  • +
                • echo_request - Rate limit (packets/s) for echo request. type: int + more... + +
                  • +
                +
              • message_rate_limit_v1 - Message rate limiting for GTP version 1. type: dict + more... + +
                • +
                  +
                • create_pdp_request - Rate limit (packets/s) for create PDP context request. type: int + more... + +
                  • +
                • delete_pdp_request - Rate limit (packets/s) for delete PDP context request. type: int + more... + +
                  • +
                • echo_request - Rate limit (packets/s) for echo request. type: int + more... + +
                  • +
                +
              • message_rate_limit_v2 - Message rate limiting for GTP version 2. type: dict + more... + +
                • +
                  +
                • create_session_request - Rate limit (packets/s) for create session request. type: int + more... + +
                  • +
                • delete_session_request - Rate limit (packets/s) for delete session request. type: int + more... + +
                  • +
                • echo_request - Rate limit (packets/s) for echo request. type: int + more... + +
                  • +
                +
              • min_message_length - min message length type: int + more... + +
                • +
              • miss_must_ie - Missing mandatory information element type: str choices: allow, deny + more... + +
                • +
              • monitor_mode - GTP monitor mode. type: str choices: enable, disable, vdom + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • noip_filter - non-IP filter for encapsulted traffic type: str choices: enable, disable + more... + +
                • +
              • noip_policy - No IP policy. type: list member_path: noip_policy:id + more... + +
                • +
                  +
                • action - Action. type: str choices: allow, deny + more... + +
                  • +
                • end - End of protocol range (0 - 255). type: int + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start - Start of protocol range (0 - 255). type: int + more... + +
                  • +
                • type - Protocol field type. type: str choices: etsi, ietf + more... + +
                  • +
                +
              • out_of_state_ie - Out of state information element. type: str choices: allow, deny + more... + +
                • +
              • out_of_state_message - Out of state GTP message type: str choices: allow, deny + more... + +
                • +
              • per_apn_shaper - Per APN shaper. type: list member_path: per_apn_shaper:id + more... + +
                • +
                  +
                • apn - APN name. Source gtp.apn.name. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • rate_limit - Rate limit (packets/s) for create PDP context request. type: int + more... + +
                  • +
                • version - GTP version number: 0 or 1. type: int + more... + +
                  • +
                +
              • policy - Policy. type: list member_path: policy:id + more... + +
                • +
                  +
                • action - Action. type: str choices: allow, deny + more... + +
                  • +
                • apn_sel_mode - APN selection mode. type: list choices: ms, net, vrf + more... + +
                  • +
                • apnmember - APN member. type: list member_path: policy:id/apnmember:name + more... + +
                  • +
                    +
                  • name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • imei - IMEI pattern. type: str + more... + +
                  • +
                • imsi - IMSI prefix. type: str + more... + +
                  • +
                • imsi_prefix - IMSI prefix. type: str + more... + +
                  • +
                • max_apn_restriction - Maximum APN restriction value. type: str choices: all, public-1, public-2, private-1, private-2 + more... + +
                  • +
                • messages - GTP messages. type: list choices: create-req, create-res, update-req, update-res + more... + +
                  • +
                • msisdn - MSISDN prefix. type: str + more... + +
                  • +
                • msisdn_prefix - MSISDN prefix. type: str + more... + +
                  • +
                • rai - RAI pattern. type: str + more... + +
                  • +
                • rat_type - RAT Type. type: list choices: any, utran, geran, wlan, gan, hspa, eutran, virtual, nbiot + more... + +
                  • +
                • uli - ULI pattern. type: str + more... + +
                  • +
                +
              • policy_filter - Advanced policy filter type: str choices: enable, disable + more... + +
                • +
              • policy_v2 - Apply allow or deny action to each GTPv2-c packet. type: list member_path: policy_v2:id + more... + +
                • +
                  +
                • action - Action. type: str choices: allow, deny + more... + +
                  • +
                • apn_sel_mode - APN selection mode. type: str choices: ms, net, vrf + more... + +
                  • +
                • apnmember - APN member. type: list member_path: policy_v2:id/apnmember:name + more... + +
                  • +
                    +
                  • name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • imsi_prefix - IMSI prefix. type: str + more... + +
                  • +
                • max_apn_restriction - Maximum APN restriction value. type: str choices: all, public-1, public-2, private-1, private-2 + more... + +
                  • +
                • mei - MEI pattern. type: str + more... + +
                  • +
                • messages - GTP messages. type: str choices: create-ses-req, create-ses-res, modify-bearer-req, modify-bearer-res + more... + +
                  • +
                • msisdn_prefix - MSISDN prefix. type: str + more... + +
                  • +
                • rat_type - RAT Type. type: str choices: any, utran, geran, wlan, gan, hspa, eutran, virtual, nbiot, ltem, nr + more... + +
                  • +
                • uli - GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI). type: str + more... + +
                  • +
                +
              • port_notify - overbilling notify port type: int + more... + +
                • +
              • rat_timeout_profile - RAT timeout profile. Source gtp.rat-timeout-profile.name. type: str + more... + +
                • +
              • rate_limit_mode - GTP rate limit mode. type: str choices: per-profile, per-stream, per-apn + more... + +
                • +
              • rate_limited_log - log rate limited type: str choices: enable, disable + more... + +
                • +
              • rate_sampling_interval - rate sampling interval (1-3600 seconds) type: int + more... + +
                • +
              • remove_if_echo_expires - remove if echo response expires type: str choices: enable, disable + more... + +
                • +
              • remove_if_recovery_differ - remove upon different Recovery IE type: str choices: enable, disable + more... + +
                • +
              • reserved_ie - reserved information element type: str choices: allow, deny + more... + +
                • +
              • send_delete_when_timeout - send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. type: str choices: enable, disable + more... + +
                • +
              • send_delete_when_timeout_v2 - send DELETE request to path endpoints when GTPv2 tunnel timeout. type: str choices: enable, disable + more... + +
                • +
              • spoof_src_addr - Spoofed source address for Mobile Station. type: str choices: allow, deny + more... + +
                • +
              • state_invalid_log - log state invalid type: str choices: enable, disable + more... + +
                • +
              • sub_second_interval - Sub-second interval (0.1, 0.25, or 0.5 sec). type: str choices: 0.5, 0.25, 0.1 + more... + +
                • +
              • sub_second_sampling - Enable/disable sub-second sampling. type: str choices: enable, disable + more... + +
                • +
              • traffic_count_log - log tunnel traffic counter type: str choices: enable, disable + more... + +
                • +
              • tunnel_limit - tunnel limit type: int + more... + +
                • +
              • tunnel_limit_log - tunnel limit type: str choices: enable, disable + more... + +
                • +
              • tunnel_timeout - Established tunnel timeout (in seconds). type: int + more... + +
                • +
              • unknown_version_action - action for unknown gtp version type: str choices: allow, deny + more... + +
                • +
              • user_plane_message_rate_limit - user plane message rate limit type: int + more... + +
                • +
              • warning_threshold - Warning threshold for rate limiting (0 - 99 percent). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure GTP. + fortios_firewall_gtp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_gtp: + addr_notify: "" + apn: + - + action: "allow" + apnmember: + - + name: "default_name_7 (source gtp.apn.name gtp.apngrp.name)" + id: "8" + selection_mode: "ms" + apn_filter: "enable" + authorized_ggsns: " (source firewall.address.name firewall.addrgrp.name)" + authorized_ggsns6: " (source firewall.address6.name firewall.addrgrp6.name)" + authorized_sgsns: " (source firewall.address.name firewall.addrgrp.name)" + authorized_sgsns6: " (source firewall.address6.name firewall.addrgrp6.name)" + comment: "Comment." + context_id: "16" + control_plane_message_rate_limit: "17" + default_apn_action: "allow" + default_imsi_action: "allow" + default_ip_action: "allow" + default_noip_action: "allow" + default_policy_action: "allow" + denied_log: "enable" + echo_request_interval: "24" + extension_log: "enable" + forwarded_log: "enable" + global_tunnel_limit: " (source gtp.tunnel-limit.name)" + gtp_in_gtp: "allow" + gtpu_denied_log: "enable" + gtpu_forwarded_log: "enable" + gtpu_log_freq: "31" + half_close_timeout: "32" + half_open_timeout: "33" + handover_group: " (source firewall.address.name firewall.addrgrp.name)" + handover_group6: " (source firewall.address6.name firewall.addrgrp6.name)" + ie_allow_list_v0v1: " (source gtp.ie-allow-list.name)" + ie_allow_list_v2: " (source gtp.ie-allow-list.name)" + ie_remove_policy: + - + id: "39" + remove_ies: "apn-restriction" + sgsn_addr: " (source firewall.address.name firewall.addrgrp.name)" + sgsn_addr6: " (source firewall.address6.name firewall.addrgrp6.name)" + ie_remover: "enable" + ie_validation: + apn_restriction: "enable" + charging_gateway_addr: "enable" + charging_ID: "enable" + end_user_addr: "enable" + gsn_addr: "enable" + imei: "enable" + imsi: "enable" + mm_context: "enable" + ms_tzone: "enable" + ms_validated: "enable" + msisdn: "enable" + nsapi: "enable" + pdp_context: "enable" + qos_profile: "enable" + rai: "enable" + rat_type: "enable" + reordering_required: "enable" + selection_mode: "enable" + uli: "enable" + ie_white_list_v0v1: " (source gtp.ie-white-list.name)" + ie_white_list_v2: " (source gtp.ie-white-list.name)" + imsi: + - + action: "allow" + apnmember: + - + name: "default_name_69 (source gtp.apn.name gtp.apngrp.name)" + id: "70" + mcc_mnc: "" + msisdn_prefix: "" + selection_mode: "ms" + imsi_filter: "enable" + interface_notify: " (source system.interface.name)" + invalid_reserved_field: "allow" + invalid_sgsns_to_log: " (source firewall.address.name firewall.addrgrp.name)" + invalid_sgsns6_to_log: " (source firewall.address6.name firewall.addrgrp6.name)" + ip_filter: "enable" + ip_policy: + - + action: "allow" + dstaddr: " (source firewall.address.name firewall.addrgrp.name)" + dstaddr6: " (source firewall.address6.name firewall.addrgrp6.name)" + id: "84" + srcaddr: " (source firewall.address.name firewall.addrgrp.name)" + srcaddr6: " (source firewall.address6.name firewall.addrgrp6.name)" + log_freq: "87" + log_gtpu_limit: "88" + log_imsi_prefix: "" + log_msisdn_prefix: "" + max_message_length: "91" + message_filter_v0v1: " (source gtp.message-filter-v0v1.name)" + message_filter_v2: " (source gtp.message-filter-v2.name)" + message_rate_limit: + create_aa_pdp_request: "95" + create_aa_pdp_response: "96" + create_mbms_request: "97" + create_mbms_response: "98" + create_pdp_request: "99" + create_pdp_response: "100" + delete_aa_pdp_request: "101" + delete_aa_pdp_response: "102" + delete_mbms_request: "103" + delete_mbms_response: "104" + delete_pdp_request: "105" + delete_pdp_response: "106" + echo_reponse: "107" + echo_request: "108" + error_indication: "109" + failure_report_request: "110" + failure_report_response: "111" + fwd_reloc_complete_ack: "112" + fwd_relocation_complete: "113" + fwd_relocation_request: "114" + fwd_relocation_response: "115" + fwd_srns_context: "116" + fwd_srns_context_ack: "117" + g_pdu: "118" + identification_request: "119" + identification_response: "120" + mbms_de_reg_request: "121" + mbms_de_reg_response: "122" + mbms_notify_rej_request: "123" + mbms_notify_rej_response: "124" + mbms_notify_request: "125" + mbms_notify_response: "126" + mbms_reg_request: "127" + mbms_reg_response: "128" + mbms_ses_start_request: "129" + mbms_ses_start_response: "130" + mbms_ses_stop_request: "131" + mbms_ses_stop_response: "132" + note_ms_request: "133" + note_ms_response: "134" + pdu_notify_rej_request: "135" + pdu_notify_rej_response: "136" + pdu_notify_request: "137" + pdu_notify_response: "138" + ran_info: "139" + relocation_cancel_request: "140" + relocation_cancel_response: "141" + send_route_request: "142" + send_route_response: "143" + sgsn_context_ack: "144" + sgsn_context_request: "145" + sgsn_context_response: "146" + support_ext_hdr_notify: "147" + update_mbms_request: "148" + update_mbms_response: "149" + update_pdp_request: "150" + update_pdp_response: "151" + version_not_support: "152" + message_rate_limit_v0: + create_pdp_request: "154" + delete_pdp_request: "155" + echo_request: "156" + message_rate_limit_v1: + create_pdp_request: "158" + delete_pdp_request: "159" + echo_request: "160" + message_rate_limit_v2: + create_session_request: "162" + delete_session_request: "163" + echo_request: "164" + min_message_length: "165" + miss_must_ie: "allow" + monitor_mode: "enable" + name: "default_name_168" + noip_filter: "enable" + noip_policy: + - + action: "allow" + end: "172" + id: "173" + start: "174" + type: "etsi" + out_of_state_ie: "allow" + out_of_state_message: "allow" + per_apn_shaper: + - + apn: " (source gtp.apn.name)" + id: "180" + rate_limit: "181" + version: "182" + policy: + - + action: "allow" + apn_sel_mode: "ms" + apnmember: + - + name: "default_name_187 (source gtp.apn.name gtp.apngrp.name)" + id: "188" + imei: "" + imsi: "" + imsi_prefix: "" + max_apn_restriction: "all" + messages: "create-req" + msisdn: "" + msisdn_prefix: "" + rai: "" + rat_type: "any" + uli: "" + policy_filter: "enable" + policy_v2: + - + action: "allow" + apn_sel_mode: "ms" + apnmember: + - + name: "default_name_204 (source gtp.apn.name gtp.apngrp.name)" + id: "205" + imsi_prefix: "" + max_apn_restriction: "all" + mei: "" + messages: "create-ses-req" + msisdn_prefix: "" + rat_type: "any" + uli: "" + port_notify: "213" + rat_timeout_profile: " (source gtp.rat-timeout-profile.name)" + rate_limit_mode: "per-profile" + rate_limited_log: "enable" + rate_sampling_interval: "217" + remove_if_echo_expires: "enable" + remove_if_recovery_differ: "enable" + reserved_ie: "allow" + send_delete_when_timeout: "enable" + send_delete_when_timeout_v2: "enable" + spoof_src_addr: "allow" + state_invalid_log: "enable" + sub_second_interval: "0.5" + sub_second_sampling: "enable" + traffic_count_log: "enable" + tunnel_limit: "228" + tunnel_limit_log: "enable" + tunnel_timeout: "230" + unknown_version_action: "allow" + user_plane_message_rate_limit: "232" + warning_threshold: "233" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_identity_based_route.rst b/gen/fortios_firewall_identity_based_route.rst new file mode 100644 index 00000000..b596bf06 --- /dev/null +++ b/gen/fortios_firewall_identity_based_route.rst @@ -0,0 +1,590 @@ +:source: fortios_firewall_identity_based_route.py + +:orphan: + +.. fortios_firewall_identity_based_route: + +fortios_firewall_identity_based_route -- Configure identity based routing in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and identity_based_route category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_identity_based_routeyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_identity_based_route - Configure identity based routing. type: dict + more... + +
              • +
                +
              • comments - Comments. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • rule - Rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • device - Outgoing interface for the rule. Source system.interface.name. type: str + more... + +
                  • +
                • gateway - IPv4 address of the gateway (Format: xxx.xxx.xxx.xxx ). type: str + more... + +
                  • +
                • groups - Select one or more group(s) from available groups that are allowed to use this route. Separate group names with a space. type: list member_path: rule:id/groups:name + more... + +
                  • +
                    +
                  • name - Group name. Source user.group.name. type: str required: true + more... + +
                    • +
                  +
                • id - Rule ID. type: int required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure identity based routing. + fortios_firewall_identity_based_route: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_identity_based_route: + comments: "" + name: "default_name_4" + rule: + - + device: " (source system.interface.name)" + gateway: "" + groups: + - + name: "default_name_9 (source user.group.name)" + id: "10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_interface_policy.rst b/gen/fortios_firewall_interface_policy.rst new file mode 100644 index 00000000..f925c1df --- /dev/null +++ b/gen/fortios_firewall_interface_policy.rst @@ -0,0 +1,1844 @@ +:source: fortios_firewall_interface_policy.py + +:orphan: + +.. fortios_firewall_interface_policy: + +fortios_firewall_interface_policy -- Configure IPv4 interface policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and interface_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_interface_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_interface_policy - Configure IPv4 interface policies. type: dict + more... + +
              • +
                +
              • address_type - Policy address type (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                • +
              • application_list - Application list name. Source application.list.name. type: str + more... + +
                • +
              • application_list_status - Enable/disable application control. type: str choices: enable, disable + more... + +
                • +
              • av_profile - Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • av_profile_status - Enable/disable antivirus. type: str choices: enable, disable + more... + +
                • +
              • comments - Comments. type: str + more... + +
                • +
              • dlp_sensor - DLP sensor name. Source dlp.sensor.name. type: str + more... + +
                • +
              • dlp_sensor_status - Enable/disable DLP. type: str choices: enable, disable + more... + +
                • +
              • dsri - Enable/disable DSRI. type: str choices: enable, disable + more... + +
                • +
              • dstaddr - Address object to limit traffic monitoring to network traffic sent to the specified address or range. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • emailfilter_profile - Email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • emailfilter_profile_status - Enable/disable email filter. type: str choices: enable, disable + more... + +
                • +
              • interface - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • ips_sensor - IPS sensor name. Source ips.sensor.name. type: str + more... + +
                • +
              • ips_sensor_status - Enable/disable IPS. type: str choices: enable, disable + more... + +
                • +
              • label - Label. type: str + more... + +
                • +
              • logtraffic - Logging type to be used in this policy (Options: all | utm | disable). type: str choices: all, utm, disable + more... + +
                • +
              • policyid - Policy ID (0 - 4294967295). type: int required: true + more... + +
                • +
              • scan_botnet_connections - Enable/disable scanning for connections to Botnet servers. type: str choices: disable, block, monitor + more... + +
                • +
              • service - Service object from available options. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • spamfilter_profile - Antispam profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • spamfilter_profile_status - Enable/disable antispam. type: str choices: enable, disable + more... + +
                • +
              • srcaddr - Address object to limit traffic monitoring to network traffic sent from the specified address or range. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              • webfilter_profile - Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webfilter_profile_status - Enable/disable web filtering. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 interface policies. + fortios_firewall_interface_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_interface_policy: + address_type: "ipv4" + application_list: " (source application.list.name)" + application_list_status: "enable" + av_profile: " (source antivirus.profile.name)" + av_profile_status: "enable" + comments: "" + dlp_sensor: " (source dlp.sensor.name)" + dlp_sensor_status: "enable" + dsri: "enable" + dstaddr: + - + name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + emailfilter_profile_status: "enable" + interface: " (source system.zone.name system.interface.name)" + ips_sensor: " (source ips.sensor.name)" + ips_sensor_status: "enable" + label: "" + logtraffic: "all" + policyid: "21" + scan_botnet_connections: "disable" + service: + - + name: "default_name_24 (source firewall.service.custom.name firewall.service.group.name)" + spamfilter_profile: " (source spamfilter.profile.name)" + spamfilter_profile_status: "enable" + srcaddr: + - + name: "default_name_28 (source firewall.address.name firewall.addrgrp.name)" + status: "enable" + webfilter_profile: " (source webfilter.profile.name)" + webfilter_profile_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_interface_policy6.rst b/gen/fortios_firewall_interface_policy6.rst new file mode 100644 index 00000000..54d22817 --- /dev/null +++ b/gen/fortios_firewall_interface_policy6.rst @@ -0,0 +1,1844 @@ +:source: fortios_firewall_interface_policy6.py + +:orphan: + +.. fortios_firewall_interface_policy6: + +fortios_firewall_interface_policy6 -- Configure IPv6 interface policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and interface_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_interface_policy6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_interface_policy6 - Configure IPv6 interface policies. type: dict + more... + +
              • +
                +
              • address_type - Policy address type (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                • +
              • application_list - Application list name. Source application.list.name. type: str + more... + +
                • +
              • application_list_status - Enable/disable application control. type: str choices: enable, disable + more... + +
                • +
              • av_profile - Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • av_profile_status - Enable/disable antivirus. type: str choices: enable, disable + more... + +
                • +
              • comments - Comments. type: str + more... + +
                • +
              • dlp_sensor - DLP sensor name. Source dlp.sensor.name. type: str + more... + +
                • +
              • dlp_sensor_status - Enable/disable DLP. type: str choices: enable, disable + more... + +
                • +
              • dsri - Enable/disable DSRI. type: str choices: enable, disable + more... + +
                • +
              • dstaddr6 - IPv6 address object to limit traffic monitoring to network traffic sent to the specified address or range. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • emailfilter_profile - Email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • emailfilter_profile_status - Enable/disable email filter. type: str choices: enable, disable + more... + +
                • +
              • interface - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • ips_sensor - IPS sensor name. Source ips.sensor.name. type: str + more... + +
                • +
              • ips_sensor_status - Enable/disable IPS. type: str choices: enable, disable + more... + +
                • +
              • label - Label. type: str + more... + +
                • +
              • logtraffic - Logging type to be used in this policy (Options: all | utm | disable). type: str choices: all, utm, disable + more... + +
                • +
              • policyid - Policy ID (0 - 4294967295). type: int required: true + more... + +
                • +
              • scan_botnet_connections - Enable/disable scanning for connections to Botnet servers. type: str choices: disable, block, monitor + more... + +
                • +
              • service6 - Service name. type: list member_path: service6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • spamfilter_profile - Antispam profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • spamfilter_profile_status - Enable/disable antispam. type: str choices: enable, disable + more... + +
                • +
              • srcaddr6 - IPv6 address object to limit traffic monitoring to network traffic sent from the specified address or range. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              • webfilter_profile - Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webfilter_profile_status - Enable/disable web filtering. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 interface policies. + fortios_firewall_interface_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_interface_policy6: + address_type: "ipv4" + application_list: " (source application.list.name)" + application_list_status: "enable" + av_profile: " (source antivirus.profile.name)" + av_profile_status: "enable" + comments: "" + dlp_sensor: " (source dlp.sensor.name)" + dlp_sensor_status: "enable" + dsri: "enable" + dstaddr6: + - + name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + emailfilter_profile_status: "enable" + interface: " (source system.zone.name system.interface.name)" + ips_sensor: " (source ips.sensor.name)" + ips_sensor_status: "enable" + label: "" + logtraffic: "all" + policyid: "21" + scan_botnet_connections: "disable" + service6: + - + name: "default_name_24 (source firewall.service.custom.name firewall.service.group.name)" + spamfilter_profile: " (source spamfilter.profile.name)" + spamfilter_profile_status: "enable" + srcaddr6: + - + name: "default_name_28 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + webfilter_profile: " (source webfilter.profile.name)" + webfilter_profile_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service.rst b/gen/fortios_firewall_internet_service.rst new file mode 100644 index 00000000..a6e165f9 --- /dev/null +++ b/gen/fortios_firewall_internet_service.rst @@ -0,0 +1,970 @@ +:source: fortios_firewall_internet_service.py + +:orphan: + +.. fortios_firewall_internet_service: + +fortios_firewall_internet_service -- Show Internet Service application in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_serviceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service - Show Internet Service application. type: dict + more... + +
              • +
                +
              • database - Database name this Internet Service belongs to. type: str choices: isdb, irdb + more... + +
                • +
              • direction - How this service may be used in a firewall policy (source, destination or both). type: str choices: src, dst, both + more... + +
                • +
              • entry - Entries in the Internet Service database. type: list member_path: entry:id + more... + +
                • +
                  +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • ip_number - Total number of IP addresses. type: int + more... + +
                  • +
                • ip_range_number - Total number of IP ranges. type: int + more... + +
                  • +
                • port - Integer value for the TCP/IP port (0 - 65535). type: int + more... + +
                  • +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                +
              • extra_ip_range_number - Extra number of IP ranges. type: int + more... + +
                • +
              • icon_id - Icon ID of Internet Service. type: int + more... + +
                • +
              • id - Internet Service ID. type: int required: true + more... + +
                • +
              • ip_number - Total number of IP addresses. type: int + more... + +
                • +
              • ip_range_number - Number of IP ranges. type: int + more... + +
                • +
              • name - Internet Service name. type: str + more... + +
                • +
              • obsolete - Indicates whether the Internet Service can be used. type: int + more... + +
                • +
              • offset - Offset of Internet Service ID. type: int + more... + +
                • +
              • reputation - Reputation level of the Internet Service. type: int + more... + +
                • +
              • singularity - Singular level of the Internet Service. type: int + more... + +
                • +
              • sld_id - Second Level Domain. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show Internet Service application. + fortios_firewall_internet_service: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service: + database: "isdb" + direction: "src" + entry: + - + id: "6" + ip_number: "7" + ip_range_number: "8" + port: "9" + protocol: "10" + extra_ip_range_number: "11" + icon_id: "12" + id: "13" + ip_number: "14" + ip_range_number: "15" + name: "default_name_16" + obsolete: "17" + offset: "18" + reputation: "19" + singularity: "20" + sld_id: "21" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_addition.rst b/gen/fortios_firewall_internet_service_addition.rst new file mode 100644 index 00000000..518072fc --- /dev/null +++ b/gen/fortios_firewall_internet_service_addition.rst @@ -0,0 +1,570 @@ +:source: fortios_firewall_internet_service_addition.py + +:orphan: + +.. fortios_firewall_internet_service_addition: + +fortios_firewall_internet_service_addition -- Configure Internet Services Addition in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_addition category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_additionyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_addition - Configure Internet Services Addition. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • entry - Entries added to the Internet Service addition database. type: list member_path: entry:id + more... + +
                • +
                  +
                • id - Entry ID(1-255). type: int required: true + more... + +
                  • +
                • port_range - Port ranges in the custom entry. type: list member_path: entry:id/port_range:id + more... + +
                  • +
                    +
                  • end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535). type: int + more... + +
                    • +
                  • id - Custom entry port range ID. type: int required: true + more... + +
                    • +
                  • start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535). type: int + more... + +
                    • +
                  +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                +
              • id - Internet Service ID in the Internet Service database. Source firewall.internet-service.id. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Internet Services Addition. + fortios_firewall_internet_service_addition: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_addition: + comment: "Comment." + entry: + - + id: "5" + port_range: + - + end_port: "7" + id: "8" + start_port: "9" + protocol: "10" + id: "11 (source firewall.internet-service.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_append.rst b/gen/fortios_firewall_internet_service_append.rst new file mode 100644 index 00000000..117f1f5b --- /dev/null +++ b/gen/fortios_firewall_internet_service_append.rst @@ -0,0 +1,273 @@ +:source: fortios_firewall_internet_service_append.py + +:orphan: + +.. fortios_firewall_internet_service_append: + +fortios_firewall_internet_service_append -- Configure additional port mappings for Internet Services in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_append category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_appendyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_internet_service_append - Configure additional port mappings for Internet Services. type: dict + more... + +
              • +
                +
              • append_port - Appending TCP/UDP/SCTP destination port (1 to 65535). type: int + more... + +
                • +
              • match_port - Matching TCP/UDP/SCTP destination port (0 to 65535, 0 means any port). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure additional port mappings for Internet Services. + fortios_firewall_internet_service_append: + vdom: "{{ vdom }}" + firewall_internet_service_append: + append_port: "3" + match_port: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_botnet.rst b/gen/fortios_firewall_internet_service_botnet.rst new file mode 100644 index 00000000..fa581ef4 --- /dev/null +++ b/gen/fortios_firewall_internet_service_botnet.rst @@ -0,0 +1,252 @@ +:source: fortios_firewall_internet_service_botnet.py + +:orphan: + +.. fortios_firewall_internet_service_botnet: + +fortios_firewall_internet_service_botnet -- Show Internet Service botnet in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_botnet category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_botnetyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_botnet - Show Internet Service botnet. type: dict + more... + +
              • +
                +
              • id - Internet Service Botnet ID. type: int required: true + more... + +
                • +
              • name - Internet Service Botnet name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show Internet Service botnet. + fortios_firewall_internet_service_botnet: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_botnet: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_custom.rst b/gen/fortios_firewall_internet_service_custom.rst new file mode 100644 index 00000000..d3346161 --- /dev/null +++ b/gen/fortios_firewall_internet_service_custom.rst @@ -0,0 +1,963 @@ +:source: fortios_firewall_internet_service_custom.py + +:orphan: + +.. fortios_firewall_internet_service_custom: + +fortios_firewall_internet_service_custom -- Configure custom Internet Services in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_customyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_custom - Configure custom Internet Services. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • disable_entry - Disable entries in the Internet Service database. type: list member_path: disable_entry:id + more... + +
                • +
                  +
                • id - Disable entry ID. type: int required: true + more... + +
                  • +
                • ip_range - IP ranges in the disable entry. type: list member_path: disable_entry:id/ip_range:id + more... + +
                  • +
                    +
                  • end_ip - End IP address. type: str + more... + +
                    • +
                  • id - Disable entry range ID. type: int required: true + more... + +
                    • +
                  • start_ip - Start IP address. type: str + more... + +
                    • +
                  +
                • port - Integer value for the TCP/IP port (0 - 65535). type: int + more... + +
                  • +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                +
              • entry - Entries added to the Internet Service database and custom database. type: list member_path: entry:id + more... + +
                • +
                  +
                • dst - Destination address or address group name. type: list member_path: entry:id/dst:name + more... + +
                  • +
                    +
                  • name - Select the destination address or address group object from available options. Source firewall.address.name firewall .addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - Entry ID(1-255). type: int required: true + more... + +
                  • +
                • port_range - Port ranges in the custom entry. type: list member_path: entry:id/port_range:id + more... + +
                  • +
                    +
                  • end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535). type: int + more... + +
                    • +
                  • id - Custom entry port range ID. type: int required: true + more... + +
                    • +
                  • start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535). type: int + more... + +
                    • +
                  +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                +
              • master_service_id - Internet Service ID in the Internet Service database. Source firewall.internet-service.id. type: int + more... + +
                • +
              • name - Internet Service name. type: str required: true + more... + +
                • +
              • reputation - Reputation level of the custom Internet Service. Source firewall.internet-service-reputation.id. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom Internet Services. + fortios_firewall_internet_service_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_custom: + comment: "Comment." + disable_entry: + - + id: "5" + ip_range: + - + end_ip: "" + id: "8" + start_ip: "" + port: "10" + protocol: "11" + entry: + - + dst: + - + name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" + id: "15" + port_range: + - + end_port: "17" + id: "18" + start_port: "19" + protocol: "20" + master_service_id: "21 (source firewall.internet-service.id)" + name: "default_name_22" + reputation: "23 (source firewall.internet-service-reputation.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_custom_group.rst b/gen/fortios_firewall_internet_service_custom_group.rst new file mode 100644 index 00000000..ff6dab43 --- /dev/null +++ b/gen/fortios_firewall_internet_service_custom_group.rst @@ -0,0 +1,403 @@ +:source: fortios_firewall_internet_service_custom_group.py + +:orphan: + +.. fortios_firewall_internet_service_custom_group: + +fortios_firewall_internet_service_custom_group -- Configure custom Internet Service group in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_custom_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_custom_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_custom_group - Configure custom Internet Service group. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • member - Custom Internet Service group members. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Group member name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • name - Custom Internet Service group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom Internet Service group. + fortios_firewall_internet_service_custom_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_custom_group: + comment: "Comment." + member: + - + name: "default_name_5 (source firewall.internet-service-custom.name)" + name: "default_name_6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_definition.rst b/gen/fortios_firewall_internet_service_definition.rst new file mode 100644 index 00000000..276b57d9 --- /dev/null +++ b/gen/fortios_firewall_internet_service_definition.rst @@ -0,0 +1,610 @@ +:source: fortios_firewall_internet_service_definition.py + +:orphan: + +.. fortios_firewall_internet_service_definition: + +fortios_firewall_internet_service_definition -- Configure Internet Service definition in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_definition category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_definitionyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_definition - Configure Internet Service definition. type: dict + more... + +
              • +
                +
              • entry - Protocol and port information in an Internet Service entry. type: list + more... + +
                • +
                  +
                • category_id - Internet Service category ID. type: int + more... + +
                  • +
                • name - Internet Service name. type: str + more... + +
                  • +
                • port_range - Port ranges in the definition entry. type: list member_path: port_range:id + more... + +
                  • +
                    +
                  • end_port - Ending TCP/UDP/SCTP destination port (1 to 65535). type: int + more... + +
                    • +
                  • id - Custom entry port range ID. type: int required: true + more... + +
                    • +
                  • start_port - Starting TCP/UDP/SCTP destination port (1 to 65535). type: int + more... + +
                    • +
                  +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                • seq_num - Entry sequence number. type: int + more... + +
                  • +
                +
              • id - Internet Service application list ID. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Internet Service definition. + fortios_firewall_internet_service_definition: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_definition: + entry: + - + category_id: "4" + name: "default_name_5" + port_range: + - + end_port: "7" + id: "8" + start_port: "9" + protocol: "10" + seq_num: "11" + id: "12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_extension.rst b/gen/fortios_firewall_internet_service_extension.rst new file mode 100644 index 00000000..bfb91de8 --- /dev/null +++ b/gen/fortios_firewall_internet_service_extension.rst @@ -0,0 +1,1102 @@ +:source: fortios_firewall_internet_service_extension.py + +:orphan: + +.. fortios_firewall_internet_service_extension: + +fortios_firewall_internet_service_extension -- Configure Internet Services Extension in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_extension category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_extensionyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_extension - Configure Internet Services Extension. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • disable_entry - Disable entries in the Internet Service database. type: list member_path: disable_entry:id + more... + +
                • +
                  +
                • id - Disable entry ID. type: int required: true + more... + +
                  • +
                • ip_range - IP ranges in the disable entry. type: list member_path: disable_entry:id/ip_range:id + more... + +
                  • +
                    +
                  • end_ip - End IP address. type: str + more... + +
                    • +
                  • id - Disable entry range ID. type: int required: true + more... + +
                    • +
                  • start_ip - Start IP address. type: str + more... + +
                    • +
                  +
                • port_range - Port ranges in the disable entry. type: list member_path: disable_entry:id/port_range:id + more... + +
                  • +
                    +
                  • end_port - Ending TCP/UDP/SCTP destination port (1 to 65535). type: int + more... + +
                    • +
                  • id - Custom entry port range ID. type: int required: true + more... + +
                    • +
                  • start_port - Starting TCP/UDP/SCTP destination port (1 to 65535). type: int + more... + +
                    • +
                  +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                +
              • entry - Entries added to the Internet Service extension database. type: list member_path: entry:id + more... + +
                • +
                  +
                • dst - Destination address or address group name. type: list member_path: entry:id/dst:name + more... + +
                  • +
                    +
                  • name - Select the destination address or address group object from available options. Source firewall.address.name firewall .addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - Entry ID(1-255). type: int required: true + more... + +
                  • +
                • port_range - Port ranges in the custom entry. type: list member_path: entry:id/port_range:id + more... + +
                  • +
                    +
                  • end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535). type: int + more... + +
                    • +
                  • id - Custom entry port range ID. type: int required: true + more... + +
                    • +
                  • start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535). type: int + more... + +
                    • +
                  +
                • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                +
              • id - Internet Service ID in the Internet Service database. Source firewall.internet-service.id. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Internet Services Extension. + fortios_firewall_internet_service_extension: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_extension: + comment: "Comment." + disable_entry: + - + id: "5" + ip_range: + - + end_ip: "" + id: "8" + start_ip: "" + port_range: + - + end_port: "11" + id: "12" + start_port: "13" + protocol: "14" + entry: + - + dst: + - + name: "default_name_17 (source firewall.address.name firewall.addrgrp.name)" + id: "18" + port_range: + - + end_port: "20" + id: "21" + start_port: "22" + protocol: "23" + id: "24 (source firewall.internet-service.id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_group.rst b/gen/fortios_firewall_internet_service_group.rst new file mode 100644 index 00000000..e535674e --- /dev/null +++ b/gen/fortios_firewall_internet_service_group.rst @@ -0,0 +1,534 @@ +:source: fortios_firewall_internet_service_group.py + +:orphan: + +.. fortios_firewall_internet_service_group: + +fortios_firewall_internet_service_group -- Configure group of Internet Service in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_group - Configure group of Internet Service. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • direction - How this service may be used (source, destination or both). type: str choices: source, destination, both + more... + +
                • +
              • member - Internet Service group member. type: list member_path: member:name + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int + more... + +
                  • +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • name - Internet Service group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure group of Internet Service. + fortios_firewall_internet_service_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_group: + comment: "Comment." + direction: "source" + member: + - + id: "6 (source firewall.internet-service.id)" + name: "default_name_7 (source firewall.internet-service-name.name)" + name: "default_name_8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_ipbl_reason.rst b/gen/fortios_firewall_internet_service_ipbl_reason.rst new file mode 100644 index 00000000..69cd4d36 --- /dev/null +++ b/gen/fortios_firewall_internet_service_ipbl_reason.rst @@ -0,0 +1,276 @@ +:source: fortios_firewall_internet_service_ipbl_reason.py + +:orphan: + +.. fortios_firewall_internet_service_ipbl_reason: + +fortios_firewall_internet_service_ipbl_reason -- IP block list reason in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_ipbl_reason category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_ipbl_reasonyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_ipbl_reason - IP block list reason. type: dict + more... + +
              • +
                +
              • id - IP block list reason ID. type: int required: true + more... + +
                • +
              • name - IP block list reason name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: IP block list reason. + fortios_firewall_internet_service_ipbl_reason: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_ipbl_reason: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_ipbl_vendor.rst b/gen/fortios_firewall_internet_service_ipbl_vendor.rst new file mode 100644 index 00000000..df63da34 --- /dev/null +++ b/gen/fortios_firewall_internet_service_ipbl_vendor.rst @@ -0,0 +1,276 @@ +:source: fortios_firewall_internet_service_ipbl_vendor.py + +:orphan: + +.. fortios_firewall_internet_service_ipbl_vendor: + +fortios_firewall_internet_service_ipbl_vendor -- IP block list vendor in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_ipbl_vendor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_ipbl_vendoryesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_ipbl_vendor - IP block list vendor. type: dict + more... + +
              • +
                +
              • id - IP block list vendor ID. type: int required: true + more... + +
                • +
              • name - IP block list vendor name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: IP block list vendor. + fortios_firewall_internet_service_ipbl_vendor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_ipbl_vendor: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_list.rst b/gen/fortios_firewall_internet_service_list.rst new file mode 100644 index 00000000..fc520bd7 --- /dev/null +++ b/gen/fortios_firewall_internet_service_list.rst @@ -0,0 +1,276 @@ +:source: fortios_firewall_internet_service_list.py + +:orphan: + +.. fortios_firewall_internet_service_list: + +fortios_firewall_internet_service_list -- Internet Service list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_listyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_list - Internet Service list. type: dict + more... + +
              • +
                +
              • id - Internet Service category ID. type: int required: true + more... + +
                • +
              • name - Internet Service category name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Internet Service list. + fortios_firewall_internet_service_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_list: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_name.rst b/gen/fortios_firewall_internet_service_name.rst new file mode 100644 index 00000000..52a88e67 --- /dev/null +++ b/gen/fortios_firewall_internet_service_name.rst @@ -0,0 +1,404 @@ +:source: fortios_firewall_internet_service_name.py + +:orphan: + +.. fortios_firewall_internet_service_name: + +fortios_firewall_internet_service_name -- Define internet service names in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_nameyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_name - Define internet service names. type: dict + more... + +
              • +
                +
              • city_id - City ID. Source firewall.city.id. type: int + more... + +
                • +
              • country_id - Country or Area ID. Source firewall.country.id. type: int + more... + +
                • +
              • internet_service_id - Internet Service ID. Source firewall.internet-service.id. type: int + more... + +
                • +
              • name - Internet Service name. type: str required: true + more... + +
                • +
              • region_id - Region ID. Source firewall.region.id. type: int + more... + +
                • +
              • type - Internet Service name type. type: str choices: default, location + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define internet service names. + fortios_firewall_internet_service_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_name: + city_id: "3 (source firewall.city.id)" + country_id: "4 (source firewall.country.id)" + internet_service_id: "5 (source firewall.internet-service.id)" + name: "default_name_6" + region_id: "7 (source firewall.region.id)" + type: "default" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_owner.rst b/gen/fortios_firewall_internet_service_owner.rst new file mode 100644 index 00000000..3b91cf2f --- /dev/null +++ b/gen/fortios_firewall_internet_service_owner.rst @@ -0,0 +1,276 @@ +:source: fortios_firewall_internet_service_owner.py + +:orphan: + +.. fortios_firewall_internet_service_owner: + +fortios_firewall_internet_service_owner -- Internet Service owner in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_owner category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_owneryesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_owner - Internet Service owner. type: dict + more... + +
              • +
                +
              • id - Internet Service owner ID. type: int required: true + more... + +
                • +
              • name - Internet Service owner name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Internet Service owner. + fortios_firewall_internet_service_owner: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_owner: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_reputation.rst b/gen/fortios_firewall_internet_service_reputation.rst new file mode 100644 index 00000000..39cdc722 --- /dev/null +++ b/gen/fortios_firewall_internet_service_reputation.rst @@ -0,0 +1,276 @@ +:source: fortios_firewall_internet_service_reputation.py + +:orphan: + +.. fortios_firewall_internet_service_reputation: + +fortios_firewall_internet_service_reputation -- Show Internet Service reputation in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_reputation category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_reputationyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_reputation - Show Internet Service reputation. type: dict + more... + +
              • +
                +
              • description - Description. type: str + more... + +
                • +
              • id - Internet Service Reputation ID. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show Internet Service reputation. + fortios_firewall_internet_service_reputation: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_reputation: + description: "" + id: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_internet_service_sld.rst b/gen/fortios_firewall_internet_service_sld.rst new file mode 100644 index 00000000..b8ab7a86 --- /dev/null +++ b/gen/fortios_firewall_internet_service_sld.rst @@ -0,0 +1,276 @@ +:source: fortios_firewall_internet_service_sld.py + +:orphan: + +.. fortios_firewall_internet_service_sld: + +fortios_firewall_internet_service_sld -- Internet Service Second Level Domain in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_sld category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_internet_service_sldyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_internet_service_sld - Internet Service Second Level Domain. type: dict + more... + +
              • +
                +
              • id - Second Level Domain ID. type: int required: true + more... + +
                • +
              • name - Second Level Domain name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Internet Service Second Level Domain. + fortios_firewall_internet_service_sld: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_sld: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ip_translation.rst b/gen/fortios_firewall_ip_translation.rst new file mode 100644 index 00000000..f6e93274 --- /dev/null +++ b/gen/fortios_firewall_ip_translation.rst @@ -0,0 +1,465 @@ +:source: fortios_firewall_ip_translation.py + +:orphan: + +.. fortios_firewall_ip_translation: + +fortios_firewall_ip_translation -- Configure firewall IP-translation in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ip_translation category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ip_translationyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ip_translation - Configure firewall IP-translation. type: dict + more... + +
              • +
                +
              • endip - Final IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • map_startip - Address to be used as the starting point for translation in the range (format xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • startip - First IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • transid - IP translation ID. type: int required: true + more... + +
                • +
              • type - IP translation type (option: SCTP). type: str choices: SCTP + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure firewall IP-translation. + fortios_firewall_ip_translation: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ip_translation: + endip: "" + map_startip: "" + startip: "" + transid: "6" + type: "SCTP" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ipmacbinding_setting.rst b/gen/fortios_firewall_ipmacbinding_setting.rst new file mode 100644 index 00000000..26958049 --- /dev/null +++ b/gen/fortios_firewall_ipmacbinding_setting.rst @@ -0,0 +1,465 @@ +:source: fortios_firewall_ipmacbinding_setting.py + +:orphan: + +.. fortios_firewall_ipmacbinding_setting: + +fortios_firewall_ipmacbinding_setting -- Configure IP to MAC binding settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ipmacbinding feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ipmacbinding_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_ipmacbinding_setting - Configure IP to MAC binding settings. type: dict + more... + +
              • +
                +
              • bindthroughfw - Enable/disable use of IP/MAC binding to filter packets that would normally go through the firewall. type: str choices: enable, disable + more... + +
                • +
              • bindtofw - Enable/disable use of IP/MAC binding to filter packets that would normally go to the firewall. type: str choices: enable, disable + more... + +
                • +
              • undefinedhost - Select action to take on packets with IP/MAC addresses not in the binding list . type: str choices: allow, block + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP to MAC binding settings. + fortios_firewall_ipmacbinding_setting: + vdom: "{{ vdom }}" + firewall_ipmacbinding_setting: + bindthroughfw: "enable" + bindtofw: "enable" + undefinedhost: "allow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ipmacbinding_table.rst b/gen/fortios_firewall_ipmacbinding_table.rst new file mode 100644 index 00000000..98287408 --- /dev/null +++ b/gen/fortios_firewall_ipmacbinding_table.rst @@ -0,0 +1,484 @@ +:source: fortios_firewall_ipmacbinding_table.py + +:orphan: + +.. fortios_firewall_ipmacbinding_table: + +fortios_firewall_ipmacbinding_table -- Configure IP to MAC address pairs in the IP/MAC binding table in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ipmacbinding feature and table category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ipmacbinding_tableyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ipmacbinding_table - Configure IP to MAC address pairs in the IP/MAC binding table. type: dict + more... + +
              • +
                +
              • ip - IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • mac - MAC address portion of the pair (format = xx:xx:xx:xx:xx:xx in hexadecimal). type: str + more... + +
                • +
              • name - Name of the pair (optional). type: str + more... + +
                • +
              • seq_num - Entry number. type: int + more... + +
                • +
              • status - Enable/disable this IP-mac binding pair. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP to MAC address pairs in the IP/MAC binding table. + fortios_firewall_ipmacbinding_table: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ipmacbinding_table: + ip: "" + mac: "" + name: "default_name_5" + seq_num: "6" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ippool.rst b/gen/fortios_firewall_ippool.rst new file mode 100644 index 00000000..f36852b0 --- /dev/null +++ b/gen/fortios_firewall_ippool.rst @@ -0,0 +1,1318 @@ +:source: fortios_firewall_ippool.py + +:orphan: + +.. fortios_firewall_ippool: + +fortios_firewall_ippool -- Configure IPv4 IP pools in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ippool category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ippoolyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ippool - Configure IPv4 IP pools. type: dict + more... + +
              • +
                +
              • add_nat64_route - Enable/disable adding NAT64 route. type: str choices: disable, enable + more... + +
                • +
              • arp_intf - Select an interface from available options that will reply to ARP requests. (If blank, any is selected). Source system.interface.name. type: str + more... + +
                • +
              • arp_reply - Enable/disable replying to ARP requests when an IP Pool is added to a policy . type: str choices: disable, enable + more... + +
                • +
              • associated_interface - Associated interface name. Source system.interface.name. type: str + more... + +
                • +
              • block_size - Number of addresses in a block (64 - 4096). type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • endip - Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • endport - Final port number (inclusive) in the range for the address pool . type: int + more... + +
                • +
              • name - IP pool name. type: str required: true + more... + +
                • +
              • nat64 - Enable/disable NAT64. type: str choices: disable, enable + more... + +
                • +
              • num_blocks_per_user - Number of addresses blocks that can be used by a user (1 to 128). type: int + more... + +
                • +
              • pba_timeout - Port block allocation timeout (seconds). type: int + more... + +
                • +
              • permit_any_host - Enable/disable full cone NAT. type: str choices: disable, enable + more... + +
                • +
              • port_per_user - Number of port for each user (32 - 60416). type: int + more... + +
                • +
              • source_endip - Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • source_startip - First IPv4 address (inclusive) in the range of the source addresses to be translated (format = xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • startip - First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • startport - First port number (inclusive) in the range for the address pool . type: int + more... + +
                • +
              • type - IP pool type (overload, one-to-one, fixed port range, or port block allocation). type: str choices: overload, one-to-one, fixed-port-range, port-block-allocation + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 IP pools. + fortios_firewall_ippool: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ippool: + add_nat64_route: "disable" + arp_intf: " (source system.interface.name)" + arp_reply: "disable" + associated_interface: " (source system.interface.name)" + block_size: "7" + comments: "" + endip: "" + endport: "10" + name: "default_name_11" + nat64: "disable" + num_blocks_per_user: "13" + pba_timeout: "14" + permit_any_host: "disable" + port_per_user: "16" + source_endip: "" + source_startip: "" + startip: "" + startport: "20" + type: "overload" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ippool6.rst b/gen/fortios_firewall_ippool6.rst new file mode 100644 index 00000000..58b8cb69 --- /dev/null +++ b/gen/fortios_firewall_ippool6.rst @@ -0,0 +1,568 @@ +:source: fortios_firewall_ippool6.py + +:orphan: + +.. fortios_firewall_ippool6: + +fortios_firewall_ippool6 -- Configure IPv6 IP pools in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ippool6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ippool6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ippool6 - Configure IPv6 IP pools. type: dict + more... + +
              • +
                +
              • add_nat46_route - Enable/disable adding NAT46 route. type: str choices: disable, enable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • endip - Final IPv6 address (inclusive) in the range for the address pool (format = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                • +
              • name - IPv6 IP pool name. type: str required: true + more... + +
                • +
              • nat46 - Enable/disable NAT46. type: str choices: disable, enable + more... + +
                • +
              • startip - First IPv6 address (inclusive) in the range for the address pool (format = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 IP pools. + fortios_firewall_ippool6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ippool6: + add_nat46_route: "disable" + comments: "" + endip: "" + name: "default_name_6" + nat46: "disable" + startip: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_iprope_list.rst b/gen/fortios_firewall_iprope_list.rst new file mode 100644 index 00000000..cb088b5e --- /dev/null +++ b/gen/fortios_firewall_iprope_list.rst @@ -0,0 +1,235 @@ +:source: fortios_firewall_iprope_list.py + +:orphan: + +.. fortios_firewall_iprope_list: + +fortios_firewall_iprope_list -- List in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_iprope feature and list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_iprope_listyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_iprope_list - List. type: dict + more... + +
              • +
                +
              • - Number, hexadecimal. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: List. + fortios_firewall_iprope_list: + vdom: "{{ vdom }}" + firewall_iprope_list: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ipv6_eh_filter.rst b/gen/fortios_firewall_ipv6_eh_filter.rst new file mode 100644 index 00000000..c9d20c3f --- /dev/null +++ b/gen/fortios_firewall_ipv6_eh_filter.rst @@ -0,0 +1,721 @@ +:source: fortios_firewall_ipv6_eh_filter.py + +:orphan: + +.. fortios_firewall_ipv6_eh_filter: + +fortios_firewall_ipv6_eh_filter -- Configure IPv6 extension header filter in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ipv6_eh_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ipv6_eh_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_ipv6_eh_filter - Configure IPv6 extension header filter. type: dict + more... + +
              • +
                +
              • auth - Enable/disable blocking packets with the Authentication header . type: str choices: enable, disable + more... + +
                • +
              • dest_opt - Enable/disable blocking packets with Destination Options headers . type: str choices: enable, disable + more... + +
                • +
              • fragment - Enable/disable blocking packets with the Fragment header . type: str choices: enable, disable + more... + +
                • +
              • hdopt_type - Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255). type: list
                • +
              • hop_opt - Enable/disable blocking packets with the Hop-by-Hop Options header . type: str choices: enable, disable + more... + +
                • +
              • no_next - Enable/disable blocking packets with the No Next header . type: str choices: enable, disable + more... + +
                • +
              • routing - Enable/disable blocking packets with Routing headers . type: str choices: enable, disable + more... + +
                • +
              • routing_type - Block specific Routing header types (max. 7 types, each between 0 and 255). type: list
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 extension header filter. + fortios_firewall_ipv6_eh_filter: + vdom: "{{ vdom }}" + firewall_ipv6_eh_filter: + auth: "enable" + dest_opt: "enable" + fragment: "enable" + hdopt_type: "6" + hop_opt: "enable" + no_next: "enable" + routing: "enable" + routing_type: "10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ldb_monitor.rst b/gen/fortios_firewall_ldb_monitor.rst new file mode 100644 index 00000000..91527581 --- /dev/null +++ b/gen/fortios_firewall_ldb_monitor.rst @@ -0,0 +1,966 @@ +:source: fortios_firewall_ldb_monitor.py + +:orphan: + +.. fortios_firewall_ldb_monitor: + +fortios_firewall_ldb_monitor -- Configure server load balancing health monitors in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ldb_monitor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ldb_monitoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ldb_monitor - Configure server load balancing health monitors. type: dict + more... + +
              • +
                +
              • dns_match_ip - Response IP expected from DNS server. type: str + more... + +
                • +
              • dns_protocol - Select the protocol used by the DNS health check monitor to check the health of the server (UDP | TCP). type: str choices: udp, tcp + more... + +
                • +
              • dns_request_domain - Fully qualified domain name to resolve for the DNS probe. type: str + more... + +
                • +
              • http_get - URL used to send a GET request to check the health of an HTTP server. type: str + more... + +
                • +
              • http_match - String to match the value expected in response to an HTTP-GET request. type: str + more... + +
                • +
              • http_max_redirects - The maximum number of HTTP redirects to be allowed (0 - 5). type: int + more... + +
                • +
              • interval - Time between health checks (5 - 65635 sec). type: int + more... + +
                • +
              • name - Monitor name. type: str required: true + more... + +
                • +
              • port - Service port used to perform the health check. If 0, health check monitor inherits port configured for the server (0 - 65635). type: int + more... + +
                • +
              • retry - Number health check attempts before the server is considered down (1 - 255). type: int + more... + +
                • +
              • src_ip - Source IP for ldb-monitor. type: str + more... + +
                • +
              • timeout - Time to wait to receive response to a health check from a server. Reaching the timeout means the health check failed (1 - 255 sec). type: int + more... + +
                • +
              • type - Select the Monitor type used by the health check monitor to check the health of the server (PING | TCP | HTTP | HTTPS | DNS). type: str choices: ping, tcp, http, https, dns, passive-sip + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure server load balancing health monitors. + fortios_firewall_ldb_monitor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ldb_monitor: + dns_match_ip: "" + dns_protocol: "udp" + dns_request_domain: "" + http_get: "" + http_match: "" + http_max_redirects: "8" + interval: "9" + name: "default_name_10" + port: "11" + retry: "12" + src_ip: "" + timeout: "14" + type: "ping" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_local_in_policy.rst b/gen/fortios_firewall_local_in_policy.rst new file mode 100644 index 00000000..2420aeef --- /dev/null +++ b/gen/fortios_firewall_local_in_policy.rst @@ -0,0 +1,1235 @@ +:source: fortios_firewall_local_in_policy.py + +:orphan: + +.. fortios_firewall_local_in_policy: + +fortios_firewall_local_in_policy -- Configure user defined IPv4 local-in policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and local_in_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_local_in_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_local_in_policy - Configure user defined IPv4 local-in policies. type: dict + more... + +
              • +
                +
              • action - Action performed on traffic matching the policy . type: str choices: accept, deny + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address object from available options. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr_negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • ha_mgmt_intf_only - Enable/disable dedicating the HA management interface only for local-in policy. type: str choices: enable, disable + more... + +
                • +
              • intf - Incoming interface name from available options. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • policyid - User defined local in policy ID. type: int required: true + more... + +
                • +
              • schedule - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group .name. type: str + more... + +
                • +
              • service - Service object from available options. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcaddr - Source address object from available options. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr_negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable this local-in policy. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user defined IPv4 local-in policies. + fortios_firewall_local_in_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_local_in_policy: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)" + dstaddr_negate: "enable" + ha_mgmt_intf_only: "enable" + intf: " (source system.zone.name system.interface.name)" + policyid: "10" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_13 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + srcaddr: + - + name: "default_name_16 (source firewall.address.name firewall.addrgrp.name)" + srcaddr_negate: "enable" + status: "enable" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_local_in_policy6.rst b/gen/fortios_firewall_local_in_policy6.rst new file mode 100644 index 00000000..fac91aee --- /dev/null +++ b/gen/fortios_firewall_local_in_policy6.rst @@ -0,0 +1,1151 @@ +:source: fortios_firewall_local_in_policy6.py + +:orphan: + +.. fortios_firewall_local_in_policy6: + +fortios_firewall_local_in_policy6 -- Configure user defined IPv6 local-in policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and local_in_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_local_in_policy6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_local_in_policy6 - Configure user defined IPv6 local-in policies. type: dict + more... + +
              • +
                +
              • action - Action performed on traffic matching the policy . type: str choices: accept, deny + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address object from available options. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr_negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • intf - Incoming interface name from available options. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • policyid - User defined local in policy ID. type: int required: true + more... + +
                • +
              • schedule - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group .name. type: str + more... + +
                • +
              • service - Service object from available options. Separate names with a space. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcaddr - Source address object from available options. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr_negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable this local-in policy. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user defined IPv6 local-in policies. + fortios_firewall_local_in_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_local_in_policy6: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)" + dstaddr_negate: "enable" + intf: " (source system.zone.name system.interface.name)" + policyid: "9" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + srcaddr: + - + name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)" + srcaddr_negate: "enable" + status: "enable" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_mms_profile.rst b/gen/fortios_firewall_mms_profile.rst new file mode 100644 index 00000000..78645096 --- /dev/null +++ b/gen/fortios_firewall_mms_profile.rst @@ -0,0 +1,5680 @@ +:source: fortios_firewall_mms_profile.py + +:orphan: + +.. fortios_firewall_mms_profile: + +fortios_firewall_mms_profile -- Configure MMS profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_firewall_mms_profileyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_mms_profile - Configure MMS profiles. type: dict + more... + +
              • +
                +
              • avnotificationtable - AntiVirus notification table ID. Source antivirus.notification.id. type: int + more... + +
                • +
              • bwordtable - MMS banned word table ID. Source webfilter.content.id. type: int + more... + +
                • +
              • carrier_endpoint_prefix - Enable/disable prefixing of end point values. type: str choices: enable, disable + more... + +
                • +
              • carrier_endpoint_prefix_range_max - Maximum length of end point value that can be prefixed (1 - 48). type: int + more... + +
                • +
              • carrier_endpoint_prefix_range_min - Minimum end point length to be prefixed (1 - 48). type: int + more... + +
                • +
              • carrier_endpoint_prefix_string - String with which to prefix End point values. type: str + more... + +
                • +
              • carrierendpointbwltable - Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • dupe - Duplicate configuration. type: list member_path: dupe:protocol + more... + +
                • +
                  +
                • action1 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif + more... + +
                  • +
                • action2 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif + more... + +
                  • +
                • action3 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif + more... + +
                  • +
                • block_time1 - Duration for which action takes effect (0 - 35791 min). type: int + more... + +
                  • +
                • block_time2 - Duration for which action takes effect (0 - 35791 min). type: int + more... + +
                  • +
                • block_time3 - Duration action takes effect (0 - 35791 min). type: int + more... + +
                  • +
                • limit1 - Maximum number of messages allowed. type: int + more... + +
                  • +
                • limit2 - Maximum number of messages allowed. type: int + more... + +
                  • +
                • limit3 - Maximum number of messages allowed. type: int + more... + +
                  • +
                • protocol - Protocol. type: str required: true + more... + +
                  • +
                • status1 - Enable/disable status1 detection. type: str choices: enable, disable + more... + +
                  • +
                • status2 - Enable/disable status2 detection. type: str choices: enable, disable + more... + +
                  • +
                • status3 - Enable/disable status3 detection. type: str choices: enable, disable + more... + +
                  • +
                • window1 - Window to count messages over (1 - 2880 min). type: int + more... + +
                  • +
                • window2 - Window to count messages over (1 - 2880 min). type: int + more... + +
                  • +
                • window3 - Window to count messages over (1 - 2880 min). type: int + more... + +
                  • +
                +
              • extended_utm_log - Enable/disable detailed UTM log messages. type: str + more... + +
                • +
              • flood - Flood configuration. type: list member_path: flood:protocol + more... + +
                • +
                  +
                • action1 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif + more... + +
                  • +
                • action2 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif + more... + +
                  • +
                • action3 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif + more... + +
                  • +
                • block_time1 - Duration for which action takes effect (0 - 35791 min). type: int + more... + +
                  • +
                • block_time2 - Duration for which action takes effect (0 - 35791 min). type: int + more... + +
                  • +
                • block_time3 - Duration action takes effect (0 - 35791 min). type: int + more... + +
                  • +
                • limit1 - Maximum number of messages allowed. type: int + more... + +
                  • +
                • limit2 - Maximum number of messages allowed. type: int + more... + +
                  • +
                • limit3 - Maximum number of messages allowed. type: int + more... + +
                  • +
                • protocol - Protocol. type: str required: true + more... + +
                  • +
                • status1 - Enable/disable status1 detection. type: str choices: enable, disable + more... + +
                  • +
                • status2 - Enable/disable status2 detection. type: str choices: enable, disable + more... + +
                  • +
                • status3 - Enable/disable status3 detection. type: str choices: enable, disable + more... + +
                  • +
                • window1 - Window to count messages over (1 - 2880 min). type: int + more... + +
                  • +
                • window2 - Window to count messages over (1 - 2880 min). type: int + more... + +
                  • +
                • window3 - Window to count messages over (1 - 2880 min). type: int + more... + +
                  • +
                +
              • mm1 - MM1 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, chunkedbypass, clientcomfort, servercomfort, carrier-endpoint-bwl, remove-blocked, mms-checksum + more... + +
                • +
              • mm1_addr_hdr - HTTP header field (for MM1) containing user address. type: str + more... + +
                • +
              • mm1_addr_source - Source for MM1 user address. type: str choices: http-header, cookie + more... + +
                • +
              • mm1_convert_hex - Enable/disable converting user address from HEX string for MM1. type: str choices: enable, disable + more... + +
                • +
              • mm1_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive + more... + +
                • +
              • mm1_retr_dupe - Enable/disable duplicate scanning of MM1 retr. type: str choices: enable, disable + more... + +
                • +
              • mm1_retrieve_scan - Enable/disable scanning on MM1 retrieve configuration messages. type: str choices: enable, disable + more... + +
                • +
              • mm1comfortamount - MM1 comfort amount (0 - 4294967295). type: int + more... + +
                • +
              • mm1comfortinterval - MM1 comfort interval (0 - 4294967295). type: int + more... + +
                • +
              • mm1oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int + more... + +
                • +
              • mm3 - MM3 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, fragmail, splice, carrier-endpoint-bwl, remove-blocked, mms-checksum + more... + +
                • +
              • mm3_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive + more... + +
                • +
              • mm3oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int + more... + +
                • +
              • mm4 - MM4 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, fragmail, splice, carrier-endpoint-bwl, remove-blocked, mms-checksum + more... + +
                • +
              • mm4_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive + more... + +
                • +
              • mm4oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int + more... + +
                • +
              • mm7 - MM7 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, chunkedbypass, clientcomfort, servercomfort, carrier-endpoint-bwl, remove-blocked, mms-checksum + more... + +
                • +
              • mm7_addr_hdr - HTTP header field (for MM7) containing user address. type: str + more... + +
                • +
              • mm7_addr_source - Source for MM7 user address. type: str choices: http-header, cookie + more... + +
                • +
              • mm7_convert_hex - Enable/disable conversion of user address from HEX string for MM7. type: str choices: enable, disable + more... + +
                • +
              • mm7_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive + more... + +
                • +
              • mm7comfortamount - MM7 comfort amount (0 - 4294967295). type: int + more... + +
                • +
              • mm7comfortinterval - MM7 comfort interval (0 - 4294967295). type: int + more... + +
                • +
              • mm7oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int + more... + +
                • +
              • mms_antispam_mass_log - Enable/disable logging for MMS antispam mass. type: str choices: enable, disable + more... + +
                • +
              • mms_av_block_log - Enable/disable logging for MMS antivirus file blocking. type: str choices: enable, disable + more... + +
                • +
              • mms_av_oversize_log - Enable/disable logging for MMS antivirus oversize file blocking. type: str choices: enable, disable + more... + +
                • +
              • mms_av_virus_log - Enable/disable logging for MMS antivirus scanning. type: str choices: enable, disable + more... + +
                • +
              • mms_carrier_endpoint_filter_log - Enable/disable logging for MMS end point filter blocking. type: str choices: enable, disable + more... + +
                • +
              • mms_checksum_log - Enable/disable MMS content checksum logging. type: str choices: enable, disable + more... + +
                • +
              • mms_checksum_table - MMS content checksum table ID. Source antivirus.mms-checksum.id. type: int + more... + +
                • +
              • mms_notification_log - Enable/disable logging for MMS notification messages. type: str choices: enable, disable + more... + +
                • +
              • mms_web_content_log - Enable/disable logging for MMS web content blocking. type: str choices: enable, disable + more... + +
                • +
              • mmsbwordthreshold - MMS banned word threshold. type: int + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • notif_msisdn - Notification for MSISDNs. type: list member_path: notif_msisdn:msisdn + more... + +
                • +
                  +
                • msisdn - Recipient MSISDN. type: str required: true + more... + +
                  • +
                • threshold - Thresholds on which this MSISDN will receive an alert. type: str choices: flood-thresh-1, flood-thresh-2, flood-thresh-3, dupe-thresh-1, dupe-thresh-2, dupe-thresh-3 + more... + +
                  • +
                +
              • notification - Notification configuration. type: list member_path: notification:protocol + more... + +
                • +
                  +
                • alert_int - Alert notification send interval. type: int + more... + +
                  • +
                • alert_int_mode - Alert notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • alert_src_msisdn - Specify from address for alert messages. type: str + more... + +
                  • +
                • alert_status - Alert notification status. type: str choices: enable, disable + more... + +
                  • +
                • bword_int - Banned word notification send interval. type: int + more... + +
                  • +
                • bword_int_mode - Banned word notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • bword_status - Banned word notification status. type: str choices: enable, disable + more... + +
                  • +
                • carrier_endpoint_bwl_int - Carrier end point black/white list notification send interval. type: int + more... + +
                  • +
                • carrier_endpoint_bwl_int_mode - Carrier end point black/white list notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • carrier_endpoint_bwl_status - Carrier end point black/white list notification status. type: str choices: enable, disable + more... + +
                  • +
                • days_allowed - Weekdays on which notification messages may be sent. type: list choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                  • +
                • detect_server - Enable/disable automatic server address determination. type: str choices: enable, disable + more... + +
                  • +
                • dupe_int - Duplicate notification send interval. type: int + more... + +
                  • +
                • dupe_int_mode - Duplicate notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • dupe_status - Duplicate notification status. type: str choices: enable, disable + more... + +
                  • +
                • file_block_int - File block notification send interval. type: int + more... + +
                  • +
                • file_block_int_mode - File block notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • file_block_status - File block notification status. type: str choices: enable, disable + more... + +
                  • +
                • flood_int - Flood notification send interval. type: int + more... + +
                  • +
                • flood_int_mode - Flood notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • flood_status - Flood notification status. type: str choices: enable, disable + more... + +
                  • +
                • from_in_header - Enable/disable insertion of from address in HTTP header. type: str choices: enable, disable + more... + +
                  • +
                • mms_checksum_int - MMS checksum notification send interval. type: int + more... + +
                  • +
                • mms_checksum_int_mode - MMS checksum notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • mms_checksum_status - MMS checksum notification status. type: str choices: enable, disable + more... + +
                  • +
                • mmsc_hostname - Host name or IP address of the MMSC. type: str + more... + +
                  • +
                • mmsc_password - Password required for authentication with the MMSC. type: str + more... + +
                  • +
                • mmsc_port - Port used on the MMSC for sending MMS messages (1 - 65535). type: int + more... + +
                  • +
                • mmsc_url - URL used on the MMSC for sending MMS messages. type: str + more... + +
                  • +
                • mmsc_username - User name required for authentication with the MMSC. type: str + more... + +
                  • +
                • msg_protocol - Protocol to use for sending notification messages. type: str choices: mm1, mm3, mm4, mm7 + more... + +
                  • +
                • msg_type - MM7 message type. type: str choices: submit-req, deliver-req + more... + +
                  • +
                • protocol - Protocol. type: str required: true + more... + +
                  • +
                • rate_limit - Rate limit for sending notification messages (0 - 250). type: int + more... + +
                  • +
                • tod_window_duration - Time of day window duration. type: str + more... + +
                  • +
                • tod_window_end - Obsolete. type: str + more... + +
                  • +
                • tod_window_start - Time of day window start. type: str + more... + +
                  • +
                • user_domain - Domain name to which the user addresses belong. type: str + more... + +
                  • +
                • vas_id - VAS identifier. type: str + more... + +
                  • +
                • vasp_id - VASP identifier. type: str + more... + +
                  • +
                • virus_int - Virus notification send interval. type: int + more... + +
                  • +
                • virus_int_mode - Virus notification interval mode. type: str choices: hours, minutes + more... + +
                  • +
                • virus_status - Virus notification status. type: str choices: enable, disable + more... + +
                  • +
                +
              • outbreak_prevention - Configure Virus Outbreak Prevention settings. type: dict + more... + +
                • +
                  +
                • external_blocklist - Enable/disable external malware blocklist. type: str choices: disable, enable + more... + +
                  • +
                • ftgd_service - Enable/disable FortiGuard Virus outbreak prevention service. type: str choices: disable, enable + more... + +
                  • +
                +
              • remove_blocked_const_length - Enable/disable MMS replacement of blocked file constant length. type: str choices: enable, disable + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MMS profiles. + fortios_firewall_mms_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_mms_profile: + avnotificationtable: "3 (source antivirus.notification.id)" + bwordtable: "4 (source webfilter.content.id)" + carrier_endpoint_prefix: "enable" + carrier_endpoint_prefix_range_max: "6" + carrier_endpoint_prefix_range_min: "7" + carrier_endpoint_prefix_string: "" + carrierendpointbwltable: "9 (source firewall.carrier-endpoint-bwl.id)" + comment: "Comment." + dupe: + - + action1: "block" + action2: "block" + action3: "block" + block_time1: "15" + block_time2: "16" + block_time3: "17" + limit1: "18" + limit2: "19" + limit3: "20" + protocol: "" + status1: "enable" + status2: "enable" + status3: "enable" + window1: "25" + window2: "26" + window3: "27" + extended_utm_log: "" + flood: + - + action1: "block" + action2: "block" + action3: "block" + block_time1: "33" + block_time2: "34" + block_time3: "35" + limit1: "36" + limit2: "37" + limit3: "38" + protocol: "" + status1: "enable" + status2: "enable" + status3: "enable" + window1: "43" + window2: "44" + window3: "45" + mm1: "avmonitor" + mm1_addr_hdr: "" + mm1_addr_source: "http-header" + mm1_convert_hex: "enable" + mm1_outbreak_prevention: "disabled" + mm1_retr_dupe: "enable" + mm1_retrieve_scan: "enable" + mm1comfortamount: "53" + mm1comfortinterval: "54" + mm1oversizelimit: "55" + mm3: "avmonitor" + mm3_outbreak_prevention: "disabled" + mm3oversizelimit: "58" + mm4: "avmonitor" + mm4_outbreak_prevention: "disabled" + mm4oversizelimit: "61" + mm7: "avmonitor" + mm7_addr_hdr: "" + mm7_addr_source: "http-header" + mm7_convert_hex: "enable" + mm7_outbreak_prevention: "disabled" + mm7comfortamount: "67" + mm7comfortinterval: "68" + mm7oversizelimit: "69" + mms_antispam_mass_log: "enable" + mms_av_block_log: "enable" + mms_av_oversize_log: "enable" + mms_av_virus_log: "enable" + mms_carrier_endpoint_filter_log: "enable" + mms_checksum_log: "enable" + mms_checksum_table: "76 (source antivirus.mms-checksum.id)" + mms_notification_log: "enable" + mms_web_content_log: "enable" + mmsbwordthreshold: "79" + name: "default_name_80" + notif_msisdn: + - + msisdn: "" + threshold: "flood-thresh-1" + notification: + - + alert_int: "85" + alert_int_mode: "hours" + alert_src_msisdn: "" + alert_status: "enable" + bword_int: "89" + bword_int_mode: "hours" + bword_status: "enable" + carrier_endpoint_bwl_int: "92" + carrier_endpoint_bwl_int_mode: "hours" + carrier_endpoint_bwl_status: "enable" + days_allowed: "sunday" + detect_server: "enable" + dupe_int: "97" + dupe_int_mode: "hours" + dupe_status: "enable" + file_block_int: "100" + file_block_int_mode: "hours" + file_block_status: "enable" + flood_int: "103" + flood_int_mode: "hours" + flood_status: "enable" + from_in_header: "enable" + mms_checksum_int: "107" + mms_checksum_int_mode: "hours" + mms_checksum_status: "enable" + mmsc_hostname: "myhostname" + mmsc_password: "" + mmsc_port: "112" + mmsc_url: "" + mmsc_username: "" + msg_protocol: "mm1" + msg_type: "submit-req" + protocol: "" + rate_limit: "118" + tod_window_duration: "" + tod_window_end: "" + tod_window_start: "" + user_domain: "" + vas_id: "" + vasp_id: "" + virus_int: "125" + virus_int_mode: "hours" + virus_status: "enable" + outbreak_prevention: + external_blocklist: "disable" + ftgd_service: "disable" + remove_blocked_const_length: "enable" + replacemsg_group: " (source system.replacemsg-group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_multicast_address.rst b/gen/fortios_firewall_multicast_address.rst new file mode 100644 index 00000000..3a6b31f1 --- /dev/null +++ b/gen/fortios_firewall_multicast_address.rst @@ -0,0 +1,906 @@ +:source: fortios_firewall_multicast_address.py + +:orphan: + +.. fortios_firewall_multicast_address: + +fortios_firewall_multicast_address -- Configure multicast addresses in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_multicast_addressyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_multicast_address - Configure multicast addresses. type: dict + more... + +
              • +
                +
              • associated_interface - Interface associated with the address object. When setting up a policy, only addresses associated with this interface are available. Source system.interface.name. type: str + more... + +
                • +
              • color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • end_ip - Final IPv4 address (inclusive) in the range for the address. type: str + more... + +
                • +
              • name - Multicast address name. type: str required: true + more... + +
                • +
              • start_ip - First IPv4 address (inclusive) in the range for the address. type: str + more... + +
                • +
              • subnet - Broadcast address and subnet. type: str + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • type - Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address. type: str choices: multicastrange, broadcastmask + more... + +
                • +
              • visibility - Enable/disable visibility of the multicast address on the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure multicast addresses. + fortios_firewall_multicast_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_address: + associated_interface: " (source system.interface.name)" + color: "4" + comment: "Comment." + end_ip: "" + name: "default_name_7" + start_ip: "" + subnet: "" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_12" + tags: + - + name: "default_name_14 (source system.object-tagging.tags.name)" + type: "multicastrange" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_multicast_address6.rst b/gen/fortios_firewall_multicast_address6.rst new file mode 100644 index 00000000..da3e2d1d --- /dev/null +++ b/gen/fortios_firewall_multicast_address6.rst @@ -0,0 +1,684 @@ +:source: fortios_firewall_multicast_address6.py + +:orphan: + +.. fortios_firewall_multicast_address6: + +fortios_firewall_multicast_address6 -- Configure IPv6 multicast address in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_address6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_multicast_address6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_multicast_address6 - Configure IPv6 multicast address. type: dict + more... + +
              • +
                +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str + more... + +
                • +
              • name - IPv6 multicast address name. type: str required: true + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • visibility - Enable/disable visibility of the IPv6 multicast address on the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 multicast address. + fortios_firewall_multicast_address6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_address6: + color: "3" + comment: "Comment." + ip6: "" + name: "default_name_6" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_9" + tags: + - + name: "default_name_11 (source system.object-tagging.tags.name)" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_multicast_policy.rst b/gen/fortios_firewall_multicast_policy.rst new file mode 100644 index 00000000..f778f4c9 --- /dev/null +++ b/gen/fortios_firewall_multicast_policy.rst @@ -0,0 +1,1332 @@ +:source: fortios_firewall_multicast_policy.py + +:orphan: + +.. fortios_firewall_multicast_policy: + +fortios_firewall_multicast_policy -- Configure multicast NAT policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_multicast_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_multicast_policy - Configure multicast NAT policies. type: dict + more... + +
              • +
                +
              • action - Accept or deny traffic matching the policy. type: str choices: accept, deny + more... + +
                • +
              • auto_asic_offload - Enable/disable offloading policy traffic for hardware acceleration. type: str choices: enable, disable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dnat - IPv4 DNAT address used for multicast destination addresses. type: str + more... + +
                • +
              • dstaddr - Destination address objects. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Destination address objects. Source firewall.multicast-address.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Destination interface name. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). type: int + more... + +
                • +
              • id - Policy ID ((0 - 4294967294). type: int required: true + more... + +
                • +
              • logtraffic - Enable/disable logging traffic accepted by this policy. type: str choices: enable, disable + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                • +
              • snat - Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT). type: str choices: enable, disable + more... + +
                • +
              • snat_ip - IPv4 address to be used as the source address for NATed traffic. type: str + more... + +
                • +
              • srcaddr - Source address objects. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Source address objects. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Source interface name. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). type: int + more... + +
                • +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure multicast NAT policies. + fortios_firewall_multicast_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_policy: + action: "accept" + auto_asic_offload: "enable" + comments: "" + dnat: "" + dstaddr: + - + name: "default_name_8 (source firewall.multicast-address.name)" + dstintf: " (source system.interface.name system.zone.name)" + end_port: "10" + id: "11" + logtraffic: "enable" + name: "default_name_13" + protocol: "14" + snat: "enable" + snat_ip: "" + srcaddr: + - + name: "default_name_18 (source firewall.address.name firewall.addrgrp.name)" + srcintf: " (source system.interface.name system.zone.name)" + start_port: "20" + status: "enable" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_multicast_policy6.rst b/gen/fortios_firewall_multicast_policy6.rst new file mode 100644 index 00000000..a7dc38f5 --- /dev/null +++ b/gen/fortios_firewall_multicast_policy6.rst @@ -0,0 +1,1156 @@ +:source: fortios_firewall_multicast_policy6.py + +:orphan: + +.. fortios_firewall_multicast_policy6: + +fortios_firewall_multicast_policy6 -- Configure IPv6 multicast NAT policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_multicast_policy6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_multicast_policy6 - Configure IPv6 multicast NAT policies. type: dict + more... + +
              • +
                +
              • action - Accept or deny traffic matching the policy. type: str choices: accept, deny + more... + +
                • +
              • auto_asic_offload - Enable/disable offloading policy traffic for hardware acceleration. type: str choices: enable, disable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - IPv6 destination address name. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.multicast-address6.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - IPv6 destination interface name. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). type: int + more... + +
                • +
              • id - Policy ID (0 - 4294967294). type: int required: true + more... + +
                • +
              • logtraffic - Enable/disable logging traffic accepted by this policy. type: str choices: enable, disable + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int + more... + +
                • +
              • srcaddr - IPv6 source address name. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - IPv6 source interface name. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). type: int + more... + +
                • +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 multicast NAT policies. + fortios_firewall_multicast_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_policy6: + action: "accept" + auto_asic_offload: "enable" + comments: "" + dstaddr: + - + name: "default_name_7 (source firewall.multicast-address6.name)" + dstintf: " (source system.interface.name system.zone.name)" + end_port: "9" + id: "10" + logtraffic: "enable" + name: "default_name_12" + protocol: "13" + srcaddr: + - + name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: " (source system.interface.name system.zone.name)" + start_port: "17" + status: "enable" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_pfcp.rst b/gen/fortios_firewall_pfcp.rst new file mode 100644 index 00000000..831e80af --- /dev/null +++ b/gen/fortios_firewall_pfcp.rst @@ -0,0 +1,564 @@ +:source: fortios_firewall_pfcp.py + +:orphan: + +.. fortios_firewall_pfcp: + +fortios_firewall_pfcp -- Configure PFCP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and pfcp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_pfcpyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_pfcp - Configure PFCP. type: dict + more... + +
              • +
                +
              • denied_log - Enable/disable logging denied PFCP packets. type: str choices: enable, disable + more... + +
                • +
              • forwarded_log - Enable/disable logging forwarded PFCP packets. type: str choices: enable, disable + more... + +
                • +
              • invalid_reserved_field - Allow or deny invalid reserved field in PFCP header packets. type: str choices: allow, deny + more... + +
                • +
              • log_freq - Logging frequency of PFCP packets. type: int + more... + +
                • +
              • max_message_length - Maximum message length. type: int + more... + +
                • +
              • message_filter - PFCP message filter. Source pfcp.message-filter.name. type: str + more... + +
                • +
              • min_message_length - Minimum message length. type: int + more... + +
                • +
              • monitor_mode - PFCP monitor mode. type: str choices: enable, disable, vdom + more... + +
                • +
              • name - PFCP profile name. type: str required: true + more... + +
                • +
              • pfcp_timeout - Set PFCP timeout (in seconds). type: int + more... + +
                • +
              • traffic_count_log - Enable/disable logging session traffic counter. type: str choices: enable, disable + more... + +
                • +
              • unknown_version - Allow or deny unknown version packets. type: str choices: allow, deny + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure PFCP. + fortios_firewall_pfcp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_pfcp: + denied_log: "enable" + forwarded_log: "enable" + invalid_reserved_field: "allow" + log_freq: "6" + max_message_length: "7" + message_filter: " (source pfcp.message-filter.name)" + min_message_length: "9" + monitor_mode: "enable" + name: "default_name_11" + pfcp_timeout: "12" + traffic_count_log: "enable" + unknown_version: "allow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_policy.rst b/gen/fortios_firewall_policy.rst new file mode 100644 index 00000000..48c640ee --- /dev/null +++ b/gen/fortios_firewall_policy.rst @@ -0,0 +1,11557 @@ +:source: fortios_firewall_policy.py + +:orphan: + +.. fortios_firewall_policy: + +fortios_firewall_policy -- Configure IPv4/IPv6 policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • action - the action indiactor to move an object in the list type: str choices: move
              • +
            • self - mkey of self identifier type: str
              • +
            • after - mkey of target identifier type: str
              • +
            • before - mkey of target identifier type: str
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_policy - Configure IPv4/IPv6 policies. type: dict + more... + +
              • +
                +
              • action - Policy action (accept/deny/ipsec). type: str choices: accept, deny, ipsec + more... + +
                • +
              • anti_replay - Enable/disable anti-replay check. type: str choices: enable, disable + more... + +
                • +
              • app_category - Application category ID list. type: list member_path: app_category:id + more... + +
                • +
                  +
                • id - Category IDs. type: int required: true + more... + +
                  • +
                +
              • app_group - Application group names. type: list member_path: app_group:name + more... + +
                • +
                  +
                • name - Application group names. Source application.group.name. type: str required: true + more... + +
                  • +
                +
              • application - Application ID list. type: list member_path: application:id + more... + +
                • +
                  +
                • id - Application IDs. type: int required: true + more... + +
                  • +
                +
              • application_list - Name of an existing Application list. Source application.list.name. type: str + more... + +
                • +
              • auth_cert - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • auth_path - Enable/disable authentication-based routing. type: str choices: enable, disable + more... + +
                • +
              • auth_redirect_addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str + more... + +
                • +
              • auto_asic_offload - Enable/disable policy traffic ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • block_notification - Enable/disable block notification. type: str choices: enable, disable + more... + +
                • +
              • captive_portal_exempt - Enable to exempt some users from the captive portal. type: str choices: enable, disable + more... + +
                • +
              • capture_packet - Enable/disable capture packets. type: str choices: enable, disable + more... + +
                • +
              • cifs_profile - Name of an existing CIFS profile. Source cifs.profile.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • custom_log_fields - Custom fields to append to log messages for this policy. type: list + more... + +
                • +
                  +
                • field_id - Custom log field. Source log.custom-field.id. type: str + more... + +
                  • +
                +
              • decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str + more... + +
                • +
              • delay_tcp_npu_session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str choices: enable, disable + more... + +
                • +
              • devices - Names of devices or device groups that can be matched by the policy. type: list member_path: devices:name + more... + +
                • +
                  +
                • name - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. type: str required: true + more... + +
                  • +
                +
              • diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable + more... + +
                • +
              • diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable + more... + +
                • +
              • diffservcode_forward - Change packet"s DiffServ to this value. type: str + more... + +
                • +
              • diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str + more... + +
                • +
              • disclaimer - Enable/disable user authentication disclaimer. type: str choices: enable, disable + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str + more... + +
                • +
              • dscp_match - Enable DSCP check. type: str choices: enable, disable + more... + +
                • +
              • dscp_negate - Enable negated DSCP match. type: str choices: enable, disable + more... + +
                • +
              • dscp_value - DSCP value. type: str + more... + +
                • +
              • dsri - Enable DSRI to ignore HTTP server responses. type: str choices: enable, disable + more... + +
                • +
              • dstaddr - Destination IPv4 address and address group names. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource .name. type: str required: true + more... + +
                  • +
                +
              • dstaddr_negate - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • dstaddr6 - Destination IPv6 address name and address group names. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vipgrp6.name firewall.vip6.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Outgoing (egress) interface. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • dynamic_shaping - Enable/disable dynamic RADIUS defined traffic shaping. type: str choices: enable, disable + more... + +
                • +
              • email_collect - Enable/disable email collection. type: str choices: enable, disable + more... + +
                • +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • fec - Enable/disable Forward Error Correction on traffic matching this policy on a FEC device. type: str choices: enable, disable + more... + +
                • +
              • file_filter_profile - Name of an existing file-filter profile. Source file-filter.profile.name. type: str + more... + +
                • +
              • firewall_session_dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: check-all, check-new + more... + +
                • +
              • fixedport - Enable to prevent source NAT from changing a session"s source port. type: str choices: enable, disable + more... + +
                • +
              • fsso - Enable/disable Fortinet Single Sign-On. type: str choices: enable, disable + more... + +
                • +
              • fsso_agent_for_ntlm - FSSO agent to use for NTLM authentication. Source user.fsso.name. type: str + more... + +
                • +
              • fsso_groups - Names of FSSO groups. type: list member_path: fsso_groups:name + more... + +
                • +
                  +
                • name - Names of FSSO groups. Source user.adgrp.name. type: str required: true + more... + +
                  • +
                +
              • geoip_anycast - Enable/disable recognition of anycast IP addresses using the geography IP database. type: str choices: enable, disable + more... + +
                • +
              • geoip_match - Match geography address based either on its physical location or registered location. type: str choices: physical-location, registered-location + more... + +
                • +
              • global_label - Label for the policy that appears when the GUI is in Global View mode. type: str + more... + +
                • +
              • groups - Names of user groups that can authenticate with this policy. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • gtp_profile - GTP profile. Source firewall.gtp.name. type: str + more... + +
                • +
              • http_policy_redirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. type: str choices: enable, disable + more... + +
                • +
              • icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str + more... + +
                • +
              • identity_based_route - Name of identity-based routing rule. Source firewall.identity-based-route.name. type: str + more... + +
                • +
              • inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: enable, disable + more... + +
                • +
              • inspection_mode - Policy inspection mode (Flow/proxy). Default is Flow mode. type: str choices: proxy, flow + more... + +
                • +
              • internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_custom - Custom Internet Service name. type: list member_path: internet_service_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_custom_group - Custom Internet Service group name. type: list member_path: internet_service_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_group - Internet Service group name. type: list member_path: internet_service_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_id - Internet Service ID. type: list member_path: internet_service_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_name - Internet Service name. type: list member_path: internet_service_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_negate - When enabled internet-service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src_custom - Custom Internet Service source name. type: list member_path: internet_service_src_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_custom_group - Custom Internet Service source group name. type: list member_path: internet_service_src_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_group - Internet Service source group name. type: list member_path: internet_service_src_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_id - Internet Service source ID. type: list member_path: internet_service_src_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_src_name - Internet Service source name. type: list member_path: internet_service_src_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_negate - When enabled internet-service-src specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • ippool - Enable to use IP Pools for source NAT. type: str choices: enable, disable + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • label - Label for the policy that appears when the GUI is in Section View mode. type: str + more... + +
                • +
              • learning_mode - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. type: str choices: enable, disable + more... + +
                • +
              • logtraffic - Enable or disable logging. Log all sessions or security profile sessions. type: str choices: all, utm, disable + more... + +
                • +
              • logtraffic_start - Record logs when a session starts. type: str choices: enable, disable + more... + +
                • +
              • match_vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str choices: enable, disable + more... + +
                • +
              • match_vip_only - Enable/disable matching of only those packets that have had their destination addresses changed by a VIP. type: str choices: enable, disable + more... + +
                • +
              • mms_profile - Name of an existing MMS profile. Source firewall.mms-profile.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • nat - Enable/disable source NAT. type: str choices: enable, disable + more... + +
                • +
              • nat46 - Enable/disable NAT46. type: str choices: enable, disable + more... + +
                • +
              • nat64 - Enable/disable NAT64. type: str choices: enable, disable + more... + +
                • +
              • natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: enable, disable + more... + +
                • +
              • natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str + more... + +
                • +
              • natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: enable, disable + more... + +
                • +
              • np_acceleration - Enable/disable UTM Network Processor acceleration. type: str choices: enable, disable + more... + +
                • +
              • ntlm - Enable/disable NTLM authentication. type: str choices: enable, disable + more... + +
                • +
              • ntlm_enabled_browsers - HTTP-User-Agent value of supported browsers. type: list + more... + +
                • +
                  +
                • user_agent_string - User agent string. type: str + more... + +
                  • +
                +
              • ntlm_guest - Enable/disable NTLM guest user access. type: str choices: enable, disable + more... + +
                • +
              • outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: enable, disable + more... + +
                • +
              • passive_wan_health_measurement - Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled. type: str choices: enable, disable + more... + +
                • +
              • per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                • +
              • permit_any_host - Accept UDP packets from any host. type: str choices: enable, disable + more... + +
                • +
              • permit_stun_host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str choices: enable, disable + more... + +
                • +
              • pfcp_profile - PFCP profile. Source firewall.pfcp.name. type: str + more... + +
                • +
              • policyid - Policy ID (0 - 4294967294). type: int required: true + more... + +
                • +
              • poolname - IP Pool names. type: list member_path: poolname:name + more... + +
                • +
                  +
                • name - IP pool name. Source firewall.ippool.name. type: str required: true + more... + +
                  • +
                +
              • poolname6 - IPv6 pool names. type: list member_path: poolname6:name + more... + +
                • +
                  +
                • name - IPv6 pool name. Source firewall.ippool6.name. type: str required: true + more... + +
                  • +
                +
              • profile_group - Name of profile group. Source firewall.profile-group.name. type: str + more... + +
                • +
              • profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str + more... + +
                • +
              • profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group + more... + +
                • +
              • radius_mac_auth_bypass - Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server. type: str choices: enable, disable + more... + +
                • +
              • redirect_url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str + more... + +
                • +
              • replacemsg_override_group - Override the default replacement message group for this policy. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • reputation_direction - Direction of the initial traffic for reputation to take effect. type: str choices: source, destination + more... + +
                • +
              • reputation_minimum - Minimum Reputation to take action. Source firewall.internet-service-reputation.id. type: int + more... + +
                • +
              • rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: enable, disable + more... + +
                • +
              • rtp_addr - Address names if this is an RTP NAT policy. type: list member_path: rtp_addr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.internet-service-custom-group.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • rtp_nat - Enable Real Time Protocol (RTP) NAT. type: str choices: disable, enable + more... + +
                • +
              • scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, block, monitor + more... + +
                • +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • schedule_timeout - Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity. type: str choices: enable, disable + more... + +
                • +
              • sctp_filter_profile - Name of an existing SCTP filter profile. Source sctp-filter.profile.name. type: str + more... + +
                • +
              • send_deny_packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str choices: disable, enable + more... + +
                • +
              • service - Service and service group names. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service and service group names. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • session_ttl - TTL in seconds for sessions accepted by this policy (0 means use the system ). type: str + more... + +
                • +
              • sgt - Security group tags. type: list member_path: sgt:id + more... + +
                • +
                  +
                • id - Security group tag (1 - 65535). type: int required: true + more... + +
                  • +
                +
              • sgt_check - Enable/disable security group tags (SGT) check. type: str choices: enable, disable + more... + +
                • +
              • spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • src_vendor_mac - Vendor MAC source ID. type: list member_path: src_vendor_mac:id + more... + +
                • +
                  +
                • id - Vendor MAC ID. Source firewall.vendor-mac.id. type: int required: true + more... + +
                  • +
                +
              • srcaddr - Source IPv4 address and address group names. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr_negate - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcaddr6 - Source IPv6 address name and address group names. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Incoming (ingress) interface. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str + more... + +
                • +
              • ssh_policy_redirect - Redirect SSH traffic to matching transparent proxy policy. type: str choices: enable, disable + more... + +
                • +
              • ssl_mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: enable, disable + more... + +
                • +
              • ssl_mirror_intf - SSL mirror interface name. type: list member_path: ssl_mirror_intf:name + more... + +
                • +
                  +
                • name - Mirror Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • status - Enable or disable this policy. type: str choices: enable, disable + more... + +
                • +
              • tcp_mss_receiver - Receiver TCP maximum segment size (MSS). type: int + more... + +
                • +
              • tcp_mss_sender - Sender TCP maximum segment size (MSS). type: int + more... + +
                • +
              • tcp_session_without_syn - Enable/disable creation of TCP session without SYN flag. type: str choices: all, data-only, disable + more... + +
                • +
              • timeout_send_rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: enable, disable + more... + +
                • +
              • tos - ToS (Type of Service) value used for comparison. type: str + more... + +
                • +
              • tos_mask - Non-zero bit positions are used for comparison while zero bit positions are ignored. type: str + more... + +
                • +
              • tos_negate - Enable negated TOS match. type: str choices: enable, disable + more... + +
                • +
              • traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • url_category - URL category ID list. type: list member_path: url_category:id + more... + +
                • +
                  +
                • id - URL category ID. type: int required: true + more... + +
                  • +
                +
              • users - Names of individual users that can authenticate with this policy. type: list member_path: users:name + more... + +
                • +
                  +
                • name - Names of individual users that can authenticate with this policy. Source user.local.name. type: str required: true + more... + +
                  • +
                +
              • utm_status - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • videofilter_profile - Name of an existing VideoFilter profile. Source videofilter.profile.name. type: str + more... + +
                • +
              • vlan_cos_fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int + more... + +
                • +
              • vlan_cos_rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int + more... + +
                • +
              • vlan_filter - Set VLAN filters. type: str + more... + +
                • +
              • voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str + more... + +
                • +
              • vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name. type: str + more... + +
                • +
              • waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str + more... + +
                • +
              • wanopt - Enable/disable WAN optimization. type: str choices: enable, disable + more... + +
                • +
              • wanopt_detection - WAN optimization auto-detection mode. type: str choices: active, passive, False + more... + +
                • +
              • wanopt_passive_opt - WAN optimization passive mode options. This option decides what IP address will be used to connect server. type: str choices: default, transparent, non-transparent + more... + +
                • +
              • wanopt_peer - WAN optimization peer. Source wanopt.peer.peer-host-id. type: str + more... + +
                • +
              • wanopt_profile - WAN optimization profile. Source wanopt.profile.name. type: str + more... + +
                • +
              • wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str choices: enable, disable + more... + +
                • +
              • webcache - Enable/disable web cache. type: str choices: enable, disable + more... + +
                • +
              • webcache_https - Enable/disable web cache for HTTPS. type: str choices: disable, enable + more... + +
                • +
              • webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webproxy_forward_server - Webproxy forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str + more... + +
                • +
              • webproxy_profile - Webproxy profile name. Source web-proxy.profile.name. type: str + more... + +
                • +
              • wsso - Enable/disable WiFi Single Sign On (WSSO). type: str choices: enable, disable + more... + +
                • +
              • ztna_ems_tag - Source ztna-ems-tag names. type: list member_path: ztna_ems_tag:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • ztna_geo_tag - Source ztna-geo-tag names. type: list member_path: ztna_geo_tag:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • ztna_status - Enable/disable zero trust access. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + - Adjust object order by moving self after(before) another. + + - Only one of [after, before] must be specified when action is moving an object. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4/IPv6 policies. + fortios_firewall_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy: + action: "accept" + anti_replay: "enable" + app_category: + - + id: "6" + app_group: + - + name: "default_name_8 (source application.group.name)" + application: + - + id: "10" + application_list: " (source application.list.name)" + auth_cert: " (source vpn.certificate.local.name)" + auth_path: "enable" + auth_redirect_addr: "" + auto_asic_offload: "enable" + av_profile: " (source antivirus.profile.name)" + block_notification: "enable" + captive_portal_exempt: "enable" + capture_packet: "enable" + cifs_profile: " (source cifs.profile.name)" + comments: "" + custom_log_fields: + - + field_id: " (source log.custom-field.id)" + decrypted_traffic_mirror: " (source firewall.decrypted-traffic-mirror.name)" + delay_tcp_npu_session: "enable" + devices: + - + name: "default_name_27 (source user.device.alias user.device-group.name user.device-category.name)" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + disclaimer: "enable" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + dscp_match: "enable" + dscp_negate: "enable" + dscp_value: "" + dsri: "enable" + dstaddr: + - + name: "default_name_40 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource.name)" + dstaddr_negate: "enable" + dstaddr6: + - + name: "default_name_43 (source firewall.address6.name firewall.addrgrp6.name firewall.vipgrp6.name firewall.vip6.name system.external-resource + .name)" + dstintf: + - + name: "default_name_45 (source system.interface.name system.zone.name system.sdwan.zone.name)" + dynamic_shaping: "enable" + email_collect: "enable" + emailfilter_profile: " (source emailfilter.profile.name)" + fec: "enable" + file_filter_profile: " (source file-filter.profile.name)" + firewall_session_dirty: "check-all" + fixedport: "enable" + fsso: "enable" + fsso_agent_for_ntlm: " (source user.fsso.name)" + fsso_groups: + - + name: "default_name_56 (source user.adgrp.name)" + geoip_anycast: "enable" + geoip_match: "physical-location" + global_label: "" + groups: + - + name: "default_name_61 (source user.group.name)" + gtp_profile: " (source firewall.gtp.name)" + http_policy_redirect: "enable" + icap_profile: " (source icap.profile.name)" + identity_based_route: " (source firewall.identity-based-route.name)" + inbound: "enable" + inspection_mode: "proxy" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_70 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_72 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_74 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "76 (source firewall.internet-service.id)" + internet_service_name: + - + name: "default_name_78 (source firewall.internet-service-name.name)" + internet_service_negate: "enable" + internet_service_src: "enable" + internet_service_src_custom: + - + name: "default_name_82 (source firewall.internet-service-custom.name)" + internet_service_src_custom_group: + - + name: "default_name_84 (source firewall.internet-service-custom-group.name)" + internet_service_src_group: + - + name: "default_name_86 (source firewall.internet-service-group.name)" + internet_service_src_id: + - + id: "88 (source firewall.internet-service.id)" + internet_service_src_name: + - + name: "default_name_90 (source firewall.internet-service-name.name)" + internet_service_src_negate: "enable" + ippool: "enable" + ips_sensor: " (source ips.sensor.name)" + label: "" + learning_mode: "enable" + logtraffic: "all" + logtraffic_start: "enable" + match_vip: "enable" + match_vip_only: "enable" + mms_profile: " (source firewall.mms-profile.name)" + name: "default_name_101" + nat: "enable" + nat46: "enable" + nat64: "enable" + natinbound: "enable" + natip: "" + natoutbound: "enable" + np_acceleration: "enable" + ntlm: "enable" + ntlm_enabled_browsers: + - + user_agent_string: "" + ntlm_guest: "enable" + outbound: "enable" + passive_wan_health_measurement: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + permit_any_host: "enable" + permit_stun_host: "enable" + pfcp_profile: " (source firewall.pfcp.name)" + policyid: "119" + poolname: + - + name: "default_name_121 (source firewall.ippool.name)" + poolname6: + - + name: "default_name_123 (source firewall.ippool6.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + radius_mac_auth_bypass: "enable" + redirect_url: "" + replacemsg_override_group: " (source system.replacemsg-group.name)" + reputation_direction: "source" + reputation_minimum: "131 (source firewall.internet-service-reputation.id)" + rsso: "enable" + rtp_addr: + - + name: "default_name_134 (source firewall.internet-service-custom-group.name firewall.addrgrp.name)" + rtp_nat: "disable" + scan_botnet_connections: "disable" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + schedule_timeout: "enable" + sctp_filter_profile: " (source sctp-filter.profile.name)" + send_deny_packet: "disable" + service: + - + name: "default_name_142 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "" + sgt: + - + id: "146" + sgt_check: "enable" + spamfilter_profile: " (source spamfilter.profile.name)" + src_vendor_mac: + - + id: "150 (source firewall.vendor-mac.id)" + srcaddr: + - + name: "default_name_152 (source firewall.address.name firewall.addrgrp.name system.external-resource.name)" + srcaddr_negate: "enable" + srcaddr6: + - + name: "default_name_155 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + srcintf: + - + name: "default_name_157 (source system.interface.name system.zone.name system.sdwan.zone.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssh_policy_redirect: "enable" + ssl_mirror: "enable" + ssl_mirror_intf: + - + name: "default_name_162 (source system.interface.name system.zone.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + tcp_mss_receiver: "165" + tcp_mss_sender: "166" + tcp_session_without_syn: "all" + timeout_send_rst: "enable" + tos: "" + tos_mask: "" + tos_negate: "enable" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + url_category: + - + id: "175" + users: + - + name: "default_name_177 (source user.local.name)" + utm_status: "enable" + uuid: "" + videofilter_profile: " (source videofilter.profile.name)" + vlan_cos_fwd: "181" + vlan_cos_rev: "182" + vlan_filter: "" + voip_profile: " (source voip.profile.name)" + vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" + waf_profile: " (source waf.profile.name)" + wanopt: "enable" + wanopt_detection: "active" + wanopt_passive_opt: "default" + wanopt_peer: " (source wanopt.peer.peer-host-id)" + wanopt_profile: " (source wanopt.profile.name)" + wccp: "enable" + webcache: "enable" + webcache_https: "disable" + webfilter_profile: " (source webfilter.profile.name)" + webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + webproxy_profile: " (source web-proxy.profile.name)" + wsso: "enable" + ztna_ems_tag: + - + name: "default_name_200 (source firewall.address.name firewall.addrgrp.name)" + ztna_geo_tag: + - + name: "default_name_202 (source firewall.address.name firewall.addrgrp.name)" + ztna_status: "enable" + + - name: move firewall.policy + fortios_firewall_policy: + vdom: "root" + action: "move" + self: "" + after: "" + #before: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_policy46.rst b/gen/fortios_firewall_policy46.rst new file mode 100644 index 00000000..eb369edf --- /dev/null +++ b/gen/fortios_firewall_policy46.rst @@ -0,0 +1,1376 @@ +:source: fortios_firewall_policy46.py + +:orphan: + +.. fortios_firewall_policy46: + +fortios_firewall_policy46 -- Configure IPv4 to IPv6 policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy46 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_firewall_policy46yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_policy46 - Configure IPv4 to IPv6 policies. type: dict + more... + +
              • +
                +
              • action - Accept or deny traffic matching the policy. type: str choices: accept, deny + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address objects. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.vip46.name firewall.vipgrp46.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Destination interface name. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • fixedport - Enable/disable fixed port for this policy. type: str choices: enable, disable + more... + +
                • +
              • ippool - Enable/disable use of IP Pools for source NAT. type: str choices: enable, disable + more... + +
                • +
              • logtraffic - Enable/disable traffic logging for this policy. type: str choices: enable, disable + more... + +
                • +
              • logtraffic_start - Record logs when a session starts and ends. type: str choices: enable, disable + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • per_ip_shaper - Per IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                • +
              • permit_any_host - Enable/disable allowing any host. type: str choices: enable, disable + more... + +
                • +
              • policyid - Policy ID (0 - 4294967294). type: int required: true + more... + +
                • +
              • poolname - IP Pool names. type: list member_path: poolname:name + more... + +
                • +
                  +
                • name - IP pool name. Source firewall.ippool6.name. type: str required: true + more... + +
                  • +
                +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • service - Service name. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address objects. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Source interface name. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • status - Enable/disable this policy. type: str choices: enable, disable + more... + +
                • +
              • tcp_mss_receiver - TCP Maximum Segment Size value of receiver (0 - 65535) type: int + more... + +
                • +
              • tcp_mss_sender - TCP Maximum Segment Size value of sender (0 - 65535). type: int + more... + +
                • +
              • traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 to IPv6 policies. + fortios_firewall_policy46: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy46: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.vip46.name firewall.vipgrp46.name)" + dstintf: " (source system.interface.name system.zone.name)" + fixedport: "enable" + ippool: "enable" + logtraffic: "enable" + logtraffic_start: "enable" + name: "default_name_12" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + permit_any_host: "enable" + policyid: "15" + poolname: + - + name: "default_name_17 (source firewall.ippool6.name)" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_20 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" + srcintf: " (source system.zone.name system.interface.name)" + status: "enable" + tcp_mss_receiver: "25" + tcp_mss_sender: "26" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_policy6.rst b/gen/fortios_firewall_policy6.rst new file mode 100644 index 00000000..791ea66a --- /dev/null +++ b/gen/fortios_firewall_policy6.rst @@ -0,0 +1,3987 @@ +:source: fortios_firewall_policy6.py + +:orphan: + +.. fortios_firewall_policy6: + +fortios_firewall_policy6 -- Configure IPv6 policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_firewall_policy6yesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_policy6 - Configure IPv6 policies. type: dict + more... + +
              • +
                +
              • action - Policy action (allow/deny/ipsec). type: str choices: accept, deny, ipsec + more... + +
                • +
              • anti_replay - Enable/disable anti-replay check. type: str choices: enable, disable + more... + +
                • +
              • app_category - Application category ID list. type: list member_path: app_category:id + more... + +
                • +
                  +
                • id - Category IDs. type: int required: true + more... + +
                  • +
                +
              • app_group - Application group names. type: list member_path: app_group:name + more... + +
                • +
                  +
                • name - Application group names. Source application.group.name. type: str required: true + more... + +
                  • +
                +
              • application - Application ID list. type: list member_path: application:id + more... + +
                • +
                  +
                • id - Application IDs. type: int required: true + more... + +
                  • +
                +
              • application_list - Name of an existing Application list. Source application.list.name. type: str + more... + +
                • +
              • auto_asic_offload - Enable/disable policy traffic ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • cifs_profile - Name of an existing CIFS profile. Source cifs.profile.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • custom_log_fields - Log field index numbers to append custom log fields to log messages for this policy. type: list + more... + +
                • +
                  +
                • field_id - Custom log field. Source log.custom-field.id. type: str + more... + +
                  • +
                +
              • devices - Names of devices or device groups that can be matched by the policy. type: list member_path: devices:name + more... + +
                • +
                  +
                • name - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. type: str required: true + more... + +
                  • +
                +
              • diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable + more... + +
                • +
              • diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable + more... + +
                • +
              • diffservcode_forward - Change packet"s DiffServ to this value. type: str + more... + +
                • +
              • diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str + more... + +
                • +
              • dscp_match - Enable DSCP check. type: str choices: enable, disable + more... + +
                • +
              • dscp_negate - Enable negated DSCP match. type: str choices: enable, disable + more... + +
                • +
              • dscp_value - DSCP value. type: str + more... + +
                • +
              • dsri - Enable DSRI to ignore HTTP server responses. type: str choices: enable, disable + more... + +
                • +
              • dstaddr - Destination address and address group names. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr_negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • dstintf - Outgoing (egress) interface. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • firewall_session_dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: check-all, check-new + more... + +
                • +
              • fixedport - Enable to prevent source NAT from changing a session"s source port. type: str choices: enable, disable + more... + +
                • +
              • fsso_groups - Names of FSSO groups. type: list member_path: fsso_groups:name + more... + +
                • +
                  +
                • name - Names of FSSO groups. Source user.adgrp.name. type: str required: true + more... + +
                  • +
                +
              • global_label - Label for the policy that appears when the GUI is in Global View mode. type: str + more... + +
                • +
              • groups - Names of user groups that can authenticate with this policy. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • http_policy_redirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. type: str choices: enable, disable + more... + +
                • +
              • icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str + more... + +
                • +
              • inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: enable, disable + more... + +
                • +
              • inspection_mode - Policy inspection mode (Flow/proxy). Default is Flow mode. type: str choices: proxy, flow + more... + +
                • +
              • ippool - Enable to use IP Pools for source NAT. type: str choices: enable, disable + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • label - Label for the policy that appears when the GUI is in Section View mode. type: str + more... + +
                • +
              • logtraffic - Enable or disable logging. Log all sessions or security profile sessions. type: str choices: all, utm, disable + more... + +
                • +
              • logtraffic_start - Record logs when a session starts. type: str choices: enable, disable + more... + +
                • +
              • mms_profile - Name of an existing MMS profile. Source firewall.mms-profile.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • nat - Enable/disable source NAT. type: str choices: enable, disable + more... + +
                • +
              • natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: enable, disable + more... + +
                • +
              • natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: enable, disable + more... + +
                • +
              • np_acceleration - Enable/disable UTM Network Processor acceleration. type: str choices: enable, disable + more... + +
                • +
              • outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: enable, disable + more... + +
                • +
              • per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                • +
              • policyid - Policy ID (0 - 4294967294). type: int required: true + more... + +
                • +
              • poolname - IP Pool names. type: list member_path: poolname:name + more... + +
                • +
                  +
                • name - IP pool name. Source firewall.ippool6.name. type: str required: true + more... + +
                  • +
                +
              • profile_group - Name of profile group. Source firewall.profile-group.name. type: str + more... + +
                • +
              • profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str + more... + +
                • +
              • profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group + more... + +
                • +
              • replacemsg_override_group - Override the default replacement message group for this policy. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: enable, disable + more... + +
                • +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • send_deny_packet - Enable/disable return of deny-packet. type: str choices: enable, disable + more... + +
                • +
              • service - Service and service group names. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • session_ttl - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL. type: str + more... + +
                • +
              • spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • srcaddr - Source address and address group names. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr_negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcintf - Incoming (ingress) interface. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.zone.name system.interface.name. type: str required: true + more... + +
                  • +
                +
              • ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str + more... + +
                • +
              • ssh_policy_redirect - Redirect SSH traffic to matching transparent proxy policy. type: str choices: enable, disable + more... + +
                • +
              • ssl_mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: enable, disable + more... + +
                • +
              • ssl_mirror_intf - SSL mirror interface name. type: list member_path: ssl_mirror_intf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.zone.name system.interface.name. type: str required: true + more... + +
                  • +
                +
              • ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • status - Enable or disable this policy. type: str choices: enable, disable + more... + +
                • +
              • tcp_mss_receiver - Receiver TCP maximum segment size (MSS). type: int + more... + +
                • +
              • tcp_mss_sender - Sender TCP maximum segment size (MSS). type: int + more... + +
                • +
              • tcp_session_without_syn - Enable/disable creation of TCP session without SYN flag. type: str choices: all, data-only, disable + more... + +
                • +
              • timeout_send_rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: enable, disable + more... + +
                • +
              • tos - ToS (Type of Service) value used for comparison. type: str + more... + +
                • +
              • tos_mask - Non-zero bit positions are used for comparison while zero bit positions are ignored. type: str + more... + +
                • +
              • tos_negate - Enable negated TOS match. type: str choices: enable, disable + more... + +
                • +
              • traffic_shaper - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • url_category - URL category ID list. type: list member_path: url_category:id + more... + +
                • +
                  +
                • id - URL category ID. type: int required: true + more... + +
                  • +
                +
              • users - Names of individual users that can authenticate with this policy. type: list member_path: users:name + more... + +
                • +
                  +
                • name - Names of individual users that can authenticate with this policy. Source user.local.name. type: str required: true + more... + +
                  • +
                +
              • utm_status - Enable AV/web/ips protection profile. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • vlan_cos_fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest type: int + more... + +
                • +
              • vlan_cos_rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest type: int + more... + +
                • +
              • vlan_filter - Set VLAN filters. type: str + more... + +
                • +
              • voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str + more... + +
                • +
              • vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name. type: str + more... + +
                • +
              • waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str + more... + +
                • +
              • webcache - Enable/disable web cache. type: str choices: enable, disable + more... + +
                • +
              • webcache_https - Enable/disable web cache for HTTPS. type: str choices: disable, enable + more... + +
                • +
              • webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webproxy_forward_server - Web proxy forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str + more... + +
                • +
              • webproxy_profile - Webproxy profile name. Source web-proxy.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 policies. + fortios_firewall_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy6: + action: "accept" + anti_replay: "enable" + app_category: + - + id: "6" + app_group: + - + name: "default_name_8 (source application.group.name)" + application: + - + id: "10" + application_list: " (source application.list.name)" + auto_asic_offload: "enable" + av_profile: " (source antivirus.profile.name)" + cifs_profile: " (source cifs.profile.name)" + comments: "" + custom_log_fields: + - + field_id: " (source log.custom-field.id)" + devices: + - + name: "default_name_19 (source user.device.alias user.device-group.name user.device-category.name)" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + dscp_match: "enable" + dscp_negate: "enable" + dscp_value: "" + dsri: "enable" + dstaddr: + - + name: "default_name_31 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system.external-resource + .name)" + dstaddr_negate: "enable" + dstintf: + - + name: "default_name_34 (source system.interface.name system.zone.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + firewall_session_dirty: "check-all" + fixedport: "enable" + fsso_groups: + - + name: "default_name_39 (source user.adgrp.name)" + global_label: "" + groups: + - + name: "default_name_42 (source user.group.name)" + http_policy_redirect: "enable" + icap_profile: " (source icap.profile.name)" + inbound: "enable" + inspection_mode: "proxy" + ippool: "enable" + ips_sensor: " (source ips.sensor.name)" + label: "" + logtraffic: "all" + logtraffic_start: "enable" + mms_profile: " (source firewall.mms-profile.name)" + name: "default_name_53" + nat: "enable" + natinbound: "enable" + natoutbound: "enable" + np_acceleration: "enable" + outbound: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + policyid: "60" + poolname: + - + name: "default_name_62 (source firewall.ippool6.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + replacemsg_override_group: " (source system.replacemsg-group.name)" + rsso: "enable" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + send_deny_packet: "enable" + service: + - + name: "default_name_71 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "" + spamfilter_profile: " (source spamfilter.profile.name)" + srcaddr: + - + name: "default_name_76 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + srcaddr_negate: "enable" + srcintf: + - + name: "default_name_79 (source system.zone.name system.interface.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssh_policy_redirect: "enable" + ssl_mirror: "enable" + ssl_mirror_intf: + - + name: "default_name_84 (source system.zone.name system.interface.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + tcp_mss_receiver: "87" + tcp_mss_sender: "88" + tcp_session_without_syn: "all" + timeout_send_rst: "enable" + tos: "" + tos_mask: "" + tos_negate: "enable" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + url_category: + - + id: "97" + users: + - + name: "default_name_99 (source user.local.name)" + utm_status: "enable" + uuid: "" + vlan_cos_fwd: "102" + vlan_cos_rev: "103" + vlan_filter: "" + voip_profile: " (source voip.profile.name)" + vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" + waf_profile: " (source waf.profile.name)" + webcache: "enable" + webcache_https: "disable" + webfilter_profile: " (source webfilter.profile.name)" + webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + webproxy_profile: " (source web-proxy.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_policy64.rst b/gen/fortios_firewall_policy64.rst new file mode 100644 index 00000000..e22d5ec9 --- /dev/null +++ b/gen/fortios_firewall_policy64.rst @@ -0,0 +1,1376 @@ +:source: fortios_firewall_policy64.py + +:orphan: + +.. fortios_firewall_policy64: + +fortios_firewall_policy64 -- Configure IPv6 to IPv4 policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_firewall_policy64yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_policy64 - Configure IPv6 to IPv4 policies. type: dict + more... + +
              • +
                +
              • action - Policy action. type: str choices: accept, deny + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dstaddr - Destination address name. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Destination interface name. Source system.interface.name system.zone.name. type: str + more... + +
                • +
              • fixedport - Enable/disable policy fixed port. type: str choices: enable, disable + more... + +
                • +
              • ippool - Enable/disable policy64 IP pool. type: str choices: enable, disable + more... + +
                • +
              • logtraffic - Enable/disable policy log traffic. type: str choices: enable, disable + more... + +
                • +
              • logtraffic_start - Record logs when a session starts and ends. type: str choices: enable, disable + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                • +
              • permit_any_host - Enable/disable permit any host in. type: str choices: enable, disable + more... + +
                • +
              • policyid - Policy ID (0 - 4294967294). type: int required: true + more... + +
                • +
              • poolname - Policy IP pool names. type: list member_path: poolname:name + more... + +
                • +
                  +
                • name - IP pool name. Source firewall.ippool.name. type: str required: true + more... + +
                  • +
                +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • service - Service name. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address name. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Source interface name. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • status - Enable/disable policy status. type: str choices: enable, disable + more... + +
                • +
              • tcp_mss_receiver - TCP MSS value of receiver. type: int + more... + +
                • +
              • tcp_mss_sender - TCP MSS value of sender. type: int + more... + +
                • +
              • traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 to IPv4 policies. + fortios_firewall_policy64: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy64: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name)" + dstintf: " (source system.interface.name system.zone.name)" + fixedport: "enable" + ippool: "enable" + logtraffic: "enable" + logtraffic_start: "enable" + name: "default_name_12" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + permit_any_host: "enable" + policyid: "15" + poolname: + - + name: "default_name_17 (source firewall.ippool.name)" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_20 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_22 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: " (source system.zone.name system.interface.name)" + status: "enable" + tcp_mss_receiver: "25" + tcp_mss_sender: "26" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_profile_group.rst b/gen/fortios_firewall_profile_group.rst new file mode 100644 index 00000000..6927bf91 --- /dev/null +++ b/gen/fortios_firewall_profile_group.rst @@ -0,0 +1,1092 @@ +:source: fortios_firewall_profile_group.py + +:orphan: + +.. fortios_firewall_profile_group: + +fortios_firewall_profile_group -- Configure profile groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and profile_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_profile_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_profile_group - Configure profile groups. type: dict + more... + +
              • +
                +
              • application_list - Name of an existing Application list. Source application.list.name. type: str + more... + +
                • +
              • av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • cifs_profile - Name of an existing CIFS profile. Source cifs.profile.name. type: str + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str + more... + +
                • +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • file_filter_profile - Name of an existing file-filter profile. Source file-filter.profile.name. type: str + more... + +
                • +
              • icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • mms_profile - Name of an existing MMS profile. Source firewall.mms-profile.name. type: str + more... + +
                • +
              • name - Profile group name. type: str required: true + more... + +
                • +
              • profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str + more... + +
                • +
              • sctp_filter_profile - Name of an existing SCTP filter profile. Source sctp-filter.profile.name. type: str + more... + +
                • +
              • spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str + more... + +
                • +
              • ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • videofilter_profile - Name of an existing VideoFilter profile. Source videofilter.profile.name. type: str + more... + +
                • +
              • voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str + more... + +
                • +
              • waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str + more... + +
                • +
              • webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure profile groups. + fortios_firewall_profile_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_profile_group: + application_list: " (source application.list.name)" + av_profile: " (source antivirus.profile.name)" + cifs_profile: " (source cifs.profile.name)" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + file_filter_profile: " (source file-filter.profile.name)" + icap_profile: " (source icap.profile.name)" + ips_sensor: " (source ips.sensor.name)" + mms_profile: " (source firewall.mms-profile.name)" + name: "default_name_13" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + sctp_filter_profile: " (source sctp-filter.profile.name)" + spamfilter_profile: " (source spamfilter.profile.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + videofilter_profile: " (source videofilter.profile.name)" + voip_profile: " (source voip.profile.name)" + waf_profile: " (source waf.profile.name)" + webfilter_profile: " (source webfilter.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_profile_protocol_options.rst b/gen/fortios_firewall_profile_protocol_options.rst new file mode 100644 index 00000000..6c899b9c --- /dev/null +++ b/gen/fortios_firewall_profile_protocol_options.rst @@ -0,0 +1,9025 @@ +:source: fortios_firewall_profile_protocol_options.py + +:orphan: + +.. fortios_firewall_profile_protocol_options: + +fortios_firewall_profile_protocol_options -- Configure protocol options in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and profile_protocol_options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_profile_protocol_optionsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_profile_protocol_options - Configure protocol options. type: dict + more... + +
              • +
                +
              • cifs - Configure CIFS protocol options. type: dict + more... + +
                • +
                  +
                • domain_controller - Domain for which to decrypt CIFS traffic. Source user.domain-controller.name credential-store.domain-controller.server-name. type: str + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: oversize + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • server_credential_type - CIFS server credential type. type: str choices: none, credential-replication, credential-keytab + more... + +
                  • +
                • server_keytab - Server keytab. type: str + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • tcp_window_maximum - Maximum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_minimum - Minimum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_size - Set TCP static window size. type: int + more... + +
                  • +
                • tcp_window_type - TCP window type to use for this protocol. type: str choices: system, static, dynamic, auto-tuning + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • dns - Configure DNS protocol options. type: dict + more... + +
                • +
                  +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                +
              • ftp - Configure FTP protocol options. type: dict + more... + +
                • +
                  +
                • comfort_amount - Amount of data to send in a transmission for client comforting (1 - 65535 bytes). type: int + more... + +
                  • +
                • comfort_interval - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). type: int + more... + +
                  • +
                • inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: clientcomfort, oversize, splice, bypass-rest-command, bypass-mode-command + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: False, True + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int + more... + +
                  • +
                • tcp_window_maximum - Maximum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_minimum - Minimum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_size - Set TCP static window size. type: int + more... + +
                  • +
                • tcp_window_type - TCP window type to use for this protocol. type: str choices: system, static, dynamic, auto-tuning + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • http - Configure HTTP protocol options. type: dict + more... + +
                • +
                  +
                • block_page_status_code - Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). type: int + more... + +
                  • +
                • comfort_amount - Amount of data to send in a transmission for client comforting (1 - 65535 bytes). type: int + more... + +
                  • +
                • comfort_interval - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). type: int + more... + +
                  • +
                • fortinet_bar - Enable/disable Fortinet bar on HTML content. type: str choices: enable, disable + more... + +
                  • +
                • fortinet_bar_port - Port for use by Fortinet Bar (1 - 65535). type: int + more... + +
                  • +
                • http_policy - Enable/disable HTTP policy check. type: str choices: disable, enable + more... + +
                  • +
                • inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: clientcomfort, servercomfort, oversize, chunkedbypass + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • post_lang - ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). type: list choices: jisx0201, jisx0208, jisx0212, gb2312, ksc5601-ex, euc-jp, sjis, iso2022-jp, iso2022-jp-1, iso2022-jp-2, euc-cn, ces-gbk, hz, ces-big5, euc-kr, iso2022-jp-3, iso8859-1, tis620, cp874, cp1252, cp1251 + more... + +
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • range_block - Enable/disable blocking of partial downloads. type: str choices: disable, enable + more... + +
                  • +
                • retry_count - Number of attempts to retry HTTP connection (0 - 100). type: int + more... + +
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: False, True + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int + more... + +
                  • +
                • streaming_content_bypass - Enable/disable bypassing of streaming content from buffering. type: str choices: enable, disable + more... + +
                  • +
                • strip_x_forwarded_for - Enable/disable stripping of HTTP X-Forwarded-For header. type: str choices: disable, enable + more... + +
                  • +
                • switching_protocols - Bypass from scanning, or block a connection that attempts to switch protocol. type: str choices: bypass, block + more... + +
                  • +
                • tcp_window_maximum - Maximum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_minimum - Minimum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_size - Set TCP static window size. type: int + more... + +
                  • +
                • tcp_window_type - TCP window type to use for this protocol. type: str choices: system, static, dynamic, auto-tuning + more... + +
                  • +
                • tunnel_non_http - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. type: str choices: enable, disable + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, tunnel, best-effort + more... + +
                  • +
                +
              • imap - Configure IMAP protocol options. type: dict + more... + +
                • +
                  +
                • inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: fragmail, oversize + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: False, True + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • mail_signature - Configure Mail signature. type: dict + more... + +
                • +
                  +
                • signature - Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). type: str + more... + +
                  • +
                • status - Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. type: str choices: disable, enable + more... + +
                  • +
                +
              • mapi - Configure MAPI protocol options. type: dict + more... + +
                • +
                  +
                • options - One or more options that can be applied to the session. type: list choices: fragmail, oversize + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • nntp - Configure NNTP protocol options. type: dict + more... + +
                • +
                  +
                • inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: oversize, splice + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • oversize_log - Enable/disable logging for antivirus oversize file blocking. type: str choices: disable, enable + more... + +
                • +
              • pop3 - Configure POP3 protocol options. type: dict + more... + +
                • +
                  +
                • inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: fragmail, oversize + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: False, True + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • replacemsg_group - Name of the replacement message group to be used. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • rpc_over_http - Enable/disable inspection of RPC over HTTP. type: str choices: enable, disable + more... + +
                • +
              • smtp - Configure SMTP protocol options. type: dict + more... + +
                • +
                  +
                • inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: fragmail, oversize, splice + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • ports - Ports to scan for content (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • server_busy - Enable/disable SMTP server busy when server not available. type: str choices: enable, disable + more... + +
                  • +
                • ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: False, True + more... + +
                  • +
                • status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • ssh - Configure SFTP and SCP protocol options. type: dict + more... + +
                • +
                  +
                • comfort_amount - Amount of data to send in a transmission for client comforting (1 - 65535 bytes). type: int + more... + +
                  • +
                • comfort_interval - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). type: int + more... + +
                  • +
                • options - One or more options that can be applied to the session. type: list choices: oversize, clientcomfort, servercomfort + more... + +
                  • +
                • oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                • scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable + more... + +
                  • +
                • ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: False, True + more... + +
                  • +
                • stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int + more... + +
                  • +
                • tcp_window_maximum - Maximum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_minimum - Minimum dynamic TCP window size. type: int + more... + +
                  • +
                • tcp_window_size - Set TCP static window size. type: int + more... + +
                  • +
                • tcp_window_type - TCP window type to use for this protocol. type: str choices: system, static, dynamic, auto-tuning + more... + +
                  • +
                • uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int + more... + +
                  • +
                • uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (1 - 383 MB). type: int + more... + +
                  • +
                +
              • switching_protocols_log - Enable/disable logging for HTTP/HTTPS switching protocols. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure protocol options. + fortios_firewall_profile_protocol_options: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_profile_protocol_options: + cifs: + domain_controller: " (source user.domain-controller.name credential-store.domain-controller.server-name)" + options: "oversize" + oversize_limit: "6" + ports: "7" + scan_bzip2: "enable" + server_credential_type: "none" + server_keytab: + - + keytab: "" + principal: "" + status: "enable" + tcp_window_maximum: "14" + tcp_window_minimum: "15" + tcp_window_size: "16" + tcp_window_type: "system" + uncompressed_nest_limit: "18" + uncompressed_oversize_limit: "19" + comment: "Optional comments." + dns: + ports: "22" + status: "enable" + ftp: + comfort_amount: "25" + comfort_interval: "26" + inspect_all: "enable" + options: "clientcomfort" + oversize_limit: "29" + ports: "30" + scan_bzip2: "enable" + ssl_offloaded: "no" + status: "enable" + stream_based_uncompressed_limit: "34" + tcp_window_maximum: "35" + tcp_window_minimum: "36" + tcp_window_size: "37" + tcp_window_type: "system" + uncompressed_nest_limit: "39" + uncompressed_oversize_limit: "40" + http: + block_page_status_code: "42" + comfort_amount: "43" + comfort_interval: "44" + fortinet_bar: "enable" + fortinet_bar_port: "46" + http_policy: "disable" + inspect_all: "enable" + options: "clientcomfort" + oversize_limit: "50" + ports: "51" + post_lang: "jisx0201" + proxy_after_tcp_handshake: "enable" + range_block: "disable" + retry_count: "55" + scan_bzip2: "enable" + ssl_offloaded: "no" + status: "enable" + stream_based_uncompressed_limit: "59" + streaming_content_bypass: "enable" + strip_x_forwarded_for: "disable" + switching_protocols: "bypass" + tcp_window_maximum: "63" + tcp_window_minimum: "64" + tcp_window_size: "65" + tcp_window_type: "system" + tunnel_non_http: "enable" + uncompressed_nest_limit: "68" + uncompressed_oversize_limit: "69" + unknown_http_version: "reject" + imap: + inspect_all: "enable" + options: "fragmail" + oversize_limit: "74" + ports: "75" + proxy_after_tcp_handshake: "enable" + scan_bzip2: "enable" + ssl_offloaded: "no" + status: "enable" + uncompressed_nest_limit: "80" + uncompressed_oversize_limit: "81" + mail_signature: + signature: "" + status: "disable" + mapi: + options: "fragmail" + oversize_limit: "87" + ports: "88" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "91" + uncompressed_oversize_limit: "92" + name: "default_name_93" + nntp: + inspect_all: "enable" + options: "oversize" + oversize_limit: "97" + ports: "98" + proxy_after_tcp_handshake: "enable" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "102" + uncompressed_oversize_limit: "103" + oversize_log: "disable" + pop3: + inspect_all: "enable" + options: "fragmail" + oversize_limit: "108" + ports: "109" + proxy_after_tcp_handshake: "enable" + scan_bzip2: "enable" + ssl_offloaded: "no" + status: "enable" + uncompressed_nest_limit: "114" + uncompressed_oversize_limit: "115" + replacemsg_group: " (source system.replacemsg-group.name)" + rpc_over_http: "enable" + smtp: + inspect_all: "enable" + options: "fragmail" + oversize_limit: "121" + ports: "122" + proxy_after_tcp_handshake: "enable" + scan_bzip2: "enable" + server_busy: "enable" + ssl_offloaded: "no" + status: "enable" + uncompressed_nest_limit: "128" + uncompressed_oversize_limit: "129" + ssh: + comfort_amount: "131" + comfort_interval: "132" + options: "oversize" + oversize_limit: "134" + scan_bzip2: "enable" + ssl_offloaded: "no" + stream_based_uncompressed_limit: "137" + tcp_window_maximum: "138" + tcp_window_minimum: "139" + tcp_window_size: "140" + tcp_window_type: "system" + uncompressed_nest_limit: "142" + uncompressed_oversize_limit: "143" + switching_protocols_log: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_proute.rst b/gen/fortios_firewall_proute.rst new file mode 100644 index 00000000..abc53525 --- /dev/null +++ b/gen/fortios_firewall_proute.rst @@ -0,0 +1,235 @@ +:source: fortios_firewall_proute.py + +:orphan: + +.. fortios_firewall_proute: + +fortios_firewall_proute -- List policy routing in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proute category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_prouteyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_proute - List policy routing. type: dict + more... + +
              • +
                +
              • - Number. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: List policy routing. + fortios_firewall_proute: + vdom: "{{ vdom }}" + firewall_proute: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_proxy_address.rst b/gen/fortios_firewall_proxy_address.rst new file mode 100644 index 00000000..71f0cc7c --- /dev/null +++ b/gen/fortios_firewall_proxy_address.rst @@ -0,0 +1,2031 @@ +:source: fortios_firewall_proxy_address.py + +:orphan: + +.. fortios_firewall_proxy_address: + +fortios_firewall_proxy_address -- Configure web proxy address in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proxy_address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_proxy_addressyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_proxy_address - Configure web proxy address. type: dict + more... + +
              • +
                +
              • case_sensitivity - Enable to make the pattern case sensitive. type: str choices: disable, enable + more... + +
                • +
              • category - FortiGuard category ID. type: list member_path: category:id + more... + +
                • +
                  +
                • id - FortiGuard category ID. type: int required: true + more... + +
                  • +
                +
              • color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int + more... + +
                • +
              • comment - Optional comments. type: str + more... + +
                • +
              • header - HTTP header name as a regular expression. type: str + more... + +
                • +
              • header_group - HTTP header group. type: list member_path: header_group:id + more... + +
                • +
                  +
                • case_sensitivity - Case sensitivity in pattern. type: str choices: disable, enable + more... + +
                  • +
                • header - HTTP header regular expression. type: str + more... + +
                  • +
                • header_name - HTTP header. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                +
              • header_name - Name of HTTP header. type: str + more... + +
                • +
              • host - Address object for the host. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name. type: str + more... + +
                • +
              • host_regex - Host name as a regular expression. type: str + more... + +
                • +
              • method - HTTP request methods to be used. type: list choices: get, post, put, head, connect, trace, options, delete + more... + +
                • +
              • name - Address name. type: str required: true + more... + +
                • +
              • path - URL path as a regular expression. type: str + more... + +
                • +
              • query - Match the query part of the URL as a regular expression. type: str + more... + +
                • +
              • referrer - Enable/disable use of referrer field in the HTTP header to match the address. type: str choices: enable, disable + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • type - Proxy address type. type: str choices: host-regex, url, category, method, ua, header, src-advanced, dst-advanced + more... + +
                • +
              • ua - Names of browsers to be used as user agent. type: list choices: chrome, ms, firefox, safari, other + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable visibility of the object in the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web proxy address. + fortios_firewall_proxy_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_proxy_address: + case_sensitivity: "disable" + category: + - + id: "5" + color: "6" + comment: "Optional comments." + header: "" + header_group: + - + case_sensitivity: "disable" + header: "" + header_name: "" + id: "13" + header_name: "" + host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)" + host_regex: "myhostname" + method: "get" + name: "default_name_18" + path: "" + query: "" + referrer: "enable" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_24" + tags: + - + name: "default_name_26 (source system.object-tagging.tags.name)" + type: "host-regex" + ua: "chrome" + uuid: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_proxy_addrgrp.rst b/gen/fortios_firewall_proxy_addrgrp.rst new file mode 100644 index 00000000..790e4f77 --- /dev/null +++ b/gen/fortios_firewall_proxy_addrgrp.rst @@ -0,0 +1,863 @@ +:source: fortios_firewall_proxy_addrgrp.py + +:orphan: + +.. fortios_firewall_proxy_addrgrp: + +fortios_firewall_proxy_addrgrp -- Configure web proxy address group in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proxy_addrgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_proxy_addrgrpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_proxy_addrgrp - Configure web proxy address group. type: dict + more... + +
              • +
                +
              • color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int + more... + +
                • +
              • comment - Optional comments. type: str + more... + +
                • +
              • member - Members of address group. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.proxy-address.name firewall.proxy-addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • name - Address group name. type: str required: true + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • type - Source or destination address group type. type: str choices: src, dst + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable visibility of the object in the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web proxy address group. + fortios_firewall_proxy_addrgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_proxy_addrgrp: + color: "3" + comment: "Optional comments." + member: + - + name: "default_name_6 (source firewall.proxy-address.name firewall.proxy-addrgrp.name)" + name: "default_name_7" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_10" + tags: + - + name: "default_name_12 (source system.object-tagging.tags.name)" + type: "src" + uuid: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_proxy_policy.rst b/gen/fortios_firewall_proxy_policy.rst new file mode 100644 index 00000000..5f2db093 --- /dev/null +++ b/gen/fortios_firewall_proxy_policy.rst @@ -0,0 +1,5162 @@ +:source: fortios_firewall_proxy_policy.py + +:orphan: + +.. fortios_firewall_proxy_policy: + +fortios_firewall_proxy_policy -- Configure proxy policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proxy_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_proxy_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_proxy_policy - Configure proxy policies. type: dict + more... + +
              • +
                +
              • access_proxy - IPv4 access proxy. type: list member_path: access_proxy:name + more... + +
                • +
                  +
                • name - Access Proxy name. Source firewall.access-proxy.name. type: str required: true + more... + +
                  • +
                +
              • access_proxy6 - IPv6 access proxy. type: list member_path: access_proxy6:name + more... + +
                • +
                  +
                • name - Access proxy name. Source firewall.access-proxy6.name. type: str required: true + more... + +
                  • +
                +
              • action - Accept or deny traffic matching the policy parameters. type: str choices: accept, deny, redirect + more... + +
                • +
              • application_list - Name of an existing Application list. Source application.list.name. type: str + more... + +
                • +
              • av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • block_notification - Enable/disable block notification. type: str choices: enable, disable + more... + +
                • +
              • cifs_profile - Name of an existing CIFS profile. Source cifs.profile.name. type: str + more... + +
                • +
              • comments - Optional comments. type: str + more... + +
                • +
              • decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str + more... + +
                • +
              • device_ownership - When enabled, the ownership enforcement will be done at policy level. type: str choices: enable, disable + more... + +
                • +
              • disclaimer - Web proxy disclaimer setting: by domain, policy, or user. type: str choices: disable, domain, policy, user + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dstaddr - Destination address objects. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr_negate - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. type: str choices: enable, disable + more... + +
                • +
              • dstaddr6 - IPv6 destination address objects. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Destination interface names. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • file_filter_profile - Name of an existing file-filter profile. Source file-filter.profile.name. type: str + more... + +
                • +
              • global_label - Global web-based manager visible label. type: str + more... + +
                • +
              • groups - Names of group objects. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • http_tunnel_auth - Enable/disable HTTP tunnel authentication. type: str choices: enable, disable + more... + +
                • +
              • icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str + more... + +
                • +
              • internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_custom - Custom Internet Service name. type: list member_path: internet_service_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_custom_group - Custom Internet Service group name. type: list member_path: internet_service_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_group - Internet Service group name. type: list member_path: internet_service_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_id - Internet Service ID. type: list member_path: internet_service_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_name - Internet Service name. type: list member_path: internet_service_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_negate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. type: str choices: enable, disable + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • label - VDOM-specific GUI visible label. type: str + more... + +
                • +
              • logtraffic - Enable/disable logging traffic through the policy. type: str choices: all, utm, disable + more... + +
                • +
              • logtraffic_start - Enable/disable policy log traffic start. type: str choices: enable, disable + more... + +
                • +
              • mms_profile - Name of an existing MMS profile. Source firewall.mms-profile.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • poolname - Name of IP pool object. type: list member_path: poolname:name + more... + +
                • +
                  +
                • name - IP pool name. Source firewall.ippool.name. type: str required: true + more... + +
                  • +
                +
              • profile_group - Name of profile group. Source firewall.profile-group.name. type: str + more... + +
                • +
              • profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str + more... + +
                • +
              • profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group + more... + +
                • +
              • proxy - Type of explicit proxy. type: str choices: explicit-web, transparent-web, ftp, ssh, ssh-tunnel, access-proxy, wanopt + more... + +
                • +
              • redirect_url - Redirect URL for further explicit web proxy processing. type: str + more... + +
                • +
              • replacemsg_override_group - Authentication replacement message override group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • scan_botnet_connections - Enable/disable scanning of connections to Botnet servers. type: str choices: disable, block, monitor + more... + +
                • +
              • schedule - Name of schedule object. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • sctp_filter_profile - Name of an existing SCTP filter profile. Source sctp-filter.profile.name. type: str + more... + +
                • +
              • service - Name of service objects. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled, services match against any service EXCEPT the specified destination services. type: str choices: enable, disable + more... + +
                • +
              • session_ttl - TTL in seconds for sessions accepted by this policy (0 means use the system ). type: int + more... + +
                • +
              • spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • srcaddr - Source address objects. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr_negate - When enabled, source addresses match against any address EXCEPT the specified source addresses. type: str choices: enable, disable + more... + +
                • +
              • srcaddr6 - IPv6 source address objects. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Source interface names. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str + more... + +
                • +
              • ssh_policy_redirect - Redirect SSH traffic to matching transparent proxy policy. type: str choices: enable, disable + more... + +
                • +
              • ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • status - Enable/disable the active status of the policy. type: str choices: enable, disable + more... + +
                • +
              • transparent - Enable to use the IP address of the client to connect to the server. type: str choices: enable, disable + more... + +
                • +
              • users - Names of user objects. type: list member_path: users:name + more... + +
                • +
                  +
                • name - Group name. Source user.local.name user.certificate.name. type: str required: true + more... + +
                  • +
                +
              • utm_status - Enable the use of UTM profiles/sensors/lists. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • videofilter_profile - Name of an existing VideoFilter profile. Source videofilter.profile.name. type: str + more... + +
                • +
              • voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str + more... + +
                • +
              • waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str + more... + +
                • +
              • webcache - Enable/disable web caching. type: str choices: enable, disable + more... + +
                • +
              • webcache_https - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). type: str choices: disable, enable + more... + +
                • +
              • webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webproxy_forward_server - Web proxy forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str + more... + +
                • +
              • webproxy_profile - Name of web proxy profile. Source web-proxy.profile.name. type: str + more... + +
                • +
              • ztna_ems_tag - ZTNA EMS Tag names. type: list member_path: ztna_ems_tag:name + more... + +
                • +
                  +
                • name - EMS Tag name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • ztna_tags_match_logic - ZTNA tag matching logic. type: str choices: or, and + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure proxy policies. + fortios_firewall_proxy_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_proxy_policy: + access_proxy: + - + name: "default_name_4 (source firewall.access-proxy.name)" + access_proxy6: + - + name: "default_name_6 (source firewall.access-proxy6.name)" + action: "accept" + application_list: " (source application.list.name)" + av_profile: " (source antivirus.profile.name)" + block_notification: "enable" + cifs_profile: " (source cifs.profile.name)" + comments: "" + decrypted_traffic_mirror: " (source firewall.decrypted-traffic-mirror.name)" + device_ownership: "enable" + disclaimer: "disable" + dlp_sensor: " (source dlp.sensor.name)" + dstaddr: + - + name: "default_name_18 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name firewall.vip + .name firewall.vipgrp.name system.external-resource.name)" + dstaddr_negate: "enable" + dstaddr6: + - + name: "default_name_21 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system.external-resource + .name)" + dstintf: + - + name: "default_name_23 (source system.interface.name system.zone.name system.sdwan.zone.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + file_filter_profile: " (source file-filter.profile.name)" + global_label: "" + groups: + - + name: "default_name_28 (source user.group.name)" + http_tunnel_auth: "enable" + icap_profile: " (source icap.profile.name)" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_33 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_35 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_37 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "39 (source firewall.internet-service.id)" + internet_service_name: + - + name: "default_name_41 (source firewall.internet-service-name.name)" + internet_service_negate: "enable" + ips_sensor: " (source ips.sensor.name)" + label: "" + logtraffic: "all" + logtraffic_start: "enable" + mms_profile: " (source firewall.mms-profile.name)" + name: "default_name_48" + policyid: "49" + poolname: + - + name: "default_name_51 (source firewall.ippool.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + proxy: "explicit-web" + redirect_url: "" + replacemsg_override_group: " (source system.replacemsg-group.name)" + scan_botnet_connections: "disable" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + sctp_filter_profile: " (source sctp-filter.profile.name)" + service: + - + name: "default_name_62 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "64" + spamfilter_profile: " (source spamfilter.profile.name)" + srcaddr: + - + name: "default_name_67 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system + .external-resource.name)" + srcaddr_negate: "enable" + srcaddr6: + - + name: "default_name_70 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + srcintf: + - + name: "default_name_72 (source system.interface.name system.zone.name system.sdwan.zone.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssh_policy_redirect: "enable" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + transparent: "enable" + users: + - + name: "default_name_79 (source user.local.name user.certificate.name)" + utm_status: "enable" + uuid: "" + videofilter_profile: " (source videofilter.profile.name)" + voip_profile: " (source voip.profile.name)" + waf_profile: " (source waf.profile.name)" + webcache: "enable" + webcache_https: "disable" + webfilter_profile: " (source webfilter.profile.name)" + webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + webproxy_profile: " (source web-proxy.profile.name)" + ztna_ems_tag: + - + name: "default_name_91 (source firewall.address.name firewall.addrgrp.name)" + ztna_tags_match_logic: "or" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_region.rst b/gen/fortios_firewall_region.rst new file mode 100644 index 00000000..e32c693f --- /dev/null +++ b/gen/fortios_firewall_region.rst @@ -0,0 +1,319 @@ +:source: fortios_firewall_region.py + +:orphan: + +.. fortios_firewall_region: + +fortios_firewall_region -- Define region table in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and region category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_regionyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_region - Define region table. type: dict + more... + +
              • +
                +
              • city - City ID list. type: list member_path: city:id + more... + +
                • +
                  +
                • id - City ID. type: int required: true + more... + +
                  • +
                +
              • id - Region ID. type: int required: true + more... + +
                • +
              • name - Region name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define region table. + fortios_firewall_region: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_region: + city: + - + id: "4" + id: "5" + name: "default_name_6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_schedule_group.rst b/gen/fortios_firewall_schedule_group.rst new file mode 100644 index 00000000..328f863a --- /dev/null +++ b/gen/fortios_firewall_schedule_group.rst @@ -0,0 +1,487 @@ +:source: fortios_firewall_schedule_group.py + +:orphan: + +.. fortios_firewall_schedule_group: + +fortios_firewall_schedule_group -- Schedule group configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_schedule feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_schedule_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_schedule_group - Schedule group configuration. type: dict + more... + +
              • +
                +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • member - Schedules added to the schedule group. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name. type: str required: true + more... + +
                  • +
                +
              • name - Schedule group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Schedule group configuration. + fortios_firewall_schedule_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_schedule_group: + color: "3" + fabric_object: "enable" + member: + - + name: "default_name_6 (source firewall.schedule.onetime.name firewall.schedule.recurring.name)" + name: "default_name_7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_schedule_onetime.rst b/gen/fortios_firewall_schedule_onetime.rst new file mode 100644 index 00000000..dcabb275 --- /dev/null +++ b/gen/fortios_firewall_schedule_onetime.rst @@ -0,0 +1,530 @@ +:source: fortios_firewall_schedule_onetime.py + +:orphan: + +.. fortios_firewall_schedule_onetime: + +fortios_firewall_schedule_onetime -- Onetime schedule configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_schedule feature and onetime category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_schedule_onetimeyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_schedule_onetime - Onetime schedule configuration. type: dict + more... + +
              • +
                +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • end - Schedule end date and time, format hh:mm yyyy/mm/dd. type: str + more... + +
                • +
              • expiration_days - Write an event log message this many days before the schedule expires. type: int + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • name - Onetime schedule name. type: str required: true + more... + +
                • +
              • start - Schedule start date and time, format hh:mm yyyy/mm/dd. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Onetime schedule configuration. + fortios_firewall_schedule_onetime: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_schedule_onetime: + color: "3" + end: "" + expiration_days: "5" + fabric_object: "enable" + name: "default_name_7" + start: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_schedule_recurring.rst b/gen/fortios_firewall_schedule_recurring.rst new file mode 100644 index 00000000..d19c86af --- /dev/null +++ b/gen/fortios_firewall_schedule_recurring.rst @@ -0,0 +1,682 @@ +:source: fortios_firewall_schedule_recurring.py + +:orphan: + +.. fortios_firewall_schedule_recurring: + +fortios_firewall_schedule_recurring -- Recurring schedule configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_schedule feature and recurring category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_schedule_recurringyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_schedule_recurring - Recurring schedule configuration. type: dict + more... + +
              • +
                +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • day - One or more days of the week on which the schedule is valid. Separate the names of the days with a space. type: list choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday, none + more... + +
                • +
              • end - Time of day to end the schedule, format hh:mm. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • name - Recurring schedule name. type: str required: true + more... + +
                • +
              • start - Time of day to start the schedule, format hh:mm. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Recurring schedule configuration. + fortios_firewall_schedule_recurring: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_schedule_recurring: + color: "3" + day: "sunday" + end: "" + fabric_object: "enable" + name: "default_name_7" + start: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_security_policy.rst b/gen/fortios_firewall_security_policy.rst new file mode 100644 index 00000000..6152c95d --- /dev/null +++ b/gen/fortios_firewall_security_policy.rst @@ -0,0 +1,4357 @@ +:source: fortios_firewall_security_policy.py + +:orphan: + +.. fortios_firewall_security_policy: + +fortios_firewall_security_policy -- Configure NGFW IPv4/IPv6 application policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and security_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_security_policyyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_security_policy - Configure NGFW IPv4/IPv6 application policies. type: dict + more... + +
              • +
                +
              • action - Policy action (accept/deny). type: str choices: accept, deny + more... + +
                • +
              • app_category - Application category ID list. type: list member_path: app_category:id + more... + +
                • +
                  +
                • id - Category IDs. type: int required: true + more... + +
                  • +
                +
              • app_group - Application group names. type: list member_path: app_group:name + more... + +
                • +
                  +
                • name - Application group names. Source application.group.name. type: str required: true + more... + +
                  • +
                +
              • application - Application ID list. type: list member_path: application:id + more... + +
                • +
                  +
                • id - Application IDs. type: int required: true + more... + +
                  • +
                +
              • application_list - Name of an existing Application list. Source application.list.name. type: str + more... + +
                • +
              • av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • cifs_profile - Name of an existing CIFS profile. Source cifs.profile.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str + more... + +
                • +
              • dstaddr - Destination IPv4 address name and address group names. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource .name. type: str required: true + more... + +
                  • +
                +
              • dstaddr_negate - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • dstaddr4 - Destination IPv4 address name and address group names. type: list member_path: dstaddr4:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr6 - Destination IPv6 address name and address group names. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system .external-resource.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - Outgoing (egress) interface. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • enforce_default_app_port - Enable/disable default application port enforcement for allowed applications. type: str choices: enable, disable + more... + +
                • +
              • file_filter_profile - Name of an existing file-filter profile. Source file-filter.profile.name. type: str + more... + +
                • +
              • fsso_groups - Names of FSSO groups. type: list member_path: fsso_groups:name + more... + +
                • +
                  +
                • name - Names of FSSO groups. Source user.adgrp.name. type: str required: true + more... + +
                  • +
                +
              • global_label - Label for the policy that appears when the GUI is in Global View mode. type: str + more... + +
                • +
              • groups - Names of user groups that can authenticate with this policy. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - User group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str + more... + +
                • +
              • internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_custom - Custom Internet Service name. type: list member_path: internet_service_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_custom_group - Custom Internet Service group name. type: list member_path: internet_service_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_group - Internet Service group name. type: list member_path: internet_service_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_id - Internet Service ID. type: list member_path: internet_service_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_name - Internet Service name. type: list member_path: internet_service_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_negate - When enabled internet-service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src_custom - Custom Internet Service source name. type: list member_path: internet_service_src_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_custom_group - Custom Internet Service source group name. type: list member_path: internet_service_src_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_group - Internet Service source group name. type: list member_path: internet_service_src_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_id - Internet Service source ID. type: list member_path: internet_service_src_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_src_name - Internet Service source name. type: list member_path: internet_service_src_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_negate - When enabled internet-service-src specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • learning_mode - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. type: str choices: enable, disable + more... + +
                • +
              • logtraffic - Enable or disable logging. Log all sessions or security profile sessions. type: str choices: all, utm, disable + more... + +
                • +
              • logtraffic_start - Record logs when a session starts. type: str choices: enable, disable + more... + +
                • +
              • mms_profile - Name of an existing MMS profile. Source firewall.mms-profile.name. type: str + more... + +
                • +
              • name - Policy name. type: str + more... + +
                • +
              • nat46 - Enable/disable NAT46. type: str choices: enable, disable + more... + +
                • +
              • nat64 - Enable/disable NAT64. type: str choices: enable, disable + more... + +
                • +
              • policyid - Policy ID. type: int required: true + more... + +
                • +
              • profile_group - Name of profile group. Source firewall.profile-group.name. type: str + more... + +
                • +
              • profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str + more... + +
                • +
              • profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group + more... + +
                • +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • sctp_filter_profile - Name of an existing SCTP filter profile. Source sctp-filter.profile.name. type: str + more... + +
                • +
              • send_deny_packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str choices: disable, enable + more... + +
                • +
              • service - Service and service group names. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcaddr - Source IPv4 address name and address group names. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr_negate - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. type: str choices: enable, disable + more... + +
                • +
              • srcaddr4 - Source IPv4 address name and address group names. type: list member_path: srcaddr4:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr6 - Source IPv6 address name and address group names. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Incoming (ingress) interface. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str + more... + +
                • +
              • ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • status - Enable or disable this policy. type: str choices: enable, disable + more... + +
                • +
              • url_category - URL category ID list. type: list member_path: url_category:id + more... + +
                • +
                  +
                • id - URL category ID. type: int required: true + more... + +
                  • +
                +
              • users - Names of individual users that can authenticate with this policy. type: list member_path: users:name + more... + +
                • +
                  +
                • name - User name. Source user.local.name. type: str required: true + more... + +
                  • +
                +
              • utm_status - Enable security profiles. type: str choices: enable, disable + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • uuid_idx - uuid-idx type: int + more... + +
                • +
              • videofilter_profile - Name of an existing VideoFilter profile. Source videofilter.profile.name. type: str + more... + +
                • +
              • voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str + more... + +
                • +
              • webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NGFW IPv4/IPv6 application policies. + fortios_firewall_security_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_security_policy: + action: "accept" + app_category: + - + id: "5" + app_group: + - + name: "default_name_7 (source application.group.name)" + application: + - + id: "9" + application_list: " (source application.list.name)" + av_profile: " (source antivirus.profile.name)" + cifs_profile: " (source cifs.profile.name)" + comments: "" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + dstaddr: + - + name: "default_name_17 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource.name)" + dstaddr_negate: "enable" + dstaddr4: + - + name: "default_name_20 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name)" + dstaddr6: + - + name: "default_name_22 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system.external-resource + .name)" + dstintf: + - + name: "default_name_24 (source system.interface.name system.zone.name system.sdwan.zone.name)" + emailfilter_profile: " (source emailfilter.profile.name)" + enforce_default_app_port: "enable" + file_filter_profile: " (source file-filter.profile.name)" + fsso_groups: + - + name: "default_name_29 (source user.adgrp.name)" + global_label: "" + groups: + - + name: "default_name_32 (source user.group.name)" + icap_profile: " (source icap.profile.name)" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_36 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_38 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_40 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "42 (source firewall.internet-service.id)" + internet_service_name: + - + name: "default_name_44 (source firewall.internet-service-name.name)" + internet_service_negate: "enable" + internet_service_src: "enable" + internet_service_src_custom: + - + name: "default_name_48 (source firewall.internet-service-custom.name)" + internet_service_src_custom_group: + - + name: "default_name_50 (source firewall.internet-service-custom-group.name)" + internet_service_src_group: + - + name: "default_name_52 (source firewall.internet-service-group.name)" + internet_service_src_id: + - + id: "54 (source firewall.internet-service.id)" + internet_service_src_name: + - + name: "default_name_56 (source firewall.internet-service-name.name)" + internet_service_src_negate: "enable" + ips_sensor: " (source ips.sensor.name)" + learning_mode: "enable" + logtraffic: "all" + logtraffic_start: "enable" + mms_profile: " (source firewall.mms-profile.name)" + name: "default_name_63" + nat46: "enable" + nat64: "enable" + policyid: "66" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + sctp_filter_profile: " (source sctp-filter.profile.name)" + send_deny_packet: "disable" + service: + - + name: "default_name_74 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + srcaddr: + - + name: "default_name_77 (source firewall.address.name firewall.addrgrp.name system.external-resource.name)" + srcaddr_negate: "enable" + srcaddr4: + - + name: "default_name_80 (source firewall.address.name firewall.addrgrp.name)" + srcaddr6: + - + name: "default_name_82 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + srcintf: + - + name: "default_name_84 (source system.interface.name system.zone.name system.sdwan.zone.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + url_category: + - + id: "89" + users: + - + name: "default_name_91 (source user.local.name)" + utm_status: "enable" + uuid: "" + uuid_idx: "94" + videofilter_profile: " (source videofilter.profile.name)" + voip_profile: " (source voip.profile.name)" + webfilter_profile: " (source webfilter.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_service_category.rst b/gen/fortios_firewall_service_category.rst new file mode 100644 index 00000000..a49f0e1d --- /dev/null +++ b/gen/fortios_firewall_service_category.rst @@ -0,0 +1,392 @@ +:source: fortios_firewall_service_category.py + +:orphan: + +.. fortios_firewall_service_category: + +fortios_firewall_service_category -- Configure service categories in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_service feature and category category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_service_categoryyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_service_category - Configure service categories. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • name - Service category name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure service categories. + fortios_firewall_service_category: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_service_category: + comment: "Comment." + fabric_object: "enable" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_service_custom.rst b/gen/fortios_firewall_service_custom.rst new file mode 100644 index 00000000..1845746e --- /dev/null +++ b/gen/fortios_firewall_service_custom.rst @@ -0,0 +1,2373 @@ +:source: fortios_firewall_service_custom.py + +:orphan: + +.. fortios_firewall_service_custom: + +fortios_firewall_service_custom -- Configure custom services in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_service feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_service_customyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_service_custom - Configure custom services. type: dict + more... + +
              • +
                +
              • app_category - Application category ID. type: list member_path: app_category:id + more... + +
                • +
                  +
                • id - Application category id. type: int required: true + more... + +
                  • +
                +
              • app_service_type - Application service type. type: str choices: disable, app-id, app-category + more... + +
                • +
              • application - Application ID. type: list member_path: application:id + more... + +
                • +
                  +
                • id - Application id. type: int required: true + more... + +
                  • +
                +
              • category - Service category. Source firewall.service.category.name. type: str + more... + +
                • +
              • check_reset_range - Configure the type of ICMP error message verification. type: str choices: disable, strict, default + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • fqdn - Fully qualified domain name. type: str + more... + +
                • +
              • helper - Helper name. type: str choices: auto, disable, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b, pfcp + more... + +
                • +
              • icmpcode - ICMP code. type: int + more... + +
                • +
              • icmptype - ICMP type. type: int + more... + +
                • +
              • iprange - Start and end of the IP range associated with service. type: str + more... + +
                • +
              • name - Custom service name. type: str required: true + more... + +
                • +
              • protocol - Protocol type based on IANA numbers. type: str choices: TCP/UDP/SCTP, ICMP, ICMP6, IP, HTTP, FTP, CONNECT, SOCKS-TCP, SOCKS-UDP, ALL + more... + +
                • +
              • protocol_number - IP protocol number. type: int + more... + +
                • +
              • proxy - Enable/disable web proxy service. type: str choices: enable, disable + more... + +
                • +
              • sctp_portrange - Multiple SCTP port ranges. type: str + more... + +
                • +
              • session_ttl - Session TTL (300 - 2764800, 0 = default). type: str + more... + +
                • +
              • tcp_halfclose_timer - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). type: int + more... + +
                • +
              • tcp_halfopen_timer - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). type: int + more... + +
                • +
              • tcp_portrange - Multiple TCP port ranges. type: str + more... + +
                • +
              • tcp_rst_timer - Set the length of the TCP CLOSE state in seconds (5 - 300 sec, 0 = default). type: int + more... + +
                • +
              • tcp_timewait_timer - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). type: int + more... + +
                • +
              • udp_idle_timer - UDP half close timeout (0 - 86400 sec, 0 = default). type: int + more... + +
                • +
              • udp_portrange - Multiple UDP port ranges. type: str + more... + +
                • +
              • visibility - Enable/disable the visibility of the service on the GUI. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom services. + fortios_firewall_service_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_service_custom: + app_category: + - + id: "4" + app_service_type: "disable" + application: + - + id: "7" + category: " (source firewall.service.category.name)" + check_reset_range: "disable" + color: "10" + comment: "Comment." + fabric_object: "enable" + fqdn: "" + helper: "auto" + icmpcode: "15" + icmptype: "16" + iprange: "" + name: "default_name_18" + protocol: "TCP/UDP/SCTP" + protocol_number: "20" + proxy: "enable" + sctp_portrange: "" + session_ttl: "" + tcp_halfclose_timer: "24" + tcp_halfopen_timer: "25" + tcp_portrange: "" + tcp_rst_timer: "27" + tcp_timewait_timer: "28" + udp_idle_timer: "29" + udp_portrange: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_service_group.rst b/gen/fortios_firewall_service_group.rst new file mode 100644 index 00000000..33c4093e --- /dev/null +++ b/gen/fortios_firewall_service_group.rst @@ -0,0 +1,617 @@ +:source: fortios_firewall_service_group.py + +:orphan: + +.. fortios_firewall_service_group: + +fortios_firewall_service_group -- Configure service groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_service feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_service_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_service_group - Configure service groups. type: dict + more... + +
              • +
                +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • fabric_object - Security Fabric global object setting. type: str choices: enable, disable + more... + +
                • +
              • member - Service objects contained within the group. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • name - Address group name. type: str required: true + more... + +
                • +
              • proxy - Enable/disable web proxy service group. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure service groups. + fortios_firewall_service_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_service_group: + color: "3" + comment: "Comment." + fabric_object: "enable" + member: + - + name: "default_name_7 (source firewall.service.custom.name firewall.service.group.name)" + name: "default_name_8" + proxy: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_shaper_per_ip_shaper.rst b/gen/fortios_firewall_shaper_per_ip_shaper.rst new file mode 100644 index 00000000..66b8e11b --- /dev/null +++ b/gen/fortios_firewall_shaper_per_ip_shaper.rst @@ -0,0 +1,809 @@ +:source: fortios_firewall_shaper_per_ip_shaper.py + +:orphan: + +.. fortios_firewall_shaper_per_ip_shaper: + +fortios_firewall_shaper_per_ip_shaper -- Configure per-IP traffic shaper in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_shaper feature and per_ip_shaper category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_shaper_per_ip_shaperyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_shaper_per_ip_shaper - Configure per-IP traffic shaper. type: dict + more... + +
              • +
                +
              • bandwidth_unit - Unit of measurement for maximum bandwidth for this shaper (Kbps, Mbps or Gbps). type: str choices: kbps, mbps, gbps + more... + +
                • +
              • diffserv_forward - Enable/disable changing the Forward (original) DiffServ setting applied to traffic accepted by this shaper. type: str choices: enable, disable + more... + +
                • +
              • diffserv_reverse - Enable/disable changing the Reverse (reply) DiffServ setting applied to traffic accepted by this shaper. type: str choices: enable, disable + more... + +
                • +
              • diffservcode_forward - Forward (original) DiffServ setting to be applied to traffic accepted by this shaper. type: str + more... + +
                • +
              • diffservcode_rev - Reverse (reply) DiffServ setting to be applied to traffic accepted by this shaper. type: str + more... + +
                • +
              • max_bandwidth - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. type: int + more... + +
                • +
              • max_concurrent_session - Maximum number of concurrent sessions allowed by this shaper (0 - 2097000). 0 means no limit. type: int + more... + +
                • +
              • max_concurrent_tcp_session - Maximum number of concurrent TCP sessions allowed by this shaper (0 - 2097000). 0 means no limit. type: int + more... + +
                • +
              • max_concurrent_udp_session - Maximum number of concurrent UDP sessions allowed by this shaper (0 - 2097000). 0 means no limit. type: int + more... + +
                • +
              • name - Traffic shaper name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure per-IP traffic shaper. + fortios_firewall_shaper_per_ip_shaper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaper_per_ip_shaper: + bandwidth_unit: "kbps" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + max_bandwidth: "8" + max_concurrent_session: "9" + max_concurrent_tcp_session: "10" + max_concurrent_udp_session: "11" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_shaper_traffic_shaper.rst b/gen/fortios_firewall_shaper_traffic_shaper.rst new file mode 100644 index 00000000..425620e8 --- /dev/null +++ b/gen/fortios_firewall_shaper_traffic_shaper.rst @@ -0,0 +1,1088 @@ +:source: fortios_firewall_shaper_traffic_shaper.py + +:orphan: + +.. fortios_firewall_shaper_traffic_shaper: + +fortios_firewall_shaper_traffic_shaper -- Configure shared traffic shaper in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_shaper feature and traffic_shaper category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_shaper_traffic_shaperyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_shaper_traffic_shaper - Configure shared traffic shaper. type: dict + more... + +
              • +
                +
              • bandwidth_unit - Unit of measurement for guaranteed and maximum bandwidth for this shaper (Kbps, Mbps or Gbps). type: str choices: kbps, mbps, gbps + more... + +
                • +
              • diffserv - Enable/disable changing the DiffServ setting applied to traffic accepted by this shaper. type: str choices: enable, disable + more... + +
                • +
              • diffservcode - DiffServ setting to be applied to traffic accepted by this shaper. type: str + more... + +
                • +
              • dscp_marking_method - Select DSCP marking method. type: str choices: multi-stage, static + more... + +
                • +
              • exceed_bandwidth - Exceed bandwidth used for DSCP multi-stage marking. Units depend on the bandwidth-unit setting. type: int + more... + +
                • +
              • exceed_class_id - Class ID for traffic in guaranteed-bandwidth and maximum-bandwidth. Source firewall.traffic-class.class-id. type: int + more... + +
                • +
              • exceed_dscp - DSCP mark for traffic in guaranteed-bandwidth and exceed-bandwidth. type: str + more... + +
                • +
              • guaranteed_bandwidth - Amount of bandwidth guaranteed for this shaper (0 - 16776000). Units depend on the bandwidth-unit setting. type: int + more... + +
                • +
              • maximum_bandwidth - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. type: int + more... + +
                • +
              • maximum_dscp - DSCP mark for traffic in exceed-bandwidth and maximum-bandwidth. type: str + more... + +
                • +
              • name - Traffic shaper name. type: str required: true + more... + +
                • +
              • overhead - Per-packet size overhead used in rate computations. type: int + more... + +
                • +
              • per_policy - Enable/disable applying a separate shaper for each policy. For example, if enabled the guaranteed bandwidth is applied separately for each policy. type: str choices: disable, enable + more... + +
                • +
              • priority - Higher priority traffic is more likely to be forwarded without delays and without compromising the guaranteed bandwidth. type: str choices: low, medium, high + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure shared traffic shaper. + fortios_firewall_shaper_traffic_shaper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaper_traffic_shaper: + bandwidth_unit: "kbps" + diffserv: "enable" + diffservcode: "" + dscp_marking_method: "multi-stage" + exceed_bandwidth: "7" + exceed_class_id: "8 (source firewall.traffic-class.class-id)" + exceed_dscp: "" + guaranteed_bandwidth: "10" + maximum_bandwidth: "11" + maximum_dscp: "" + name: "default_name_13" + overhead: "14" + per_policy: "disable" + priority: "low" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_shaping_policy.rst b/gen/fortios_firewall_shaping_policy.rst new file mode 100644 index 00000000..feba0c6a --- /dev/null +++ b/gen/fortios_firewall_shaping_policy.rst @@ -0,0 +1,3405 @@ +:source: fortios_firewall_shaping_policy.py + +:orphan: + +.. fortios_firewall_shaping_policy: + +fortios_firewall_shaping_policy -- Configure shaping policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and shaping_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_shaping_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_shaping_policy - Configure shaping policies. type: dict + more... + +
              • +
                +
              • app_category - IDs of one or more application categories that this shaper applies application control traffic shaping to. type: list member_path: app_category:id + more... + +
                • +
                  +
                • id - Category IDs. type: int required: true + more... + +
                  • +
                +
              • app_group - One or more application group names. type: list member_path: app_group:name + more... + +
                • +
                  +
                • name - Application group name. Source application.group.name. type: str required: true + more... + +
                  • +
                +
              • application - IDs of one or more applications that this shaper applies application control traffic shaping to. type: list member_path: application:id + more... + +
                • +
                  +
                • id - Application IDs. type: int required: true + more... + +
                  • +
                +
              • class_id - Traffic class ID. Source firewall.traffic-class.class-id. type: int + more... + +
                • +
              • comment - Comments. type: str + more... + +
                • +
              • diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable + more... + +
                • +
              • diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable + more... + +
                • +
              • diffservcode_forward - Change packet"s DiffServ to this value. type: str + more... + +
                • +
              • diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str + more... + +
                • +
              • dstaddr - IPv4 destination address and address group names. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • dstaddr6 - IPv6 destination address and address group names. type: list member_path: dstaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • dstintf - One or more outgoing (egress) interfaces. type: list member_path: dstintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • groups - Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. type: list member_path: groups:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • id - Shaping policy ID (0 - 4294967295). type: int required: true + more... + +
                • +
              • internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_custom - Custom Internet Service name. type: list member_path: internet_service_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_custom_group - Custom Internet Service group name. type: list member_path: internet_service_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_group - Internet Service group name. type: list member_path: internet_service_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_id - Internet Service ID. type: list member_path: internet_service_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_name - Internet Service ID. type: list member_path: internet_service_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable + more... + +
                • +
              • internet_service_src_custom - Custom Internet Service source name. type: list member_path: internet_service_src_custom:name + more... + +
                • +
                  +
                • name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_custom_group - Custom Internet Service source group name. type: list member_path: internet_service_src_custom_group:name + more... + +
                • +
                  +
                • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_group - Internet Service source group name. type: list member_path: internet_service_src_group:name + more... + +
                • +
                  +
                • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_src_id - Internet Service source ID. type: list member_path: internet_service_src_id:id + more... + +
                • +
                  +
                • id - Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • internet_service_src_name - Internet Service source name. type: list member_path: internet_service_src_name:name + more... + +
                • +
                  +
                • name - Internet Service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                  • +
                +
              • ip_version - Apply this traffic shaping policy to IPv4 or IPv6 traffic. type: str choices: 4, 6 + more... + +
                • +
              • name - Shaping policy name. type: str + more... + +
                • +
              • per_ip_shaper - Per-IP traffic shaper to apply with this policy. Source firewall.shaper.per-ip-shaper.name. type: str + more... + +
                • +
              • schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str + more... + +
                • +
              • service - Service and service group names. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - IPv4 source address and address group names. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr6 - IPv6 source address and address group names. type: list member_path: srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - One or more incoming (ingress) interfaces. type: list member_path: srcintf:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • status - Enable/disable this traffic shaping policy. type: str choices: enable, disable + more... + +
                • +
              • tos - ToS (Type of Service) value used for comparison. type: str + more... + +
                • +
              • tos_mask - Non-zero bit positions are used for comparison while zero bit positions are ignored. type: str + more... + +
                • +
              • tos_negate - Enable negated TOS match. type: str choices: enable, disable + more... + +
                • +
              • traffic_shaper - Traffic shaper to apply to traffic forwarded by the firewall policy. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • traffic_shaper_reverse - Traffic shaper to apply to response traffic received by the firewall policy. Source firewall.shaper.traffic-shaper.name. type: str + more... + +
                • +
              • url_category - IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. type: list member_path: url_category:id + more... + +
                • +
                  +
                • id - URL category ID. type: int required: true + more... + +
                  • +
                +
              • users - Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. type: list member_path: users:name + more... + +
                • +
                  +
                • name - User name. Source user.local.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure shaping policies. + fortios_firewall_shaping_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaping_policy: + app_category: + - + id: "4" + app_group: + - + name: "default_name_6 (source application.group.name)" + application: + - + id: "8" + class_id: "9 (source firewall.traffic-class.class-id)" + comment: "Comments." + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + dstaddr: + - + name: "default_name_16 (source firewall.address.name firewall.addrgrp.name)" + dstaddr6: + - + name: "default_name_18 (source firewall.address6.name firewall.addrgrp6.name)" + dstintf: + - + name: "default_name_20 (source system.interface.name system.zone.name system.sdwan.zone.name)" + groups: + - + name: "default_name_22 (source user.group.name)" + id: "23" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_26 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_28 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_30 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "32 (source firewall.internet-service.id)" + internet_service_name: + - + name: "default_name_34 (source firewall.internet-service-name.name)" + internet_service_src: "enable" + internet_service_src_custom: + - + name: "default_name_37 (source firewall.internet-service-custom.name)" + internet_service_src_custom_group: + - + name: "default_name_39 (source firewall.internet-service-custom-group.name)" + internet_service_src_group: + - + name: "default_name_41 (source firewall.internet-service-group.name)" + internet_service_src_id: + - + id: "43 (source firewall.internet-service.id)" + internet_service_src_name: + - + name: "default_name_45 (source firewall.internet-service-name.name)" + ip_version: "4" + name: "default_name_47" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_51 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_53 (source firewall.address.name firewall.addrgrp.name)" + srcaddr6: + - + name: "default_name_55 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: + - + name: "default_name_57 (source system.interface.name system.zone.name system.sdwan.zone.name)" + status: "enable" + tos: "" + tos_mask: "" + tos_negate: "enable" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + url_category: + - + id: "65" + users: + - + name: "default_name_67 (source user.local.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_shaping_profile.rst b/gen/fortios_firewall_shaping_profile.rst new file mode 100644 index 00000000..64428149 --- /dev/null +++ b/gen/fortios_firewall_shaping_profile.rst @@ -0,0 +1,1088 @@ +:source: fortios_firewall_shaping_profile.py + +:orphan: + +.. fortios_firewall_shaping_profile: + +fortios_firewall_shaping_profile -- Configure shaping profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and shaping_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_shaping_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_shaping_profile - Configure shaping profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • default_class_id - Default class ID to handle unclassified packets (including all local traffic). Source firewall.traffic-class.class-id. type: int + more... + +
                • +
              • profile_name - Shaping profile name. type: str + more... + +
                • +
              • shaping_entries - Define shaping entries of this shaping profile. type: list member_path: shaping_entries:id + more... + +
                • +
                  +
                • burst_in_msec - Number of bytes that can be burst at maximum-bandwidth speed. Formula: burst = maximum-bandwidth*burst-in-msec. type: int + more... + +
                  • +
                • cburst_in_msec - Number of bytes that can be burst as fast as the interface can transmit. Formula: cburst = maximum-bandwidth*cburst-in-msec. type: int + more... + +
                  • +
                • class_id - Class ID. Source firewall.traffic-class.class-id. type: int + more... + +
                  • +
                • guaranteed_bandwidth_percentage - Guaranteed bandwidth in percentage. type: int + more... + +
                  • +
                • id - ID number. type: int required: true + more... + +
                  • +
                • limit - Hard limit on the real queue size in packets. type: int + more... + +
                  • +
                • max - Average queue size in packets at which RED drop probability is maximal. type: int + more... + +
                  • +
                • maximum_bandwidth_percentage - Maximum bandwidth in percentage. type: int + more... + +
                  • +
                • min - Average queue size in packets at which RED drop becomes a possibility. type: int + more... + +
                  • +
                • priority - Priority. type: str choices: top, critical, high, medium, low + more... + +
                  • +
                • red_probability - Maximum probability (in percentage) for RED marking. type: int + more... + +
                  • +
                +
              • type - Select shaping profile type: policing / queuing. type: str choices: policing, queuing + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure shaping profiles. + fortios_firewall_shaping_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaping_profile: + comment: "Comment." + default_class_id: "4 (source firewall.traffic-class.class-id)" + profile_name: "" + shaping_entries: + - + burst_in_msec: "7" + cburst_in_msec: "8" + class_id: "9 (source firewall.traffic-class.class-id)" + guaranteed_bandwidth_percentage: "10" + id: "11" + limit: "12" + max: "13" + maximum_bandwidth_percentage: "14" + min: "15" + priority: "top" + red_probability: "17" + type: "policing" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_sniffer.rst b/gen/fortios_firewall_sniffer.rst new file mode 100644 index 00000000..713c2f8e --- /dev/null +++ b/gen/fortios_firewall_sniffer.rst @@ -0,0 +1,2892 @@ +:source: fortios_firewall_sniffer.py + +:orphan: + +.. fortios_firewall_sniffer: + +fortios_firewall_sniffer -- Configure sniffer in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and sniffer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_snifferyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_sniffer - Configure sniffer. type: dict + more... + +
              • +
                +
              • anomaly - Configuration method to edit Denial of Service (DoS) anomaly settings. type: list member_path: anomaly:name + more... + +
                • +
                  +
                • action - Action taken when the threshold is reached. type: str choices: pass, block, proxy + more... + +
                  • +
                • log - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                  • +
                • name - Anomaly name. type: str required: true + more... + +
                  • +
                • quarantine - Quarantine method. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine. (Format type: str + more... + +
                  • +
                • quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable + more... + +
                  • +
                • status - Enable/disable this anomaly. type: str choices: disable, enable + more... + +
                  • +
                • threshold - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. type: int + more... + +
                  • +
                • threshold(default) - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int + more... + +
                  • +
                +
              • application_list - Name of an existing application list. Source application.list.name. type: str + more... + +
                • +
              • application_list_status - Enable/disable application control profile. type: str choices: enable, disable + more... + +
                • +
              • av_profile - Name of an existing antivirus profile. Source antivirus.profile.name. type: str + more... + +
                • +
              • av_profile_status - Enable/disable antivirus profile. type: str choices: enable, disable + more... + +
                • +
              • dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str + more... + +
                • +
              • dlp_sensor_status - Enable/disable DLP sensor. type: str choices: enable, disable + more... + +
                • +
              • dsri - Enable/disable DSRI. type: str choices: enable, disable + more... + +
                • +
              • emailfilter_profile - Name of an existing email filter profile. Source emailfilter.profile.name. type: str + more... + +
                • +
              • emailfilter_profile_status - Enable/disable emailfilter. type: str choices: enable, disable + more... + +
                • +
              • file_filter_profile - Name of an existing file-filter profile. Source file-filter.profile.name. type: str + more... + +
                • +
              • file_filter_profile_status - Enable/disable file filter. type: str choices: enable, disable + more... + +
                • +
              • host - Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). type: str + more... + +
                • +
              • id - Sniffer ID (0 - 9999). type: int required: true + more... + +
                • +
              • interface - Interface name that traffic sniffing will take place on. Source system.interface.name. type: str + more... + +
                • +
              • ip_threatfeed - Name of an existing IP threat feed. type: list member_path: ip_threatfeed:name + more... + +
                • +
                  +
                • name - Threat feed name. Source system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • ip_threatfeed_status - Enable/disable IP threat feed. type: str choices: enable, disable + more... + +
                • +
              • ips_dos_status - Enable/disable IPS DoS anomaly detection. type: str choices: enable, disable + more... + +
                • +
              • ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str + more... + +
                • +
              • ips_sensor_status - Enable/disable IPS sensor. type: str choices: enable, disable + more... + +
                • +
              • ipv6 - Enable/disable sniffing IPv6 packets. type: str choices: enable, disable + more... + +
                • +
              • logtraffic - Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. type: str choices: all, utm, disable + more... + +
                • +
              • max_packet_count - Maximum packet count (1 - 1000000). type: int + more... + +
                • +
              • non_ip - Enable/disable sniffing non-IP packets. type: str choices: enable, disable + more... + +
                • +
              • port - Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). type: str + more... + +
                • +
              • protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: str + more... + +
                • +
              • scan_botnet_connections - Enable/disable scanning of connections to Botnet servers. type: str choices: disable, block, monitor + more... + +
                • +
              • spamfilter_profile - Name of an existing spam filter profile. Source spamfilter.profile.name. type: str + more... + +
                • +
              • spamfilter_profile_status - Enable/disable spam filter. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable the active status of the sniffer. type: str choices: enable, disable + more... + +
                • +
              • vlan - List of VLANs to sniff. type: str + more... + +
                • +
              • webfilter_profile - Name of an existing web filter profile. Source webfilter.profile.name. type: str + more... + +
                • +
              • webfilter_profile_status - Enable/disable web filter profile. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure sniffer. + fortios_firewall_sniffer: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_sniffer: + anomaly: + - + action: "pass" + log: "enable" + name: "default_name_6" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + status: "disable" + threshold: "11" + threshold(default): "12" + application_list: " (source application.list.name)" + application_list_status: "enable" + av_profile: " (source antivirus.profile.name)" + av_profile_status: "enable" + dlp_sensor: " (source dlp.sensor.name)" + dlp_sensor_status: "enable" + dsri: "enable" + emailfilter_profile: " (source emailfilter.profile.name)" + emailfilter_profile_status: "enable" + file_filter_profile: " (source file-filter.profile.name)" + file_filter_profile_status: "enable" + host: "myhostname" + id: "25" + interface: " (source system.interface.name)" + ip_threatfeed: + - + name: "default_name_28 (source system.external-resource.name)" + ip_threatfeed_status: "enable" + ips_dos_status: "enable" + ips_sensor: " (source ips.sensor.name)" + ips_sensor_status: "enable" + ipv6: "enable" + logtraffic: "all" + max_packet_count: "35" + non_ip: "enable" + port: "" + protocol: "" + scan_botnet_connections: "disable" + spamfilter_profile: " (source spamfilter.profile.name)" + spamfilter_profile_status: "enable" + status: "enable" + vlan: "" + webfilter_profile: " (source webfilter.profile.name)" + webfilter_profile_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssh_host_key.rst b/gen/fortios_firewall_ssh_host_key.rst new file mode 100644 index 00000000..0f0b543c --- /dev/null +++ b/gen/fortios_firewall_ssh_host_key.rst @@ -0,0 +1,915 @@ +:source: fortios_firewall_ssh_host_key.py + +:orphan: + +.. fortios_firewall_ssh_host_key: + +fortios_firewall_ssh_host_key -- SSH proxy host public keys in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and host_key category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssh_host_keyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ssh_host_key - SSH proxy host public keys. type: dict + more... + +
              • +
                +
              • hostname - Hostname of the SSH server to match SSH certificate principals. type: str + more... + +
                • +
              • ip - IP address of the SSH server. type: str + more... + +
                • +
              • name - SSH public key name. type: str required: true + more... + +
                • +
              • nid - Set the nid of the ECDSA key. type: str choices: 256, 384, 521 + more... + +
                • +
              • port - Port of the SSH server. type: int + more... + +
                • +
              • public_key - SSH public key. type: str + more... + +
                • +
              • status - Set the trust status of the public key. type: str choices: trusted, revoked + more... + +
                • +
              • type - Set the type of the public key. type: str choices: RSA, DSA, ECDSA, ED25519, RSA-CA, DSA-CA, ECDSA-CA, ED25519-CA + more... + +
                • +
              • usage - Usage for this public key. type: str choices: transparent-proxy, access-proxy + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy host public keys. + fortios_firewall_ssh_host_key: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssh_host_key: + hostname: "myhostname" + ip: "" + name: "default_name_5" + nid: "256" + port: "7" + public_key: "" + status: "trusted" + type: "RSA" + usage: "transparent-proxy" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssh_local_ca.rst b/gen/fortios_firewall_ssh_local_ca.rst new file mode 100644 index 00000000..26ee1728 --- /dev/null +++ b/gen/fortios_firewall_ssh_local_ca.rst @@ -0,0 +1,484 @@ +:source: fortios_firewall_ssh_local_ca.py + +:orphan: + +.. fortios_firewall_ssh_local_ca: + +fortios_firewall_ssh_local_ca -- SSH proxy local CA in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and local_ca category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssh_local_cayesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ssh_local_ca - SSH proxy local CA. type: dict + more... + +
              • +
                +
              • name - SSH proxy local CA name. type: str required: true + more... + +
                • +
              • password - Password for SSH private key. type: str + more... + +
                • +
              • private_key - SSH proxy private key, encrypted with a password. type: str + more... + +
                • +
              • public_key - SSH proxy public key. type: str + more... + +
                • +
              • source - SSH proxy local CA source type. type: str choices: built-in, user + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy local CA. + fortios_firewall_ssh_local_ca: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssh_local_ca: + name: "default_name_3" + password: "" + private_key: "" + public_key: "" + source: "built-in" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssh_local_key.rst b/gen/fortios_firewall_ssh_local_key.rst new file mode 100644 index 00000000..3478cfb7 --- /dev/null +++ b/gen/fortios_firewall_ssh_local_key.rst @@ -0,0 +1,484 @@ +:source: fortios_firewall_ssh_local_key.py + +:orphan: + +.. fortios_firewall_ssh_local_key: + +fortios_firewall_ssh_local_key -- SSH proxy local keys in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and local_key category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssh_local_keyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ssh_local_key - SSH proxy local keys. type: dict + more... + +
              • +
                +
              • name - SSH proxy local key name. type: str required: true + more... + +
                • +
              • password - Password for SSH private key. type: str + more... + +
                • +
              • private_key - SSH proxy private key, encrypted with a password. type: str + more... + +
                • +
              • public_key - SSH proxy public key. type: str + more... + +
                • +
              • source - SSH proxy local key source type. type: str choices: built-in, user + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy local keys. + fortios_firewall_ssh_local_key: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssh_local_key: + name: "default_name_3" + password: "" + private_key: "" + public_key: "" + source: "built-in" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssh_setting.rst b/gen/fortios_firewall_ssh_setting.rst new file mode 100644 index 00000000..6832f4bb --- /dev/null +++ b/gen/fortios_firewall_ssh_setting.rst @@ -0,0 +1,665 @@ +:source: fortios_firewall_ssh_setting.py + +:orphan: + +.. fortios_firewall_ssh_setting: + +fortios_firewall_ssh_setting -- SSH proxy settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssh_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_ssh_setting - SSH proxy settings. type: dict + more... + +
              • +
                +
              • caname - CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. type: str + more... + +
                • +
              • host_trusted_checking - Enable/disable host trusted checking. type: str choices: enable, disable + more... + +
                • +
              • hostkey_dsa1024 - DSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str + more... + +
                • +
              • hostkey_ecdsa256 - ECDSA nid256 certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str + more... + +
                • +
              • hostkey_ecdsa384 - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str + more... + +
                • +
              • hostkey_ecdsa521 - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str + more... + +
                • +
              • hostkey_ed25519 - ED25519 hostkey used by SSH proxy. Source firewall.ssh.local-key.name. type: str + more... + +
                • +
              • hostkey_rsa2048 - RSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str + more... + +
                • +
              • untrusted_caname - Untrusted CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy settings. + fortios_firewall_ssh_setting: + vdom: "{{ vdom }}" + firewall_ssh_setting: + caname: " (source firewall.ssh.local-ca.name)" + host_trusted_checking: "enable" + hostkey_dsa1024: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ecdsa256: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ecdsa384: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ecdsa521: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ed25519: "myhostname (source firewall.ssh.local-key.name)" + hostkey_rsa2048: "myhostname (source firewall.ssh.local-key.name)" + untrusted_caname: " (source firewall.ssh.local-ca.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssl_server.rst b/gen/fortios_firewall_ssl_server.rst new file mode 100644 index 00000000..b79a3d5e --- /dev/null +++ b/gen/fortios_firewall_ssl_server.rst @@ -0,0 +1,1354 @@ +:source: fortios_firewall_ssl_server.py + +:orphan: + +.. fortios_firewall_ssl_server: + +fortios_firewall_ssl_server -- Configure SSL servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssl_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ssl_server - Configure SSL servers. type: dict + more... + +
              • +
                +
              • add_header_x_forwarded_proto - Enable/disable adding an X-Forwarded-Proto header to forwarded requests. type: str choices: enable, disable + more... + +
                • +
              • ip - IPv4 address of the SSL server. type: str + more... + +
                • +
              • mapped_port - Mapped server service port (1 - 65535). type: int + more... + +
                • +
              • name - Server name. type: str required: true + more... + +
                • +
              • port - Server service port (1 - 65535). type: int + more... + +
                • +
              • ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low + more... + +
                • +
              • ssl_cert - Name of certificate for SSL connections to this server . Source vpn.certificate.local.name. type: str + more... + +
                • +
              • ssl_client_renegotiation - Allow or block client renegotiation by server. type: str choices: allow, deny, secure + more... + +
                • +
              • ssl_dh_bits - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str choices: 768, 1024, 1536, 2048 + more... + +
                • +
              • ssl_max_version - Highest SSL/TLS version to negotiate. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                • +
              • ssl_min_version - Lowest SSL/TLS version to negotiate. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                • +
              • ssl_mode - SSL/TLS mode for encryption and decryption of traffic. type: str choices: half, full + more... + +
                • +
              • ssl_send_empty_frags - Enable/disable sending empty fragments to avoid attack on CBC IV. type: str choices: enable, disable + more... + +
                • +
              • url_rewrite - Enable/disable rewriting the URL. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL servers. + fortios_firewall_ssl_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssl_server: + add_header_x_forwarded_proto: "enable" + ip: "" + mapped_port: "5" + name: "default_name_6" + port: "7" + ssl_algorithm: "high" + ssl_cert: " (source vpn.certificate.local.name)" + ssl_client_renegotiation: "allow" + ssl_dh_bits: "768" + ssl_max_version: "tls-1.0" + ssl_min_version: "tls-1.0" + ssl_mode: "half" + ssl_send_empty_frags: "enable" + url_rewrite: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssl_setting.rst b/gen/fortios_firewall_ssl_setting.rst new file mode 100644 index 00000000..562853d1 --- /dev/null +++ b/gen/fortios_firewall_ssl_setting.rst @@ -0,0 +1,909 @@ +:source: fortios_firewall_ssl_setting.py + +:orphan: + +.. fortios_firewall_ssl_setting: + +fortios_firewall_ssl_setting -- SSL proxy settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssl feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssl_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • firewall_ssl_setting - SSL proxy settings. type: dict + more... + +
              • +
                +
              • abbreviate_handshake - Enable/disable use of SSL abbreviated handshake. type: str choices: enable, disable + more... + +
                • +
              • cert_cache_capacity - Maximum capacity of the host certificate cache (0 - 500). type: int + more... + +
                • +
              • cert_cache_timeout - Time limit to keep certificate cache (1 - 120 min). type: int + more... + +
                • +
              • kxp_queue_threshold - Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). type: int + more... + +
                • +
              • no_matching_cipher_action - Bypass or drop the connection when no matching cipher is found. type: str choices: bypass, drop + more... + +
                • +
              • proxy_connect_timeout - Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec). type: int + more... + +
                • +
              • session_cache_capacity - Capacity of the SSL session cache (--Obsolete--) (1 - 1000). type: int + more... + +
                • +
              • session_cache_timeout - Time limit to keep SSL session state (1 - 60 min). type: int + more... + +
                • +
              • ssl_dh_bits - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str choices: 768, 1024, 1536, 2048 + more... + +
                • +
              • ssl_queue_threshold - Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). type: int + more... + +
                • +
              • ssl_send_empty_frags - Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSL proxy settings. + fortios_firewall_ssl_setting: + vdom: "{{ vdom }}" + firewall_ssl_setting: + abbreviate_handshake: "enable" + cert_cache_capacity: "4" + cert_cache_timeout: "5" + kxp_queue_threshold: "6" + no_matching_cipher_action: "bypass" + proxy_connect_timeout: "8" + session_cache_capacity: "9" + session_cache_timeout: "10" + ssl_dh_bits: "768" + ssl_queue_threshold: "12" + ssl_send_empty_frags: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ssl_ssh_profile.rst b/gen/fortios_firewall_ssl_ssh_profile.rst new file mode 100644 index 00000000..0e688b57 --- /dev/null +++ b/gen/fortios_firewall_ssl_ssh_profile.rst @@ -0,0 +1,13680 @@ +:source: fortios_firewall_ssl_ssh_profile.py + +:orphan: + +.. fortios_firewall_ssl_ssh_profile: + +fortios_firewall_ssl_ssh_profile -- Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_ssh_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ssl_ssh_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ssl_ssh_profile - Configure SSL/SSH protocol options. type: dict + more... + +
              • +
                +
              • allowlist - Enable/disable exempting servers by FortiGuard allowlist. type: str choices: enable, disable + more... + +
                • +
              • block_blacklisted_certificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. type: str choices: disable, enable + more... + +
                • +
              • block_blocklisted_certificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. type: str choices: disable, enable + more... + +
                • +
              • caname - CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • comment - Optional comments. type: str + more... + +
                • +
              • dot - Configure DNS over TLS options. type: dict + more... + +
                • +
                  +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, deep-inspection + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • ftps - Configure FTPS options. type: dict + more... + +
                • +
                  +
                • allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable + more... + +
                  • +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block + more... + +
                  • +
                • min_allowed_ssl_version - Minimum SSL version to be allowed. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ports - Ports to use for scanning (1 - 65535). type: list
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, deep-inspection + more... + +
                  • +
                • unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • https - Configure HTTPS options. type: dict + more... + +
                • +
                  +
                • allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable + more... + +
                  • +
                • cert_probe_failure - Action based on certificate probe failure. type: str choices: allow, block + more... + +
                  • +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block + more... + +
                  • +
                • min_allowed_ssl_version - Minimum SSL version to be allowed. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ports - Ports to use for scanning (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, certificate-inspection, deep-inspection + more... + +
                  • +
                • unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • imaps - Configure IMAPS options. type: dict + more... + +
                • +
                  +
                • allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable + more... + +
                  • +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block + more... + +
                  • +
                • ports - Ports to use for scanning (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, deep-inspection + more... + +
                  • +
                • unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • mapi_over_https - Enable/disable inspection of MAPI over HTTPS. type: str choices: enable, disable + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • pop3s - Configure POP3S options. type: dict + more... + +
                • +
                  +
                • allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable + more... + +
                  • +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block + more... + +
                  • +
                • ports - Ports to use for scanning (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, deep-inspection + more... + +
                  • +
                • unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • rpc_over_https - Enable/disable inspection of RPC over HTTPS. type: str choices: enable, disable + more... + +
                • +
              • server_cert - Certificate used by SSL Inspection to replace server certificate. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • server_cert_mode - Re-sign or replace the server"s certificate. type: str choices: re-sign, replace + more... + +
                • +
              • smtps - Configure SMTPS options. type: dict + more... + +
                • +
                  +
                • allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable + more... + +
                  • +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block + more... + +
                  • +
                • ports - Ports to use for scanning (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, deep-inspection + more... + +
                  • +
                • unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • ssh - Configure SSH options. type: dict + more... + +
                • +
                  +
                • inspect_all - Level of SSL inspection. type: str choices: disable, deep-inspection + more... + +
                  • +
                • ports - Ports to use for scanning (1 - 65535). type: list
                  • +
                • proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable + more... + +
                  • +
                • ssh_algorithm - Relative strength of encryption algorithms accepted during negotiation. type: str choices: compatible, high-encryption + more... + +
                  • +
                • ssh_policy_check - Enable/disable SSH policy check. type: str choices: disable, enable + more... + +
                  • +
                • ssh_tun_policy_check - Enable/disable SSH tunnel policy check. type: str choices: disable, enable + more... + +
                  • +
                • status - Configure protocol inspection status. type: str choices: disable, deep-inspection + more... + +
                  • +
                • unsupported_version - Action based on SSH version being unsupported. type: str choices: bypass, block + more... + +
                  • +
                +
              • ssl - Configure SSL options. type: dict + more... + +
                • +
                  +
                • allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable + more... + +
                  • +
                • cert_probe_failure - Action based on certificate probe failure. type: str choices: allow, block + more... + +
                  • +
                • cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore + more... + +
                  • +
                • cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore + more... + +
                  • +
                • client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block + more... + +
                  • +
                • client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block + more... + +
                  • +
                • expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore + more... + +
                  • +
                • inspect_all - Level of SSL inspection. type: str choices: disable, certificate-inspection, deep-inspection + more... + +
                  • +
                • invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block + more... + +
                  • +
                • min_allowed_ssl_version - Minimum SSL version to be allowed. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore + more... + +
                  • +
                • sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable + more... + +
                  • +
                • unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block + more... + +
                  • +
                • unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block + more... + +
                  • +
                • unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect + more... + +
                  • +
                • untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore + more... + +
                  • +
                • untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore + more... + +
                  • +
                +
              • ssl_anomalies_log - Enable/disable logging SSL anomalies. type: str choices: disable, enable + more... + +
                • +
              • ssl_anomaly_log - Enable/disable logging SSL anomalies. type: str choices: disable, enable + more... + +
                • +
              • ssl_exempt - Servers to exempt from SSL inspection. type: list member_path: ssl_exempt:id + more... + +
                • +
                  +
                • address - IPv4 address object. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                  • +
                • address6 - IPv6 address object. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                  • +
                • fortiguard_category - FortiGuard category ID. type: int + more... + +
                  • +
                • id - ID number. type: int required: true + more... + +
                  • +
                • regex - Exempt servers by regular expression. type: str + more... + +
                  • +
                • type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str choices: fortiguard-category, address, address6, wildcard-fqdn, regex + more... + +
                  • +
                • wildcard_fqdn - Exempt servers by wildcard FQDN. Source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name. type: str + more... + +
                  • +
                +
              • ssl_exemption_log - Enable/disable logging SSL exemptions. type: str choices: disable, enable + more... + +
                • +
              • ssl_exemptions_log - Enable/disable logging SSL exemptions. type: str choices: disable, enable + more... + +
                • +
              • ssl_handshake_log - Enable/disable logging of TLS handshakes. type: str choices: disable, enable + more... + +
                • +
              • ssl_negotiation_log - Enable/disable logging SSL negotiation. type: str choices: disable, enable + more... + +
                • +
              • ssl_server - SSL server settings used for client certificate request. type: list member_path: ssl_server:id + more... + +
                • +
                  +
                • ftps_client_cert_request - Action based on client certificate request during the FTPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • ftps_client_certificate - Action based on received client certificate during the FTPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • https_client_cert_request - Action based on client certificate request during the HTTPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • https_client_certificate - Action based on received client certificate during the HTTPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • id - SSL server ID. type: int required: true + more... + +
                  • +
                • imaps_client_cert_request - Action based on client certificate request during the IMAPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • imaps_client_certificate - Action based on received client certificate during the IMAPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • ip - IPv4 address of the SSL server. type: str + more... + +
                  • +
                • pop3s_client_cert_request - Action based on client certificate request during the POP3S handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • pop3s_client_certificate - Action based on received client certificate during the POP3S handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • smtps_client_cert_request - Action based on client certificate request during the SMTPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • smtps_client_certificate - Action based on received client certificate during the SMTPS handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • ssl_other_client_cert_request - Action based on client certificate request during an SSL protocol handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                • ssl_other_client_certificate - Action based on received client certificate during an SSL protocol handshake. type: str choices: bypass, inspect, block + more... + +
                  • +
                +
              • ssl_server_cert_log - Enable/disable logging of server certificate information. type: str choices: disable, enable + more... + +
                • +
              • supported_alpn - Configure ALPN option. type: str choices: http1-1, http2, all, none + more... + +
                • +
              • untrusted_caname - Untrusted CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • use_ssl_server - Enable/disable the use of SSL server table for SSL offloading. type: str choices: disable, enable + more... + +
                • +
              • whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL/SSH protocol options. + fortios_firewall_ssl_ssh_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssl_ssh_profile: + allowlist: "enable" + block_blacklisted_certificates: "disable" + block_blocklisted_certificates: "disable" + caname: " (source vpn.certificate.local.name)" + comment: "Optional comments." + dot: + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_certificate: "bypass" + expired_server_cert: "allow" + proxy_after_tcp_handshake: "enable" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + status: "disable" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_server_cert: "allow" + ftps: + allow_invalid_server_cert: "enable" + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_cert_request: "bypass" + client_certificate: "bypass" + expired_server_cert: "allow" + invalid_server_cert: "allow" + min_allowed_ssl_version: "ssl-3.0" + ports: "30" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + status: "disable" + unsupported_ssl: "bypass" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_cert: "allow" + untrusted_server_cert: "allow" + https: + allow_invalid_server_cert: "enable" + cert_probe_failure: "allow" + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_cert_request: "bypass" + client_certificate: "bypass" + expired_server_cert: "allow" + invalid_server_cert: "allow" + min_allowed_ssl_version: "ssl-3.0" + ports: "50" + proxy_after_tcp_handshake: "enable" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + status: "disable" + unsupported_ssl: "bypass" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_cert: "allow" + untrusted_server_cert: "allow" + imaps: + allow_invalid_server_cert: "enable" + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_cert_request: "bypass" + client_certificate: "bypass" + expired_server_cert: "allow" + invalid_server_cert: "allow" + ports: "69" + proxy_after_tcp_handshake: "enable" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + status: "disable" + unsupported_ssl: "bypass" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_cert: "allow" + untrusted_server_cert: "allow" + mapi_over_https: "enable" + name: "default_name_81" + pop3s: + allow_invalid_server_cert: "enable" + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_cert_request: "bypass" + client_certificate: "bypass" + expired_server_cert: "allow" + invalid_server_cert: "allow" + ports: "90" + proxy_after_tcp_handshake: "enable" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + status: "disable" + unsupported_ssl: "bypass" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_cert: "allow" + untrusted_server_cert: "allow" + rpc_over_https: "enable" + server_cert: + - + name: "default_name_103 (source vpn.certificate.local.name)" + server_cert_mode: "re-sign" + smtps: + allow_invalid_server_cert: "enable" + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_cert_request: "bypass" + client_certificate: "bypass" + expired_server_cert: "allow" + invalid_server_cert: "allow" + ports: "113" + proxy_after_tcp_handshake: "enable" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + status: "disable" + unsupported_ssl: "bypass" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_cert: "allow" + untrusted_server_cert: "allow" + ssh: + inspect_all: "disable" + ports: "126" + proxy_after_tcp_handshake: "enable" + ssh_algorithm: "compatible" + ssh_policy_check: "disable" + ssh_tun_policy_check: "disable" + status: "disable" + unsupported_version: "bypass" + ssl: + allow_invalid_server_cert: "enable" + cert_probe_failure: "allow" + cert_validation_failure: "allow" + cert_validation_timeout: "allow" + client_cert_request: "bypass" + client_certificate: "bypass" + expired_server_cert: "allow" + inspect_all: "disable" + invalid_server_cert: "allow" + min_allowed_ssl_version: "ssl-3.0" + revoked_server_cert: "allow" + sni_server_cert_check: "enable" + unsupported_ssl: "bypass" + unsupported_ssl_cipher: "allow" + unsupported_ssl_negotiation: "allow" + unsupported_ssl_version: "allow" + untrusted_cert: "allow" + untrusted_server_cert: "allow" + ssl_anomalies_log: "disable" + ssl_anomaly_log: "disable" + ssl_exempt: + - + address: " (source firewall.address.name firewall.addrgrp.name)" + address6: " (source firewall.address6.name firewall.addrgrp6.name)" + fortiguard_category: "157" + id: "158" + regex: "" + type: "fortiguard-category" + wildcard_fqdn: " (source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name)" + ssl_exemption_log: "disable" + ssl_exemptions_log: "disable" + ssl_handshake_log: "disable" + ssl_negotiation_log: "disable" + ssl_server: + - + ftps_client_cert_request: "bypass" + ftps_client_certificate: "bypass" + https_client_cert_request: "bypass" + https_client_certificate: "bypass" + id: "171" + imaps_client_cert_request: "bypass" + imaps_client_certificate: "bypass" + ip: "" + pop3s_client_cert_request: "bypass" + pop3s_client_certificate: "bypass" + smtps_client_cert_request: "bypass" + smtps_client_certificate: "bypass" + ssl_other_client_cert_request: "bypass" + ssl_other_client_certificate: "bypass" + ssl_server_cert_log: "disable" + supported_alpn: "http1-1" + untrusted_caname: " (source vpn.certificate.local.name)" + use_ssl_server: "disable" + whitelist: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_traffic_class.rst b/gen/fortios_firewall_traffic_class.rst new file mode 100644 index 00000000..a6be9abb --- /dev/null +++ b/gen/fortios_firewall_traffic_class.rst @@ -0,0 +1,284 @@ +:source: fortios_firewall_traffic_class.py + +:orphan: + +.. fortios_firewall_traffic_class: + +fortios_firewall_traffic_class -- Configure names for shaping classes in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and traffic_class category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_traffic_classyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_traffic_class - Configure names for shaping classes. type: dict + more... + +
              • +
                +
              • class_id - Class ID to be named. type: int + more... + +
                • +
              • class_name - Define the name for this class-id. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure names for shaping classes. + fortios_firewall_traffic_class: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_traffic_class: + class_id: "3" + class_name: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_ttl_policy.rst b/gen/fortios_firewall_ttl_policy.rst new file mode 100644 index 00000000..b8fee161 --- /dev/null +++ b/gen/fortios_firewall_ttl_policy.rst @@ -0,0 +1,758 @@ +:source: fortios_firewall_ttl_policy.py + +:orphan: + +.. fortios_firewall_ttl_policy: + +fortios_firewall_ttl_policy -- Configure TTL policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ttl_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_ttl_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_ttl_policy - Configure TTL policies. type: dict + more... + +
              • +
                +
              • action - Action to be performed on traffic matching this policy . type: str choices: accept, deny + more... + +
                • +
              • id - ID. type: int required: true + more... + +
                • +
              • schedule - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group .name. type: str + more... + +
                • +
              • service - Service object(s) from available options. Separate multiple names with a space. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • srcaddr - Source address object(s) from available options. Separate multiple names with a space. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • srcintf - Source interface name from available interfaces. Source system.zone.name system.interface.name. type: str + more... + +
                • +
              • status - Enable/disable this TTL policy. type: str choices: enable, disable + more... + +
                • +
              • ttl - Value/range to match against the packet"s Time to Live value (format: ttl[ - ttl_high], 1 - 255). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure TTL policies. + fortios_firewall_ttl_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ttl_policy: + action: "accept" + id: "4" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_7 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + srcintf: " (source system.zone.name system.interface.name)" + status: "enable" + ttl: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vendor_mac.rst b/gen/fortios_firewall_vendor_mac.rst new file mode 100644 index 00000000..50d50d3a --- /dev/null +++ b/gen/fortios_firewall_vendor_mac.rst @@ -0,0 +1,316 @@ +:source: fortios_firewall_vendor_mac.py + +:orphan: + +.. fortios_firewall_vendor_mac: + +fortios_firewall_vendor_mac -- Show vendor and the MAC address they have in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vendor_mac category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_vendor_macyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vendor_mac - Show vendor and the MAC address they have. type: dict + more... + +
              • +
                +
              • id - Vendor ID. type: int required: true + more... + +
                • +
              • mac_number - Total number of MAC addresses. type: int + more... + +
                • +
              • name - Vendor name. type: str + more... + +
                • +
              • obsolete - Indicates whether the Vendor ID can be used. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show vendor and the MAC address they have. + fortios_firewall_vendor_mac: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vendor_mac: + id: "3" + mac_number: "4" + name: "default_name_5" + obsolete: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vip.rst b/gen/fortios_firewall_vip.rst new file mode 100644 index 00000000..37aa3f30 --- /dev/null +++ b/gen/fortios_firewall_vip.rst @@ -0,0 +1,10837 @@ +:source: fortios_firewall_vip.py + +:orphan: + +.. fortios_firewall_vip: + +fortios_firewall_vip -- Configure virtual IP for IPv4 in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_vipyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vip - Configure virtual IP for IPv4. type: dict + more... + +
              • +
                +
              • add_nat46_route - Enable/disable adding NAT46 route. type: str choices: disable, enable + more... + +
                • +
              • arp_reply - Enable to respond to ARP requests for this virtual IP address. Enabled by default. type: str choices: disable, enable + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • dns_mapping_ttl - DNS mapping TTL (Set to zero to use TTL in DNS response). type: int + more... + +
                • +
              • extaddr - External FQDN address name. type: list member_path: extaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. Source system .interface.name. type: str + more... + +
                • +
              • extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str + more... + +
                • +
              • extport - Incoming port number range that you want to map to a port number range on the destination network. type: str + more... + +
                • +
              • gratuitous_arp_interval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. type: int + more... + +
                • +
              • http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int + more... + +
                • +
              • http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str + more... + +
                • +
              • http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable + more... + +
                • +
              • http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int + more... + +
                • +
              • http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str + more... + +
                • +
              • http_cookie_share - Control sharing of cookies across virtual servers. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip + more... + +
                • +
              • http_ip_header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: enable, disable + more... + +
                • +
              • http_ip_header_name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. type: str + more... + +
                • +
              • http_multiplex - Enable/disable HTTP multiplexing. type: str choices: enable, disable + more... + +
                • +
              • http_redirect - Enable/disable redirection of HTTP to HTTPS. type: str choices: enable, disable + more... + +
                • +
              • https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable + more... + +
                • +
              • id - Custom defined ID. type: int + more... + +
                • +
              • ipv6_mappedip - Range of mapped IPv6 addresses. Specify the start IPv6 address followed by a space and the end IPv6 address. type: str + more... + +
                • +
              • ipv6_mappedport - IPv6 port number range on the destination network to which the external port number range is mapped. type: str + more... + +
                • +
              • ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host + more... + +
                • +
              • mapped_addr - Mapped FQDN address name. Source firewall.address.name. type: str + more... + +
                • +
              • mappedip - IP address or address range on the destination network to which the external IP address is mapped. type: list member_path: mappedip:range + more... + +
                • +
                  +
                • range - Mapped IP range. type: str required: true + more... + +
                  • +
                +
              • mappedport - Port number range on the destination network to which the external port number range is mapped. type: str + more... + +
                • +
              • max_embryonic_connections - Maximum number of incomplete connections. type: int + more... + +
                • +
              • monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. type: list member_path: monitor:name + more... + +
                • +
                  +
                • name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true + more... + +
                  • +
                +
              • name - Virtual IP name. type: str required: true + more... + +
                • +
              • nat_source_vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str choices: disable, enable + more... + +
                • +
              • nat44 - Enable/disable NAT44. type: str choices: disable, enable + more... + +
                • +
              • nat46 - Enable/disable NAT46. type: str choices: disable, enable + more... + +
                • +
              • outlook_web_access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: disable, enable + more... + +
                • +
              • persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie, ssl-session-id + more... + +
                • +
              • portforward - Enable/disable port forwarding. type: str choices: disable, enable + more... + +
                • +
              • portmapping_type - Port mapping type. type: str choices: 1-to-1, m-to-n + more... + +
                • +
              • protocol - Protocol to use when forwarding packets. type: str choices: tcp, udp, sctp, icmp + more... + +
                • +
              • realservers - Select the real servers that this server load balancing VIP will distribute traffic to. type: list member_path: realservers:id + more... + +
                • +
                  +
                • address - Dynamic address of the real server. Source firewall.address.name. type: str + more... + +
                  • +
                • client_ip - Only clients in this IP range can connect to this real server. type: str + more... + +
                  • +
                • healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable, vip + more... + +
                  • +
                • holddown_interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int + more... + +
                  • +
                • http_host - HTTP server domain name in HTTP header. type: str + more... + +
                  • +
                • id - Real server ID. type: int required: true + more... + +
                  • +
                • ip - IP address of the real server. type: str + more... + +
                  • +
                • max_connections - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers. type: int + more... + +
                  • +
                • monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall .ldb-monitor.name. type: str + more... + +
                  • +
                • port - Port for communicating with the real server. Required if port forwarding is enabled. type: int + more... + +
                  • +
                • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                  • +
                • type - Type of address. type: str choices: ip, address + more... + +
                  • +
                • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                  • +
                +
              • server_type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip, ssh + more... + +
                • +
              • service - Service name. type: list member_path: service:name + more... + +
                • +
                  +
                • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                  • +
                +
              • src_filter - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. type: list member_path: src_filter:range + more... + +
                • +
                  +
                • range - Source-filter range. type: str required: true + more... + +
                  • +
                +
              • srcintf_filter - Interfaces to which the VIP applies. Separate the names with spaces. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • ssl_accept_ffdhe_groups - Enable/disable FFDHE cipher suite for SSL key exchange. type: str choices: enable, disable + more... + +
                • +
              • ssl_algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: high, medium, low, custom + more... + +
                • +
              • ssl_certificate - The name of the certificate to use for SSL handshake. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • ssl_cipher_suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. type: list member_path: ssl_cipher_suites:priority + more... + +
                • +
                  +
                • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                  • +
                • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                  • +
                • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                +
              • ssl_client_fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: disable, enable + more... + +
                • +
              • ssl_client_rekey_count - Maximum length of data in MB before triggering a client rekey (0 = disable). type: int + more... + +
                • +
              • ssl_client_renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: allow, deny, secure + more... + +
                • +
              • ssl_client_session_state_max - Maximum number of client to FortiGate SSL session states to keep. type: int + more... + +
                • +
              • ssl_client_session_state_timeout - Number of minutes to keep client to FortiGate SSL session state. type: int + more... + +
                • +
              • ssl_client_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: disable, time, count, both + more... + +
                • +
              • ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 + more... + +
                • +
              • ssl_hpkp - Enable/disable including HPKP header in response. type: str choices: disable, enable, report-only + more... + +
                • +
              • ssl_hpkp_age - Number of seconds the client should honor the HPKP setting. type: int + more... + +
                • +
              • ssl_hpkp_backup - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • ssl_hpkp_include_subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: disable, enable + more... + +
                • +
              • ssl_hpkp_primary - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • ssl_hpkp_report_uri - URL to report HPKP violations to. type: str + more... + +
                • +
              • ssl_hsts - Enable/disable including HSTS header in response. type: str choices: disable, enable + more... + +
                • +
              • ssl_hsts_age - Number of seconds the client should honor the HSTS setting. type: int + more... + +
                • +
              • ssl_hsts_include_subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: disable, enable + more... + +
                • +
              • ssl_http_location_conversion - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. type: str choices: enable, disable + more... + +
                • +
              • ssl_http_match_host - Enable/disable HTTP host matching for location conversion. type: str choices: enable, disable + more... + +
                • +
              • ssl_max_version - Highest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                • +
              • ssl_min_version - Lowest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                • +
              • ssl_mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: half, full + more... + +
                • +
              • ssl_pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. type: str choices: require, deny, allow + more... + +
                • +
              • ssl_send_empty_frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. type: str choices: enable, disable + more... + +
                • +
              • ssl_server_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom, client + more... + +
                • +
              • ssl_server_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: ssl_server_cipher_suites:priority + more... + +
                • +
                  +
                • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                  • +
                • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                  • +
                • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                +
              • ssl_server_max_version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client + more... + +
                • +
              • ssl_server_min_version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client + more... + +
                • +
              • ssl_server_session_state_max - Maximum number of FortiGate to Server SSL session states to keep. type: int + more... + +
                • +
              • ssl_server_session_state_timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int + more... + +
                • +
              • ssl_server_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: disable, time, count, both + more... + +
                • +
              • status - Enable/disable VIP. type: str choices: disable, enable + more... + +
                • +
              • type - Configure a static NAT, load balance, server load balance, access proxy, DNS translation, or FQDN VIP. type: str choices: static-nat, load-balance, server-load-balance, dns-translation, fqdn, access-proxy + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • weblogic_server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: disable, enable + more... + +
                • +
              • websphere_server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual IP for IPv4. + fortios_firewall_vip: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip: + add_nat46_route: "disable" + arp_reply: "disable" + color: "5" + comment: "Comment." + dns_mapping_ttl: "7" + extaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + extintf: " (source system.interface.name)" + extip: "" + extport: "" + gratuitous_arp_interval: "13" + http_cookie_age: "14" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "17" + http_cookie_path: "" + http_cookie_share: "disable" + http_ip_header: "enable" + http_ip_header_name: "" + http_multiplex: "enable" + http_redirect: "enable" + https_cookie_secure: "disable" + id: "25" + ipv6_mappedip: "" + ipv6_mappedport: "" + ldb_method: "static" + mapped_addr: " (source firewall.address.name)" + mappedip: + - + range: "" + mappedport: "" + max_embryonic_connections: "33" + monitor: + - + name: "default_name_35 (source firewall.ldb-monitor.name)" + name: "default_name_36" + nat_source_vip: "disable" + nat44: "disable" + nat46: "disable" + outlook_web_access: "disable" + persistence: "none" + portforward: "disable" + portmapping_type: "1-to-1" + protocol: "tcp" + realservers: + - + address: " (source firewall.address.name)" + client_ip: "" + healthcheck: "disable" + holddown_interval: "49" + http_host: "myhostname" + id: "51" + ip: "" + max_connections: "53" + monitor: + - + name: "default_name_55 (source firewall.ldb-monitor.name)" + port: "56" + status: "active" + type: "ip" + weight: "59" + server_type: "http" + service: + - + name: "default_name_62 (source firewall.service.custom.name firewall.service.group.name)" + src_filter: + - + range: "" + srcintf_filter: + - + interface_name: " (source system.interface.name)" + ssl_accept_ffdhe_groups: "enable" + ssl_algorithm: "high" + ssl_certificate: " (source vpn.certificate.local.name)" + ssl_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "72" + versions: "ssl-3.0" + ssl_client_fallback: "disable" + ssl_client_rekey_count: "75" + ssl_client_renegotiation: "allow" + ssl_client_session_state_max: "77" + ssl_client_session_state_timeout: "78" + ssl_client_session_state_type: "disable" + ssl_dh_bits: "768" + ssl_hpkp: "disable" + ssl_hpkp_age: "82" + ssl_hpkp_backup: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_include_subdomains: "disable" + ssl_hpkp_primary: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_report_uri: "" + ssl_hsts: "disable" + ssl_hsts_age: "88" + ssl_hsts_include_subdomains: "disable" + ssl_http_location_conversion: "enable" + ssl_http_match_host: "enable" + ssl_max_version: "ssl-3.0" + ssl_min_version: "ssl-3.0" + ssl_mode: "half" + ssl_pfs: "require" + ssl_send_empty_frags: "enable" + ssl_server_algorithm: "high" + ssl_server_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "100" + versions: "ssl-3.0" + ssl_server_max_version: "ssl-3.0" + ssl_server_min_version: "ssl-3.0" + ssl_server_session_state_max: "104" + ssl_server_session_state_timeout: "105" + ssl_server_session_state_type: "disable" + status: "disable" + type: "static-nat" + uuid: "" + weblogic_server: "disable" + websphere_server: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vip46.rst b/gen/fortios_firewall_vip46.rst new file mode 100644 index 00000000..962daff9 --- /dev/null +++ b/gen/fortios_firewall_vip46.rst @@ -0,0 +1,1678 @@ +:source: fortios_firewall_vip46.py + +:orphan: + +.. fortios_firewall_vip46: + +fortios_firewall_vip46 -- Configure IPv4 to IPv6 virtual IPs in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip46 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_firewall_vip46yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vip46 - Configure IPv4 to IPv6 virtual IPs. type: dict + more... + +
              • +
                +
              • arp_reply - Enable ARP reply. type: str choices: disable, enable + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • extip - Start-external-IP [-end-external-IP]. type: str + more... + +
                • +
              • extport - External service port. type: str + more... + +
                • +
              • id - Custom defined id. type: int + more... + +
                • +
              • ldb_method - Load balance method. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive + more... + +
                • +
              • mappedip - Start-mapped-IPv6-address [-end mapped-IPv6-address]. type: str + more... + +
                • +
              • mappedport - Mapped service port. type: str + more... + +
                • +
              • monitor - Health monitors. type: list member_path: monitor:name + more... + +
                • +
                  +
                • name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true + more... + +
                  • +
                +
              • name - VIP46 name. type: str required: true + more... + +
                • +
              • portforward - Enable port forwarding. type: str choices: disable, enable + more... + +
                • +
              • protocol - Mapped port protocol. type: str choices: tcp, udp + more... + +
                • +
              • realservers - Real servers. type: list member_path: realservers:id + more... + +
                • +
                  +
                • client_ip - Restrict server to a client IP in this range. type: str + more... + +
                  • +
                • healthcheck - Per server health check. type: str choices: disable, enable, vip + more... + +
                  • +
                • holddown_interval - Hold down interval. type: int + more... + +
                  • +
                • id - Real server ID. type: int required: true + more... + +
                  • +
                • ip - Mapped server IPv6. type: str + more... + +
                  • +
                • max_connections - Maximum number of connections allowed to server. type: int + more... + +
                  • +
                • monitor - Health monitors. Source firewall.ldb-monitor.name. type: str + more... + +
                  • +
                • port - Mapped server port. type: int + more... + +
                  • +
                • status - Server administrative status. type: str choices: active, standby, disable + more... + +
                  • +
                • weight - weight type: int + more... + +
                  • +
                +
              • server_type - Server type. type: str choices: http, tcp, udp, ip + more... + +
                • +
              • src_filter - Source IP filter (x.x.x.x/x). type: list member_path: src_filter:range + more... + +
                • +
                  +
                • range - Src-filter range. type: str required: true + more... + +
                  • +
                +
              • srcintf_filter - Interfaces to which the VIP46 applies. Separate the names with spaces. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • type - VIP type: static NAT or server load balance. type: str choices: static-nat, server-load-balance + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 to IPv6 virtual IPs. + fortios_firewall_vip46: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip46: + arp_reply: "disable" + color: "4" + comment: "Comment." + extip: "" + extport: "" + id: "8" + ldb_method: "static" + mappedip: "" + mappedport: "" + monitor: + - + name: "default_name_13 (source firewall.ldb-monitor.name)" + name: "default_name_14" + portforward: "disable" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "20" + id: "21" + ip: "" + max_connections: "23" + monitor: + - + name: "default_name_25 (source firewall.ldb-monitor.name)" + port: "26" + status: "active" + weight: "28" + server_type: "http" + src_filter: + - + range: "" + srcintf_filter: + - + interface_name: " (source system.interface.name)" + type: "static-nat" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vip6.rst b/gen/fortios_firewall_vip6.rst new file mode 100644 index 00000000..10366a3b --- /dev/null +++ b/gen/fortios_firewall_vip6.rst @@ -0,0 +1,10010 @@ +:source: fortios_firewall_vip6.py + +:orphan: + +.. fortios_firewall_vip6: + +fortios_firewall_vip6 -- Configure virtual IP for IPv6 in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_vip6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vip6 - Configure virtual IP for IPv6. type: dict + more... + +
              • +
                +
              • add_nat64_route - Enable/disable adding NAT64 route. type: str choices: disable, enable + more... + +
                • +
              • arp_reply - Enable to respond to ARP requests for this virtual IP address. Enabled by default. type: str choices: disable, enable + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • embedded_ipv4_address - Enable/disable use of the lower 32 bits of the external IPv6 address as mapped IPv4 address. type: str choices: disable, enable + more... + +
                • +
              • extip - IPv6 address or address range on the external interface that you want to map to an address or address range on the destination network. type: str + more... + +
                • +
              • extport - Incoming port number range that you want to map to a port number range on the destination network. type: str + more... + +
                • +
              • http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int + more... + +
                • +
              • http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str + more... + +
                • +
              • http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable + more... + +
                • +
              • http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int + more... + +
                • +
              • http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str + more... + +
                • +
              • http_cookie_share - Control sharing of cookies across virtual servers. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip + more... + +
                • +
              • http_ip_header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: enable, disable + more... + +
                • +
              • http_ip_header_name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. type: str + more... + +
                • +
              • http_multiplex - Enable/disable HTTP multiplexing. type: str choices: enable, disable + more... + +
                • +
              • http_redirect - Enable/disable redirection of HTTP to HTTPS. type: str choices: enable, disable + more... + +
                • +
              • https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable + more... + +
                • +
              • id - Custom defined ID. type: int + more... + +
                • +
              • ipv4_mappedip - Range of mapped IP addresses. Specify the start IP address followed by a space and the end IP address. type: str + more... + +
                • +
              • ipv4_mappedport - IPv4 port number range on the destination network to which the external port number range is mapped. type: str + more... + +
                • +
              • ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host + more... + +
                • +
              • mappedip - Mapped IPv6 address range in the format startIP-endIP. type: str + more... + +
                • +
              • mappedport - Port number range on the destination network to which the external port number range is mapped. type: str + more... + +
                • +
              • max_embryonic_connections - Maximum number of incomplete connections. type: int + more... + +
                • +
              • monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. type: list member_path: monitor:name + more... + +
                • +
                  +
                • name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true + more... + +
                  • +
                +
              • name - Virtual ip6 name. type: str required: true + more... + +
                • +
              • nat_source_vip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. type: str choices: disable, enable + more... + +
                • +
              • nat64 - Enable/disable DNAT64. type: str choices: disable, enable + more... + +
                • +
              • nat66 - Enable/disable DNAT66. type: str choices: disable, enable + more... + +
                • +
              • outlook_web_access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: disable, enable + more... + +
                • +
              • persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie, ssl-session-id + more... + +
                • +
              • portforward - Enable port forwarding. type: str choices: disable, enable + more... + +
                • +
              • protocol - Protocol to use when forwarding packets. type: str choices: tcp, udp, sctp + more... + +
                • +
              • realservers - Select the real servers that this server load balancing VIP will distribute traffic to. type: list member_path: realservers:id + more... + +
                • +
                  +
                • client_ip - Only clients in this IP range can connect to this real server. type: str + more... + +
                  • +
                • healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable, vip + more... + +
                  • +
                • holddown_interval - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int + more... + +
                  • +
                • http_host - HTTP server domain name in HTTP header. type: str + more... + +
                  • +
                • id - Real server ID. type: int required: true + more... + +
                  • +
                • ip - IP address of the real server. type: str + more... + +
                  • +
                • max_connections - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers. type: int + more... + +
                  • +
                • monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall .ldb-monitor.name. type: str + more... + +
                  • +
                • port - Port for communicating with the real server. Required if port forwarding is enabled. type: int + more... + +
                  • +
                • status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable + more... + +
                  • +
                • weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int + more... + +
                  • +
                +
              • server_type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip + more... + +
                • +
              • src_filter - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. type: list member_path: src_filter:range + more... + +
                • +
                  +
                • range - Source-filter range. type: str required: true + more... + +
                  • +
                +
              • ssl_accept_ffdhe_groups - Enable/disable FFDHE cipher suite for SSL key exchange. type: str choices: enable, disable + more... + +
                • +
              • ssl_algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: high, medium, low, custom + more... + +
                • +
              • ssl_certificate - The name of the certificate to use for SSL handshake. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • ssl_cipher_suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. type: list member_path: ssl_cipher_suites:priority + more... + +
                • +
                  +
                • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                  • +
                • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                  • +
                • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                +
              • ssl_client_fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: disable, enable + more... + +
                • +
              • ssl_client_rekey_count - Maximum length of data in MB before triggering a client rekey (0 = disable). type: int + more... + +
                • +
              • ssl_client_renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: allow, deny, secure + more... + +
                • +
              • ssl_client_session_state_max - Maximum number of client to FortiGate SSL session states to keep. type: int + more... + +
                • +
              • ssl_client_session_state_timeout - Number of minutes to keep client to FortiGate SSL session state. type: int + more... + +
                • +
              • ssl_client_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: disable, time, count, both + more... + +
                • +
              • ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 + more... + +
                • +
              • ssl_hpkp - Enable/disable including HPKP header in response. type: str choices: disable, enable, report-only + more... + +
                • +
              • ssl_hpkp_age - Number of minutes the web browser should keep HPKP. type: int + more... + +
                • +
              • ssl_hpkp_backup - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • ssl_hpkp_include_subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: disable, enable + more... + +
                • +
              • ssl_hpkp_primary - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • ssl_hpkp_report_uri - URL to report HPKP violations to. type: str + more... + +
                • +
              • ssl_hsts - Enable/disable including HSTS header in response. type: str choices: disable, enable + more... + +
                • +
              • ssl_hsts_age - Number of seconds the client should honor the HSTS setting. type: int + more... + +
                • +
              • ssl_hsts_include_subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: disable, enable + more... + +
                • +
              • ssl_http_location_conversion - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. type: str choices: enable, disable + more... + +
                • +
              • ssl_http_match_host - Enable/disable HTTP host matching for location conversion. type: str choices: enable, disable + more... + +
                • +
              • ssl_max_version - Highest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                • +
              • ssl_min_version - Lowest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                • +
              • ssl_mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: half, full + more... + +
                • +
              • ssl_pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. type: str choices: require, deny, allow + more... + +
                • +
              • ssl_send_empty_frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. type: str choices: enable, disable + more... + +
                • +
              • ssl_server_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom, client + more... + +
                • +
              • ssl_server_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: ssl_server_cipher_suites:priority + more... + +
                • +
                  +
                • cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA + more... + +
                  • +
                • priority - SSL/TLS cipher suites priority. type: int required: true + more... + +
                  • +
                • versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                +
              • ssl_server_max_version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client + more... + +
                • +
              • ssl_server_min_version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client + more... + +
                • +
              • ssl_server_session_state_max - Maximum number of FortiGate to Server SSL session states to keep. type: int + more... + +
                • +
              • ssl_server_session_state_timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int + more... + +
                • +
              • ssl_server_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: disable, time, count, both + more... + +
                • +
              • type - Configure a static NAT server load balance VIP or access proxy. type: str choices: static-nat, server-load-balance, access-proxy + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • weblogic_server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: disable, enable + more... + +
                • +
              • websphere_server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual IP for IPv6. + fortios_firewall_vip6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip6: + add_nat64_route: "disable" + arp_reply: "disable" + color: "5" + comment: "Comment." + embedded_ipv4_address: "disable" + extip: "" + extport: "" + http_cookie_age: "10" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "13" + http_cookie_path: "" + http_cookie_share: "disable" + http_ip_header: "enable" + http_ip_header_name: "" + http_multiplex: "enable" + http_redirect: "enable" + https_cookie_secure: "disable" + id: "21" + ipv4_mappedip: "" + ipv4_mappedport: "" + ldb_method: "static" + mappedip: "" + mappedport: "" + max_embryonic_connections: "27" + monitor: + - + name: "default_name_29 (source firewall.ldb-monitor.name)" + name: "default_name_30" + nat_source_vip: "disable" + nat64: "disable" + nat66: "disable" + outlook_web_access: "disable" + persistence: "none" + portforward: "disable" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "41" + http_host: "myhostname" + id: "43" + ip: "" + max_connections: "45" + monitor: + - + name: "default_name_47 (source firewall.ldb-monitor.name)" + port: "48" + status: "active" + weight: "50" + server_type: "http" + src_filter: + - + range: "" + ssl_accept_ffdhe_groups: "enable" + ssl_algorithm: "high" + ssl_certificate: " (source vpn.certificate.local.name)" + ssl_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "59" + versions: "ssl-3.0" + ssl_client_fallback: "disable" + ssl_client_rekey_count: "62" + ssl_client_renegotiation: "allow" + ssl_client_session_state_max: "64" + ssl_client_session_state_timeout: "65" + ssl_client_session_state_type: "disable" + ssl_dh_bits: "768" + ssl_hpkp: "disable" + ssl_hpkp_age: "69" + ssl_hpkp_backup: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_include_subdomains: "disable" + ssl_hpkp_primary: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_report_uri: "" + ssl_hsts: "disable" + ssl_hsts_age: "75" + ssl_hsts_include_subdomains: "disable" + ssl_http_location_conversion: "enable" + ssl_http_match_host: "enable" + ssl_max_version: "ssl-3.0" + ssl_min_version: "ssl-3.0" + ssl_mode: "half" + ssl_pfs: "require" + ssl_send_empty_frags: "enable" + ssl_server_algorithm: "high" + ssl_server_cipher_suites: + - + cipher: "TLS-AES-128-GCM-SHA256" + priority: "87" + versions: "ssl-3.0" + ssl_server_max_version: "ssl-3.0" + ssl_server_min_version: "ssl-3.0" + ssl_server_session_state_max: "91" + ssl_server_session_state_timeout: "92" + ssl_server_session_state_type: "disable" + type: "static-nat" + uuid: "" + weblogic_server: "disable" + websphere_server: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vip64.rst b/gen/fortios_firewall_vip64.rst new file mode 100644 index 00000000..5fe6c42d --- /dev/null +++ b/gen/fortios_firewall_vip64.rst @@ -0,0 +1,1623 @@ +:source: fortios_firewall_vip64.py + +:orphan: + +.. fortios_firewall_vip64: + +fortios_firewall_vip64 -- Configure IPv6 to IPv4 virtual IPs in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_firewall_vip64yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vip64 - Configure IPv6 to IPv4 virtual IPs. type: dict + more... + +
              • +
                +
              • arp_reply - Enable ARP reply. type: str choices: disable, enable + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • extip - Start-external-IPv6-address [-end-external-IPv6-address]. type: str + more... + +
                • +
              • extport - External service port. type: str + more... + +
                • +
              • id - Custom defined id. type: int + more... + +
                • +
              • ldb_method - Load balance method. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive + more... + +
                • +
              • mappedip - Start-mapped-IP [-end-mapped-IP]. type: str + more... + +
                • +
              • mappedport - Mapped service port. type: str + more... + +
                • +
              • monitor - Health monitors. type: list member_path: monitor:name + more... + +
                • +
                  +
                • name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true + more... + +
                  • +
                +
              • name - VIP64 name. type: str required: true + more... + +
                • +
              • portforward - Enable port forwarding. type: str choices: disable, enable + more... + +
                • +
              • protocol - Mapped port protocol. type: str choices: tcp, udp + more... + +
                • +
              • realservers - Real servers. type: list member_path: realservers:id + more... + +
                • +
                  +
                • client_ip - Restrict server to a client IP in this range. type: str + more... + +
                  • +
                • healthcheck - Per server health check. type: str choices: disable, enable, vip + more... + +
                  • +
                • holddown_interval - Hold down interval. type: int + more... + +
                  • +
                • id - Real server ID. type: int required: true + more... + +
                  • +
                • ip - Mapped server IP. type: str + more... + +
                  • +
                • max_connections - Maximum number of connections allowed to server. type: int + more... + +
                  • +
                • monitor - Health monitors. Source firewall.ldb-monitor.name. type: str + more... + +
                  • +
                • port - Mapped server port. type: int + more... + +
                  • +
                • status - Server administrative status. type: str choices: active, standby, disable + more... + +
                  • +
                • weight - weight type: int + more... + +
                  • +
                +
              • server_type - Server type. type: str choices: http, tcp, udp, ip + more... + +
                • +
              • src_filter - Source IP6 filter (x:x:x:x:x:x:x:x/x). type: list member_path: src_filter:range + more... + +
                • +
                  +
                • range - Src-filter range. type: str required: true + more... + +
                  • +
                +
              • type - VIP type: static NAT or server load balance. type: str choices: static-nat, server-load-balance + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 to IPv4 virtual IPs. + fortios_firewall_vip64: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip64: + arp_reply: "disable" + color: "4" + comment: "Comment." + extip: "" + extport: "" + id: "8" + ldb_method: "static" + mappedip: "" + mappedport: "" + monitor: + - + name: "default_name_13 (source firewall.ldb-monitor.name)" + name: "default_name_14" + portforward: "disable" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "20" + id: "21" + ip: "" + max_connections: "23" + monitor: + - + name: "default_name_25 (source firewall.ldb-monitor.name)" + port: "26" + status: "active" + weight: "28" + server_type: "http" + src_filter: + - + range: "" + type: "static-nat" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vipgrp.rst b/gen/fortios_firewall_vipgrp.rst new file mode 100644 index 00000000..87499a13 --- /dev/null +++ b/gen/fortios_firewall_vipgrp.rst @@ -0,0 +1,541 @@ +:source: fortios_firewall_vipgrp.py + +:orphan: + +.. fortios_firewall_vipgrp: + +fortios_firewall_vipgrp -- Configure IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_vipgrpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vipgrp - Configure IPv4 virtual IP groups. type: dict + more... + +
              • +
                +
              • color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • interface - Interface. Source system.interface.name. type: str + more... + +
                • +
              • member - Member VIP objects of the group (Separate multiple objects with a space). type: list member_path: member:name + more... + +
                • +
                  +
                • name - VIP name. Source firewall.vip.name. type: str required: true + more... + +
                  • +
                +
              • name - VIP group name. type: str required: true + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 virtual IP groups. + fortios_firewall_vipgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp: + color: "3" + comments: "" + interface: " (source system.interface.name)" + member: + - + name: "default_name_7 (source firewall.vip.name)" + name: "default_name_8" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vipgrp46.rst b/gen/fortios_firewall_vipgrp46.rst new file mode 100644 index 00000000..31998beb --- /dev/null +++ b/gen/fortios_firewall_vipgrp46.rst @@ -0,0 +1,415 @@ +:source: fortios_firewall_vipgrp46.py + +:orphan: + +.. fortios_firewall_vipgrp46: + +fortios_firewall_vipgrp46 -- Configure IPv4 to IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp46 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_firewall_vipgrp46yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vipgrp46 - Configure IPv4 to IPv6 virtual IP groups. type: dict + more... + +
              • +
                +
              • color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • member - Member VIP objects of the group (Separate multiple objects with a space). type: list member_path: member:name + more... + +
                • +
                  +
                • name - VIP46 name. Source firewall.vip46.name. type: str required: true + more... + +
                  • +
                +
              • name - VIP46 group name. type: str required: true + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 to IPv6 virtual IP groups. + fortios_firewall_vipgrp46: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp46: + color: "3" + comments: "" + member: + - + name: "default_name_6 (source firewall.vip46.name)" + name: "default_name_7" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vipgrp6.rst b/gen/fortios_firewall_vipgrp6.rst new file mode 100644 index 00000000..fbd0f2b6 --- /dev/null +++ b/gen/fortios_firewall_vipgrp6.rst @@ -0,0 +1,495 @@ +:source: fortios_firewall_vipgrp6.py + +:orphan: + +.. fortios_firewall_vipgrp6: + +fortios_firewall_vipgrp6 -- Configure IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_vipgrp6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vipgrp6 - Configure IPv6 virtual IP groups. type: dict + more... + +
              • +
                +
              • color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • member - Member VIP objects of the group (Separate multiple objects with a space). type: list member_path: member:name + more... + +
                • +
                  +
                • name - IPv6 VIP name. Source firewall.vip6.name. type: str required: true + more... + +
                  • +
                +
              • name - IPv6 VIP group name. type: str required: true + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 virtual IP groups. + fortios_firewall_vipgrp6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp6: + color: "3" + comments: "" + member: + - + name: "default_name_6 (source firewall.vip6.name)" + name: "default_name_7" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_vipgrp64.rst b/gen/fortios_firewall_vipgrp64.rst new file mode 100644 index 00000000..c5de0d77 --- /dev/null +++ b/gen/fortios_firewall_vipgrp64.rst @@ -0,0 +1,415 @@ +:source: fortios_firewall_vipgrp64.py + +:orphan: + +.. fortios_firewall_vipgrp64: + +fortios_firewall_vipgrp64 -- Configure IPv6 to IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_firewall_vipgrp64yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_vipgrp64 - Configure IPv6 to IPv4 virtual IP groups. type: dict + more... + +
              • +
                +
              • color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • member - Member VIP objects of the group (Separate multiple objects with a space). type: list member_path: member:name + more... + +
                • +
                  +
                • name - VIP64 name. Source firewall.vip64.name. type: str required: true + more... + +
                  • +
                +
              • name - VIP64 group name. type: str required: true + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 to IPv4 virtual IP groups. + fortios_firewall_vipgrp64: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp64: + color: "3" + comments: "" + member: + - + name: "default_name_6 (source firewall.vip64.name)" + name: "default_name_7" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_wildcard_fqdn_custom.rst b/gen/fortios_firewall_wildcard_fqdn_custom.rst new file mode 100644 index 00000000..dec30cbb --- /dev/null +++ b/gen/fortios_firewall_wildcard_fqdn_custom.rst @@ -0,0 +1,494 @@ +:source: fortios_firewall_wildcard_fqdn_custom.py + +:orphan: + +.. fortios_firewall_wildcard_fqdn_custom: + +fortios_firewall_wildcard_fqdn_custom -- Config global/VDOM Wildcard FQDN address in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_wildcard_fqdn feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_wildcard_fqdn_customyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_wildcard_fqdn_custom - Config global/VDOM Wildcard FQDN address. type: dict + more... + +
              • +
                +
              • color - GUI icon color. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • name - Address name. type: str required: true + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable address visibility. type: str choices: enable, disable + more... + +
                • +
              • wildcard_fqdn - Wildcard FQDN. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Config global/VDOM Wildcard FQDN address. + fortios_firewall_wildcard_fqdn_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_wildcard_fqdn_custom: + color: "3" + comment: "Comment." + name: "default_name_5" + uuid: "" + visibility: "enable" + wildcard_fqdn: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_firewall_wildcard_fqdn_group.rst b/gen/fortios_firewall_wildcard_fqdn_group.rst new file mode 100644 index 00000000..0d201084 --- /dev/null +++ b/gen/fortios_firewall_wildcard_fqdn_group.rst @@ -0,0 +1,543 @@ +:source: fortios_firewall_wildcard_fqdn_group.py + +:orphan: + +.. fortios_firewall_wildcard_fqdn_group: + +fortios_firewall_wildcard_fqdn_group -- Config global Wildcard FQDN address groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_wildcard_fqdn feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_firewall_wildcard_fqdn_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • firewall_wildcard_fqdn_group - Config global Wildcard FQDN address groups. type: dict + more... + +
              • +
                +
              • color - GUI icon color. type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • member - Address group members. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.wildcard-fqdn.custom.name. type: str required: true + more... + +
                  • +
                +
              • name - Address group name. type: str required: true + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • visibility - Enable/disable address visibility. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Config global Wildcard FQDN address groups. + fortios_firewall_wildcard_fqdn_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_wildcard_fqdn_group: + color: "3" + comment: "Comment." + member: + - + name: "default_name_6 (source firewall.wildcard-fqdn.custom.name)" + name: "default_name_7" + uuid: "" + visibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ftp_proxy_explicit.rst b/gen/fortios_ftp_proxy_explicit.rst new file mode 100644 index 00000000..dc7a24e9 --- /dev/null +++ b/gen/fortios_ftp_proxy_explicit.rst @@ -0,0 +1,830 @@ +:source: fortios_ftp_proxy_explicit.py + +:orphan: + +.. fortios_ftp_proxy_explicit: + +fortios_ftp_proxy_explicit -- Configure explicit FTP proxy settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ftp_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ftp_proxy_explicityesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • ftp_proxy_explicit - Configure explicit FTP proxy settings. type: dict + more... + +
              • +
                +
              • incoming_ip - Accept incoming FTP requests from this IP address. An interface must have this IP address. type: str + more... + +
                • +
              • incoming_port - Accept incoming FTP requests on one or more ports. type: str + more... + +
                • +
              • outgoing_ip - Outgoing FTP requests will leave from this IP address. An interface must have this IP address. type: list
                • +
              • sec_default_action - Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists. type: str choices: accept, deny + more... + +
                • +
              • ssl - Enable/disable the explicit FTPS proxy. type: str choices: enable, disable + more... + +
                • +
              • ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low + more... + +
                • +
              • ssl_cert - Name of certificate for SSL connections to this server . Source certificate.local.name. type: str + more... + +
                • +
              • ssl_dh_bits - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str choices: 768, 1024, 1536, 2048 + more... + +
                • +
              • status - Enable/disable the explicit FTP proxy. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure explicit FTP proxy settings. + fortios_ftp_proxy_explicit: + vdom: "{{ vdom }}" + ftp_proxy_explicit: + incoming_ip: "" + incoming_port: "" + outgoing_ip: "" + sec_default_action: "accept" + ssl: "enable" + ssl_algorithm: "high" + ssl_cert: " (source certificate.local.name)" + ssl_dh_bits: "768" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_apn.rst b/gen/fortios_gtp_apn.rst new file mode 100644 index 00000000..8fc1cd41 --- /dev/null +++ b/gen/fortios_gtp_apn.rst @@ -0,0 +1,308 @@ +:source: fortios_gtp_apn.py + +:orphan: + +.. fortios_gtp_apn: + +fortios_gtp_apn -- Configure APN for GTP in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and apn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_apnyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_apn - Configure APN for GTP. type: dict + more... + +
              • +
                +
              • apn - APN value. type: str + more... + +
                • +
              • name - APN name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure APN for GTP. + fortios_gtp_apn: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_apn: + apn: "" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_apn_shaper.rst b/gen/fortios_gtp_apn_shaper.rst new file mode 100644 index 00000000..8dd80ee3 --- /dev/null +++ b/gen/fortios_gtp_apn_shaper.rst @@ -0,0 +1,486 @@ +:source: fortios_gtp_apn_shaper.py + +:orphan: + +.. fortios_gtp_apn_shaper: + +fortios_gtp_apn_shaper -- Global per-APN shaper in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and apn_shaper category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_apn_shaperyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_apn_shaper - Global per-APN shaper. type: dict + more... + +
              • +
                +
              • action - Action. type: str choices: drop, reject + more... + +
                • +
              • apn - APN names to match. Leave empty to match ANY. Source gtp.apn.name. type: str + more... + +
                • +
              • back_off_time - Back off time in seconds (10 - 360). type: int + more... + +
                • +
              • id - Shaper ID. type: int required: true + more... + +
                • +
              • rate_limit - Rate limit in packets/s (0 - 1000000, 0 means unlimited). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global per-APN shaper. + fortios_gtp_apn_shaper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_apn_shaper: + action: "drop" + apn: + - + name: "default_name_5 (source gtp.apn.name gtp.apngrp.name)" + back_off_time: "6" + id: "7" + rate_limit: "8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_apngrp.rst b/gen/fortios_gtp_apngrp.rst new file mode 100644 index 00000000..3d844811 --- /dev/null +++ b/gen/fortios_gtp_apngrp.rst @@ -0,0 +1,357 @@ +:source: fortios_gtp_apngrp.py + +:orphan: + +.. fortios_gtp_apngrp: + +fortios_gtp_apngrp -- Configure APN groups for GTP in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and apngrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_apngrpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_apngrp - Configure APN groups for GTP. type: dict + more... + +
              • +
                +
              • member - APN group member. type: list member_path: member:name + more... + +
                • +
                  +
                • name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true + more... + +
                  • +
                +
              • name - GTP APN group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure APN groups for GTP. + fortios_gtp_apngrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_apngrp: + member: + - + name: "default_name_4 (source gtp.apn.name gtp.apngrp.name)" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_ie_allow_list.rst b/gen/fortios_gtp_ie_allow_list.rst new file mode 100644 index 00000000..8dd2651a --- /dev/null +++ b/gen/fortios_gtp_ie_allow_list.rst @@ -0,0 +1,309 @@ +:source: fortios_gtp_ie_allow_list.py + +:orphan: + +.. fortios_gtp_ie_allow_list: + +fortios_gtp_ie_allow_list -- IE allow list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and ie_allow_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_ie_allow_listyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_ie_allow_list - IE allow list. type: dict + more... + +
              • +
                +
              • entries - Entries of allow list for unknown or out-of-state IEs. type: list member_path: entries:id + more... + +
                • +
                  +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • ie - IE ID (1 - 255). type: int + more... + +
                  • +
                • message - Message ID (1 - 255). type: int + more... + +
                  • +
                +
              • name - IE allow list name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: IE allow list. + fortios_gtp_ie_allow_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_ie_allow_list: + entries: + - + id: "4" + ie: "5" + message: "6" + name: "default_name_7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_ie_white_list.rst b/gen/fortios_gtp_ie_white_list.rst new file mode 100644 index 00000000..e3cda2d5 --- /dev/null +++ b/gen/fortios_gtp_ie_white_list.rst @@ -0,0 +1,365 @@ +:source: fortios_gtp_ie_white_list.py + +:orphan: + +.. fortios_gtp_ie_white_list: + +fortios_gtp_ie_white_list -- IE white list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and ie_white_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_gtp_ie_white_listyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_ie_white_list - IE white list. type: dict + more... + +
              • +
                +
              • entries - Entries of white list (to allow) for unknown or out-of-state IEs. type: list member_path: entries:id + more... + +
                • +
                  +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • ie - IE ID (1 - 255). type: int + more... + +
                  • +
                • message - Message ID (1 - 255). type: int + more... + +
                  • +
                +
              • name - IE white list name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: IE white list. + fortios_gtp_ie_white_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_ie_white_list: + entries: + - + id: "4" + ie: "5" + message: "6" + name: "default_name_7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_message_filter_v0v1.rst b/gen/fortios_gtp_message_filter_v0v1.rst new file mode 100644 index 00000000..850c2d89 --- /dev/null +++ b/gen/fortios_gtp_message_filter_v0v1.rst @@ -0,0 +1,3297 @@ +:source: fortios_gtp_message_filter_v0v1.py + +:orphan: + +.. fortios_gtp_message_filter_v0v1: + +fortios_gtp_message_filter_v0v1 -- Message filter for GTPv0/v1 messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and message_filter_v0v1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_message_filter_v0v1yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_message_filter_v0v1 - Message filter for GTPv0/v1 messages. type: dict + more... + +
              • +
                +
              • create_mbms - GTPv1 create MBMS context (req 100, resp 101). type: str choices: allow, deny + more... + +
                • +
              • create_pdp - Create PDP context (req 16, resp 17). type: str choices: allow, deny + more... + +
                • +
              • data_record - Data record transfer (req 240, resp 241). type: str choices: allow, deny + more... + +
                • +
              • delete_aa_pdp - GTPv0 delete AA PDP context (req 24, resp 25). type: str choices: allow, deny + more... + +
                • +
              • delete_mbms - GTPv1 delete MBMS context (req 104, resp 105). type: str choices: allow, deny + more... + +
                • +
              • delete_pdp - Delete PDP context (req 20, resp 21). type: str choices: allow, deny + more... + +
                • +
              • echo - Echo (req 1, resp 2). type: str choices: allow, deny + more... + +
                • +
              • end_marker - GTPv1 End marker (254). type: str choices: allow, deny + more... + +
                • +
              • error_indication - Error indication (26). type: str choices: allow, deny + more... + +
                • +
              • failure_report - Failure report (req 34, resp 35). type: str choices: allow, deny + more... + +
                • +
              • fwd_relocation - GTPv1 forward relocation (req 53, resp 54, complete 55, complete ack 59). type: str choices: allow, deny + more... + +
                • +
              • fwd_srns_context - GTPv1 forward SRNS (context 58, context ack 60). type: str choices: allow, deny + more... + +
                • +
              • gtp_pdu - PDU (255). type: str choices: allow, deny + more... + +
                • +
              • identification - Identification (req 48, resp 49). type: str choices: allow, deny + more... + +
                • +
              • mbms_de_registration - GTPv1 MBMS de-registration (req 114, resp 115). type: str choices: allow, deny + more... + +
                • +
              • mbms_notification - GTPv1 MBMS notification (req 96, resp 97, reject req 98. reject resp 99). type: str choices: allow, deny + more... + +
                • +
              • mbms_registration - GTPv1 MBMS registration (req 112, resp 113). type: str choices: allow, deny + more... + +
                • +
              • mbms_session_start - GTPv1 MBMS session start (req 116, resp 117). type: str choices: allow, deny + more... + +
                • +
              • mbms_session_stop - GTPv1 MBMS session stop (req 118, resp 119). type: str choices: allow, deny + more... + +
                • +
              • mbms_session_update - GTPv1 MBMS session update (req 120, resp 121). type: str choices: allow, deny + more... + +
                • +
              • ms_info_change_notif - GTPv1 MS info change notification (req 128, resp 129). type: str choices: allow, deny + more... + +
                • +
              • name - Message filter name. type: str required: true + more... + +
                • +
              • node_alive - Node alive (req 4, resp 5). type: str choices: allow, deny + more... + +
                • +
              • note_ms_present - Note MS GPRS present (req 36, resp 37). type: str choices: allow, deny + more... + +
                • +
              • pdu_notification - PDU notification (req 27, resp 28, reject req 29, reject resp 30). type: str choices: allow, deny + more... + +
                • +
              • ran_info - GTPv1 RAN information relay (70). type: str choices: allow, deny + more... + +
                • +
              • redirection - Redirection (req 6, resp 7). type: str choices: allow, deny + more... + +
                • +
              • relocation_cancel - GTPv1 relocation cancel (req 56, resp 57). type: str choices: allow, deny + more... + +
                • +
              • send_route - Send routing information for GPRS (req 32, resp 33). type: str choices: allow, deny + more... + +
                • +
              • sgsn_context - SGSN context (req 50, resp 51, ack 52). type: str choices: allow, deny + more... + +
                • +
              • support_extension - GTPv1 supported extension headers notify (31). type: str choices: allow, deny + more... + +
                • +
              • unknown_message - Allow or Deny unknown messages. type: str choices: allow, deny + more... + +
                • +
              • unknown_message_white_list - White list (to allow) of unknown messages. type: list member_path: unknown_message_white_list:id + more... + +
                • +
                  +
                • id - Message IDs. type: int required: true + more... + +
                  • +
                +
              • update_mbms - GTPv1 update MBMS context (req 102, resp 103). type: str choices: allow, deny + more... + +
                • +
              • update_pdp - Update PDP context (req 18, resp 19). type: str choices: allow, deny + more... + +
                • +
              • v0_create_aa_pdp__v1_init_pdp_ctx - GTPv0 create AA PDP context (req 22, resp 23); Or GTPv1 initiate PDP context (req 22, resp 23). type: str choices: allow, deny + more... + +
                • +
              • version_not_support - Version not supported (3). type: str choices: allow, deny + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Message filter for GTPv0/v1 messages. + fortios_gtp_message_filter_v0v1: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_message_filter_v0v1: + create_mbms: "allow" + create_pdp: "allow" + data_record: "allow" + delete_aa_pdp: "allow" + delete_mbms: "allow" + delete_pdp: "allow" + echo: "allow" + end_marker: "allow" + error_indication: "allow" + failure_report: "allow" + fwd_relocation: "allow" + fwd_srns_context: "allow" + gtp_pdu: "allow" + identification: "allow" + mbms_de_registration: "allow" + mbms_notification: "allow" + mbms_registration: "allow" + mbms_session_start: "allow" + mbms_session_stop: "allow" + mbms_session_update: "allow" + ms_info_change_notif: "allow" + name: "default_name_24" + node_alive: "allow" + note_ms_present: "allow" + pdu_notification: "allow" + ran_info: "allow" + redirection: "allow" + relocation_cancel: "allow" + send_route: "allow" + sgsn_context: "allow" + support_extension: "allow" + unknown_message: "allow" + unknown_message_white_list: + - + id: "36" + update_mbms: "allow" + update_pdp: "allow" + v0_create_aa_pdp__v1_init_pdp_ctx: "allow" + version_not_support: "allow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_message_filter_v2.rst b/gen/fortios_gtp_message_filter_v2.rst new file mode 100644 index 00000000..b3674d5e --- /dev/null +++ b/gen/fortios_gtp_message_filter_v2.rst @@ -0,0 +1,2121 @@ +:source: fortios_gtp_message_filter_v2.py + +:orphan: + +.. fortios_gtp_message_filter_v2: + +fortios_gtp_message_filter_v2 -- Message filter for GTPv2 messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and message_filter_v2 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_message_filter_v2yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_message_filter_v2 - Message filter for GTPv2 messages. type: dict + more... + +
              • +
                +
              • bearer_resource_cmd_fail - Bearer resource (command 68, failure indication 69). type: str choices: allow, deny + more... + +
                • +
              • change_notification - Change notification (req 38, resp 39). type: str choices: allow, deny + more... + +
                • +
              • context_req_res_ack - Context request/response/acknowledge (req 130, resp 131, ack 132). type: str choices: allow, deny + more... + +
                • +
              • create_bearer - Create bearer (req 95, resp 96). type: str choices: allow, deny + more... + +
                • +
              • create_session - Create session (req 32, resp 33). type: str choices: allow, deny + more... + +
                • +
              • delete_bearer_cmd_fail - Delete bearer (command 66, failure indication 67). type: str choices: allow, deny + more... + +
                • +
              • delete_bearer_req_resp - Delete bearer (req 99, resp 100). type: str choices: allow, deny + more... + +
                • +
              • delete_pdn_connection_set - Delete PDN connection set (req 101, resp 102). type: str choices: allow, deny + more... + +
                • +
              • delete_session - Delete session (req 36, resp 37). type: str choices: allow, deny + more... + +
                • +
              • echo - Echo (req 1, resp 2). type: str choices: allow, deny + more... + +
                • +
              • forward_relocation_cmp_notif_ack - Forward relocation complete notification/acknowledge (notif 135, ack 136). type: str choices: allow, deny + more... + +
                • +
              • forward_relocation_req_res - Forward relocation request/response (req 133, resp 134). type: str choices: allow, deny + more... + +
                • +
              • modify_bearer_cmd_fail - Modify bearer (command 64 , failure indication 65). type: str choices: allow, deny + more... + +
                • +
              • modify_bearer_req_resp - Modify bearer (req 34, resp 35). type: str choices: allow, deny + more... + +
                • +
              • name - Message filter name. type: str required: true + more... + +
                • +
              • resume - Resume (notify 164 , ack 165). type: str choices: allow, deny + more... + +
                • +
              • suspend - Suspend (notify 162, ack 163). type: str choices: allow, deny + more... + +
                • +
              • trace_session - Trace session (activation 71, deactivation 72). type: str choices: allow, deny + more... + +
                • +
              • unknown_message - Allow or Deny unknown messages. type: str choices: allow, deny + more... + +
                • +
              • unknown_message_white_list - White list (to allow) of unknown messages. type: list member_path: unknown_message_white_list:id + more... + +
                • +
                  +
                • id - Message IDs. type: int required: true + more... + +
                  • +
                +
              • update_bearer - Update bearer (req 97, resp 98). type: str choices: allow, deny + more... + +
                • +
              • update_pdn_connection_set - Update PDN connection set (req 200, resp 201). type: str choices: allow, deny + more... + +
                • +
              • version_not_support - Version not supported (3). type: str choices: allow, deny + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Message filter for GTPv2 messages. + fortios_gtp_message_filter_v2: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_message_filter_v2: + bearer_resource_cmd_fail: "allow" + change_notification: "allow" + context_req_res_ack: "allow" + create_bearer: "allow" + create_session: "allow" + delete_bearer_cmd_fail: "allow" + delete_bearer_req_resp: "allow" + delete_pdn_connection_set: "allow" + delete_session: "allow" + echo: "allow" + forward_relocation_cmp_notif_ack: "allow" + forward_relocation_req_res: "allow" + modify_bearer_cmd_fail: "allow" + modify_bearer_req_resp: "allow" + name: "default_name_17" + resume: "allow" + suspend: "allow" + trace_session: "allow" + unknown_message: "allow" + unknown_message_white_list: + - + id: "23" + update_bearer: "allow" + update_pdn_connection_set: "allow" + version_not_support: "allow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_rat_timeout_profile.rst b/gen/fortios_gtp_rat_timeout_profile.rst new file mode 100644 index 00000000..ff162531 --- /dev/null +++ b/gen/fortios_gtp_rat_timeout_profile.rst @@ -0,0 +1,436 @@ +:source: fortios_gtp_rat_timeout_profile.py + +:orphan: + +.. fortios_gtp_rat_timeout_profile: + +fortios_gtp_rat_timeout_profile -- RAT timeout profil in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and rat_timeout_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_rat_timeout_profileyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_rat_timeout_profile - RAT timeout profile type: dict + more... + +
              • +
                +
              • eutran_timeout - Established eutran timeout in seconds . type: int + more... + +
                • +
              • gan_timeout - Established gan timeout in seconds . type: int + more... + +
                • +
              • geran_timeout - Established geran timeout in seconds . type: int + more... + +
                • +
              • hspa_timeout - Established hspa timeout in seconds . type: int + more... + +
                • +
              • ltem_timeout - Established ltem timeout in seconds . type: int + more... + +
                • +
              • name - RAT timeout profile name. type: str required: true + more... + +
                • +
              • nbiot_timeout - Established nbiot timeout in seconds . type: int + more... + +
                • +
              • nr_timeout - Established nr timeout in seconds . type: int + more... + +
                • +
              • utran_timeout - Established utran timeout in seconds . type: int + more... + +
                • +
              • virtual_timeout - Established virtual timeout in seconds . type: int + more... + +
                • +
              • wlan_timeout - Established wlan timeout in seconds . type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: RAT timeout profile + fortios_gtp_rat_timeout_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_rat_timeout_profile: + eutran_timeout: "3" + gan_timeout: "4" + geran_timeout: "5" + hspa_timeout: "6" + ltem_timeout: "7" + name: "default_name_8" + nbiot_timeout: "9" + nr_timeout: "10" + utran_timeout: "11" + virtual_timeout: "12" + wlan_timeout: "13" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_gtp_tunnel_limit.rst b/gen/fortios_gtp_tunnel_limit.rst new file mode 100644 index 00000000..f57e50de --- /dev/null +++ b/gen/fortios_gtp_tunnel_limit.rst @@ -0,0 +1,308 @@ +:source: fortios_gtp_tunnel_limit.py + +:orphan: + +.. fortios_gtp_tunnel_limit: + +fortios_gtp_tunnel_limit -- GTP tunnel limiter in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and tunnel_limit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_gtp_tunnel_limityesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • gtp_tunnel_limit - GTP tunnel limiter. type: dict + more... + +
              • +
                +
              • name - Tunnel limiter name. type: str required: true + more... + +
                • +
              • tunnel_limit - Tunnel limit [1, 16000000]. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: GTP tunnel limiter. + fortios_gtp_tunnel_limit: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + gtp_tunnel_limit: + name: "default_name_3" + tunnel_limit: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_hardware_nic.rst b/gen/fortios_hardware_nic.rst new file mode 100644 index 00000000..ddb51db6 --- /dev/null +++ b/gen/fortios_hardware_nic.rst @@ -0,0 +1,235 @@ +:source: fortios_hardware_nic.py + +:orphan: + +.. fortios_hardware_nic: + +fortios_hardware_nic -- Display NIC information in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify hardware feature and nic category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_hardware_nicyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • hardware_nic - Display NIC information. type: dict + more... + +
              • +
                +
              • - NIC name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display NIC information. + fortios_hardware_nic: + vdom: "{{ vdom }}" + hardware_nic: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_hardware_npu_np6_dce.rst b/gen/fortios_hardware_npu_np6_dce.rst new file mode 100644 index 00000000..2afa77ff --- /dev/null +++ b/gen/fortios_hardware_npu_np6_dce.rst @@ -0,0 +1,235 @@ +:source: fortios_hardware_npu_np6_dce.py + +:orphan: + +.. fortios_hardware_npu_np6_dce: + +fortios_hardware_npu_np6_dce -- Show NP6 non-zero subengine drop counters in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify hardware_npu_np6 feature and dce category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_hardware_npu_np6_dceyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • hardware_npu_np6_dce - Show NP6 non-zero subengine drop counters. type: dict + more... + +
              • +
                +
              • - NP6 ID type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show NP6 non-zero subengine drop counters. + fortios_hardware_npu_np6_dce: + vdom: "{{ vdom }}" + hardware_npu_np6_dce: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_hardware_npu_np6_session_stats.rst b/gen/fortios_hardware_npu_np6_session_stats.rst new file mode 100644 index 00000000..3eb4df83 --- /dev/null +++ b/gen/fortios_hardware_npu_np6_session_stats.rst @@ -0,0 +1,235 @@ +:source: fortios_hardware_npu_np6_session_stats.py + +:orphan: + +.. fortios_hardware_npu_np6_session_stats: + +fortios_hardware_npu_np6_session_stats -- Show NP6 session offloading statistics counters in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify hardware_npu_np6 feature and session_stats category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_hardware_npu_np6_session_statsyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • hardware_npu_np6_session_stats - Show NP6 session offloading statistics counters. type: dict + more... + +
              • +
                +
              • - NP6 ID type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show NP6 session offloading statistics counters. + fortios_hardware_npu_np6_session_stats: + vdom: "{{ vdom }}" + hardware_npu_np6_session_stats: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_hardware_npu_np6_sse_stats.rst b/gen/fortios_hardware_npu_np6_sse_stats.rst new file mode 100644 index 00000000..06c39262 --- /dev/null +++ b/gen/fortios_hardware_npu_np6_sse_stats.rst @@ -0,0 +1,235 @@ +:source: fortios_hardware_npu_np6_sse_stats.py + +:orphan: + +.. fortios_hardware_npu_np6_sse_stats: + +fortios_hardware_npu_np6_sse_stats -- Show NP6 hardware session statistics counters in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify hardware_npu_np6 feature and sse_stats category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_hardware_npu_np6_sse_statsyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • hardware_npu_np6_sse_stats - Show NP6 hardware session statistics counters. type: dict + more... + +
              • +
                +
              • - NP6 ID type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show NP6 hardware session statistics counters. + fortios_hardware_npu_np6_sse_stats: + vdom: "{{ vdom }}" + hardware_npu_np6_sse_stats: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_icap_profile.rst b/gen/fortios_icap_profile.rst new file mode 100644 index 00000000..f56253b3 --- /dev/null +++ b/gen/fortios_icap_profile.rst @@ -0,0 +1,2318 @@ +:source: fortios_icap_profile.py + +:orphan: + +.. fortios_icap_profile: + +fortios_icap_profile -- Configure ICAP profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify icap feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_icap_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • icap_profile - Configure ICAP profiles. type: dict + more... + +
              • +
                +
              • chunk_encap - Enable/disable chunked encapsulation . type: str choices: disable, enable + more... + +
                • +
              • extension_feature - Enable/disable ICAP extension features. type: list choices: scan-progress + more... + +
                • +
              • icap_block_log - Enable/disable UTM log when infection found . type: str choices: disable, enable + more... + +
                • +
              • icap_headers - Configure ICAP forwarded request headers. type: list member_path: icap_headers:id + more... + +
                • +
                  +
                • base64_encoding - Enable/disable use of base64 encoding of HTTP content. type: str choices: disable, enable + more... + +
                  • +
                • content - HTTP header content. type: str + more... + +
                  • +
                • id - HTTP forwarded header ID. type: int required: true + more... + +
                  • +
                • name - HTTP forwarded header name. type: str + more... + +
                  • +
                +
              • methods - The allowed HTTP methods that will be sent to ICAP server for further processing. type: list choices: delete, get, head, options, post, put, trace, other + more... + +
                • +
              • name - ICAP profile name. type: str required: true + more... + +
                • +
              • preview - Enable/disable preview of data to ICAP server. type: str choices: disable, enable + more... + +
                • +
              • preview_data_length - Preview data length to be sent to ICAP server. type: int + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • request - Enable/disable whether an HTTP request is passed to an ICAP server. type: str choices: disable, enable + more... + +
                • +
              • request_failure - Action to take if the ICAP server cannot be contacted when processing an HTTP request. type: str choices: error, bypass + more... + +
                • +
              • request_path - Path component of the ICAP URI that identifies the HTTP request processing service. type: str + more... + +
                • +
              • request_server - ICAP server to use for an HTTP request. Source icap.server.name. type: str + more... + +
                • +
              • respmod_default_action - Default action to ICAP response modification (respmod) processing. type: str choices: forward, bypass + more... + +
                • +
              • respmod_forward_rules - ICAP response mode forward rules. type: list member_path: respmod_forward_rules:name + more... + +
                • +
                  +
                • action - Action to be taken for ICAP server. type: str choices: forward, bypass + more... + +
                  • +
                • header_group - HTTP header group. type: list member_path: respmod_forward_rules:name/header_group:id + more... + +
                  • +
                    +
                  • case_sensitivity - Enable/disable case sensitivity when matching header. type: str choices: disable, enable + more... + +
                    • +
                  • header - HTTP header regular expression. type: str + more... + +
                    • +
                  • header_name - HTTP header. type: str + more... + +
                    • +
                  • id - ID. type: int required: true + more... + +
                    • +
                  +
                • host - Address object for the host. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name. type: str + more... + +
                  • +
                • http_resp_status_code - HTTP response status code. type: int + more... + +
                  • +
                • name - Address name. type: str required: true + more... + +
                  • +
                +
              • response - Enable/disable whether an HTTP response is passed to an ICAP server. type: str choices: disable, enable + more... + +
                • +
              • response_failure - Action to take if the ICAP server cannot be contacted when processing an HTTP response. type: str choices: error, bypass + more... + +
                • +
              • response_path - Path component of the ICAP URI that identifies the HTTP response processing service. type: str + more... + +
                • +
              • response_req_hdr - Enable/disable addition of req-hdr for ICAP response modification (respmod) processing. type: str choices: disable, enable + more... + +
                • +
              • response_server - ICAP server to use for an HTTP response. Source icap.server.name. type: str + more... + +
                • +
              • scan_progress_interval - Scan progress interval value. type: int + more... + +
                • +
              • streaming_content_bypass - Enable/disable bypassing of ICAP server for streaming content. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ICAP profiles. + fortios_icap_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + icap_profile: + chunk_encap: "disable" + extension_feature: "scan-progress" + icap_block_log: "disable" + icap_headers: + - + base64_encoding: "disable" + content: "" + id: "9" + name: "default_name_10" + methods: "delete" + name: "default_name_12" + preview: "disable" + preview_data_length: "14" + replacemsg_group: " (source system.replacemsg-group.name)" + request: "disable" + request_failure: "error" + request_path: "" + request_server: " (source icap.server.name)" + respmod_default_action: "forward" + respmod_forward_rules: + - + action: "forward" + header_group: + - + case_sensitivity: "disable" + header: "" + header_name: "" + id: "27" + host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)" + http_resp_status_code: + - + code: "30" + name: "default_name_31" + response: "disable" + response_failure: "error" + response_path: "" + response_req_hdr: "disable" + response_server: " (source icap.server.name)" + scan_progress_interval: "37" + streaming_content_bypass: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_icap_server.rst b/gen/fortios_icap_server.rst new file mode 100644 index 00000000..3a8138f2 --- /dev/null +++ b/gen/fortios_icap_server.rst @@ -0,0 +1,660 @@ +:source: fortios_icap_server.py + +:orphan: + +.. fortios_icap_server: + +fortios_icap_server -- Configure ICAP servers in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify icap feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_icap_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • icap_server - Configure ICAP servers. type: dict + more... + +
              • +
                +
              • ip_address - IPv4 address of the ICAP server. type: str + more... + +
                • +
              • ip_version - IP version. type: str choices: 4, 6 + more... + +
                • +
              • ip6_address - IPv6 address of the ICAP server. type: str + more... + +
                • +
              • max_connections - Maximum number of concurrent connections to ICAP server. Must not be less than wad-worker-count. type: int + more... + +
                • +
              • name - Server name. type: str required: true + more... + +
                • +
              • port - ICAP server port. type: int + more... + +
                • +
              • secure - Enable/disable secure connection to ICAP server. type: str choices: enable, disable + more... + +
                • +
              • ssl_cert - CA certificate name. Source vpn.certificate.ca.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ICAP servers. + fortios_icap_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + icap_server: + ip_address: "" + ip_version: "4" + ip6_address: "" + max_connections: "6" + name: "default_name_7" + port: "8" + secure: "enable" + ssl_cert: " (source vpn.certificate.ca.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_custom.rst b/gen/fortios_ips_custom.rst new file mode 100644 index 00000000..6931ea7b --- /dev/null +++ b/gen/fortios_ips_custom.rst @@ -0,0 +1,858 @@ +:source: fortios_ips_custom.py + +:orphan: + +.. fortios_ips_custom: + +fortios_ips_custom -- Configure IPS custom signature in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_customyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ips_custom - Configure IPS custom signature. type: dict + more... + +
              • +
                +
              • action - Default action (pass or block) for this signature. type: str choices: pass, block + more... + +
                • +
              • application - Applications to be protected. Blank for all applications. type: list
                • +
              • comment - Comment. type: str + more... + +
                • +
              • location - Protect client or server traffic. type: list
                • +
              • log - Enable/disable logging. type: str choices: disable, enable + more... + +
                • +
              • log_packet - Enable/disable packet logging. type: str choices: disable, enable + more... + +
                • +
              • os - Operating system(s) that the signature protects. Blank for all operating systems. type: list
                • +
              • protocol - Protocol(s) that the signature scans. Blank for all protocols. type: str + more... + +
                • +
              • rule_id - Signature ID. type: int + more... + +
                • +
              • severity - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. type: str + more... + +
                • +
              • sig_name - Signature name. type: str + more... + +
                • +
              • signature - Custom signature enclosed in single quotes. type: str + more... + +
                • +
              • status - Enable/disable this signature. type: str choices: disable, enable + more... + +
                • +
              • tag - Signature tag. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS custom signature. + fortios_ips_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_custom: + action: "pass" + application: "" + comment: "Comment." + location: "" + log: "disable" + log_packet: "disable" + os: "" + protocol: "" + rule_id: "11" + severity: "" + sig_name: "" + signature: "" + status: "disable" + tag: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_decoder.rst b/gen/fortios_ips_decoder.rst new file mode 100644 index 00000000..b3fc0786 --- /dev/null +++ b/gen/fortios_ips_decoder.rst @@ -0,0 +1,403 @@ +:source: fortios_ips_decoder.py + +:orphan: + +.. fortios_ips_decoder: + +fortios_ips_decoder -- Configure IPS decoder in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and decoder category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_decoderyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ips_decoder - Configure IPS decoder. type: dict + more... + +
              • +
                +
              • name - Decoder name. type: str required: true + more... + +
                • +
              • parameter - IPS group parameters. type: list member_path: parameter:name + more... + +
                • +
                  +
                • name - Parameter name. type: str required: true + more... + +
                  • +
                • value - Parameter value. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS decoder. + fortios_ips_decoder: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_decoder: + name: "default_name_3" + parameter: + - + name: "default_name_5" + value: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_global.rst b/gen/fortios_ips_global.rst new file mode 100644 index 00000000..19e0468e --- /dev/null +++ b/gen/fortios_ips_global.rst @@ -0,0 +1,1663 @@ +:source: fortios_ips_global.py + +:orphan: + +.. fortios_ips_global: + +fortios_ips_global -- Configure IPS global parameter in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_globalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • ips_global - Configure IPS global parameter. type: dict + more... + +
              • +
                +
              • anomaly_mode - Global blocking mode for rate-based anomalies. type: str choices: periodical, continuous + more... + +
                • +
              • cp_accel_mode - IPS Pattern matching acceleration/offloading to CPx processors. type: str choices: none, basic, advanced + more... + +
                • +
              • database - Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. type: str choices: regular, extended + more... + +
                • +
              • deep_app_insp_db_limit - Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0). type: int + more... + +
                • +
              • deep_app_insp_timeout - Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting). type: int + more... + +
                • +
              • engine_count - Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores. type: int + more... + +
                • +
              • exclude_signatures - Excluded signatures. type: str choices: none, industrial + more... + +
                • +
              • fail_open - Enable to allow traffic if the IPS buffer is full. Default is disable and IPS traffic is blocked when the IPS buffer is full. type: str choices: enable, disable + more... + +
                • +
              • intelligent_mode - Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. type: str choices: enable, disable + more... + +
                • +
              • ips_reserve_cpu - Enable/disable IPS daemon"s use of CPUs other than CPU 0 type: str choices: disable, enable + more... + +
                • +
              • ngfw_max_scan_range - NGFW policy-mode app detection threshold. type: int + more... + +
                • +
              • np_accel_mode - Acceleration mode for IPS processing by NPx processors. type: str choices: none, basic + more... + +
                • +
              • packet_log_queue_depth - Packet/pcap log queue depth per IPS engine. type: int + more... + +
                • +
              • session_limit_mode - Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). type: str choices: accurate, heuristic + more... + +
                • +
              • skype_client_public_ipaddr - Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. type: str + more... + +
                • +
              • socket_size - IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance. type: int + more... + +
                • +
              • sync_session_ttl - Enable/disable use of kernel session TTL for IPS sessions. type: str choices: enable, disable + more... + +
                • +
              • tls_active_probe - TLS active probe configuration. type: dict + more... + +
                • +
                  +
                • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                  • +
                • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                  • +
                • source_ip - Source IP address used for TLS active probe. type: str + more... + +
                  • +
                • source_ip6 - Source IPv6 address used for TLS active probe. type: str + more... + +
                  • +
                • vdom - Virtual domain name for TLS active probe. Source system.vdom.name. type: str + more... + +
                  • +
                +
              • traffic_submit - Enable/disable submitting attack data found by this FortiGate to FortiGuard. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS global parameter. + fortios_ips_global: + vdom: "{{ vdom }}" + ips_global: + anomaly_mode: "periodical" + cp_accel_mode: "none" + database: "regular" + deep_app_insp_db_limit: "6" + deep_app_insp_timeout: "7" + engine_count: "8" + exclude_signatures: "none" + fail_open: "enable" + intelligent_mode: "enable" + ips_reserve_cpu: "disable" + ngfw_max_scan_range: "13" + np_accel_mode: "none" + packet_log_queue_depth: "15" + session_limit_mode: "accurate" + skype_client_public_ipaddr: "" + socket_size: "18" + sync_session_ttl: "enable" + tls_active_probe: + interface: " (source system.interface.name)" + interface_select_method: "auto" + source_ip: "84.230.14.43" + source_ip6: "" + vdom: " (source system.vdom.name)" + traffic_submit: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_rule.rst b/gen/fortios_ips_rule.rst new file mode 100644 index 00000000..b6305998 --- /dev/null +++ b/gen/fortios_ips_rule.rst @@ -0,0 +1,1155 @@ +:source: fortios_ips_rule.py + +:orphan: + +.. fortios_ips_rule: + +fortios_ips_rule -- Configure IPS rules in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and rule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_ruleyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ips_rule - Configure IPS rules. type: dict + more... + +
              • +
                +
              • action - Action. type: str choices: pass, block + more... + +
                • +
              • application - Vulnerable applications. type: str + more... + +
                • +
              • date - Date. type: int + more... + +
                • +
              • group - Group. type: str + more... + +
                • +
              • location - Vulnerable location. type: list
                • +
              • log - Enable/disable logging. type: str choices: disable, enable + more... + +
                • +
              • log_packet - Enable/disable packet logging. type: str choices: disable, enable + more... + +
                • +
              • metadata - Meta data. type: list member_path: metadata:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • metaid - Meta ID. type: int + more... + +
                  • +
                • valueid - Value ID. type: int + more... + +
                  • +
                +
              • name - Rule name. type: str required: true + more... + +
                • +
              • os - Vulnerable operation systems. type: str + more... + +
                • +
              • rev - Revision. type: int + more... + +
                • +
              • rule_id - Rule ID. type: int + more... + +
                • +
              • service - Vulnerable service. type: str + more... + +
                • +
              • severity - Severity. type: str + more... + +
                • +
              • status - Enable/disable status. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS rules. + fortios_ips_rule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_rule: + action: "pass" + application: "" + date: "5" + group: "" + location: "" + log: "disable" + log_packet: "disable" + metadata: + - + id: "11" + metaid: "12" + valueid: "13" + name: "default_name_14" + os: "" + rev: "16" + rule_id: "17" + service: "" + severity: "" + status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_rule_settings.rst b/gen/fortios_ips_rule_settings.rst new file mode 100644 index 00000000..2678debc --- /dev/null +++ b/gen/fortios_ips_rule_settings.rst @@ -0,0 +1,262 @@ +:source: fortios_ips_rule_settings.py + +:orphan: + +.. fortios_ips_rule_settings: + +fortios_ips_rule_settings -- Configure IPS rule setting in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and rule_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_rule_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ips_rule_settings - Configure IPS rule setting. type: dict + more... + +
              • +
                +
              • id - Rule ID. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS rule setting. + fortios_ips_rule_settings: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_rule_settings: + id: "3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_sensor.rst b/gen/fortios_ips_sensor.rst new file mode 100644 index 00000000..852483c1 --- /dev/null +++ b/gen/fortios_ips_sensor.rst @@ -0,0 +1,3230 @@ +:source: fortios_ips_sensor.py + +:orphan: + +.. fortios_ips_sensor: + +fortios_ips_sensor -- Configure IPS sensor in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and sensor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_sensoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ips_sensor - Configure IPS sensor. type: dict + more... + +
              • +
                +
              • block_malicious_url - Enable/disable malicious URL blocking. type: str choices: disable, enable + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • entries - IPS sensor filter. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Action taken with traffic in which signatures are detected. type: str choices: pass, block, reset, default + more... + +
                  • +
                • application - Operating systems to be protected. Use all for every application and other for unlisted application. type: list
                  • +
                • cve - List of CVE IDs of the signatures to add to the sensor. type: list + more... + +
                  • +
                    +
                  • cve_entry - CVE IDs or CVE wildcards. type: str + more... + +
                    • +
                  +
                • exempt_ip - Traffic from selected source or destination IP addresses is exempt from this signature. type: list member_path: entries:id/exempt_ip:id + more... + +
                  • +
                    +
                  • dst_ip - Destination IP address and netmask (applies to packet matching the signature). type: str + more... + +
                    • +
                  • id - Exempt IP ID. type: int required: true + more... + +
                    • +
                  • src_ip - Source IP address and netmask (applies to packet matching the signature). type: str + more... + +
                    • +
                  +
                • id - Rule ID in IPS database (0 - 4294967295). type: int required: true + more... + +
                  • +
                • location - Protect client or server traffic. type: list
                  • +
                • log - Enable/disable logging of signatures included in filter. type: str choices: disable, enable + more... + +
                  • +
                • log_attack_context - Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. type: str choices: disable, enable + more... + +
                  • +
                • log_packet - Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. type: str choices: disable, enable + more... + +
                  • +
                • os - Operating systems to be protected. Use all for every operating system and other for unlisted operating systems. type: list
                  • +
                • protocol - Protocols to be examined. Use all for every protocol and other for unlisted protocols. type: list
                  • +
                • quarantine - Quarantine method. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine. (Format type: str + more... + +
                  • +
                • quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable + more... + +
                  • +
                • rate_count - Count of the rate. type: int + more... + +
                  • +
                • rate_duration - Duration (sec) of the rate. type: int + more... + +
                  • +
                • rate_mode - Rate limit mode. type: str choices: periodical, continuous + more... + +
                  • +
                • rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip, dhcp-client-mac, dns-domain + more... + +
                  • +
                • rule - Identifies the predefined or custom IPS signatures to add to the sensor. type: list member_path: entries:id/rule:id + more... + +
                  • +
                    +
                  • id - Rule IPS. type: int required: true + more... + +
                    • +
                  +
                • severity - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. type: list
                  • +
                • status - Status of the signatures included in filter. Only those filters with a status to enable are used. type: str choices: disable, enable, default + more... + +
                  • +
                +
              • extended_log - Enable/disable extended logging. type: str choices: enable, disable + more... + +
                • +
              • filter - IPS sensor filter. type: list member_path: filter:name + more... + +
                • +
                  +
                • action - Action of selected rules. type: str choices: pass, block, reset, default + more... + +
                  • +
                • application - Vulnerable application filter. type: str + more... + +
                  • +
                • location - Vulnerability location filter. type: str + more... + +
                  • +
                • log - Enable/disable logging of selected rules. type: str choices: disable, enable + more... + +
                  • +
                • log_packet - Enable/disable packet logging of selected rules. type: str choices: disable, enable + more... + +
                  • +
                • name - Filter name. type: str required: true + more... + +
                  • +
                • os - Vulnerable OS filter. type: str + more... + +
                  • +
                • protocol - Vulnerable protocol filter. type: str + more... + +
                  • +
                • quarantine - Quarantine IP or interface. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine in minute. type: int + more... + +
                  • +
                • quarantine_log - Enable/disable logging of selected quarantine. type: str choices: disable, enable + more... + +
                  • +
                • severity - Vulnerability severity filter. type: str + more... + +
                  • +
                • status - Selected rules status. type: str choices: disable, enable, default + more... + +
                  • +
                +
              • name - Sensor name. type: str required: true + more... + +
                • +
              • override - IPS override rule. type: list + more... + +
                • +
                  +
                • action - Action of override rule. type: str choices: pass, block, reset + more... + +
                  • +
                • exempt_ip - Exempted IP. type: list member_path: exempt_ip:id + more... + +
                  • +
                    +
                  • dst_ip - Destination IP address and netmask. type: str + more... + +
                    • +
                  • id - Exempt IP ID. type: int required: true + more... + +
                    • +
                  • src_ip - Source IP address and netmask. type: str + more... + +
                    • +
                  +
                • log - Enable/disable logging. type: str choices: disable, enable + more... + +
                  • +
                • log_packet - Enable/disable packet logging. type: str choices: disable, enable + more... + +
                  • +
                • quarantine - Quarantine IP or interface. type: str choices: none, attacker + more... + +
                  • +
                • quarantine_expiry - Duration of quarantine in minute. type: int + more... + +
                  • +
                • quarantine_log - Enable/disable logging of selected quarantine. type: str choices: disable, enable + more... + +
                  • +
                • rule_id - Override rule ID. type: int + more... + +
                  • +
                • status - Enable/disable status of override rule. type: str choices: disable, enable + more... + +
                  • +
                +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • scan_botnet_connections - Block or monitor connections to Botnet servers, or disable Botnet scanning. type: str choices: disable, block, monitor + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS sensor. + fortios_ips_sensor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_sensor: + block_malicious_url: "disable" + comment: "Comment." + entries: + - + action: "pass" + application: "" + cve: + - + cve_entry: "" + exempt_ip: + - + dst_ip: "" + id: "12" + src_ip: "" + id: "14" + location: "" + log: "disable" + log_attack_context: "disable" + log_packet: "disable" + os: "" + protocol: "" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + rate_count: "24" + rate_duration: "25" + rate_mode: "periodical" + rate_track: "none" + rule: + - + id: "29" + severity: "" + status: "disable" + extended_log: "enable" + filter: + - + action: "pass" + application: "" + location: "" + log: "disable" + log_packet: "disable" + name: "default_name_39" + os: "" + protocol: "" + quarantine: "none" + quarantine_expiry: "43" + quarantine_log: "disable" + severity: "" + status: "disable" + name: "default_name_47" + override: + - + action: "pass" + exempt_ip: + - + dst_ip: "" + id: "52" + src_ip: "" + log: "disable" + log_packet: "disable" + quarantine: "none" + quarantine_expiry: "57" + quarantine_log: "disable" + rule_id: "59" + status: "disable" + replacemsg_group: " (source system.replacemsg-group.name)" + scan_botnet_connections: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_settings.rst b/gen/fortios_ips_settings.rst new file mode 100644 index 00000000..c6b8113f --- /dev/null +++ b/gen/fortios_ips_settings.rst @@ -0,0 +1,397 @@ +:source: fortios_ips_settings.py + +:orphan: + +.. fortios_ips_settings: + +fortios_ips_settings -- Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • ips_settings - Configure IPS VDOM parameter. type: dict + more... + +
              • +
                +
              • ips_packet_quota - Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. type: int + more... + +
                • +
              • packet_log_history - Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). type: int + more... + +
                • +
              • packet_log_memory - Maximum memory can be used by packet log (64 - 8192 kB). type: int + more... + +
                • +
              • packet_log_post_attack - Number of packets to log after the IPS signature is detected (0 - 255). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS VDOM parameter. + fortios_ips_settings: + vdom: "{{ vdom }}" + ips_settings: + ips_packet_quota: "3" + packet_log_history: "4" + packet_log_memory: "5" + packet_log_post_attack: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ips_view_map.rst b/gen/fortios_ips_view_map.rst new file mode 100644 index 00000000..5504689c --- /dev/null +++ b/gen/fortios_ips_view_map.rst @@ -0,0 +1,495 @@ +:source: fortios_ips_view_map.py + +:orphan: + +.. fortios_ips_view_map: + +fortios_ips_view_map -- Configure IPS view-map in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and view_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ips_view_mapyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ips_view_map - Configure IPS view-map. type: dict + more... + +
              • +
                +
              • id - View ID. type: int required: true + more... + +
                • +
              • id_policy_id - ID-based policy ID. type: int + more... + +
                • +
              • policy_id - Policy ID. type: int + more... + +
                • +
              • vdom_id - VDOM ID. type: int + more... + +
                • +
              • which - Policy. type: str choices: firewall, interface, interface6, sniffer, sniffer6, explicit, firewall6 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS view-map. + fortios_ips_view_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_view_map: + id: "3" + id_policy_id: "4" + policy_id: "5" + vdom_id: "6" + which: "firewall" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_custom_field.rst b/gen/fortios_log_custom_field.rst new file mode 100644 index 00000000..44a88be6 --- /dev/null +++ b/gen/fortios_log_custom_field.rst @@ -0,0 +1,354 @@ +:source: fortios_log_custom_field.py + +:orphan: + +.. fortios_log_custom_field: + +fortios_log_custom_field -- Configure custom log fields in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and custom_field category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_custom_fieldyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • log_custom_field - Configure custom log fields. type: dict + more... + +
              • +
                +
              • id - Field ID string. type: str required: true + more... + +
                • +
              • name - Field name (max: 15 characters). type: str + more... + +
                • +
              • value - Field value (max: 15 characters). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom log fields. + fortios_log_custom_field: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + log_custom_field: + id: "3" + name: "default_name_4" + value: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_disk_filter.rst b/gen/fortios_log_disk_filter.rst new file mode 100644 index 00000000..1f00ff9b --- /dev/null +++ b/gen/fortios_log_disk_filter.rst @@ -0,0 +1,2610 @@ +:source: fortios_log_disk_filter.py + +:orphan: + +.. fortios_log_disk_filter: + +fortios_log_disk_filter -- Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_disk feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_disk_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_disk_filter - Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. type: dict + more... + +
              • +
                +
              • admin - Enable/disable admin login/logout logging. type: str choices: enable, disable + more... + +
                • +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • auth - Enable/disable firewall authentication logging. type: str choices: enable, disable + more... + +
                • +
              • cpu_memory_usage - Enable/disable CPU & memory usage logging every 5 minutes. type: str choices: enable, disable + more... + +
                • +
              • dhcp - Enable/disable DHCP service messages logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • event - Enable/disable event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Disk log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • ha - Enable/disable HA logging. type: str choices: enable, disable + more... + +
                • +
              • ipsec - Enable/disable IPsec negotiation messages logging. type: str choices: enable, disable + more... + +
                • +
              • ldb_monitor - Enable/disable VIP real server health monitoring logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • notification - Enable/disable notification messages logging. type: str choices: enable, disable + more... + +
                • +
              • pattern - Enable/disable pattern update logging. type: str choices: enable, disable + more... + +
                • +
              • ppp - Enable/disable L2TP/PPTP/PPPoE logging. type: str choices: enable, disable + more... + +
                • +
              • radius - Enable/disable RADIUS messages logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Log to disk every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_log_adm - Enable/disable SSL administrator login logging. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_log_auth - Enable/disable SSL user authentication logging. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_log_session - Enable/disable SSL session logging. type: str choices: enable, disable + more... + +
                • +
              • system - Enable/disable system activity logging. type: str choices: enable, disable + more... + +
                • +
              • vip_ssl - Enable/disable VIP SSL logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • wan_opt - Enable/disable WAN optimization event logging. type: str choices: enable, disable + more... + +
                • +
              • wireless_activity - Enable/disable wireless activity event logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. + fortios_log_disk_filter: + vdom: "{{ vdom }}" + log_disk_filter: + admin: "enable" + anomaly: "enable" + auth: "enable" + cpu_memory_usage: "enable" + dhcp: "enable" + dlp_archive: "enable" + dns: "enable" + event: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "18" + gtp: "enable" + ha: "enable" + ipsec: "enable" + ldb_monitor: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + notification: "enable" + pattern: "enable" + ppp: "enable" + radius: "enable" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + sslvpn_log_adm: "enable" + sslvpn_log_auth: "enable" + sslvpn_log_session: "enable" + system: "enable" + vip_ssl: "enable" + voip: "enable" + wan_opt: "enable" + wireless_activity: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_disk_setting.rst b/gen/fortios_log_disk_setting.rst new file mode 100644 index 00000000..ab076a70 --- /dev/null +++ b/gen/fortios_log_disk_setting.rst @@ -0,0 +1,2562 @@ +:source: fortios_log_disk_setting.py + +:orphan: + +.. fortios_log_disk_setting: + +fortios_log_disk_setting -- Settings for local disk logging in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_disk feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_disk_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_disk_setting - Settings for local disk logging. type: dict + more... + +
              • +
                +
              • diskfull - Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full . type: str choices: overwrite, nolog + more... + +
                • +
              • dlp_archive_quota - DLP archive quota (MB). type: int + more... + +
                • +
              • full_final_warning_threshold - Log full final warning threshold as a percent (3 - 100). type: int + more... + +
                • +
              • full_first_warning_threshold - Log full first warning threshold as a percent (1 - 98). type: int + more... + +
                • +
              • full_second_warning_threshold - Log full second warning threshold as a percent (2 - 99). type: int + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archiving to the local disk. type: str choices: enable, disable + more... + +
                • +
              • log_quota - Disk log quota (MB). type: int + more... + +
                • +
              • max_log_file_size - Maximum log file size before rolling (1 - 100 Mbytes). type: int + more... + +
                • +
              • max_policy_packet_capture_size - Maximum size of policy sniffer in MB (0 means unlimited). type: int + more... + +
                • +
              • maximum_log_age - Delete log files older than (days). type: int + more... + +
                • +
              • report_quota - Report db quota (MB). type: int + more... + +
                • +
              • roll_day - Day of week on which to roll log file. type: list choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              • roll_schedule - Frequency to check log file for rolling. type: str choices: daily, weekly + more... + +
                • +
              • roll_time - Time of day to roll the log file (hh:mm). type: str + more... + +
                • +
              • source_ip - Source IP address to use for uploading disk log files. type: str + more... + +
                • +
              • status - Enable/disable local disk logging. type: str choices: enable, disable + more... + +
                • +
              • upload - Enable/disable uploading log files when they are rolled. type: str choices: enable, disable + more... + +
                • +
              • upload_delete_files - Delete log files after uploading . type: str choices: enable, disable + more... + +
                • +
              • upload_destination - The type of server to upload log files to. Only FTP is currently supported. type: str choices: ftp-server + more... + +
                • +
              • upload_ssl_conn - Enable/disable encrypted FTPS communication to upload log files. type: str choices: default, high, low, disable + more... + +
                • +
              • uploaddir - The remote directory on the FTP server to upload log files to. type: str + more... + +
                • +
              • uploadip - IP address of the FTP server to upload log files to. type: str + more... + +
                • +
              • uploadpass - Password required to log into the FTP server to upload disk log files. type: str + more... + +
                • +
              • uploadport - TCP port to use for communicating with the FTP server . type: int + more... + +
                • +
              • uploadsched - Set the schedule for uploading log files to the FTP server . type: str choices: disable, enable + more... + +
                • +
              • uploadtime - Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh). type: str + more... + +
                • +
              • uploadtype - Types of log files to upload. Separate multiple entries with a space. type: list choices: traffic, event, virus, webfilter, IPS, emailfilter, dlp-archive, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna, cifs, spamfilter, netscan + more... + +
                • +
              • uploaduser - Username required to log into the FTP server to upload disk log files. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for local disk logging. + fortios_log_disk_setting: + vdom: "{{ vdom }}" + log_disk_setting: + diskfull: "overwrite" + dlp_archive_quota: "4" + full_final_warning_threshold: "5" + full_first_warning_threshold: "6" + full_second_warning_threshold: "7" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + log_quota: "11" + max_log_file_size: "12" + max_policy_packet_capture_size: "13" + maximum_log_age: "14" + report_quota: "15" + roll_day: "sunday" + roll_schedule: "daily" + roll_time: "" + source_ip: "84.230.14.43" + status: "enable" + upload: "enable" + upload_delete_files: "enable" + upload_destination: "ftp-server" + upload_ssl_conn: "default" + uploaddir: "" + uploadip: "" + uploadpass: "" + uploadport: "28" + uploadsched: "disable" + uploadtime: "" + uploadtype: "traffic" + uploaduser: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_eventfilter.rst b/gen/fortios_log_eventfilter.rst new file mode 100644 index 00000000..7608283b --- /dev/null +++ b/gen/fortios_log_eventfilter.rst @@ -0,0 +1,1589 @@ +:source: fortios_log_eventfilter.py + +:orphan: + +.. fortios_log_eventfilter: + +fortios_log_eventfilter -- Configure log event filters in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and eventfilter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_eventfilteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_eventfilter - Configure log event filters. type: dict + more... + +
              • +
                +
              • cifs - Enable/disable CIFS logging. type: str choices: enable, disable + more... + +
                • +
              • compliance_check - Enable/disable PCI DSS compliance check logging. type: str choices: enable, disable + more... + +
                • +
              • connector - Enable/disable SDN connector logging. type: str choices: enable, disable + more... + +
                • +
              • endpoint - Enable/disable endpoint event logging. type: str choices: enable, disable + more... + +
                • +
              • event - Enable/disable event logging. type: str choices: enable, disable + more... + +
                • +
              • fortiextender - Enable/disable FortiExtender logging. type: str choices: enable, disable + more... + +
                • +
              • ha - Enable/disable ha event logging. type: str choices: enable, disable + more... + +
                • +
              • rest_api - Enable/disable REST API logging. type: str choices: enable, disable + more... + +
                • +
              • router - Enable/disable router event logging. type: str choices: enable, disable + more... + +
                • +
              • sdwan - Enable/disable SD-WAN logging. type: str choices: enable, disable + more... + +
                • +
              • security_rating - Enable/disable Security Rating result logging. type: str choices: enable, disable + more... + +
                • +
              • switch_controller - Enable/disable Switch-Controller logging. type: str choices: enable, disable + more... + +
                • +
              • system - Enable/disable system event logging. type: str choices: enable, disable + more... + +
                • +
              • user - Enable/disable user authentication event logging. type: str choices: enable, disable + more... + +
                • +
              • vpn - Enable/disable VPN event logging. type: str choices: enable, disable + more... + +
                • +
              • wan_opt - Enable/disable WAN optimization event logging. type: str choices: enable, disable + more... + +
                • +
              • wireless_activity - Enable/disable wireless event logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure log event filters. + fortios_log_eventfilter: + vdom: "{{ vdom }}" + log_eventfilter: + cifs: "enable" + compliance_check: "enable" + connector: "enable" + endpoint: "enable" + event: "enable" + fortiextender: "enable" + ha: "enable" + rest_api: "enable" + router: "enable" + sdwan: "enable" + security_rating: "enable" + switch_controller: "enable" + system: "enable" + user: "enable" + vpn: "enable" + wan_opt: "enable" + wireless_activity: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer2_filter.rst b/gen/fortios_log_fortianalyzer2_filter.rst new file mode 100644 index 00000000..08488aef --- /dev/null +++ b/gen/fortios_log_fortianalyzer2_filter.rst @@ -0,0 +1,1698 @@ +:source: fortios_log_fortianalyzer2_filter.py + +:orphan: + +.. fortios_log_fortianalyzer2_filter: + +fortios_log_fortianalyzer2_filter -- Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer2 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer2_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer2_filter - Filters for FortiAnalyzer. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer 2 log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Log every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer. + fortios_log_fortianalyzer2_filter: + vdom: "{{ vdom }}" + log_fortianalyzer2_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer2_override_filter.rst b/gen/fortios_log_fortianalyzer2_override_filter.rst new file mode 100644 index 00000000..0a07cf8c --- /dev/null +++ b/gen/fortios_log_fortianalyzer2_override_filter.rst @@ -0,0 +1,1420 @@ +:source: fortios_log_fortianalyzer2_override_filter.py + +:orphan: + +.. fortios_log_fortianalyzer2_override_filter: + +fortios_log_fortianalyzer2_override_filter -- Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer2 feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer2_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer2_override_filter - Override filters for FortiAnalyzer. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer 2 log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Log every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiAnalyzer. + fortios_log_fortianalyzer2_override_filter: + vdom: "{{ vdom }}" + log_fortianalyzer2_override_filter: + anomaly: "enable" + dlp_archive: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + severity: "emergency" + sniffer_traffic: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer2_override_setting.rst b/gen/fortios_log_fortianalyzer2_override_setting.rst new file mode 100644 index 00000000..840651e3 --- /dev/null +++ b/gen/fortios_log_fortianalyzer2_override_setting.rst @@ -0,0 +1,1870 @@ +:source: fortios_log_fortianalyzer2_override_setting.py + +:orphan: + +.. fortios_log_fortianalyzer2_override_setting: + +fortios_log_fortianalyzer2_override_setting -- Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer2 feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer2_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer2_override_setting - Override FortiAnalyzer settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • override - Enable/disable overriding FortiAnalyzer settings or use global settings. type: str choices: enable, disable + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • server - The remote FortiAnalyzer. type: str + more... + +
                • +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              • use_management_vdom - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override FortiAnalyzer settings. + fortios_log_fortianalyzer2_override_setting: + vdom: "{{ vdom }}" + log_fortianalyzer2_override_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + override: "enable" + preshared_key: "" + priority: "default" + reliable: "enable" + serial: + - + name: "default_name_23" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + use_management_vdom: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer2_setting.rst b/gen/fortios_log_fortianalyzer2_setting.rst new file mode 100644 index 00000000..456b65a3 --- /dev/null +++ b/gen/fortios_log_fortianalyzer2_setting.rst @@ -0,0 +1,2040 @@ +:source: fortios_log_fortianalyzer2_setting.py + +:orphan: + +.. fortios_log_fortianalyzer2_setting: + +fortios_log_fortianalyzer2_setting -- Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer2 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer2_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer2_setting - Global FortiAnalyzer settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • server - The remote FortiAnalyzer. type: str + more... + +
                • +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer settings. + fortios_log_fortianalyzer2_setting: + vdom: "{{ vdom }}" + log_fortianalyzer2_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + preshared_key: "" + priority: "default" + reliable: "enable" + serial: + - + name: "default_name_22" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer3_filter.rst b/gen/fortios_log_fortianalyzer3_filter.rst new file mode 100644 index 00000000..695f27a5 --- /dev/null +++ b/gen/fortios_log_fortianalyzer3_filter.rst @@ -0,0 +1,1698 @@ +:source: fortios_log_fortianalyzer3_filter.py + +:orphan: + +.. fortios_log_fortianalyzer3_filter: + +fortios_log_fortianalyzer3_filter -- Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer3 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer3_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer3_filter - Filters for FortiAnalyzer. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer 3 log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer. + fortios_log_fortianalyzer3_filter: + vdom: "{{ vdom }}" + log_fortianalyzer3_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer3_override_filter.rst b/gen/fortios_log_fortianalyzer3_override_filter.rst new file mode 100644 index 00000000..2f982a6b --- /dev/null +++ b/gen/fortios_log_fortianalyzer3_override_filter.rst @@ -0,0 +1,1420 @@ +:source: fortios_log_fortianalyzer3_override_filter.py + +:orphan: + +.. fortios_log_fortianalyzer3_override_filter: + +fortios_log_fortianalyzer3_override_filter -- Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer3 feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer3_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer3_override_filter - Override filters for FortiAnalyzer. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer 3 log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiAnalyzer. + fortios_log_fortianalyzer3_override_filter: + vdom: "{{ vdom }}" + log_fortianalyzer3_override_filter: + anomaly: "enable" + dlp_archive: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + severity: "emergency" + sniffer_traffic: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer3_override_setting.rst b/gen/fortios_log_fortianalyzer3_override_setting.rst new file mode 100644 index 00000000..1457afb9 --- /dev/null +++ b/gen/fortios_log_fortianalyzer3_override_setting.rst @@ -0,0 +1,1870 @@ +:source: fortios_log_fortianalyzer3_override_setting.py + +:orphan: + +.. fortios_log_fortianalyzer3_override_setting: + +fortios_log_fortianalyzer3_override_setting -- Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer3 feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer3_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer3_override_setting - Override FortiAnalyzer settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • override - Enable/disable overriding FortiAnalyzer settings or use global settings. type: str choices: enable, disable + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • server - The remote FortiAnalyzer. type: str + more... + +
                • +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              • use_management_vdom - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override FortiAnalyzer settings. + fortios_log_fortianalyzer3_override_setting: + vdom: "{{ vdom }}" + log_fortianalyzer3_override_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + override: "enable" + preshared_key: "" + priority: "default" + reliable: "enable" + serial: + - + name: "default_name_23" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + use_management_vdom: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer3_setting.rst b/gen/fortios_log_fortianalyzer3_setting.rst new file mode 100644 index 00000000..5a567507 --- /dev/null +++ b/gen/fortios_log_fortianalyzer3_setting.rst @@ -0,0 +1,2040 @@ +:source: fortios_log_fortianalyzer3_setting.py + +:orphan: + +.. fortios_log_fortianalyzer3_setting: + +fortios_log_fortianalyzer3_setting -- Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer3 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer3_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer3_setting - Global FortiAnalyzer settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • server - The remote FortiAnalyzer. type: str + more... + +
                • +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer settings. + fortios_log_fortianalyzer3_setting: + vdom: "{{ vdom }}" + log_fortianalyzer3_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + preshared_key: "" + priority: "default" + reliable: "enable" + serial: + - + name: "default_name_22" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_cloud_filter.rst b/gen/fortios_log_fortianalyzer_cloud_filter.rst new file mode 100644 index 00000000..d6c661c8 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_cloud_filter.rst @@ -0,0 +1,1628 @@ +:source: fortios_log_fortianalyzer_cloud_filter.py + +:orphan: + +.. fortios_log_fortianalyzer_cloud_filter: + +fortios_log_fortianalyzer_cloud_filter -- Filters for FortiAnalyzer Cloud in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer_cloud feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_cloud_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_cloud_filter - Filters for FortiAnalyzer Cloud. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer Cloud log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer Cloud. + fortios_log_fortianalyzer_cloud_filter: + vdom: "{{ vdom }}" + log_fortianalyzer_cloud_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_cloud_override_filter.rst b/gen/fortios_log_fortianalyzer_cloud_override_filter.rst new file mode 100644 index 00000000..3f22f913 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_cloud_override_filter.rst @@ -0,0 +1,1628 @@ +:source: fortios_log_fortianalyzer_cloud_override_filter.py + +:orphan: + +.. fortios_log_fortianalyzer_cloud_override_filter: + +fortios_log_fortianalyzer_cloud_override_filter -- Override filters for FortiAnalyzer Cloud in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer_cloud feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_cloud_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_cloud_override_filter - Override filters for FortiAnalyzer Cloud. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer Cloud log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiAnalyzer Cloud. + fortios_log_fortianalyzer_cloud_override_filter: + vdom: "{{ vdom }}" + log_fortianalyzer_cloud_override_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_cloud_override_setting.rst b/gen/fortios_log_fortianalyzer_cloud_override_setting.rst new file mode 100644 index 00000000..e5de8075 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_cloud_override_setting.rst @@ -0,0 +1,347 @@ +:source: fortios_log_fortianalyzer_cloud_override_setting.py + +:orphan: + +.. fortios_log_fortianalyzer_cloud_override_setting: + +fortios_log_fortianalyzer_cloud_override_setting -- Override FortiAnalyzer Cloud settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer_cloud feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_cloud_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_cloud_override_setting - Override FortiAnalyzer Cloud settings. type: dict + more... + +
              • +
                +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • override - Enable/disable overriding FortiAnalyzer settings or use global settings. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override FortiAnalyzer Cloud settings. + fortios_log_fortianalyzer_cloud_override_setting: + vdom: "{{ vdom }}" + log_fortianalyzer_cloud_override_setting: + faz_type: "3" + override: "enable" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_cloud_setting.rst b/gen/fortios_log_fortianalyzer_cloud_setting.rst new file mode 100644 index 00000000..b323f428 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_cloud_setting.rst @@ -0,0 +1,1804 @@ +:source: fortios_log_fortianalyzer_cloud_setting.py + +:orphan: + +.. fortios_log_fortianalyzer_cloud_setting: + +fortios_log_fortianalyzer_cloud_setting -- Global FortiAnalyzer Cloud settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer_cloud feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_cloud_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_cloud_setting - Global FortiAnalyzer Cloud settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer Cloud settings. + fortios_log_fortianalyzer_cloud_setting: + vdom: "{{ vdom }}" + log_fortianalyzer_cloud_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + preshared_key: "" + priority: "default" + serial: + - + name: "default_name_21" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_filter.rst b/gen/fortios_log_fortianalyzer_filter.rst new file mode 100644 index 00000000..686095b2 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_filter.rst @@ -0,0 +1,1698 @@ +:source: fortios_log_fortianalyzer_filter.py + +:orphan: + +.. fortios_log_fortianalyzer_filter: + +fortios_log_fortianalyzer_filter -- Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_filter - Filters for FortiAnalyzer. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer. + fortios_log_fortianalyzer_filter: + vdom: "{{ vdom }}" + log_fortianalyzer_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_override_filter.rst b/gen/fortios_log_fortianalyzer_override_filter.rst new file mode 100644 index 00000000..15f93a56 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_override_filter.rst @@ -0,0 +1,1698 @@ +:source: fortios_log_fortianalyzer_override_filter.py + +:orphan: + +.. fortios_log_fortianalyzer_override_filter: + +fortios_log_fortianalyzer_override_filter -- Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_override_filter - Override filters for FortiAnalyzer. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiAnalyzer log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiAnalyzer. + fortios_log_fortianalyzer_override_filter: + vdom: "{{ vdom }}" + log_fortianalyzer_override_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_override_setting.rst b/gen/fortios_log_fortianalyzer_override_setting.rst new file mode 100644 index 00000000..447bf4b6 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_override_setting.rst @@ -0,0 +1,2164 @@ +:source: fortios_log_fortianalyzer_override_setting.py + +:orphan: + +.. fortios_log_fortianalyzer_override_setting: + +fortios_log_fortianalyzer_override_setting -- Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_override_setting - Override FortiAnalyzer settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • override - Enable/disable overriding FortiAnalyzer settings or use global settings. type: str choices: enable, disable + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • server - The remote FortiAnalyzer. type: str + more... + +
                • +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              • use_management_vdom - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override FortiAnalyzer settings. + fortios_log_fortianalyzer_override_setting: + vdom: "{{ vdom }}" + log_fortianalyzer_override_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + override: "enable" + preshared_key: "" + priority: "default" + reliable: "enable" + serial: + - + name: "default_name_23" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + use_management_vdom: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortianalyzer_setting.rst b/gen/fortios_log_fortianalyzer_setting.rst new file mode 100644 index 00000000..273cdad6 --- /dev/null +++ b/gen/fortios_log_fortianalyzer_setting.rst @@ -0,0 +1,2040 @@ +:source: fortios_log_fortianalyzer_setting.py + +:orphan: + +.. fortios_log_fortianalyzer_setting: + +fortios_log_fortianalyzer_setting -- Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortianalyzer_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortianalyzer_setting - Global FortiAnalyzer settings. type: dict + more... + +
              • +
                +
              • __change_ip - Hidden attribute. type: int + more... + +
                • +
              • access_config - Enable/disable FortiAnalyzer access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str + more... + +
                • +
              • certificate_verification - Enable/disable identity verification of FortiAnalyzer by use of certificate. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiAnalyzer. type: str choices: high-medium, high, low + more... + +
                • +
              • faz_type - Hidden setting index of FortiAnalyzer. type: int + more... + +
                • +
              • hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiAnalyzer maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mgmt_name - Hidden management name of FortiAnalyzer. type: str + more... + +
                • +
              • monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int + more... + +
                • +
              • monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int + more... + +
                • +
              • preshared_key - Preshared-key used for auto-authorization on FortiAnalyzer. type: str + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • serial - Serial numbers of the FortiAnalyzer. type: list member_path: serial:name + more... + +
                • +
                  +
                • name - Serial Number. type: str required: true + more... + +
                  • +
                +
              • server - The remote FortiAnalyzer. type: str + more... + +
                • +
              • source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week (month) to upload logs. type: str + more... + +
                • +
              • upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time to upload logs (hh:mm). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer settings. + fortios_log_fortianalyzer_setting: + vdom: "{{ vdom }}" + log_fortianalyzer_setting: + __change_ip: "3" + access_config: "enable" + certificate: " (source certificate.local.name)" + certificate_verification: "enable" + conn_timeout: "7" + enc_algorithm: "high-medium" + faz_type: "9" + hmac_algorithm: "sha256" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ips_archive: "enable" + max_log_rate: "14" + mgmt_name: "" + monitor_failure_retry_period: "16" + monitor_keepalive_period: "17" + preshared_key: "" + priority: "default" + reliable: "enable" + serial: + - + name: "default_name_22" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortiguard_filter.rst b/gen/fortios_log_fortiguard_filter.rst new file mode 100644 index 00000000..ac4e3dad --- /dev/null +++ b/gen/fortios_log_fortiguard_filter.rst @@ -0,0 +1,1646 @@ +:source: fortios_log_fortiguard_filter.py + +:orphan: + +.. fortios_log_fortiguard_filter: + +fortios_log_fortiguard_filter -- Filters for FortiCloud in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortiguard_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortiguard_filter - Filters for FortiCloud. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiCloud log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiCloud. + fortios_log_fortiguard_filter: + vdom: "{{ vdom }}" + log_fortiguard_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortiguard_override_filter.rst b/gen/fortios_log_fortiguard_override_filter.rst new file mode 100644 index 00000000..300bf176 --- /dev/null +++ b/gen/fortios_log_fortiguard_override_filter.rst @@ -0,0 +1,1646 @@ +:source: fortios_log_fortiguard_override_filter.py + +:orphan: + +.. fortios_log_fortiguard_override_filter: + +fortios_log_fortiguard_override_filter -- Override filters for FortiCloud in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortiguard_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortiguard_override_filter - Override filters for FortiCloud. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - FortiCloud log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiCloud. + fortios_log_fortiguard_override_filter: + vdom: "{{ vdom }}" + log_fortiguard_override_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "13" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortiguard_override_setting.rst b/gen/fortios_log_fortiguard_override_setting.rst new file mode 100644 index 00000000..1b893c71 --- /dev/null +++ b/gen/fortios_log_fortiguard_override_setting.rst @@ -0,0 +1,912 @@ +:source: fortios_log_fortiguard_override_setting.py + +:orphan: + +.. fortios_log_fortiguard_override_setting: + +fortios_log_fortiguard_override_setting -- Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortiguard_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortiguard_override_setting - Override global FortiCloud logging settings for this VDOM. type: dict + more... + +
              • +
                +
              • access_config - Enable/disable FortiCloud access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • max_log_rate - FortiCloud maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • override - Overriding FortiCloud settings for this VDOM or use global settings. type: str choices: enable, disable + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • status - Enable/disable logging to FortiCloud. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week to roll logs. type: str + more... + +
                • +
              • upload_interval - Frequency of uploading log files to FortiCloud. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Configure how log messages are sent to FortiCloud. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time of day to roll logs (hh:mm). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override global FortiCloud logging settings for this VDOM. + fortios_log_fortiguard_override_setting: + vdom: "{{ vdom }}" + log_fortiguard_override_setting: + access_config: "enable" + max_log_rate: "4" + override: "enable" + priority: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_fortiguard_setting.rst b/gen/fortios_log_fortiguard_setting.rst new file mode 100644 index 00000000..67da2bc6 --- /dev/null +++ b/gen/fortios_log_fortiguard_setting.rst @@ -0,0 +1,1313 @@ +:source: fortios_log_fortiguard_setting.py + +:orphan: + +.. fortios_log_fortiguard_setting: + +fortios_log_fortiguard_setting -- Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_fortiguard_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_fortiguard_setting - Configure logging to FortiCloud. type: dict + more... + +
              • +
                +
              • access_config - Enable/disable FortiCloud access to configuration and data. type: str choices: enable, disable + more... + +
                • +
              • conn_timeout - FortiGate Cloud connection timeout in seconds. type: int + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiCloud. type: str choices: high-medium, high, low + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - FortiCloud maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • source_ip - Source IP address used to connect FortiCloud. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable logging to FortiCloud. type: str choices: enable, disable + more... + +
                • +
              • upload_day - Day of week to roll logs. type: str + more... + +
                • +
              • upload_interval - Frequency of uploading log files to FortiCloud. type: str choices: daily, weekly, monthly + more... + +
                • +
              • upload_option - Configure how log messages are sent to FortiCloud. type: str choices: store-and-upload, realtime, 1-minute, 5-minute + more... + +
                • +
              • upload_time - Time of day to roll logs (hh:mm). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure logging to FortiCloud. + fortios_log_fortiguard_setting: + vdom: "{{ vdom }}" + log_fortiguard_setting: + access_config: "enable" + conn_timeout: "4" + enc_algorithm: "high-medium" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "8" + priority: "default" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_gui_display.rst b/gen/fortios_log_gui_display.rst new file mode 100644 index 00000000..b752b02c --- /dev/null +++ b/gen/fortios_log_gui_display.rst @@ -0,0 +1,465 @@ +:source: fortios_log_gui_display.py + +:orphan: + +.. fortios_log_gui_display: + +fortios_log_gui_display -- Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and gui_display category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_gui_displayyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_gui_display - Configure how log messages are displayed on the GUI. type: dict + more... + +
              • +
                +
              • fortiview_unscanned_apps - Enable/disable showing unscanned traffic in FortiView application charts. type: str choices: enable, disable + more... + +
                • +
              • resolve_apps - Resolve unknown applications on the GUI using Fortinet"s remote application database. type: str choices: enable, disable + more... + +
                • +
              • resolve_hosts - Enable/disable resolving IP addresses to hostname in log messages on the GUI using reverse DNS lookup. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure how log messages are displayed on the GUI. + fortios_log_gui_display: + vdom: "{{ vdom }}" + log_gui_display: + fortiview_unscanned_apps: "enable" + resolve_apps: "enable" + resolve_hosts: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_memory_filter.rst b/gen/fortios_log_memory_filter.rst new file mode 100644 index 00000000..4d3da6d4 --- /dev/null +++ b/gen/fortios_log_memory_filter.rst @@ -0,0 +1,2526 @@ +:source: fortios_log_memory_filter.py + +:orphan: + +.. fortios_log_memory_filter: + +fortios_log_memory_filter -- Filters for memory buffer in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_memory feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_memory_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_memory_filter - Filters for memory buffer. type: dict + more... + +
              • +
                +
              • admin - Enable/disable admin login/logout logging. type: str choices: enable, disable + more... + +
                • +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • auth - Enable/disable firewall authentication logging. type: str choices: enable, disable + more... + +
                • +
              • cpu_memory_usage - Enable/disable CPU & memory usage logging every 5 minutes. type: str choices: enable, disable + more... + +
                • +
              • dhcp - Enable/disable DHCP service messages logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • event - Enable/disable event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Memory log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • ha - Enable/disable HA logging. type: str choices: enable, disable + more... + +
                • +
              • ipsec - Enable/disable IPsec negotiation messages logging. type: str choices: enable, disable + more... + +
                • +
              • ldb_monitor - Enable/disable VIP real server health monitoring logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • notification - Enable/disable notification messages logging. type: str choices: enable, disable + more... + +
                • +
              • pattern - Enable/disable pattern update logging. type: str choices: enable, disable + more... + +
                • +
              • ppp - Enable/disable L2TP/PPTP/PPPoE logging. type: str choices: enable, disable + more... + +
                • +
              • radius - Enable/disable RADIUS messages logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Log every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_log_adm - Enable/disable SSL administrator login logging. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_log_auth - Enable/disable SSL user authentication logging. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_log_session - Enable/disable SSL session logging. type: str choices: enable, disable + more... + +
                • +
              • system - Enable/disable system activity logging. type: str choices: enable, disable + more... + +
                • +
              • vip_ssl - Enable/disable VIP SSL logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • wan_opt - Enable/disable WAN optimization event logging. type: str choices: enable, disable + more... + +
                • +
              • wireless_activity - Enable/disable wireless activity event logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for memory buffer. + fortios_log_memory_filter: + vdom: "{{ vdom }}" + log_memory_filter: + admin: "enable" + anomaly: "enable" + auth: "enable" + cpu_memory_usage: "enable" + dhcp: "enable" + dns: "enable" + event: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "17" + gtp: "enable" + ha: "enable" + ipsec: "enable" + ldb_monitor: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + notification: "enable" + pattern: "enable" + ppp: "enable" + radius: "enable" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + sslvpn_log_adm: "enable" + sslvpn_log_auth: "enable" + sslvpn_log_session: "enable" + system: "enable" + vip_ssl: "enable" + voip: "enable" + wan_opt: "enable" + wireless_activity: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_memory_global_setting.rst b/gen/fortios_log_memory_global_setting.rst new file mode 100644 index 00000000..3802b8cc --- /dev/null +++ b/gen/fortios_log_memory_global_setting.rst @@ -0,0 +1,397 @@ +:source: fortios_log_memory_global_setting.py + +:orphan: + +.. fortios_log_memory_global_setting: + +fortios_log_memory_global_setting -- Global settings for memory logging in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_memory feature and global_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_memory_global_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_memory_global_setting - Global settings for memory logging. type: dict + more... + +
              • +
                +
              • full_final_warning_threshold - Log full final warning threshold as a percent (3 - 100). type: int + more... + +
                • +
              • full_first_warning_threshold - Log full first warning threshold as a percent (1 - 98). type: int + more... + +
                • +
              • full_second_warning_threshold - Log full second warning threshold as a percent (2 - 99). type: int + more... + +
                • +
              • max_size - Maximum amount of memory that can be used for memory logging in bytes. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for memory logging. + fortios_log_memory_global_setting: + vdom: "{{ vdom }}" + log_memory_global_setting: + full_final_warning_threshold: "3" + full_first_warning_threshold: "4" + full_second_warning_threshold: "5" + max_size: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_memory_setting.rst b/gen/fortios_log_memory_setting.rst new file mode 100644 index 00000000..71d3351c --- /dev/null +++ b/gen/fortios_log_memory_setting.rst @@ -0,0 +1,341 @@ +:source: fortios_log_memory_setting.py + +:orphan: + +.. fortios_log_memory_setting: + +fortios_log_memory_setting -- Settings for memory buffer in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_memory feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_memory_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_memory_setting - Settings for memory buffer. type: dict + more... + +
              • +
                +
              • diskfull - Action to take when memory is full. type: str choices: overwrite + more... + +
                • +
              • status - Enable/disable logging to the FortiGate"s memory. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for memory buffer. + fortios_log_memory_setting: + vdom: "{{ vdom }}" + log_memory_setting: + diskfull: "overwrite" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_null_device_filter.rst b/gen/fortios_log_null_device_filter.rst new file mode 100644 index 00000000..6af702f5 --- /dev/null +++ b/gen/fortios_log_null_device_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_null_device_filter.py + +:orphan: + +.. fortios_log_null_device_filter: + +fortios_log_null_device_filter -- Filters for null device logging in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_null_device feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_null_device_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_null_device_filter - Filters for null device logging. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Null-device log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for null device logging. + fortios_log_null_device_filter: + vdom: "{{ vdom }}" + log_null_device_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_null_device_setting.rst b/gen/fortios_log_null_device_setting.rst new file mode 100644 index 00000000..3ef199f0 --- /dev/null +++ b/gen/fortios_log_null_device_setting.rst @@ -0,0 +1,297 @@ +:source: fortios_log_null_device_setting.py + +:orphan: + +.. fortios_log_null_device_setting: + +fortios_log_null_device_setting -- Settings for null device logging in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_null_device feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_null_device_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_null_device_setting - Settings for null device logging. type: dict + more... + +
              • +
                +
              • status - Enable/disable statistics collection for when no external logging destination, such as FortiAnalyzer, is present (data is not saved). type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for null device logging. + fortios_log_null_device_setting: + vdom: "{{ vdom }}" + log_null_device_setting: + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_setting.rst b/gen/fortios_log_setting.rst new file mode 100644 index 00000000..d1eebaac --- /dev/null +++ b/gen/fortios_log_setting.rst @@ -0,0 +1,2166 @@ +:source: fortios_log_setting.py + +:orphan: + +.. fortios_log_setting: + +fortios_log_setting -- Configure general log settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_setting - Configure general log settings. type: dict + more... + +
              • +
                +
              • anonymization_hash - User name anonymization hash salt. type: str + more... + +
                • +
              • brief_traffic_format - Enable/disable brief format traffic logging. type: str choices: enable, disable + more... + +
                • +
              • custom_log_fields - Custom fields to append to all log messages. type: list + more... + +
                • +
                  +
                • field_id - Custom log field. Source log.custom-field.id. type: str + more... + +
                  • +
                +
              • daemon_log - Enable/disable daemon logging. type: str choices: enable, disable + more... + +
                • +
              • expolicy_implicit_log - Enable/disable explicit proxy firewall implicit policy logging. type: str choices: enable, disable + more... + +
                • +
              • faz_override - Enable/disable override FortiAnalyzer settings. type: str choices: enable, disable + more... + +
                • +
              • fortiview_weekly_data - Enable/disable FortiView weekly data. type: str choices: enable, disable + more... + +
                • +
              • fwpolicy_implicit_log - Enable/disable implicit firewall policy logging. type: str choices: enable, disable + more... + +
                • +
              • fwpolicy6_implicit_log - Enable/disable implicit firewall policy6 logging. type: str choices: enable, disable + more... + +
                • +
              • local_in_allow - Enable/disable local-in-allow logging. type: str choices: enable, disable + more... + +
                • +
              • local_in_deny_broadcast - Enable/disable local-in-deny-broadcast logging. type: str choices: enable, disable + more... + +
                • +
              • local_in_deny_unicast - Enable/disable local-in-deny-unicast logging. type: str choices: enable, disable + more... + +
                • +
              • local_out - Enable/disable local-out logging. type: str choices: enable, disable + more... + +
                • +
              • log_invalid_packet - Enable/disable invalid packet traffic logging. type: str choices: enable, disable + more... + +
                • +
              • log_policy_comment - Enable/disable inserting policy comments into traffic logs. type: str choices: enable, disable + more... + +
                • +
              • log_policy_name - Enable/disable inserting policy name into traffic logs. type: str choices: enable, disable + more... + +
                • +
              • log_user_in_upper - Enable/disable logs with user-in-upper. type: str choices: enable, disable + more... + +
                • +
              • neighbor_event - Enable/disable neighbor event logging. type: str choices: enable, disable + more... + +
                • +
              • resolve_ip - Enable/disable adding resolved domain names to traffic logs if possible. type: str choices: enable, disable + more... + +
                • +
              • resolve_port - Enable/disable adding resolved service names to traffic logs. type: str choices: enable, disable + more... + +
                • +
              • rest_api_get - Enable/disable REST API GET request logging. type: str choices: enable, disable + more... + +
                • +
              • rest_api_set - Enable/disable REST API POST/PUT/DELETE request logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_override - Enable/disable override Syslog settings. type: str choices: enable, disable + more... + +
                • +
              • user_anonymize - Enable/disable anonymizing user names in log messages. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure general log settings. + fortios_log_setting: + vdom: "{{ vdom }}" + log_setting: + anonymization_hash: "" + brief_traffic_format: "enable" + custom_log_fields: + - + field_id: " (source log.custom-field.id)" + daemon_log: "enable" + expolicy_implicit_log: "enable" + faz_override: "enable" + fortiview_weekly_data: "enable" + fwpolicy_implicit_log: "enable" + fwpolicy6_implicit_log: "enable" + local_in_allow: "enable" + local_in_deny_broadcast: "enable" + local_in_deny_unicast: "enable" + local_out: "enable" + log_invalid_packet: "enable" + log_policy_comment: "enable" + log_policy_name: "enable" + log_user_in_upper: "enable" + neighbor_event: "enable" + resolve_ip: "enable" + resolve_port: "enable" + rest_api_get: "enable" + rest_api_set: "enable" + syslog_override: "enable" + user_anonymize: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd2_filter.rst b/gen/fortios_log_syslogd2_filter.rst new file mode 100644 index 00000000..053d76fb --- /dev/null +++ b/gen/fortios_log_syslogd2_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_syslogd2_filter.py + +:orphan: + +.. fortios_log_syslogd2_filter: + +fortios_log_syslogd2_filter -- Filters for remote system server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd2 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd2_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd2_filter - Filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog 2 filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd2_filter: + vdom: "{{ vdom }}" + log_syslogd2_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd2_override_filter.rst b/gen/fortios_log_syslogd2_override_filter.rst new file mode 100644 index 00000000..a1110159 --- /dev/null +++ b/gen/fortios_log_syslogd2_override_filter.rst @@ -0,0 +1,1348 @@ +:source: fortios_log_syslogd2_override_filter.py + +:orphan: + +.. fortios_log_syslogd2_override_filter: + +fortios_log_syslogd2_override_filter -- Override filters for remote system server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd2 feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd2_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd2_override_filter - Override filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog 2 filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for remote system server. + fortios_log_syslogd2_override_filter: + vdom: "{{ vdom }}" + log_syslogd2_override_filter: + anomaly: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "11" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + severity: "emergency" + sniffer_traffic: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd2_override_setting.rst b/gen/fortios_log_syslogd2_override_setting.rst new file mode 100644 index 00000000..2c772735 --- /dev/null +++ b/gen/fortios_log_syslogd2_override_setting.rst @@ -0,0 +1,1722 @@ +:source: fortios_log_syslogd2_override_setting.py + +:orphan: + +.. fortios_log_syslogd2_override_setting: + +fortios_log_syslogd2_override_setting -- Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd2 feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd2_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd2_override_setting - Override settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • override - Enable/disable override syslog settings. type: str choices: enable, disable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override settings for remote syslog server. + fortios_log_syslogd2_override_setting: + vdom: "{{ vdom }}" + log_syslogd2_override_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + override: "enable" + port: "16" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "22" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd2_setting.rst b/gen/fortios_log_syslogd2_setting.rst new file mode 100644 index 00000000..7704ed7f --- /dev/null +++ b/gen/fortios_log_syslogd2_setting.rst @@ -0,0 +1,1961 @@ +:source: fortios_log_syslogd2_setting.py + +:orphan: + +.. fortios_log_syslogd2_setting: + +fortios_log_syslogd2_setting -- Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd2 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd2_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd2_setting - Global settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd2_setting: + vdom: "{{ vdom }}" + log_syslogd2_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + port: "15" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "21" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd3_filter.rst b/gen/fortios_log_syslogd3_filter.rst new file mode 100644 index 00000000..a133f610 --- /dev/null +++ b/gen/fortios_log_syslogd3_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_syslogd3_filter.py + +:orphan: + +.. fortios_log_syslogd3_filter: + +fortios_log_syslogd3_filter -- Filters for remote system server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd3 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd3_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd3_filter - Filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog 3 filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd3_filter: + vdom: "{{ vdom }}" + log_syslogd3_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd3_override_filter.rst b/gen/fortios_log_syslogd3_override_filter.rst new file mode 100644 index 00000000..fd5344b1 --- /dev/null +++ b/gen/fortios_log_syslogd3_override_filter.rst @@ -0,0 +1,1348 @@ +:source: fortios_log_syslogd3_override_filter.py + +:orphan: + +.. fortios_log_syslogd3_override_filter: + +fortios_log_syslogd3_override_filter -- Override filters for remote system server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd3 feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd3_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd3_override_filter - Override filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog 3 filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for remote system server. + fortios_log_syslogd3_override_filter: + vdom: "{{ vdom }}" + log_syslogd3_override_filter: + anomaly: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "11" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + severity: "emergency" + sniffer_traffic: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd3_override_setting.rst b/gen/fortios_log_syslogd3_override_setting.rst new file mode 100644 index 00000000..fefe2818 --- /dev/null +++ b/gen/fortios_log_syslogd3_override_setting.rst @@ -0,0 +1,1722 @@ +:source: fortios_log_syslogd3_override_setting.py + +:orphan: + +.. fortios_log_syslogd3_override_setting: + +fortios_log_syslogd3_override_setting -- Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd3 feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd3_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd3_override_setting - Override settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • override - Enable/disable override syslog settings. type: str choices: enable, disable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override settings for remote syslog server. + fortios_log_syslogd3_override_setting: + vdom: "{{ vdom }}" + log_syslogd3_override_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + override: "enable" + port: "16" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "22" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd3_setting.rst b/gen/fortios_log_syslogd3_setting.rst new file mode 100644 index 00000000..cf69ca9f --- /dev/null +++ b/gen/fortios_log_syslogd3_setting.rst @@ -0,0 +1,1961 @@ +:source: fortios_log_syslogd3_setting.py + +:orphan: + +.. fortios_log_syslogd3_setting: + +fortios_log_syslogd3_setting -- Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd3 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd3_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd3_setting - Global settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd3_setting: + vdom: "{{ vdom }}" + log_syslogd3_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + port: "15" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "21" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd4_filter.rst b/gen/fortios_log_syslogd4_filter.rst new file mode 100644 index 00000000..eb2e532f --- /dev/null +++ b/gen/fortios_log_syslogd4_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_syslogd4_filter.py + +:orphan: + +.. fortios_log_syslogd4_filter: + +fortios_log_syslogd4_filter -- Filters for remote system server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd4 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd4_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd4_filter - Filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog 4 filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd4_filter: + vdom: "{{ vdom }}" + log_syslogd4_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd4_override_filter.rst b/gen/fortios_log_syslogd4_override_filter.rst new file mode 100644 index 00000000..1aab9cb7 --- /dev/null +++ b/gen/fortios_log_syslogd4_override_filter.rst @@ -0,0 +1,1348 @@ +:source: fortios_log_syslogd4_override_filter.py + +:orphan: + +.. fortios_log_syslogd4_override_filter: + +fortios_log_syslogd4_override_filter -- Override filters for remote system server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd4 feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd4_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd4_override_filter - Override filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog 4 filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for remote system server. + fortios_log_syslogd4_override_filter: + vdom: "{{ vdom }}" + log_syslogd4_override_filter: + anomaly: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "11" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + severity: "emergency" + sniffer_traffic: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd4_override_setting.rst b/gen/fortios_log_syslogd4_override_setting.rst new file mode 100644 index 00000000..10390143 --- /dev/null +++ b/gen/fortios_log_syslogd4_override_setting.rst @@ -0,0 +1,1722 @@ +:source: fortios_log_syslogd4_override_setting.py + +:orphan: + +.. fortios_log_syslogd4_override_setting: + +fortios_log_syslogd4_override_setting -- Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd4 feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd4_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd4_override_setting - Override settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • override - Enable/disable override syslog settings. type: str choices: enable, disable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override settings for remote syslog server. + fortios_log_syslogd4_override_setting: + vdom: "{{ vdom }}" + log_syslogd4_override_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + override: "enable" + port: "16" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "22" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd4_setting.rst b/gen/fortios_log_syslogd4_setting.rst new file mode 100644 index 00000000..a50cc4be --- /dev/null +++ b/gen/fortios_log_syslogd4_setting.rst @@ -0,0 +1,1961 @@ +:source: fortios_log_syslogd4_setting.py + +:orphan: + +.. fortios_log_syslogd4_setting: + +fortios_log_syslogd4_setting -- Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd4 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd4_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd4_setting - Global settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd4_setting: + vdom: "{{ vdom }}" + log_syslogd4_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + port: "15" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "21" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd_filter.rst b/gen/fortios_log_syslogd_filter.rst new file mode 100644 index 00000000..42a796e8 --- /dev/null +++ b/gen/fortios_log_syslogd_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_syslogd_filter.py + +:orphan: + +.. fortios_log_syslogd_filter: + +fortios_log_syslogd_filter -- Filters for remote system server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd_filter - Filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd_filter: + vdom: "{{ vdom }}" + log_syslogd_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd_override_filter.rst b/gen/fortios_log_syslogd_override_filter.rst new file mode 100644 index 00000000..8cbd16cf --- /dev/null +++ b/gen/fortios_log_syslogd_override_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_syslogd_override_filter.py + +:orphan: + +.. fortios_log_syslogd_override_filter: + +fortios_log_syslogd_override_filter -- Override filters for remote system server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd_override_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd_override_filter - Override filters for remote system server. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Syslog filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for remote system server. + fortios_log_syslogd_override_filter: + vdom: "{{ vdom }}" + log_syslogd_override_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd_override_setting.rst b/gen/fortios_log_syslogd_override_setting.rst new file mode 100644 index 00000000..76ee33d9 --- /dev/null +++ b/gen/fortios_log_syslogd_override_setting.rst @@ -0,0 +1,2001 @@ +:source: fortios_log_syslogd_override_setting.py + +:orphan: + +.. fortios_log_syslogd_override_setting: + +fortios_log_syslogd_override_setting -- Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd_override_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd_override_setting - Override settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • override - Enable/disable override syslog settings. type: str choices: enable, disable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override settings for remote syslog server. + fortios_log_syslogd_override_setting: + vdom: "{{ vdom }}" + log_syslogd_override_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + override: "enable" + port: "16" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "22" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_syslogd_setting.rst b/gen/fortios_log_syslogd_setting.rst new file mode 100644 index 00000000..e4d4d8b4 --- /dev/null +++ b/gen/fortios_log_syslogd_setting.rst @@ -0,0 +1,1961 @@ +:source: fortios_log_syslogd_setting.py + +:orphan: + +.. fortios_log_syslogd_setting: + +fortios_log_syslogd_setting -- Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_syslogd_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_syslogd_setting - Global settings for remote syslog server. type: dict + more... + +
              • +
                +
              • certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str + more... + +
                • +
              • custom_field_name - Custom field name for CEF format logging. type: list member_path: custom_field_name:id + more... + +
                • +
                  +
                • custom - Field custom name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Field name. type: str + more... + +
                  • +
                +
              • enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable + more... + +
                • +
              • facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • format - Log format. type: str choices: default, csv, cef, rfc5424 + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • max_log_rate - Syslog maximum log rate in MBps (0 = unlimited). type: int + more... + +
                • +
              • mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable + more... + +
                • +
              • port - Server listen port. type: int + more... + +
                • +
              • priority - Set log transmission priority. type: str choices: default, low + more... + +
                • +
              • server - Address of remote syslog server. type: str + more... + +
                • +
              • source_ip - Source IP address of syslog. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable remote syslog logging. type: str choices: enable, disable + more... + +
                • +
              • syslog_type - Hidden setting index of Syslog. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd_setting: + vdom: "{{ vdom }}" + log_syslogd_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + interface: " (source system.interface.name)" + interface_select_method: "auto" + max_log_rate: "13" + mode: "udp" + port: "15" + priority: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + syslog_type: "21" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_tacacsplusaccounting2_filter.rst b/gen/fortios_log_tacacsplusaccounting2_filter.rst new file mode 100644 index 00000000..cf14702e --- /dev/null +++ b/gen/fortios_log_tacacsplusaccounting2_filter.rst @@ -0,0 +1,273 @@ +:source: fortios_log_tacacsplusaccounting2_filter.py + +:orphan: + +.. fortios_log_tacacsplusaccounting2_filter: + +fortios_log_tacacsplusaccounting2_filter -- Settings for TACACS+ accounting events filter in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_tacacsplusaccounting2 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_tacacsplusaccounting2_filteryesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_tacacsplusaccounting2_filter - Settings for TACACS+ accounting events filter. type: dict + more... + +
              • +
                +
              • cli_cmd_audit - Enable/disable TACACS+ accounting for CLI commands audit. type: str choices: enable, disable + more... + +
                • +
              • config_change_audit - Enable/disable TACACS+ accounting for configuration change events audit. type: str choices: enable, disable + more... + +
                • +
              • login_audit - Enable/disable TACACS+ accounting for login events audit. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for TACACS+ accounting events filter. + fortios_log_tacacsplusaccounting2_filter: + vdom: "{{ vdom }}" + log_tacacsplusaccounting2_filter: + cli_cmd_audit: "enable" + config_change_audit: "enable" + login_audit: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_tacacsplusaccounting2_setting.rst b/gen/fortios_log_tacacsplusaccounting2_setting.rst new file mode 100644 index 00000000..f4ba3f8e --- /dev/null +++ b/gen/fortios_log_tacacsplusaccounting2_setting.rst @@ -0,0 +1,245 @@ +:source: fortios_log_tacacsplusaccounting2_setting.py + +:orphan: + +.. fortios_log_tacacsplusaccounting2_setting: + +fortios_log_tacacsplusaccounting2_setting -- Settings for TACACS+ accounting in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_tacacsplusaccounting2 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_tacacsplusaccounting2_settingyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_tacacsplusaccounting2_setting - Settings for TACACS+ accounting. type: dict + more... + +
              • +
                +
              • server - Address of TACACS+ server. type: str + more... + +
                • +
              • server_key - Key to access the TACACS+ server. type: str + more... + +
                • +
              • status - Enable/disable TACACS+ accounting. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for TACACS+ accounting. + fortios_log_tacacsplusaccounting2_setting: + vdom: "{{ vdom }}" + log_tacacsplusaccounting2_setting: + server: "192.168.100.40" + server_key: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_tacacsplusaccounting3_filter.rst b/gen/fortios_log_tacacsplusaccounting3_filter.rst new file mode 100644 index 00000000..d89b825c --- /dev/null +++ b/gen/fortios_log_tacacsplusaccounting3_filter.rst @@ -0,0 +1,273 @@ +:source: fortios_log_tacacsplusaccounting3_filter.py + +:orphan: + +.. fortios_log_tacacsplusaccounting3_filter: + +fortios_log_tacacsplusaccounting3_filter -- Settings for TACACS+ accounting events filter in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_tacacsplusaccounting3 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_tacacsplusaccounting3_filteryesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_tacacsplusaccounting3_filter - Settings for TACACS+ accounting events filter. type: dict + more... + +
              • +
                +
              • cli_cmd_audit - Enable/disable TACACS+ accounting for CLI commands audit. type: str choices: enable, disable + more... + +
                • +
              • config_change_audit - Enable/disable TACACS+ accounting for configuration change events audit. type: str choices: enable, disable + more... + +
                • +
              • login_audit - Enable/disable TACACS+ accounting for login events audit. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for TACACS+ accounting events filter. + fortios_log_tacacsplusaccounting3_filter: + vdom: "{{ vdom }}" + log_tacacsplusaccounting3_filter: + cli_cmd_audit: "enable" + config_change_audit: "enable" + login_audit: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_tacacsplusaccounting3_setting.rst b/gen/fortios_log_tacacsplusaccounting3_setting.rst new file mode 100644 index 00000000..d93e179c --- /dev/null +++ b/gen/fortios_log_tacacsplusaccounting3_setting.rst @@ -0,0 +1,245 @@ +:source: fortios_log_tacacsplusaccounting3_setting.py + +:orphan: + +.. fortios_log_tacacsplusaccounting3_setting: + +fortios_log_tacacsplusaccounting3_setting -- Settings for TACACS+ accounting in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_tacacsplusaccounting3 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_tacacsplusaccounting3_settingyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_tacacsplusaccounting3_setting - Settings for TACACS+ accounting. type: dict + more... + +
              • +
                +
              • server - Address of TACACS+ server. type: str + more... + +
                • +
              • server_key - Key to access the TACACS+ server. type: str + more... + +
                • +
              • status - Enable/disable TACACS+ accounting. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for TACACS+ accounting. + fortios_log_tacacsplusaccounting3_setting: + vdom: "{{ vdom }}" + log_tacacsplusaccounting3_setting: + server: "192.168.100.40" + server_key: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_tacacsplusaccounting_filter.rst b/gen/fortios_log_tacacsplusaccounting_filter.rst new file mode 100644 index 00000000..c71798a9 --- /dev/null +++ b/gen/fortios_log_tacacsplusaccounting_filter.rst @@ -0,0 +1,273 @@ +:source: fortios_log_tacacsplusaccounting_filter.py + +:orphan: + +.. fortios_log_tacacsplusaccounting_filter: + +fortios_log_tacacsplusaccounting_filter -- Settings for TACACS+ accounting events filter in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_tacacsplusaccounting feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_tacacsplusaccounting_filteryesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_tacacsplusaccounting_filter - Settings for TACACS+ accounting events filter. type: dict + more... + +
              • +
                +
              • cli_cmd_audit - Enable/disable TACACS+ accounting for CLI commands audit. type: str choices: enable, disable + more... + +
                • +
              • config_change_audit - Enable/disable TACACS+ accounting for configuration change events audit. type: str choices: enable, disable + more... + +
                • +
              • login_audit - Enable/disable TACACS+ accounting for login events audit. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for TACACS+ accounting events filter. + fortios_log_tacacsplusaccounting_filter: + vdom: "{{ vdom }}" + log_tacacsplusaccounting_filter: + cli_cmd_audit: "enable" + config_change_audit: "enable" + login_audit: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_tacacsplusaccounting_setting.rst b/gen/fortios_log_tacacsplusaccounting_setting.rst new file mode 100644 index 00000000..157e2f5e --- /dev/null +++ b/gen/fortios_log_tacacsplusaccounting_setting.rst @@ -0,0 +1,245 @@ +:source: fortios_log_tacacsplusaccounting_setting.py + +:orphan: + +.. fortios_log_tacacsplusaccounting_setting: + +fortios_log_tacacsplusaccounting_setting -- Settings for TACACS+ accounting in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_tacacsplusaccounting feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_tacacsplusaccounting_settingyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_tacacsplusaccounting_setting - Settings for TACACS+ accounting. type: dict + more... + +
              • +
                +
              • server - Address of TACACS+ server. type: str + more... + +
                • +
              • server_key - Key to access the TACACS+ server. type: str + more... + +
                • +
              • status - Enable/disable TACACS+ accounting. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for TACACS+ accounting. + fortios_log_tacacsplusaccounting_setting: + vdom: "{{ vdom }}" + log_tacacsplusaccounting_setting: + server: "192.168.100.40" + server_key: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_threat_weight.rst b/gen/fortios_log_threat_weight.rst new file mode 100644 index 00000000..47747471 --- /dev/null +++ b/gen/fortios_log_threat_weight.rst @@ -0,0 +1,5096 @@ +:source: fortios_log_threat_weight.py + +:orphan: + +.. fortios_log_threat_weight: + +fortios_log_threat_weight -- Configure threat weight settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and threat_weight category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_threat_weightyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_threat_weight - Configure threat weight settings. type: dict + more... + +
              • +
                +
              • application - Application-control threat weight settings. type: list member_path: application:id + more... + +
                • +
                  +
                • category - Application category. type: int + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • level - Threat weight score for Application events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                +
              • blocked_connection - Threat weight score for blocked connections. type: str choices: disable, low, medium, high, critical + more... + +
                • +
              • botnet_connection_detected - Threat weight score for detected botnet connections. type: str choices: disable, low, medium, high, critical + more... + +
                • +
              • failed_connection - Threat weight score for failed connections. type: str choices: disable, low, medium, high, critical + more... + +
                • +
              • geolocation - Geolocation-based threat weight settings. type: list member_path: geolocation:id + more... + +
                • +
                  +
                • country - Country code. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • level - Threat weight score for Geolocation-based events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                +
              • ips - IPS threat weight settings. type: dict + more... + +
                • +
                  +
                • critical_severity - Threat weight score for IPS critical severity events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • high_severity - Threat weight score for IPS high severity events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • info_severity - Threat weight score for IPS info severity events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • low_severity - Threat weight score for IPS low severity events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • medium_severity - Threat weight score for IPS medium severity events. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                +
              • level - Score mapping for threat weight levels. type: dict + more... + +
                • +
                  +
                • critical - Critical level score value (1 - 100). type: int + more... + +
                  • +
                • high - High level score value (1 - 100). type: int + more... + +
                  • +
                • low - Low level score value (1 - 100). type: int + more... + +
                  • +
                • medium - Medium level score value (1 - 100). type: int + more... + +
                  • +
                +
              • malware - Anti-virus malware threat weight settings. type: dict + more... + +
                • +
                  +
                • botnet_connection - Threat weight score for detected botnet connections. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • command_blocked - Threat weight score for blocked command detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • content_disarm - Threat weight score for virus (content disarm) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • ems_threat_feed - Threat weight score for virus (EMS threat feed) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • file_blocked - Threat weight score for blocked file detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • fortiai - Threat weight score for FortiAI-detected virus. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • fsa_high_risk - Threat weight score for FortiSandbox high risk malware detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • fsa_malicious - Threat weight score for FortiSandbox malicious malware detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • fsa_medium_risk - Threat weight score for FortiSandbox medium risk malware detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • malware_list - Threat weight score for virus (malware list) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • mimefragmented - Threat weight score for mimefragmented detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • oversized - Threat weight score for oversized file detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • switch_proto - Threat weight score for switch proto detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • virus_blocked - Threat weight score for virus (blocked) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • virus_file_type_executable - Threat weight score for virus (file type executable) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • virus_infected - Threat weight score for virus (infected) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • virus_outbreak_prevention - Threat weight score for virus (outbreak prevention) event. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                • virus_scan_error - Threat weight score for virus (scan error) detected. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                +
              • status - Enable/disable the threat weight feature. type: str choices: enable, disable + more... + +
                • +
              • url_block_detected - Threat weight score for URL blocking. type: str choices: disable, low, medium, high, critical + more... + +
                • +
              • web - Web filtering threat weight settings. type: list member_path: web:id + more... + +
                • +
                  +
                • category - Threat weight score for web category filtering matches. type: int + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • level - Threat weight score for web category filtering matches. type: str choices: disable, low, medium, high, critical + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure threat weight settings. + fortios_log_threat_weight: + vdom: "{{ vdom }}" + log_threat_weight: + application: + - + category: "4" + id: "5" + level: "disable" + blocked_connection: "disable" + botnet_connection_detected: "disable" + failed_connection: "disable" + geolocation: + - + country: "" + id: "12" + level: "disable" + ips: + critical_severity: "disable" + high_severity: "disable" + info_severity: "disable" + low_severity: "disable" + medium_severity: "disable" + level: + critical: "21" + high: "22" + low: "23" + medium: "24" + malware: + botnet_connection: "disable" + command_blocked: "disable" + content_disarm: "disable" + ems_threat_feed: "disable" + file_blocked: "disable" + fortiai: "disable" + fsa_high_risk: "disable" + fsa_malicious: "disable" + fsa_medium_risk: "disable" + malware_list: "disable" + mimefragmented: "disable" + oversized: "disable" + switch_proto: "disable" + virus_blocked: "disable" + virus_file_type_executable: "disable" + virus_infected: "disable" + virus_outbreak_prevention: "disable" + virus_scan_error: "disable" + status: "enable" + url_block_detected: "disable" + web: + - + category: "47" + id: "48" + level: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_webtrends_filter.rst b/gen/fortios_log_webtrends_filter.rst new file mode 100644 index 00000000..cb4e306f --- /dev/null +++ b/gen/fortios_log_webtrends_filter.rst @@ -0,0 +1,1614 @@ +:source: fortios_log_webtrends_filter.py + +:orphan: + +.. fortios_log_webtrends_filter: + +fortios_log_webtrends_filter -- Filters for WebTrends in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_webtrends feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_webtrends_filteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_webtrends_filter - Filters for WebTrends. type: dict + more... + +
              • +
                +
              • anomaly - Enable/disable anomaly logging. type: str choices: enable, disable + more... + +
                • +
              • dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable + more... + +
                • +
              • filter - Webtrends log filter. type: str + more... + +
                • +
              • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                • +
              • forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable + more... + +
                • +
              • free_style - Free style filters. type: list member_path: free_style:id + more... + +
                • +
                  +
                • category - Log category. type: str choices: traffic, event, virus, webfilter, attack, spam, anomaly, voip, dlp, app-ctrl, waf, gtp, dns, ssh, ssl, file-filter, icap, ztna + more... + +
                  • +
                • filter - Free style filter string. type: str + more... + +
                  • +
                • filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • gtp - Enable/disable GTP messages logging. type: str choices: enable, disable + more... + +
                • +
              • local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable + more... + +
                • +
              • multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable + more... + +
                • +
              • netscan_discovery - Enable/disable netscan discovery event logging. type: str + more... + +
                • +
              • netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str + more... + +
                • +
              • severity - Lowest severity level to log to WebTrends. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable + more... + +
                • +
              • ssh - Enable/disable SSH logging. type: str choices: enable, disable + more... + +
                • +
              • voip - Enable/disable VoIP logging. type: str choices: enable, disable + more... + +
                • +
              • ztna_traffic - Enable/disable ztna traffic logging. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for WebTrends. + fortios_log_webtrends_filter: + vdom: "{{ vdom }}" + log_webtrends_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + free_style: + - + category: "traffic" + filter: "" + filter_type: "include" + id: "12" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + ztna_traffic: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_log_webtrends_setting.rst b/gen/fortios_log_webtrends_setting.rst new file mode 100644 index 00000000..e5535372 --- /dev/null +++ b/gen/fortios_log_webtrends_setting.rst @@ -0,0 +1,343 @@ +:source: fortios_log_webtrends_setting.py + +:orphan: + +.. fortios_log_webtrends_setting: + +fortios_log_webtrends_setting -- Settings for WebTrends in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_webtrends feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_log_webtrends_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • log_webtrends_setting - Settings for WebTrends. type: dict + more... + +
              • +
                +
              • server - Address of the remote WebTrends server. type: str + more... + +
                • +
              • status - Enable/disable logging to WebTrends. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for WebTrends. + fortios_log_webtrends_setting: + vdom: "{{ vdom }}" + log_webtrends_setting: + server: "192.168.100.40" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_monitoring_np6_ipsec_engine.rst b/gen/fortios_monitoring_np6_ipsec_engine.rst new file mode 100644 index 00000000..52d81079 --- /dev/null +++ b/gen/fortios_monitoring_np6_ipsec_engine.rst @@ -0,0 +1,345 @@ +:source: fortios_monitoring_np6_ipsec_engine.py + +:orphan: + +.. fortios_monitoring_np6_ipsec_engine: + +fortios_monitoring_np6_ipsec_engine -- Configure NP6 IPsec engine status monitoring in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify monitoring feature and np6_ipsec_engine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_monitoring_np6_ipsec_engineyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • monitoring_np6_ipsec_engine - Configure NP6 IPsec engine status monitoring. type: dict + more... + +
              • +
                +
              • interval - IPsec engine status check interval (1 - 60 seconds). type: int + more... + +
                • +
              • status - Enable/disable NP6 IPsec engine status monitoring. type: str choices: enable, disable + more... + +
                • +
              • threshold - IPsec engine status check threshold (x x x x x x x x, 8 integers from <1> to <255>). Example: Log is generated if IPsec engine 0 is busy each of every 15 consecutive interval checks. type: list
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NP6 IPsec engine status monitoring. + fortios_monitoring_np6_ipsec_engine: + vdom: "{{ vdom }}" + monitoring_np6_ipsec_engine: + interval: "3" + status: "enable" + threshold: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_monitoring_npu_hpe.rst b/gen/fortios_monitoring_npu_hpe.rst new file mode 100644 index 00000000..86dbacc0 --- /dev/null +++ b/gen/fortios_monitoring_npu_hpe.rst @@ -0,0 +1,245 @@ +:source: fortios_monitoring_npu_hpe.py + +:orphan: + +.. fortios_monitoring_npu_hpe: + +fortios_monitoring_npu_hpe -- Configure npu-hpe status monitoring in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify monitoring feature and npu_hpe category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_monitoring_npu_hpeyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • monitoring_npu_hpe - Configure npu-hpe status monitoring. type: dict + more... + +
              • +
                +
              • interval - HPE status check interval (1 - 60 seconds). type: int + more... + +
                • +
              • multipliers - HPE type interval multipliers (12 integers from <1> to <255>) number of continuous event logs. type: list
                • +
              • status - Enable/disable HPE status monitoring. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure npu-hpe status monitoring. + fortios_monitoring_npu_hpe: + vdom: "{{ vdom }}" + monitoring_npu_hpe: + interval: "3" + multipliers: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_nsxt_service_chain.rst b/gen/fortios_nsxt_service_chain.rst new file mode 100644 index 00000000..e8f03537 --- /dev/null +++ b/gen/fortios_nsxt_service_chain.rst @@ -0,0 +1,361 @@ +:source: fortios_nsxt_service_chain.py + +:orphan: + +.. fortios_nsxt_service_chain: + +fortios_nsxt_service_chain -- Configure NSX-T service chain in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify nsxt feature and service_chain category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_nsxt_service_chainyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • nsxt_service_chain - Configure NSX-T service chain. type: dict + more... + +
              • +
                +
              • id - Chain ID. type: int required: true + more... + +
                • +
              • name - Chain name. type: str + more... + +
                • +
              • service_index - Configure service index. type: list member_path: service_index:id + more... + +
                • +
                  +
                • id - Service index. type: int required: true + more... + +
                  • +
                • name - Index name. type: str + more... + +
                  • +
                • reverse_index - Reverse service index. type: int + more... + +
                  • +
                • vd - VDOM name. Source system.vdom.name. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NSX-T service chain. + fortios_nsxt_service_chain: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + nsxt_service_chain: + id: "3" + name: "default_name_4" + service_index: + - + id: "6" + name: "default_name_7" + reverse_index: "8" + vd: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_nsxt_setting.rst b/gen/fortios_nsxt_setting.rst new file mode 100644 index 00000000..12195989 --- /dev/null +++ b/gen/fortios_nsxt_setting.rst @@ -0,0 +1,243 @@ +:source: fortios_nsxt_setting.py + +:orphan: + +.. fortios_nsxt_setting: + +fortios_nsxt_setting -- Configure NSX-T setting in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify nsxt feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_nsxt_settingyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • nsxt_setting - Configure NSX-T setting. type: dict + more... + +
              • +
                +
              • liveness - Enable/disable liveness detection packet forwarding. type: str choices: enable, disable + more... + +
                • +
              • service - Service name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NSX-T setting. + fortios_nsxt_setting: + vdom: "{{ vdom }}" + nsxt_setting: + liveness: "enable" + service: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_pfcp_message_filter.rst b/gen/fortios_pfcp_message_filter.rst new file mode 100644 index 00000000..14f34a8f --- /dev/null +++ b/gen/fortios_pfcp_message_filter.rst @@ -0,0 +1,767 @@ +:source: fortios_pfcp_message_filter.py + +:orphan: + +.. fortios_pfcp_message_filter: + +fortios_pfcp_message_filter -- Message filter for PFCP messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify pfcp feature and message_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_pfcp_message_filteryesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • pfcp_message_filter - Message filter for PFCP messages. type: dict + more... + +
              • +
                +
              • association_release - Allow or deny PFCP association release request (9) and PFCP association release response (10). type: str choices: allow, deny + more... + +
                • +
              • association_setup - Allow or deny PFCP association setup request (5) and PFCP association setup response (6). type: str choices: allow, deny + more... + +
                • +
              • association_update - Allow or deny PFCP association update request (7) and PFCP association update response (8). type: str choices: allow, deny + more... + +
                • +
              • heartbeat - Allow or deny PFCP heartbeat request (1) and PFCP heartbeat response (2). type: str choices: allow, deny + more... + +
                • +
              • name - Message filter name. type: str required: true + more... + +
                • +
              • node_report - Allow or deny PFCP node report request (12) and PFCP node report response (13). type: str choices: allow, deny + more... + +
                • +
              • pfd_management - Allow or deny PFCP PFD management request (3) and PFCP PFD management response (4). type: str choices: allow, deny + more... + +
                • +
              • session_deletion - Allow or deny PFCP session deletion request (54) and PFCP session deletion response (55). type: str choices: allow, deny + more... + +
                • +
              • session_establish - Allow or deny PFCP session establishment request (50) and PFCP session establishment response (51). type: str choices: allow, deny + more... + +
                • +
              • session_modification - Allow or deny PFCP session modification request (52) and PFCP session modification response (53). type: str choices: allow, deny + more... + +
                • +
              • session_report - Allow or deny PFCP session report request (56) and PFCP session report response (57). type: str choices: allow, deny + more... + +
                • +
              • session_set_deletion - Allow or deny PFCP session set deletion request (14) and PFCP session set deletion response (15). type: str choices: allow, deny + more... + +
                • +
              • unknown_message - Allow or deny unknown messages. type: str choices: allow, deny + more... + +
                • +
              • unknown_message_allow_list - Allow list of unknown messages. type: list member_path: unknown_message_allow_list:id + more... + +
                • +
                  +
                • id - Message IDs (range from 1 to 255). type: int required: true + more... + +
                  • +
                +
              • version_not_support - Allow or deny PFCP version not supported response (11). type: str choices: allow, deny + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Message filter for PFCP messages. + fortios_pfcp_message_filter: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + pfcp_message_filter: + association_release: "allow" + association_setup: "allow" + association_update: "allow" + heartbeat: "allow" + name: "default_name_7" + node_report: "allow" + pfd_management: "allow" + session_deletion: "allow" + session_establish: "allow" + session_modification: "allow" + session_report: "allow" + session_set_deletion: "allow" + unknown_message: "allow" + unknown_message_allow_list: + - + id: "17" + version_not_support: "allow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_report_chart.rst b/gen/fortios_report_chart.rst new file mode 100644 index 00000000..44cd5b9b --- /dev/null +++ b/gen/fortios_report_chart.rst @@ -0,0 +1,3191 @@ +:source: fortios_report_chart.py + +:orphan: + +.. fortios_report_chart: + +fortios_report_chart -- Report chart widget configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and chart category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_report_chartyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • report_chart - Report chart widget configuration. type: dict + more... + +
              • +
                +
              • background - Chart background. type: str + more... + +
                • +
              • category - Category. type: str choices: misc, traffic, event, virus, webfilter, attack, spam, dlp, app-ctrl, vulnerability + more... + +
                • +
              • category_series - Category series of pie chart. type: dict + more... + +
                • +
                  +
                • databind - Category series value expression. type: str + more... + +
                  • +
                • font_size - Font size of category-series title. type: int + more... + +
                  • +
                +
              • color_palette - Color palette (system will pick color automatically by default). type: str + more... + +
                • +
              • column - Table column definition. type: list member_path: column:id + more... + +
                • +
                  +
                • detail_unit - Detail unit of column. type: str + more... + +
                  • +
                • detail_value - Detail value of column. type: str + more... + +
                  • +
                • footer_unit - Footer unit of column. type: str + more... + +
                  • +
                • footer_value - Footer value of column. type: str + more... + +
                  • +
                • header_value - Display name of table header. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • mapping - Show detail in certain display value for certain condition. type: list member_path: column:id/mapping:id + more... + +
                  • +
                    +
                  • displayname - Display name. type: str + more... + +
                    • +
                  • id - id type: int required: true + more... + +
                    • +
                  • op - Comparision operater. type: str choices: none, greater, greater-equal, less, less-equal, equal, between + more... + +
                    • +
                  • value_type - Value type. type: str choices: integer, string + more... + +
                    • +
                  • value1 - Value 1. type: str + more... + +
                    • +
                  • value2 - Value 2. type: str + more... + +
                    • +
                  +
                +
              • comments - Comment. type: str + more... + +
                • +
              • dataset - Bind dataset to chart. type: str + more... + +
                • +
              • dimension - Dimension. type: str choices: 2D, 3D + more... + +
                • +
              • drill_down_charts - Drill down charts. type: list member_path: drill_down_charts:id + more... + +
                • +
                  +
                • chart_name - Drill down chart name. type: str + more... + +
                  • +
                • id - Drill down chart ID. type: int required: true + more... + +
                  • +
                • status - Enable/disable this drill down chart. type: str choices: enable, disable + more... + +
                  • +
                +
              • favorite - Favorite. type: str choices: False, True + more... + +
                • +
              • graph_type - Graph type. type: str choices: none, bar, pie, line, flow + more... + +
                • +
              • legend - Enable/Disable Legend area. type: str choices: enable, disable + more... + +
                • +
              • legend_font_size - Font size of legend area. type: int + more... + +
                • +
              • name - Chart Widget Name type: str required: true + more... + +
                • +
              • period - Time period. type: str choices: last24h, last7d + more... + +
                • +
              • policy - Used by monitor policy. type: int + more... + +
                • +
              • style - Style. type: str choices: auto, manual + more... + +
                • +
              • title - Chart title. type: str + more... + +
                • +
              • title_font_size - Font size of chart title. type: int + more... + +
                • +
              • type - Chart type. type: str choices: graph, table + more... + +
                • +
              • value_series - Value series of pie chart. type: dict + more... + +
                • +
                  +
                • databind - Value series value expression. type: str + more... + +
                  • +
                +
              • x_series - X-series of chart. type: dict + more... + +
                • +
                  +
                • caption - X-series caption. type: str + more... + +
                  • +
                • caption_font_size - X-series caption font size. type: int + more... + +
                  • +
                • databind - X-series value expression. type: str + more... + +
                  • +
                • font_size - X-series label font size. type: int + more... + +
                  • +
                • is_category - X-series represent category or not. type: str choices: True, False + more... + +
                  • +
                • label_angle - X-series label angle. type: str choices: 45-degree, vertical, horizontal + more... + +
                  • +
                • scale_direction - Scale increase or decrease. type: str choices: decrease, increase + more... + +
                  • +
                • scale_format - Date/time format. type: str choices: YYYY-MM-DD-HH-MM, YYYY-MM-DD HH, YYYY-MM-DD, YYYY-MM, YYYY, HH-MM, MM-DD + more... + +
                  • +
                • scale_step - Scale step. type: int + more... + +
                  • +
                • scale_unit - Scale unit. type: str choices: minute, hour, day, month, year + more... + +
                  • +
                • unit - X-series unit. type: str + more... + +
                  • +
                +
              • y_series - Y-series of chart. type: dict + more... + +
                • +
                  +
                • caption - Y-series caption. type: str + more... + +
                  • +
                • caption_font_size - Y-series caption font size. type: int + more... + +
                  • +
                • databind - Y-series value expression. type: str + more... + +
                  • +
                • extra_databind - Extra Y-series value. type: str + more... + +
                  • +
                • extra_y - Allow another Y-series value type: str choices: enable, disable + more... + +
                  • +
                • extra_y_legend - Extra Y-series legend type/name. type: str + more... + +
                  • +
                • font_size - Y-series label font size. type: int + more... + +
                  • +
                • group - Y-series group option. type: str + more... + +
                  • +
                • label_angle - Y-series label angle. type: str choices: 45-degree, vertical, horizontal + more... + +
                  • +
                • unit - Y-series unit. type: str + more... + +
                  • +
                • y_legend - First Y-series legend type/name. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report chart widget configuration. + fortios_report_chart: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_chart: + background: "" + category: "misc" + category_series: + databind: "" + font_size: "7" + color_palette: "" + column: + - + detail_unit: "" + detail_value: "" + footer_unit: "" + footer_value: "" + header_value: "" + id: "15" + mapping: + - + displayname: "" + id: "18" + op: "none" + value_type: "integer" + value1: "" + value2: "" + comments: "" + dataset: "" + dimension: "2D" + drill_down_charts: + - + chart_name: "" + id: "28" + status: "enable" + favorite: "no" + graph_type: "none" + legend: "enable" + legend_font_size: "33" + name: "default_name_34" + period: "last24h" + policy: "36" + style: "auto" + title: "" + title_font_size: "39" + type: "graph" + value_series: + databind: "" + x_series: + caption: "" + caption_font_size: "45" + databind: "" + font_size: "47" + is_category: "yes" + label_angle: "45-degree" + scale_direction: "decrease" + scale_format: "YYYY-MM-DD-HH-MM" + scale_step: "52" + scale_unit: "minute" + unit: "" + y_series: + caption: "" + caption_font_size: "57" + databind: "" + extra_databind: "" + extra_y: "enable" + extra_y_legend: "" + font_size: "62" + group: "" + label_angle: "45-degree" + unit: "" + y_legend: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_report_dataset.rst b/gen/fortios_report_dataset.rst new file mode 100644 index 00000000..44624dba --- /dev/null +++ b/gen/fortios_report_dataset.rst @@ -0,0 +1,744 @@ +:source: fortios_report_dataset.py + +:orphan: + +.. fortios_report_dataset: + +fortios_report_dataset -- Report dataset configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and dataset category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_report_datasetyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • report_dataset - Report dataset configuration. type: dict + more... + +
              • +
                +
              • field - Fields. type: list member_path: field:id + more... + +
                • +
                  +
                • displayname - Display name. type: str + more... + +
                  • +
                • id - Field ID (1 to number of columns in SQL result). type: int required: true + more... + +
                  • +
                • name - Name. type: str + more... + +
                  • +
                • type - Field type. type: str choices: text, integer, double + more... + +
                  • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • parameters - Parameters. type: list member_path: parameters:id + more... + +
                • +
                  +
                • data_type - Data type. type: str choices: text, integer, double, long-integer, date-time + more... + +
                  • +
                • display_name - Display name. type: str + more... + +
                  • +
                • field - SQL field name. type: str + more... + +
                  • +
                • id - Parameter ID (1 to number of columns in SQL result). type: int required: true + more... + +
                  • +
                +
              • policy - Used by monitor policy. type: int + more... + +
                • +
              • query - SQL query statement. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report dataset configuration. + fortios_report_dataset: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_dataset: + field: + - + displayname: "" + id: "5" + name: "default_name_6" + type: "text" + name: "default_name_8" + parameters: + - + data_type: "text" + display_name: "" + field: "" + id: "13" + policy: "14" + query: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_report_layout.rst b/gen/fortios_report_layout.rst new file mode 100644 index 00000000..8b419143 --- /dev/null +++ b/gen/fortios_report_layout.rst @@ -0,0 +1,4192 @@ +:source: fortios_report_layout.py + +:orphan: + +.. fortios_report_layout: + +fortios_report_layout -- Report layout configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and layout category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_report_layoutyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • report_layout - Report layout configuration. type: dict + more... + +
              • +
                +
              • body_item - Configure report body item. type: list member_path: body_item:id + more... + +
                • +
                  +
                • chart - Report item chart name. type: str + more... + +
                  • +
                • chart_options - Report chart options. type: str choices: include-no-data, hide-title, show-caption + more... + +
                  • +
                • column - Report section column number. type: int + more... + +
                  • +
                • content - Report item text content. type: str + more... + +
                  • +
                • description - Description. type: str + more... + +
                  • +
                • drill_down_items - Control how drill down charts are shown. type: str + more... + +
                  • +
                • drill_down_types - Control whether keys from the parent being combined or not. type: str + more... + +
                  • +
                • hide - Enable/disable hide item in report. type: str choices: enable, disable + more... + +
                  • +
                • id - Report item ID. type: int required: true + more... + +
                  • +
                • img_src - Report item image file name. type: str + more... + +
                  • +
                • list - Configure report list item. type: list member_path: body_item:id/list:id + more... + +
                  • +
                    +
                  • content - List entry content. type: str + more... + +
                    • +
                  • id - List entry ID. type: int required: true + more... + +
                    • +
                  +
                • list_component - Report item list component. type: str choices: bullet, numbered + more... + +
                  • +
                • misc_component - Report item miscellaneous component. type: str choices: hline, page-break, column-break, section-start + more... + +
                  • +
                • parameters - Parameters. type: list member_path: body_item:id/parameters:id + more... + +
                  • +
                    +
                  • id - ID. type: int required: true + more... + +
                    • +
                  • name - Field name that match field of parameters defined in dataset. type: str + more... + +
                    • +
                  • value - Value to replace corresponding field of parameters defined in dataset. type: str + more... + +
                    • +
                  +
                • style - Report item style. type: str + more... + +
                  • +
                • table_caption_style - Table chart caption style. type: str + more... + +
                  • +
                • table_column_widths - Report item table column widths. type: str + more... + +
                  • +
                • table_even_row_style - Table chart even row style. type: str + more... + +
                  • +
                • table_head_style - Table chart head style. type: str + more... + +
                  • +
                • table_odd_row_style - Table chart odd row style. type: str + more... + +
                  • +
                • text_component - Report item text component. type: str choices: text, heading1, heading2, heading3 + more... + +
                  • +
                • title - Report section title. type: str + more... + +
                  • +
                • top_n - Value of top. type: int + more... + +
                  • +
                • type - Report item type. type: str choices: text, image, chart, misc + more... + +
                  • +
                +
              • cutoff_option - Cutoff-option is either run-time or custom. type: str choices: run-time, custom + more... + +
                • +
              • cutoff_time - Custom cutoff time to generate report (format = hh:mm). type: str + more... + +
                • +
              • day - Schedule days of week to generate report. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              • description - Description. type: str + more... + +
                • +
              • email_recipients - Email recipients for generated reports. type: str + more... + +
                • +
              • email_send - Enable/disable sending emails after reports are generated. type: str choices: enable, disable + more... + +
                • +
              • format - Report format. type: list choices: pdf + more... + +
                • +
              • max_pdf_report - Maximum number of PDF reports to keep at one time (oldest report is overwritten). type: int + more... + +
                • +
              • name - Report layout name. type: str required: true + more... + +
                • +
              • options - Report layout options. type: list choices: include-table-of-content, auto-numbering-heading, view-chart-as-heading, show-html-navbar-before-heading, dummy-option + more... + +
                • +
              • page - Configure report page. type: dict + more... + +
                • +
                  +
                • column_break_before - Report page auto column break before heading. type: list choices: heading1, heading2, heading3 + more... + +
                  • +
                • footer - Configure report page footer. type: dict + more... + +
                  • +
                    +
                  • footer_item - Configure report footer item. type: list member_path: page/footer/footer_item:id + more... + +
                    • +
                      +
                    • content - Report item text content. type: str + more... + +
                      • +
                    • description - Description. type: str + more... + +
                      • +
                    • id - Report item ID. type: int required: true + more... + +
                      • +
                    • img_src - Report item image file name. type: str + more... + +
                      • +
                    • style - Report item style. type: str + more... + +
                      • +
                    • type - Report item type. type: str choices: text, image + more... + +
                      • +
                    +
                  • style - Report footer style. type: str + more... + +
                    • +
                  +
                • header - Configure report page header. type: dict + more... + +
                  • +
                    +
                  • header_item - Configure report header item. type: list member_path: page/header/header_item:id + more... + +
                    • +
                      +
                    • content - Report item text content. type: str + more... + +
                      • +
                    • description - Description. type: str + more... + +
                      • +
                    • id - Report item ID. type: int required: true + more... + +
                      • +
                    • img_src - Report item image file name. type: str + more... + +
                      • +
                    • style - Report item style. type: str + more... + +
                      • +
                    • type - Report item type. type: str choices: text, image + more... + +
                      • +
                    +
                  • style - Report header style. type: str + more... + +
                    • +
                  +
                • options - Report page options. type: list choices: header-on-first-page, footer-on-first-page + more... + +
                  • +
                • page_break_before - Report page auto page break before heading. type: list choices: heading1, heading2, heading3 + more... + +
                  • +
                • paper - Report page paper. type: str choices: a4, letter + more... + +
                  • +
                +
              • schedule_type - Report schedule type. type: str choices: demand, daily, weekly + more... + +
                • +
              • style_theme - Report style theme. type: str + more... + +
                • +
              • subtitle - Report subtitle. type: str + more... + +
                • +
              • time - Schedule time to generate report (format = hh:mm). type: str + more... + +
                • +
              • title - Report title. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report layout configuration. + fortios_report_layout: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_layout: + body_item: + - + chart: "" + chart_options: "include-no-data" + column: "6" + content: "" + description: "" + drill_down_items: "" + drill_down_types: "" + hide: "enable" + id: "12" + img_src: "" + list: + - + content: "" + id: "16" + list_component: "bullet" + misc_component: "hline" + parameters: + - + id: "20" + name: "default_name_21" + value: "" + style: "" + table_caption_style: "" + table_column_widths: "" + table_even_row_style: "" + table_head_style: "" + table_odd_row_style: "" + text_component: "text" + title: "" + top_n: "31" + type: "text" + cutoff_option: "run-time" + cutoff_time: "" + day: "sunday" + description: "" + email_recipients: "" + email_send: "enable" + format: "pdf" + max_pdf_report: "40" + name: "default_name_41" + options: "include-table-of-content" + page: + column_break_before: "heading1" + footer: + footer_item: + - + content: "" + description: "" + id: "49" + img_src: "" + style: "" + type: "text" + style: "" + header: + header_item: + - + content: "" + description: "" + id: "58" + img_src: "" + style: "" + type: "text" + style: "" + options: "header-on-first-page" + page_break_before: "heading1" + paper: "a4" + schedule_type: "demand" + style_theme: "" + subtitle: "" + time: "" + title: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_report_setting.rst b/gen/fortios_report_setting.rst new file mode 100644 index 00000000..20fe1754 --- /dev/null +++ b/gen/fortios_report_setting.rst @@ -0,0 +1,576 @@ +:source: fortios_report_setting.py + +:orphan: + +.. fortios_report_setting: + +fortios_report_setting -- Report setting configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_report_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • report_setting - Report setting configuration. type: dict + more... + +
              • +
                +
              • fortiview - Enable/disable historical FortiView. type: str choices: enable, disable + more... + +
                • +
              • pdf_report - Enable/disable PDF report. type: str choices: enable, disable + more... + +
                • +
              • report_source - Report log source. type: list choices: forward-traffic, sniffer-traffic, local-deny-traffic + more... + +
                • +
              • top_n - Number of items to populate (1000 - 20000). type: int + more... + +
                • +
              • web_browsing_threshold - Web browsing time calculation threshold (3 - 15 min). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report setting configuration. + fortios_report_setting: + vdom: "{{ vdom }}" + report_setting: + fortiview: "enable" + pdf_report: "enable" + report_source: "forward-traffic" + top_n: "6" + web_browsing_threshold: "7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_report_style.rst b/gen/fortios_report_style.rst new file mode 100644 index 00000000..ecab273d --- /dev/null +++ b/gen/fortios_report_style.rst @@ -0,0 +1,1388 @@ +:source: fortios_report_style.py + +:orphan: + +.. fortios_report_style: + +fortios_report_style -- Report style configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and style category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_report_styleyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • report_style - Report style configuration. type: dict + more... + +
              • +
                +
              • align - Alignment. type: str choices: left, center, right, justify + more... + +
                • +
              • bg_color - Background color. type: str + more... + +
                • +
              • border_bottom - Border bottom. type: str + more... + +
                • +
              • border_left - Border left. type: str + more... + +
                • +
              • border_right - Border right. type: str + more... + +
                • +
              • border_top - Border top. type: str + more... + +
                • +
              • column_gap - Column gap. type: str + more... + +
                • +
              • column_span - Column span. type: str choices: none, all + more... + +
                • +
              • fg_color - Foreground color. type: str + more... + +
                • +
              • font_family - Font family. type: str choices: Verdana, Arial, Helvetica, Courier, Times + more... + +
                • +
              • font_size - Font size. type: str + more... + +
                • +
              • font_style - Font style. type: str choices: normal, italic + more... + +
                • +
              • font_weight - Font weight. type: str choices: normal, bold + more... + +
                • +
              • height - Height. type: str + more... + +
                • +
              • line_height - Text line height. type: str + more... + +
                • +
              • margin_bottom - Margin bottom. type: str + more... + +
                • +
              • margin_left - Margin left. type: str + more... + +
                • +
              • margin_right - Margin right. type: str + more... + +
                • +
              • margin_top - Margin top. type: str + more... + +
                • +
              • name - Report style name. type: str required: true + more... + +
                • +
              • options - Report style options. type: list choices: font, text, color, align, size, margin, border, padding, column + more... + +
                • +
              • padding_bottom - Padding bottom. type: str + more... + +
                • +
              • padding_left - Padding left. type: str + more... + +
                • +
              • padding_right - Padding right. type: str + more... + +
                • +
              • padding_top - Padding top. type: str + more... + +
                • +
              • width - Width. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report style configuration. + fortios_report_style: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_style: + align: "left" + bg_color: "" + border_bottom: "" + border_left: "" + border_right: "" + border_top: "" + column_gap: "" + column_span: "none" + fg_color: "" + font_family: "Verdana" + font_size: "" + font_style: "normal" + font_weight: "normal" + height: "" + line_height: "" + margin_bottom: "" + margin_left: "" + margin_right: "" + margin_top: "" + name: "default_name_22" + options: "font" + padding_bottom: "" + padding_left: "" + padding_right: "" + padding_top: "" + width: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_report_theme.rst b/gen/fortios_report_theme.rst new file mode 100644 index 00000000..bfa1a50f --- /dev/null +++ b/gen/fortios_report_theme.rst @@ -0,0 +1,1277 @@ +:source: fortios_report_theme.py + +:orphan: + +.. fortios_report_theme: + +fortios_report_theme -- Report themes configuratio in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and theme category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_report_themeyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • report_theme - Report themes configuration type: dict + more... + +
              • +
                +
              • bullet_list_style - Bullet list style. type: str + more... + +
                • +
              • column_count - Report page column count. type: str choices: 1, 2, 3 + more... + +
                • +
              • default_html_style - Default HTML report style. type: str + more... + +
                • +
              • default_pdf_style - Default PDF report style. type: str + more... + +
                • +
              • graph_chart_style - Graph chart style. type: str + more... + +
                • +
              • heading1_style - Report heading style. type: str + more... + +
                • +
              • heading2_style - Report heading style. type: str + more... + +
                • +
              • heading3_style - Report heading style. type: str + more... + +
                • +
              • heading4_style - Report heading style. type: str + more... + +
                • +
              • hline_style - Horizontal line style. type: str + more... + +
                • +
              • image_style - Image style. type: str + more... + +
                • +
              • name - Report theme name. type: str required: true + more... + +
                • +
              • normal_text_style - Normal text style. type: str + more... + +
                • +
              • numbered_list_style - Numbered list style. type: str + more... + +
                • +
              • page_footer_style - Report page footer style. type: str + more... + +
                • +
              • page_header_style - Report page header style. type: str + more... + +
                • +
              • page_orient - Report page orientation. type: str choices: portrait, landscape + more... + +
                • +
              • page_style - Report page style. type: str + more... + +
                • +
              • report_subtitle_style - Report subtitle style. type: str + more... + +
                • +
              • report_title_style - Report title style. type: str + more... + +
                • +
              • table_chart_caption_style - Table chart caption style. type: str + more... + +
                • +
              • table_chart_even_row_style - Table chart even row style. type: str + more... + +
                • +
              • table_chart_head_style - Table chart head row style. type: str + more... + +
                • +
              • table_chart_odd_row_style - Table chart odd row style. type: str + more... + +
                • +
              • table_chart_style - Table chart style. type: str + more... + +
                • +
              • toc_heading1_style - Table of contents heading style. type: str + more... + +
                • +
              • toc_heading2_style - Table of contents heading style. type: str + more... + +
                • +
              • toc_heading3_style - Table of contents heading style. type: str + more... + +
                • +
              • toc_heading4_style - Table of contents heading style. type: str + more... + +
                • +
              • toc_title_style - Table of contents title style. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report themes configuration + fortios_report_theme: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_theme: + bullet_list_style: "" + column_count: "1" + default_html_style: "" + default_pdf_style: "" + graph_chart_style: "" + heading1_style: "" + heading2_style: "" + heading3_style: "" + heading4_style: "" + hline_style: "" + image_style: "" + name: "default_name_14" + normal_text_style: "" + numbered_list_style: "" + page_footer_style: "" + page_header_style: "" + page_orient: "portrait" + page_style: "" + report_subtitle_style: "" + report_title_style: "" + table_chart_caption_style: "" + table_chart_even_row_style: "" + table_chart_head_style: "" + table_chart_odd_row_style: "" + table_chart_style: "" + toc_heading1_style: "" + toc_heading2_style: "" + toc_heading3_style: "" + toc_heading4_style: "" + toc_title_style: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_access_list.rst b/gen/fortios_router_access_list.rst new file mode 100644 index 00000000..5c7fe018 --- /dev/null +++ b/gen/fortios_router_access_list.rst @@ -0,0 +1,697 @@ +:source: fortios_router_access_list.py + +:orphan: + +.. fortios_router_access_list: + +fortios_router_access_list -- Configure access lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and access_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_access_listyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_access_list - Configure access lists. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • rule - Rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Permit or deny this IP address and netmask prefix. type: str choices: permit, deny + more... + +
                  • +
                • exact_match - Enable/disable exact match. type: str choices: enable, disable + more... + +
                  • +
                • flags - Flags. type: int + more... + +
                  • +
                • id - Rule ID. type: int required: true + more... + +
                  • +
                • prefix - IPv4 prefix to define regular filter criteria, such as "any" or subnets. type: str + more... + +
                  • +
                • wildcard - Wildcard to define Cisco-style wildcard filter criteria. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure access lists. + fortios_router_access_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_access_list: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + exact_match: "enable" + flags: "8" + id: "9" + prefix: "" + wildcard: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_access_list6.rst b/gen/fortios_router_access_list6.rst new file mode 100644 index 00000000..5c627420 --- /dev/null +++ b/gen/fortios_router_access_list6.rst @@ -0,0 +1,663 @@ +:source: fortios_router_access_list6.py + +:orphan: + +.. fortios_router_access_list6: + +fortios_router_access_list6 -- Configure IPv6 access lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and access_list6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_access_list6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_access_list6 - Configure IPv6 access lists. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • rule - Rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Permit or deny this IP address and netmask prefix. type: str choices: permit, deny + more... + +
                  • +
                • exact_match - Enable/disable exact prefix match. type: str choices: enable, disable + more... + +
                  • +
                • flags - Flags. type: int + more... + +
                  • +
                • id - Rule ID. type: int required: true + more... + +
                  • +
                • prefix6 - IPv6 prefix to define regular filter criteria, such as "any" or subnets. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 access lists. + fortios_router_access_list6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_access_list6: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + exact_match: "enable" + flags: "8" + id: "9" + prefix6: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_aspath_list.rst b/gen/fortios_router_aspath_list.rst new file mode 100644 index 00000000..42d1a979 --- /dev/null +++ b/gen/fortios_router_aspath_list.rst @@ -0,0 +1,487 @@ +:source: fortios_router_aspath_list.py + +:orphan: + +.. fortios_router_aspath_list: + +fortios_router_aspath_list -- Configure Autonomous System (AS) path lists in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and aspath_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_aspath_listyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_aspath_list - Configure Autonomous System (AS) path lists. type: dict + more... + +
              • +
                +
              • name - AS path list name. type: str required: true + more... + +
                • +
              • rule - AS path list rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Permit or deny route-based operations, based on the route"s AS_PATH attribute. type: str choices: deny, permit + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • regexp - Regular-expression to match the Border Gateway Protocol (BGP) AS paths. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Autonomous System (AS) path lists. + fortios_router_aspath_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_aspath_list: + name: "default_name_3" + rule: + - + action: "deny" + id: "6" + regexp: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_auth_path.rst b/gen/fortios_router_auth_path.rst new file mode 100644 index 00000000..c1873638 --- /dev/null +++ b/gen/fortios_router_auth_path.rst @@ -0,0 +1,354 @@ +:source: fortios_router_auth_path.py + +:orphan: + +.. fortios_router_auth_path: + +fortios_router_auth_path -- Configure authentication based routing in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and auth_path category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_auth_pathyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_auth_path - Configure authentication based routing. type: dict + more... + +
              • +
                +
              • device - Outgoing interface. Source system.interface.name. type: str + more... + +
                • +
              • gateway - Gateway IP address. type: str + more... + +
                • +
              • name - Name of the entry. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure authentication based routing. + fortios_router_auth_path: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_auth_path: + device: " (source system.interface.name)" + gateway: "" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_bfd.rst b/gen/fortios_router_bfd.rst new file mode 100644 index 00000000..d7d04362 --- /dev/null +++ b/gen/fortios_router_bfd.rst @@ -0,0 +1,354 @@ +:source: fortios_router_bfd.py + +:orphan: + +.. fortios_router_bfd: + +fortios_router_bfd -- Configure BFD in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bfd category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_bfdyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_bfd - Configure BFD. type: dict + more... + +
              • +
                +
              • neighbor - Neighbor. type: list member_path: neighbor:ip + more... + +
                • +
                  +
                • interface - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                • ip - IPv4 address of the BFD neighbor. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure BFD. + fortios_router_bfd: + vdom: "{{ vdom }}" + router_bfd: + neighbor: + - + interface: " (source system.interface.name)" + ip: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_bfd6.rst b/gen/fortios_router_bfd6.rst new file mode 100644 index 00000000..419ad7ce --- /dev/null +++ b/gen/fortios_router_bfd6.rst @@ -0,0 +1,354 @@ +:source: fortios_router_bfd6.py + +:orphan: + +.. fortios_router_bfd6: + +fortios_router_bfd6 -- Configure IPv6 BFD in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bfd6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_bfd6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_bfd6 - Configure IPv6 BFD. type: dict + more... + +
              • +
                +
              • neighbor - Configure neighbor of IPv6 BFD. type: list + more... + +
                • +
                  +
                • interface - Interface to the BFD neighbor. Source system.interface.name. type: str + more... + +
                  • +
                • ip6_address - IPv6 address of the BFD neighbor. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 BFD. + fortios_router_bfd6: + vdom: "{{ vdom }}" + router_bfd6: + neighbor: + - + interface: " (source system.interface.name)" + ip6_address: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_bgp.rst b/gen/fortios_router_bgp.rst new file mode 100644 index 00000000..b4265fbb --- /dev/null +++ b/gen/fortios_router_bgp.rst @@ -0,0 +1,18904 @@ +:source: fortios_router_bgp.py + +:orphan: + +.. fortios_router_bgp: + +fortios_router_bgp -- Configure BGP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bgp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_bgpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_bgp - Configure BGP. type: dict + more... + +
              • +
                +
              • additional_path - Enable/disable selection of BGP IPv4 additional paths. type: str choices: enable, disable + more... + +
                • +
              • additional_path_select - Number of additional paths to be selected for each IPv4 NLRI. type: int + more... + +
                • +
              • additional_path_select6 - Number of additional paths to be selected for each IPv6 NLRI. type: int + more... + +
                • +
              • additional_path6 - Enable/disable selection of BGP IPv6 additional paths. type: str choices: enable, disable + more... + +
                • +
              • admin_distance - Administrative distance modifications. type: list member_path: admin_distance:id + more... + +
                • +
                  +
                • distance - Administrative distance to apply (1 - 255). type: int + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • neighbour_prefix - Neighbor address prefix. type: str + more... + +
                  • +
                • route_list - Access list of routes to apply new distance to. Source router.access-list.name. type: str + more... + +
                  • +
                +
              • aggregate_address - BGP aggregate address table. type: list member_path: aggregate_address:id + more... + +
                • +
                  +
                • as_set - Enable/disable generate AS set path information. type: str choices: enable, disable + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • prefix - Aggregate prefix. type: str + more... + +
                  • +
                • summary_only - Enable/disable filter more specific routes from updates. type: str choices: enable, disable + more... + +
                  • +
                +
              • aggregate_address6 - BGP IPv6 aggregate address table. type: list member_path: aggregate_address6:id + more... + +
                • +
                  +
                • as_set - Enable/disable generate AS set path information. type: str choices: enable, disable + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • prefix6 - Aggregate IPv6 prefix. type: str + more... + +
                  • +
                • summary_only - Enable/disable filter more specific routes from updates. type: str choices: enable, disable + more... + +
                  • +
                +
              • always_compare_med - Enable/disable always compare MED. type: str choices: enable, disable + more... + +
                • +
              • as - Router AS number, valid from 1 to 4294967295, 0 to disable BGP. type: int + more... + +
                • +
              • bestpath_as_path_ignore - Enable/disable ignore AS path. type: str choices: enable, disable + more... + +
                • +
              • bestpath_cmp_confed_aspath - Enable/disable compare federation AS path length. type: str choices: enable, disable + more... + +
                • +
              • bestpath_cmp_routerid - Enable/disable compare router ID for identical EBGP paths. type: str choices: enable, disable + more... + +
                • +
              • bestpath_med_confed - Enable/disable compare MED among confederation paths. type: str choices: enable, disable + more... + +
                • +
              • bestpath_med_missing_as_worst - Enable/disable treat missing MED as least preferred. type: str choices: enable, disable + more... + +
                • +
              • client_to_client_reflection - Enable/disable client-to-client route reflection. type: str choices: enable, disable + more... + +
                • +
              • cluster_id - Route reflector cluster ID. type: str + more... + +
                • +
              • confederation_identifier - Confederation identifier. type: int + more... + +
                • +
              • confederation_peers - Confederation peers. type: list member_path: confederation_peers:peer + more... + +
                • +
                  +
                • peer - Peer ID. type: str required: true + more... + +
                  • +
                +
              • dampening - Enable/disable route-flap dampening. type: str choices: enable, disable + more... + +
                • +
              • dampening_max_suppress_time - Maximum minutes a route can be suppressed. type: int + more... + +
                • +
              • dampening_reachability_half_life - Reachability half-life time for penalty (min). type: int + more... + +
                • +
              • dampening_reuse - Threshold to reuse routes. type: int + more... + +
                • +
              • dampening_route_map - Criteria for dampening. Source router.route-map.name. type: str + more... + +
                • +
              • dampening_suppress - Threshold to suppress routes. type: int + more... + +
                • +
              • dampening_unreachability_half_life - Unreachability half-life time for penalty (min). type: int + more... + +
                • +
              • default_local_preference - Default local preference. type: int + more... + +
                • +
              • deterministic_med - Enable/disable enforce deterministic comparison of MED. type: str choices: enable, disable + more... + +
                • +
              • distance_external - Distance for routes external to the AS. type: int + more... + +
                • +
              • distance_internal - Distance for routes internal to the AS. type: int + more... + +
                • +
              • distance_local - Distance for routes local to the AS. type: int + more... + +
                • +
              • ebgp_multipath - Enable/disable EBGP multi-path. type: str choices: enable, disable + more... + +
                • +
              • enforce_first_as - Enable/disable enforce first AS for EBGP routes. type: str choices: enable, disable + more... + +
                • +
              • fast_external_failover - Enable/disable reset peer BGP session if link goes down. type: str choices: enable, disable + more... + +
                • +
              • graceful_end_on_timer - Enable/disable to exit graceful restart on timer only. type: str choices: enable, disable + more... + +
                • +
              • graceful_restart - Enable/disable BGP graceful restart capabilities. type: str choices: enable, disable + more... + +
                • +
              • graceful_restart_time - Time needed for neighbors to restart (sec). type: int + more... + +
                • +
              • graceful_stalepath_time - Time to hold stale paths of restarting neighbor (sec). type: int + more... + +
                • +
              • graceful_update_delay - Route advertisement/selection delay after restart (sec). type: int + more... + +
                • +
              • holdtime_timer - Number of seconds to mark peer as dead. type: int + more... + +
                • +
              • ibgp_multipath - Enable/disable IBGP multi-path. type: str choices: enable, disable + more... + +
                • +
              • ignore_optional_capability - Do not send unknown optional capability notification message. type: str choices: enable, disable + more... + +
                • +
              • keepalive_timer - Frequency to send keep alive requests. type: int + more... + +
                • +
              • log_neighbour_changes - Log BGP neighbor changes. type: str choices: enable, disable + more... + +
                • +
              • multipath_recursive_distance - Enable/disable use of recursive distance to select multipath. type: str choices: enable, disable + more... + +
                • +
              • neighbor - BGP neighbor table. type: list member_path: neighbor:ip + more... + +
                • +
                  +
                • activate - Enable/disable address family IPv4 for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • activate6 - Enable/disable address family IPv6 for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • additional_path - Enable/disable IPv4 additional-path capability. type: str choices: send, receive, both, disable + more... + +
                  • +
                • additional_path6 - Enable/disable IPv6 additional-path capability. type: str choices: send, receive, both, disable + more... + +
                  • +
                • adv_additional_path - Number of IPv4 additional paths that can be advertised to this neighbor. type: int + more... + +
                  • +
                • adv_additional_path6 - Number of IPv6 additional paths that can be advertised to this neighbor. type: int + more... + +
                  • +
                • advertisement_interval - Minimum interval (sec) between sending updates. type: int + more... + +
                  • +
                • allowas_in - IPv4 The maximum number of occurrence of my AS number allowed. type: int + more... + +
                  • +
                • allowas_in_enable - Enable/disable IPv4 Enable to allow my AS in AS path. type: str choices: enable, disable + more... + +
                  • +
                • allowas_in_enable6 - Enable/disable IPv6 Enable to allow my AS in AS path. type: str choices: enable, disable + more... + +
                  • +
                • allowas_in6 - IPv6 The maximum number of occurrence of my AS number allowed. type: int + more... + +
                  • +
                • as_override - Enable/disable replace peer AS with own AS for IPv4. type: str choices: enable, disable + more... + +
                  • +
                • as_override6 - Enable/disable replace peer AS with own AS for IPv6. type: str choices: enable, disable + more... + +
                  • +
                • attribute_unchanged - IPv4 List of attributes that should be unchanged. type: list choices: as-path, med, next-hop + more... + +
                  • +
                • attribute_unchanged6 - IPv6 List of attributes that should be unchanged. type: list choices: as-path, med, next-hop + more... + +
                  • +
                • bfd - Enable/disable BFD for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_default_originate - Enable/disable advertise default IPv4 route to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_default_originate6 - Enable/disable advertise default IPv6 route to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_dynamic - Enable/disable advertise dynamic capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_graceful_restart - Enable/disable advertise IPv4 graceful restart capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_graceful_restart6 - Enable/disable advertise IPv6 graceful restart capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_orf - Accept/Send IPv4 ORF lists to/from this neighbor. type: str choices: none, receive, send, both + more... + +
                  • +
                • capability_orf6 - Accept/Send IPv6 ORF lists to/from this neighbor. type: str choices: none, receive, send, both + more... + +
                  • +
                • capability_route_refresh - Enable/disable advertise route refresh capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • conditional_advertise - Conditional advertisement. type: list + more... + +
                  • +
                    +
                  • advertise_routemap - Name of advertising route map. Source router.route-map.name. type: str + more... + +
                    • +
                  • condition_routemap - List of conditional route maps. Source router.route-map.name. type: str + more... + +
                    • +
                  • condition_type - Type of condition. type: str choices: exist, non-exist + more... + +
                    • +
                  +
                • conditional_advertise6 - IPv6 conditional advertisement. type: list + more... + +
                  • +
                    +
                  • advertise_routemap - Name of advertising route map. Source router.route-map.name. type: str + more... + +
                    • +
                  • condition_routemap - List of conditional route maps. Source router.route-map.name. type: str + more... + +
                    • +
                  • condition_type - Type of condition. type: str choices: exist, non-exist + more... + +
                    • +
                  +
                • connect_timer - Interval (sec) for connect timer. type: int + more... + +
                  • +
                • default_originate_routemap - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. type: str + more... + +
                  • +
                • default_originate_routemap6 - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. type: str + more... + +
                  • +
                • description - Description. type: str + more... + +
                  • +
                • distribute_list_in - Filter for IPv4 updates from this neighbor. Source router.access-list.name. type: str + more... + +
                  • +
                • distribute_list_in6 - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. type: str + more... + +
                  • +
                • distribute_list_out - Filter for IPv4 updates to this neighbor. Source router.access-list.name. type: str + more... + +
                  • +
                • distribute_list_out6 - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. type: str + more... + +
                  • +
                • dont_capability_negotiate - Do not negotiate capabilities with this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • ebgp_enforce_multihop - Enable/disable allow multi-hop EBGP neighbors. type: str choices: enable, disable + more... + +
                  • +
                • ebgp_multihop_ttl - EBGP multihop TTL for this peer. type: int + more... + +
                  • +
                • filter_list_in - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • filter_list_in6 - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • filter_list_out - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • filter_list_out6 - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • holdtime_timer - Interval (sec) before peer considered dead. type: int + more... + +
                  • +
                • interface - Specify outgoing interface for peer connection. For IPv6 peer, the interface should have link-local address. Source system .interface.name. type: str + more... + +
                  • +
                • ip - IP/IPv6 address of neighbor. type: str required: true + more... + +
                  • +
                • keep_alive_timer - Keep alive timer interval (sec). type: int + more... + +
                  • +
                • link_down_failover - Enable/disable failover upon link down. type: str choices: enable, disable + more... + +
                  • +
                • local_as - Local AS number of neighbor. type: int + more... + +
                  • +
                • local_as_no_prepend - Do not prepend local-as to incoming updates. type: str choices: enable, disable + more... + +
                  • +
                • local_as_replace_as - Replace real AS with local-as in outgoing updates. type: str choices: enable, disable + more... + +
                  • +
                • maximum_prefix - Maximum number of IPv4 prefixes to accept from this peer. type: int + more... + +
                  • +
                • maximum_prefix_threshold - Maximum IPv4 prefix threshold value (1 - 100 percent). type: int + more... + +
                  • +
                • maximum_prefix_threshold6 - Maximum IPv6 prefix threshold value (1 - 100 percent). type: int + more... + +
                  • +
                • maximum_prefix_warning_only - Enable/disable IPv4 Only give warning message when limit is exceeded. type: str choices: enable, disable + more... + +
                  • +
                • maximum_prefix_warning_only6 - Enable/disable IPv6 Only give warning message when limit is exceeded. type: str choices: enable, disable + more... + +
                  • +
                • maximum_prefix6 - Maximum number of IPv6 prefixes to accept from this peer. type: int + more... + +
                  • +
                • next_hop_self - Enable/disable IPv4 next-hop calculation for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • next_hop_self_rr - Enable/disable setting nexthop"s address to interface"s IPv4 address for route-reflector routes. type: str choices: enable, disable + more... + +
                  • +
                • next_hop_self_rr6 - Enable/disable setting nexthop"s address to interface"s IPv6 address for route-reflector routes. type: str choices: enable, disable + more... + +
                  • +
                • next_hop_self6 - Enable/disable IPv6 next-hop calculation for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • override_capability - Enable/disable override result of capability negotiation. type: str choices: enable, disable + more... + +
                  • +
                • passive - Enable/disable sending of open messages to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • password - Password used in MD5 authentication. type: str + more... + +
                  • +
                • prefix_list_in - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. type: str + more... + +
                  • +
                • prefix_list_in6 - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. type: str + more... + +
                  • +
                • prefix_list_out - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. type: str + more... + +
                  • +
                • prefix_list_out6 - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. type: str + more... + +
                  • +
                • remote_as - AS number of neighbor. type: int + more... + +
                  • +
                • remove_private_as - Enable/disable remove private AS number from IPv4 outbound updates. type: str choices: enable, disable + more... + +
                  • +
                • remove_private_as6 - Enable/disable remove private AS number from IPv6 outbound updates. type: str choices: enable, disable + more... + +
                  • +
                • restart_time - Graceful restart delay time (sec, 0 = global default). type: int + more... + +
                  • +
                • retain_stale_time - Time to retain stale routes. type: int + more... + +
                  • +
                • route_map_in - IPv4 Inbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_in6 - IPv6 Inbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out - IPv4 outbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out_preferable - IPv4 outbound route map filter if the peer is preferred. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out6 - IPv6 Outbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out6_preferable - IPv6 outbound route map filter if the peer is preferred. Source router.route-map.name. type: str + more... + +
                  • +
                • route_reflector_client - Enable/disable IPv4 AS route reflector client. type: str choices: enable, disable + more... + +
                  • +
                • route_reflector_client6 - Enable/disable IPv6 AS route reflector client. type: str choices: enable, disable + more... + +
                  • +
                • route_server_client - Enable/disable IPv4 AS route server client. type: str choices: enable, disable + more... + +
                  • +
                • route_server_client6 - Enable/disable IPv6 AS route server client. type: str choices: enable, disable + more... + +
                  • +
                • send_community - IPv4 Send community attribute to neighbor. type: str choices: standard, extended, both, disable + more... + +
                  • +
                • send_community6 - IPv6 Send community attribute to neighbor. type: str choices: standard, extended, both, disable + more... + +
                  • +
                • shutdown - Enable/disable shutdown this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • soft_reconfiguration - Enable/disable allow IPv4 inbound soft reconfiguration. type: str choices: enable, disable + more... + +
                  • +
                • soft_reconfiguration6 - Enable/disable allow IPv6 inbound soft reconfiguration. type: str choices: enable, disable + more... + +
                  • +
                • stale_route - Enable/disable stale route after neighbor down. type: str choices: enable, disable + more... + +
                  • +
                • strict_capability_match - Enable/disable strict capability matching. type: str choices: enable, disable + more... + +
                  • +
                • unsuppress_map - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str + more... + +
                  • +
                • unsuppress_map6 - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str + more... + +
                  • +
                • update_source - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. type: str + more... + +
                  • +
                • weight - Neighbor weight. type: int + more... + +
                  • +
                +
              • neighbor_group - BGP neighbor group table. type: list member_path: neighbor_group:name + more... + +
                • +
                  +
                • activate - Enable/disable address family IPv4 for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • activate6 - Enable/disable address family IPv6 for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • additional_path - Enable/disable IPv4 additional-path capability. type: str choices: send, receive, both, disable + more... + +
                  • +
                • additional_path6 - Enable/disable IPv6 additional-path capability. type: str choices: send, receive, both, disable + more... + +
                  • +
                • adv_additional_path - Number of IPv4 additional paths that can be advertised to this neighbor. type: int + more... + +
                  • +
                • adv_additional_path6 - Number of IPv6 additional paths that can be advertised to this neighbor. type: int + more... + +
                  • +
                • advertisement_interval - Minimum interval (sec) between sending updates. type: int + more... + +
                  • +
                • allowas_in - IPv4 The maximum number of occurrence of my AS number allowed. type: int + more... + +
                  • +
                • allowas_in_enable - Enable/disable IPv4 Enable to allow my AS in AS path. type: str choices: enable, disable + more... + +
                  • +
                • allowas_in_enable6 - Enable/disable IPv6 Enable to allow my AS in AS path. type: str choices: enable, disable + more... + +
                  • +
                • allowas_in6 - IPv6 The maximum number of occurrence of my AS number allowed. type: int + more... + +
                  • +
                • as_override - Enable/disable replace peer AS with own AS for IPv4. type: str choices: enable, disable + more... + +
                  • +
                • as_override6 - Enable/disable replace peer AS with own AS for IPv6. type: str choices: enable, disable + more... + +
                  • +
                • attribute_unchanged - IPv4 List of attributes that should be unchanged. type: str choices: as-path, med, next-hop + more... + +
                  • +
                • attribute_unchanged6 - IPv6 List of attributes that should be unchanged. type: str choices: as-path, med, next-hop + more... + +
                  • +
                • bfd - Enable/disable BFD for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_default_originate - Enable/disable advertise default IPv4 route to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_default_originate6 - Enable/disable advertise default IPv6 route to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_dynamic - Enable/disable advertise dynamic capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_graceful_restart - Enable/disable advertise IPv4 graceful restart capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_graceful_restart6 - Enable/disable advertise IPv6 graceful restart capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • capability_orf - Accept/Send IPv4 ORF lists to/from this neighbor. type: str choices: none, receive, send, both + more... + +
                  • +
                • capability_orf6 - Accept/Send IPv6 ORF lists to/from this neighbor. type: str choices: none, receive, send, both + more... + +
                  • +
                • capability_route_refresh - Enable/disable advertise route refresh capability to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • connect_timer - Interval (sec) for connect timer. type: int + more... + +
                  • +
                • default_originate_routemap - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. type: str + more... + +
                  • +
                • default_originate_routemap6 - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. type: str + more... + +
                  • +
                • description - Description. type: str + more... + +
                  • +
                • distribute_list_in - Filter for IPv4 updates from this neighbor. Source router.access-list.name. type: str + more... + +
                  • +
                • distribute_list_in6 - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. type: str + more... + +
                  • +
                • distribute_list_out - Filter for IPv4 updates to this neighbor. Source router.access-list.name. type: str + more... + +
                  • +
                • distribute_list_out6 - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. type: str + more... + +
                  • +
                • dont_capability_negotiate - Do not negotiate capabilities with this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • ebgp_enforce_multihop - Enable/disable allow multi-hop EBGP neighbors. type: str choices: enable, disable + more... + +
                  • +
                • ebgp_multihop_ttl - EBGP multihop TTL for this peer. type: int + more... + +
                  • +
                • filter_list_in - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • filter_list_in6 - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • filter_list_out - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • filter_list_out6 - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. type: str + more... + +
                  • +
                • holdtime_timer - Interval (sec) before peer considered dead. type: int + more... + +
                  • +
                • interface - Specify outgoing interface for peer connection. For IPv6 peer, the interface should have link-local address. Source system .interface.name. type: str + more... + +
                  • +
                • keep_alive_timer - Keep alive timer interval (sec). type: int + more... + +
                  • +
                • link_down_failover - Enable/disable failover upon link down. type: str choices: enable, disable + more... + +
                  • +
                • local_as - Local AS number of neighbor. type: int + more... + +
                  • +
                • local_as_no_prepend - Do not prepend local-as to incoming updates. type: str choices: enable, disable + more... + +
                  • +
                • local_as_replace_as - Replace real AS with local-as in outgoing updates. type: str choices: enable, disable + more... + +
                  • +
                • maximum_prefix - Maximum number of IPv4 prefixes to accept from this peer. type: int + more... + +
                  • +
                • maximum_prefix_threshold - Maximum IPv4 prefix threshold value (1 - 100 percent). type: int + more... + +
                  • +
                • maximum_prefix_threshold6 - Maximum IPv6 prefix threshold value (1 - 100 percent). type: int + more... + +
                  • +
                • maximum_prefix_warning_only - Enable/disable IPv4 Only give warning message when limit is exceeded. type: str choices: enable, disable + more... + +
                  • +
                • maximum_prefix_warning_only6 - Enable/disable IPv6 Only give warning message when limit is exceeded. type: str choices: enable, disable + more... + +
                  • +
                • maximum_prefix6 - Maximum number of IPv6 prefixes to accept from this peer. type: int + more... + +
                  • +
                • name - Neighbor group name. type: str required: true + more... + +
                  • +
                • next_hop_self - Enable/disable IPv4 next-hop calculation for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • next_hop_self_rr - Enable/disable setting nexthop"s address to interface"s IPv4 address for route-reflector routes. type: str choices: enable, disable + more... + +
                  • +
                • next_hop_self_rr6 - Enable/disable setting nexthop"s address to interface"s IPv6 address for route-reflector routes. type: str choices: enable, disable + more... + +
                  • +
                • next_hop_self6 - Enable/disable IPv6 next-hop calculation for this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • override_capability - Enable/disable override result of capability negotiation. type: str choices: enable, disable + more... + +
                  • +
                • passive - Enable/disable sending of open messages to this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • prefix_list_in - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. type: str + more... + +
                  • +
                • prefix_list_in6 - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. type: str + more... + +
                  • +
                • prefix_list_out - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. type: str + more... + +
                  • +
                • prefix_list_out6 - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. type: str + more... + +
                  • +
                • remote_as - AS number of neighbor. type: int + more... + +
                  • +
                • remove_private_as - Enable/disable remove private AS number from IPv4 outbound updates. type: str choices: enable, disable + more... + +
                  • +
                • remove_private_as6 - Enable/disable remove private AS number from IPv6 outbound updates. type: str choices: enable, disable + more... + +
                  • +
                • restart_time - Graceful restart delay time (sec, 0 = global default). type: int + more... + +
                  • +
                • retain_stale_time - Time to retain stale routes. type: int + more... + +
                  • +
                • route_map_in - IPv4 Inbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_in6 - IPv6 Inbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out - IPv4 outbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out_preferable - IPv4 outbound route map filter if the peer is preferred. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out6 - IPv6 Outbound route map filter. Source router.route-map.name. type: str + more... + +
                  • +
                • route_map_out6_preferable - IPv6 outbound route map filter if the peer is preferred. Source router.route-map.name. type: str + more... + +
                  • +
                • route_reflector_client - Enable/disable IPv4 AS route reflector client. type: str choices: enable, disable + more... + +
                  • +
                • route_reflector_client6 - Enable/disable IPv6 AS route reflector client. type: str choices: enable, disable + more... + +
                  • +
                • route_server_client - Enable/disable IPv4 AS route server client. type: str choices: enable, disable + more... + +
                  • +
                • route_server_client6 - Enable/disable IPv6 AS route server client. type: str choices: enable, disable + more... + +
                  • +
                • send_community - IPv4 Send community attribute to neighbor. type: str choices: standard, extended, both, disable + more... + +
                  • +
                • send_community6 - IPv6 Send community attribute to neighbor. type: str choices: standard, extended, both, disable + more... + +
                  • +
                • shutdown - Enable/disable shutdown this neighbor. type: str choices: enable, disable + more... + +
                  • +
                • soft_reconfiguration - Enable/disable allow IPv4 inbound soft reconfiguration. type: str choices: enable, disable + more... + +
                  • +
                • soft_reconfiguration6 - Enable/disable allow IPv6 inbound soft reconfiguration. type: str choices: enable, disable + more... + +
                  • +
                • stale_route - Enable/disable stale route after neighbor down. type: str choices: enable, disable + more... + +
                  • +
                • strict_capability_match - Enable/disable strict capability matching. type: str choices: enable, disable + more... + +
                  • +
                • unsuppress_map - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str + more... + +
                  • +
                • unsuppress_map6 - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str + more... + +
                  • +
                • update_source - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. type: str + more... + +
                  • +
                • weight - Neighbor weight. type: int + more... + +
                  • +
                +
              • neighbor_range - BGP neighbor range table. type: list member_path: neighbor_range:id + more... + +
                • +
                  +
                • id - Neighbor range ID. type: int required: true + more... + +
                  • +
                • max_neighbor_num - Maximum number of neighbors. type: int + more... + +
                  • +
                • neighbor_group - Neighbor group name. Source router.bgp.neighbor-group.name. type: str + more... + +
                  • +
                • prefix - Neighbor range prefix. type: str + more... + +
                  • +
                +
              • neighbor_range6 - BGP IPv6 neighbor range table. type: list member_path: neighbor_range6:id + more... + +
                • +
                  +
                • id - IPv6 neighbor range ID. type: int required: true + more... + +
                  • +
                • max_neighbor_num - Maximum number of neighbors. type: int + more... + +
                  • +
                • neighbor_group - Neighbor group name. Source router.bgp.neighbor-group.name. type: str + more... + +
                  • +
                • prefix6 - IPv6 prefix. type: str + more... + +
                  • +
                +
              • network - BGP network table. type: list member_path: network:id + more... + +
                • +
                  +
                • backdoor - Enable/disable route as backdoor. type: str choices: enable, disable + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • network_import_check - Configure insurance of BGP network route existence in IGP. type: str choices: global, enable, disable + more... + +
                  • +
                • prefix - Network prefix. type: str + more... + +
                  • +
                • route_map - Route map to modify generated route. Source router.route-map.name. type: str + more... + +
                  • +
                +
              • network_import_check - Enable/disable ensure BGP network route exists in IGP. type: str choices: enable, disable + more... + +
                • +
              • network6 - BGP IPv6 network table. type: list member_path: network6:id + more... + +
                • +
                  +
                • backdoor - Enable/disable route as backdoor. type: str choices: enable, disable + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • network_import_check - Configure insurance of BGP network route existence in IGP. type: str choices: global, enable, disable + more... + +
                  • +
                • prefix6 - Network IPv6 prefix. type: str + more... + +
                  • +
                • route_map - Route map to modify generated route. Source router.route-map.name. type: str + more... + +
                  • +
                +
              • recursive_next_hop - Enable/disable recursive resolution of next-hop using BGP route. type: str choices: enable, disable + more... + +
                • +
              • redistribute - BGP IPv4 redistribute table. type: list member_path: redistribute:name + more... + +
                • +
                  +
                • name - Distribute list entry name. type: str required: true + more... + +
                  • +
                • route_map - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • redistribute6 - BGP IPv6 redistribute table. type: list member_path: redistribute6:name + more... + +
                • +
                  +
                • name - Distribute list entry name. type: str required: true + more... + +
                  • +
                • route_map - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • router_id - Router ID. type: str + more... + +
                • +
              • scan_time - Background scanner interval (sec), 0 to disable it. type: int + more... + +
                • +
              • synchronization - Enable/disable only advertise routes from iBGP if routes present in an IGP. type: str choices: enable, disable + more... + +
                • +
              • tag_resolve_mode - Configure tag-match mode. Resolves BGP routes with other routes containing the same tag. type: str choices: disable, preferred, merge + more... + +
                • +
              • vrf_leak - BGP VRF leaking table. type: list member_path: vrf_leak:vrf + more... + +
                • +
                  +
                • target - Target VRF table. type: list member_path: vrf_leak:vrf/target:vrf + more... + +
                  • +
                    +
                  • interface - Interface which is used to leak routes to target VRF. Source system.interface.name. type: str + more... + +
                    • +
                  • route_map - Route map of VRF leaking. Source router.route-map.name. type: str + more... + +
                    • +
                  • vrf - Target VRF ID (0 - 31). type: str required: true + more... + +
                    • +
                  +
                • vrf - Origin VRF ID (0 - 31). type: str required: true + more... + +
                  • +
                +
              • vrf_leak6 - BGP IPv6 VRF leaking table. type: list member_path: vrf_leak6:vrf + more... + +
                • +
                  +
                • target - Target VRF table. type: list member_path: vrf_leak6:vrf/target:vrf + more... + +
                  • +
                    +
                  • interface - Interface which is used to leak routes to target VRF. Source system.interface.name. type: str + more... + +
                    • +
                  • route_map - Route map of VRF leaking. Source router.route-map.name. type: str + more... + +
                    • +
                  • vrf - Target VRF ID (0 - 31). type: str required: true + more... + +
                    • +
                  +
                • vrf - Origin VRF ID (0 - 31). type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure BGP. + fortios_router_bgp: + vdom: "{{ vdom }}" + router_bgp: + additional_path: "enable" + additional_path_select: "4" + additional_path_select6: "5" + additional_path6: "enable" + admin_distance: + - + distance: "8" + id: "9" + neighbour_prefix: "" + route_list: " (source router.access-list.name)" + aggregate_address: + - + as_set: "enable" + id: "14" + prefix: "" + summary_only: "enable" + aggregate_address6: + - + as_set: "enable" + id: "19" + prefix6: "" + summary_only: "enable" + always_compare_med: "enable" + as: "23" + bestpath_as_path_ignore: "enable" + bestpath_cmp_confed_aspath: "enable" + bestpath_cmp_routerid: "enable" + bestpath_med_confed: "enable" + bestpath_med_missing_as_worst: "enable" + client_to_client_reflection: "enable" + cluster_id: "" + confederation_identifier: "31" + confederation_peers: + - + peer: "" + dampening: "enable" + dampening_max_suppress_time: "35" + dampening_reachability_half_life: "36" + dampening_reuse: "37" + dampening_route_map: " (source router.route-map.name)" + dampening_suppress: "39" + dampening_unreachability_half_life: "40" + default_local_preference: "41" + deterministic_med: "enable" + distance_external: "43" + distance_internal: "44" + distance_local: "45" + ebgp_multipath: "enable" + enforce_first_as: "enable" + fast_external_failover: "enable" + graceful_end_on_timer: "enable" + graceful_restart: "enable" + graceful_restart_time: "51" + graceful_stalepath_time: "52" + graceful_update_delay: "53" + holdtime_timer: "54" + ibgp_multipath: "enable" + ignore_optional_capability: "enable" + keepalive_timer: "57" + log_neighbour_changes: "enable" + multipath_recursive_distance: "enable" + neighbor: + - + activate: "enable" + activate6: "enable" + additional_path: "send" + additional_path6: "send" + adv_additional_path: "65" + adv_additional_path6: "66" + advertisement_interval: "67" + allowas_in: "68" + allowas_in_enable: "enable" + allowas_in_enable6: "enable" + allowas_in6: "71" + as_override: "enable" + as_override6: "enable" + attribute_unchanged: "as-path" + attribute_unchanged6: "as-path" + bfd: "enable" + capability_default_originate: "enable" + capability_default_originate6: "enable" + capability_dynamic: "enable" + capability_graceful_restart: "enable" + capability_graceful_restart6: "enable" + capability_orf: "none" + capability_orf6: "none" + capability_route_refresh: "enable" + conditional_advertise: + - + advertise_routemap: " (source router.route-map.name)" + condition_routemap: + - + name: "default_name_88 (source router.route-map.name)" + condition_type: "exist" + conditional_advertise6: + - + advertise_routemap: " (source router.route-map.name)" + condition_routemap: + - + name: "default_name_93 (source router.route-map.name)" + condition_type: "exist" + connect_timer: "95" + default_originate_routemap: " (source router.route-map.name)" + default_originate_routemap6: " (source router.route-map.name)" + description: "" + distribute_list_in: " (source router.access-list.name)" + distribute_list_in6: " (source router.access-list6.name)" + distribute_list_out: " (source router.access-list.name)" + distribute_list_out6: " (source router.access-list6.name)" + dont_capability_negotiate: "enable" + ebgp_enforce_multihop: "enable" + ebgp_multihop_ttl: "105" + filter_list_in: " (source router.aspath-list.name)" + filter_list_in6: " (source router.aspath-list.name)" + filter_list_out: " (source router.aspath-list.name)" + filter_list_out6: " (source router.aspath-list.name)" + holdtime_timer: "110" + interface: " (source system.interface.name)" + ip: "" + keep_alive_timer: "113" + link_down_failover: "enable" + local_as: "115" + local_as_no_prepend: "enable" + local_as_replace_as: "enable" + maximum_prefix: "118" + maximum_prefix_threshold: "119" + maximum_prefix_threshold6: "120" + maximum_prefix_warning_only: "enable" + maximum_prefix_warning_only6: "enable" + maximum_prefix6: "123" + next_hop_self: "enable" + next_hop_self_rr: "enable" + next_hop_self_rr6: "enable" + next_hop_self6: "enable" + override_capability: "enable" + passive: "enable" + password: "" + prefix_list_in: " (source router.prefix-list.name)" + prefix_list_in6: " (source router.prefix-list6.name)" + prefix_list_out: " (source router.prefix-list.name)" + prefix_list_out6: " (source router.prefix-list6.name)" + remote_as: "135" + remove_private_as: "enable" + remove_private_as6: "enable" + restart_time: "138" + retain_stale_time: "139" + route_map_in: " (source router.route-map.name)" + route_map_in6: " (source router.route-map.name)" + route_map_out: " (source router.route-map.name)" + route_map_out_preferable: " (source router.route-map.name)" + route_map_out6: " (source router.route-map.name)" + route_map_out6_preferable: " (source router.route-map.name)" + route_reflector_client: "enable" + route_reflector_client6: "enable" + route_server_client: "enable" + route_server_client6: "enable" + send_community: "standard" + send_community6: "standard" + shutdown: "enable" + soft_reconfiguration: "enable" + soft_reconfiguration6: "enable" + stale_route: "enable" + strict_capability_match: "enable" + unsuppress_map: " (source router.route-map.name)" + unsuppress_map6: " (source router.route-map.name)" + update_source: " (source system.interface.name)" + weight: "160" + neighbor_group: + - + activate: "enable" + activate6: "enable" + additional_path: "send" + additional_path6: "send" + adv_additional_path: "166" + adv_additional_path6: "167" + advertisement_interval: "168" + allowas_in: "169" + allowas_in_enable: "enable" + allowas_in_enable6: "enable" + allowas_in6: "172" + as_override: "enable" + as_override6: "enable" + attribute_unchanged: "as-path" + attribute_unchanged6: "as-path" + bfd: "enable" + capability_default_originate: "enable" + capability_default_originate6: "enable" + capability_dynamic: "enable" + capability_graceful_restart: "enable" + capability_graceful_restart6: "enable" + capability_orf: "none" + capability_orf6: "none" + capability_route_refresh: "enable" + connect_timer: "186" + default_originate_routemap: " (source router.route-map.name)" + default_originate_routemap6: " (source router.route-map.name)" + description: "" + distribute_list_in: " (source router.access-list.name)" + distribute_list_in6: " (source router.access-list6.name)" + distribute_list_out: " (source router.access-list.name)" + distribute_list_out6: " (source router.access-list6.name)" + dont_capability_negotiate: "enable" + ebgp_enforce_multihop: "enable" + ebgp_multihop_ttl: "196" + filter_list_in: " (source router.aspath-list.name)" + filter_list_in6: " (source router.aspath-list.name)" + filter_list_out: " (source router.aspath-list.name)" + filter_list_out6: " (source router.aspath-list.name)" + holdtime_timer: "201" + interface: " (source system.interface.name)" + keep_alive_timer: "203" + link_down_failover: "enable" + local_as: "205" + local_as_no_prepend: "enable" + local_as_replace_as: "enable" + maximum_prefix: "208" + maximum_prefix_threshold: "209" + maximum_prefix_threshold6: "210" + maximum_prefix_warning_only: "enable" + maximum_prefix_warning_only6: "enable" + maximum_prefix6: "213" + name: "default_name_214" + next_hop_self: "enable" + next_hop_self_rr: "enable" + next_hop_self_rr6: "enable" + next_hop_self6: "enable" + override_capability: "enable" + passive: "enable" + prefix_list_in: " (source router.prefix-list.name)" + prefix_list_in6: " (source router.prefix-list6.name)" + prefix_list_out: " (source router.prefix-list.name)" + prefix_list_out6: " (source router.prefix-list6.name)" + remote_as: "225" + remove_private_as: "enable" + remove_private_as6: "enable" + restart_time: "228" + retain_stale_time: "229" + route_map_in: " (source router.route-map.name)" + route_map_in6: " (source router.route-map.name)" + route_map_out: " (source router.route-map.name)" + route_map_out_preferable: " (source router.route-map.name)" + route_map_out6: " (source router.route-map.name)" + route_map_out6_preferable: " (source router.route-map.name)" + route_reflector_client: "enable" + route_reflector_client6: "enable" + route_server_client: "enable" + route_server_client6: "enable" + send_community: "standard" + send_community6: "standard" + shutdown: "enable" + soft_reconfiguration: "enable" + soft_reconfiguration6: "enable" + stale_route: "enable" + strict_capability_match: "enable" + unsuppress_map: " (source router.route-map.name)" + unsuppress_map6: " (source router.route-map.name)" + update_source: " (source system.interface.name)" + weight: "250" + neighbor_range: + - + id: "252" + max_neighbor_num: "253" + neighbor_group: " (source router.bgp.neighbor-group.name)" + prefix: "" + neighbor_range6: + - + id: "257" + max_neighbor_num: "258" + neighbor_group: " (source router.bgp.neighbor-group.name)" + prefix6: "" + network: + - + backdoor: "enable" + id: "263" + network_import_check: "global" + prefix: "" + route_map: " (source router.route-map.name)" + network_import_check: "enable" + network6: + - + backdoor: "enable" + id: "270" + network_import_check: "global" + prefix6: "" + route_map: " (source router.route-map.name)" + recursive_next_hop: "enable" + redistribute: + - + name: "default_name_276" + route_map: " (source router.route-map.name)" + status: "enable" + redistribute6: + - + name: "default_name_280" + route_map: " (source router.route-map.name)" + status: "enable" + router_id: "" + scan_time: "284" + synchronization: "enable" + tag_resolve_mode: "disable" + vrf_leak: + - + target: + - + interface: " (source system.interface.name)" + route_map: " (source router.route-map.name)" + vrf: "" + vrf: "" + vrf_leak6: + - + target: + - + interface: " (source system.interface.name)" + route_map: " (source router.route-map.name)" + vrf: "" + vrf: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_community_list.rst b/gen/fortios_router_community_list.rst new file mode 100644 index 00000000..5b7e8c03 --- /dev/null +++ b/gen/fortios_router_community_list.rst @@ -0,0 +1,617 @@ +:source: fortios_router_community_list.py + +:orphan: + +.. fortios_router_community_list: + +fortios_router_community_list -- Configure community lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and community_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_community_listyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_community_list - Configure community lists. type: dict + more... + +
              • +
                +
              • name - Community list name. type: str required: true + more... + +
                • +
              • rule - Community list rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Permit or deny route-based operations, based on the route"s COMMUNITY attribute. type: str choices: deny, permit + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • match - Community specifications for matching a reserved community. type: str + more... + +
                  • +
                • regexp - Ordered list of COMMUNITY attributes as a regular expression. type: str + more... + +
                  • +
                +
              • type - Community list type (standard or expanded). type: str choices: standard, expanded + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure community lists. + fortios_router_community_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_community_list: + name: "default_name_3" + rule: + - + action: "deny" + id: "6" + match: "" + regexp: "" + type: "standard" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_isis.rst b/gen/fortios_router_isis.rst new file mode 100644 index 00000000..16be8519 --- /dev/null +++ b/gen/fortios_router_isis.rst @@ -0,0 +1,6203 @@ +:source: fortios_router_isis.py + +:orphan: + +.. fortios_router_isis: + +fortios_router_isis -- Configure IS-IS in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and isis category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_isisyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_isis - Configure IS-IS. type: dict + more... + +
              • +
                +
              • adjacency_check - Enable/disable adjacency check. type: str choices: enable, disable + more... + +
                • +
              • adjacency_check6 - Enable/disable IPv6 adjacency check. type: str choices: enable, disable + more... + +
                • +
              • adv_passive_only - Enable/disable IS-IS advertisement of passive interfaces only. type: str choices: enable, disable + more... + +
                • +
              • adv_passive_only6 - Enable/disable IPv6 IS-IS advertisement of passive interfaces only. type: str choices: enable, disable + more... + +
                • +
              • auth_keychain_l1 - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. type: str + more... + +
                • +
              • auth_keychain_l2 - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. type: str + more... + +
                • +
              • auth_mode_l1 - Level 1 authentication mode. type: str choices: password, md5 + more... + +
                • +
              • auth_mode_l2 - Level 2 authentication mode. type: str choices: password, md5 + more... + +
                • +
              • auth_password_l1 - Authentication password for level 1 PDUs. type: str + more... + +
                • +
              • auth_password_l2 - Authentication password for level 2 PDUs. type: str + more... + +
                • +
              • auth_sendonly_l1 - Enable/disable level 1 authentication send-only. type: str choices: enable, disable + more... + +
                • +
              • auth_sendonly_l2 - Enable/disable level 2 authentication send-only. type: str choices: enable, disable + more... + +
                • +
              • default_originate - Enable/disable distribution of default route information. type: str choices: enable, disable + more... + +
                • +
              • default_originate6 - Enable/disable distribution of default IPv6 route information. type: str choices: enable, disable + more... + +
                • +
              • dynamic_hostname - Enable/disable dynamic hostname. type: str choices: enable, disable + more... + +
                • +
              • ignore_lsp_errors - Enable/disable ignoring of LSP errors with bad checksums. type: str choices: enable, disable + more... + +
                • +
              • is_type - IS type. type: str choices: level-1-2, level-1, level-2-only + more... + +
                • +
              • isis_interface - IS-IS interface configuration. type: list member_path: isis_interface:name + more... + +
                • +
                  +
                • auth_keychain_l1 - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. type: str + more... + +
                  • +
                • auth_keychain_l2 - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. type: str + more... + +
                  • +
                • auth_mode_l1 - Level 1 authentication mode. type: str choices: md5, password + more... + +
                  • +
                • auth_mode_l2 - Level 2 authentication mode. type: str choices: md5, password + more... + +
                  • +
                • auth_password_l1 - Authentication password for level 1 PDUs. type: str + more... + +
                  • +
                • auth_password_l2 - Authentication password for level 2 PDUs. type: str + more... + +
                  • +
                • auth_send_only_l1 - Enable/disable authentication send-only for level 1 PDUs. type: str choices: enable, disable + more... + +
                  • +
                • auth_send_only_l2 - Enable/disable authentication send-only for level 2 PDUs. type: str choices: enable, disable + more... + +
                  • +
                • circuit_type - IS-IS interface"s circuit type. type: str choices: level-1-2, level-1, level-2 + more... + +
                  • +
                • csnp_interval_l1 - Level 1 CSNP interval. type: int + more... + +
                  • +
                • csnp_interval_l2 - Level 2 CSNP interval. type: int + more... + +
                  • +
                • hello_interval_l1 - Level 1 hello interval. type: int + more... + +
                  • +
                • hello_interval_l2 - Level 2 hello interval. type: int + more... + +
                  • +
                • hello_multiplier_l1 - Level 1 multiplier for Hello holding time. type: int + more... + +
                  • +
                • hello_multiplier_l2 - Level 2 multiplier for Hello holding time. type: int + more... + +
                  • +
                • hello_padding - Enable/disable padding to IS-IS hello packets. type: str choices: enable, disable + more... + +
                  • +
                • lsp_interval - LSP transmission interval (milliseconds). type: int + more... + +
                  • +
                • lsp_retransmit_interval - LSP retransmission interval (sec). type: int + more... + +
                  • +
                • mesh_group - Enable/disable IS-IS mesh group. type: str choices: enable, disable + more... + +
                  • +
                • mesh_group_id - Mesh group ID <0-4294967295>, 0: mesh-group blocked. type: int + more... + +
                  • +
                • metric_l1 - Level 1 metric for interface. type: int + more... + +
                  • +
                • metric_l2 - Level 2 metric for interface. type: int + more... + +
                  • +
                • name - IS-IS interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                • network_type - IS-IS interface"s network type. type: str choices: broadcast, point-to-point, loopback + more... + +
                  • +
                • priority_l1 - Level 1 priority. type: int + more... + +
                  • +
                • priority_l2 - Level 2 priority. type: int + more... + +
                  • +
                • status - Enable/disable interface for IS-IS. type: str choices: enable, disable + more... + +
                  • +
                • status6 - Enable/disable IPv6 interface for IS-IS. type: str choices: enable, disable + more... + +
                  • +
                • wide_metric_l1 - Level 1 wide metric for interface. type: int + more... + +
                  • +
                • wide_metric_l2 - Level 2 wide metric for interface. type: int + more... + +
                  • +
                +
              • isis_net - IS-IS net configuration. type: list member_path: isis_net:id + more... + +
                • +
                  +
                • id - ISIS network ID. type: int required: true + more... + +
                  • +
                • net - IS-IS networks (format = xx.xxxx. .xxxx.xx.). type: str + more... + +
                  • +
                +
              • lsp_gen_interval_l1 - Minimum interval for level 1 LSP regenerating. type: int + more... + +
                • +
              • lsp_gen_interval_l2 - Minimum interval for level 2 LSP regenerating. type: int + more... + +
                • +
              • lsp_refresh_interval - LSP refresh time in seconds. type: int + more... + +
                • +
              • max_lsp_lifetime - Maximum LSP lifetime in seconds. type: int + more... + +
                • +
              • metric_style - Use old-style (ISO 10589) or new-style packet formats. type: str choices: narrow, wide, transition, narrow-transition, narrow-transition-l1, narrow-transition-l2, wide-l1, wide-l2, wide-transition, wide-transition-l1, wide-transition-l2, transition-l1, transition-l2 + more... + +
                • +
              • overload_bit - Enable/disable signal other routers not to use us in SPF. type: str choices: enable, disable + more... + +
                • +
              • overload_bit_on_startup - Overload-bit only temporarily after reboot. type: int + more... + +
                • +
              • overload_bit_suppress - Suppress overload-bit for the specific prefixes. type: list choices: external, interlevel + more... + +
                • +
              • redistribute - IS-IS redistribute protocols. type: list member_path: redistribute:protocol + more... + +
                • +
                  +
                • level - Level. type: str choices: level-1-2, level-1, level-2 + more... + +
                  • +
                • metric - Metric. type: int + more... + +
                  • +
                • metric_type - Metric type. type: str choices: external, internal + more... + +
                  • +
                • protocol - Protocol name. type: str required: true + more... + +
                  • +
                • routemap - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • redistribute_l1 - Enable/disable redistribution of level 1 routes into level 2. type: str choices: enable, disable + more... + +
                • +
              • redistribute_l1_list - Access-list for route redistribution from l1 to l2. Source router.access-list.name. type: str + more... + +
                • +
              • redistribute_l2 - Enable/disable redistribution of level 2 routes into level 1. type: str choices: enable, disable + more... + +
                • +
              • redistribute_l2_list - Access-list for route redistribution from l2 to l1. Source router.access-list.name. type: str + more... + +
                • +
              • redistribute6 - IS-IS IPv6 redistribution for routing protocols. type: list member_path: redistribute6:protocol + more... + +
                • +
                  +
                • level - Level. type: str choices: level-1-2, level-1, level-2 + more... + +
                  • +
                • metric - Metric. type: int + more... + +
                  • +
                • metric_type - Metric type. type: str choices: external, internal + more... + +
                  • +
                • protocol - Protocol name. type: str required: true + more... + +
                  • +
                • routemap - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Enable/disable redistribution. type: str choices: enable, disable + more... + +
                  • +
                +
              • redistribute6_l1 - Enable/disable redistribution of level 1 IPv6 routes into level 2. type: str choices: enable, disable + more... + +
                • +
              • redistribute6_l1_list - Access-list for IPv6 route redistribution from l1 to l2. Source router.access-list6.name. type: str + more... + +
                • +
              • redistribute6_l2 - Enable/disable redistribution of level 2 IPv6 routes into level 1. type: str choices: enable, disable + more... + +
                • +
              • redistribute6_l2_list - Access-list for IPv6 route redistribution from l2 to l1. Source router.access-list6.name. type: str + more... + +
                • +
              • spf_interval_exp_l1 - Level 1 SPF calculation delay. type: str + more... + +
                • +
              • spf_interval_exp_l2 - Level 2 SPF calculation delay. type: str + more... + +
                • +
              • summary_address - IS-IS summary addresses. type: list member_path: summary_address:id + more... + +
                • +
                  +
                • id - Summary address entry ID. type: int required: true + more... + +
                  • +
                • level - Level. type: str choices: level-1-2, level-1, level-2 + more... + +
                  • +
                • prefix - Prefix. type: str + more... + +
                  • +
                +
              • summary_address6 - IS-IS IPv6 summary address. type: list member_path: summary_address6:id + more... + +
                • +
                  +
                • id - Prefix entry ID. type: int required: true + more... + +
                  • +
                • level - Level. type: str choices: level-1-2, level-1, level-2 + more... + +
                  • +
                • prefix6 - IPv6 prefix. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IS-IS. + fortios_router_isis: + vdom: "{{ vdom }}" + router_isis: + adjacency_check: "enable" + adjacency_check6: "enable" + adv_passive_only: "enable" + adv_passive_only6: "enable" + auth_keychain_l1: " (source router.key-chain.name)" + auth_keychain_l2: " (source router.key-chain.name)" + auth_mode_l1: "password" + auth_mode_l2: "password" + auth_password_l1: "" + auth_password_l2: "" + auth_sendonly_l1: "enable" + auth_sendonly_l2: "enable" + default_originate: "enable" + default_originate6: "enable" + dynamic_hostname: "enable" + ignore_lsp_errors: "enable" + is_type: "level-1-2" + isis_interface: + - + auth_keychain_l1: " (source router.key-chain.name)" + auth_keychain_l2: " (source router.key-chain.name)" + auth_mode_l1: "md5" + auth_mode_l2: "md5" + auth_password_l1: "" + auth_password_l2: "" + auth_send_only_l1: "enable" + auth_send_only_l2: "enable" + circuit_type: "level-1-2" + csnp_interval_l1: "30" + csnp_interval_l2: "31" + hello_interval_l1: "32" + hello_interval_l2: "33" + hello_multiplier_l1: "34" + hello_multiplier_l2: "35" + hello_padding: "enable" + lsp_interval: "37" + lsp_retransmit_interval: "38" + mesh_group: "enable" + mesh_group_id: "40" + metric_l1: "41" + metric_l2: "42" + name: "default_name_43 (source system.interface.name)" + network_type: "broadcast" + priority_l1: "45" + priority_l2: "46" + status: "enable" + status6: "enable" + wide_metric_l1: "49" + wide_metric_l2: "50" + isis_net: + - + id: "52" + net: "" + lsp_gen_interval_l1: "54" + lsp_gen_interval_l2: "55" + lsp_refresh_interval: "56" + max_lsp_lifetime: "57" + metric_style: "narrow" + overload_bit: "enable" + overload_bit_on_startup: "60" + overload_bit_suppress: "external" + redistribute: + - + level: "level-1-2" + metric: "64" + metric_type: "external" + protocol: "" + routemap: " (source router.route-map.name)" + status: "enable" + redistribute_l1: "enable" + redistribute_l1_list: " (source router.access-list.name)" + redistribute_l2: "enable" + redistribute_l2_list: " (source router.access-list.name)" + redistribute6: + - + level: "level-1-2" + metric: "75" + metric_type: "external" + protocol: "" + routemap: " (source router.route-map.name)" + status: "enable" + redistribute6_l1: "enable" + redistribute6_l1_list: " (source router.access-list6.name)" + redistribute6_l2: "enable" + redistribute6_l2_list: " (source router.access-list6.name)" + spf_interval_exp_l1: "" + spf_interval_exp_l2: "" + summary_address: + - + id: "87" + level: "level-1-2" + prefix: "" + summary_address6: + - + id: "91" + level: "level-1-2" + prefix6: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_key_chain.rst b/gen/fortios_router_key_chain.rst new file mode 100644 index 00000000..9c346b45 --- /dev/null +++ b/gen/fortios_router_key_chain.rst @@ -0,0 +1,636 @@ +:source: fortios_router_key_chain.py + +:orphan: + +.. fortios_router_key_chain: + +fortios_router_key_chain -- Configure key-chain in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and key_chain category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_key_chainyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_key_chain - Configure key-chain. type: dict + more... + +
              • +
                +
              • key - Configuration method to edit key settings. type: list member_path: key:id + more... + +
                • +
                  +
                • accept_lifetime - Lifetime of received authentication key (format: hh:mm:ss day month year). type: str + more... + +
                  • +
                • algorithm - Cryptographic algorithm. type: str choices: md5, hmac-sha1, hmac-sha256, hmac-sha384, hmac-sha512 + more... + +
                  • +
                • id - Key ID (0 - 2147483647). type: str required: true + more... + +
                  • +
                • key_string - Password for the key (maximum = 64 characters). type: str + more... + +
                  • +
                • send_lifetime - Lifetime of sent authentication key (format: hh:mm:ss day month year). type: str + more... + +
                  • +
                +
              • name - Key-chain name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure key-chain. + fortios_router_key_chain: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_key_chain: + key: + - + accept_lifetime: "" + algorithm: "md5" + id: "6" + key_string: "" + send_lifetime: "" + name: "default_name_9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_multicast.rst b/gen/fortios_router_multicast.rst new file mode 100644 index 00000000..65c8a287 --- /dev/null +++ b/gen/fortios_router_multicast.rst @@ -0,0 +1,3984 @@ +:source: fortios_router_multicast.py + +:orphan: + +.. fortios_router_multicast: + +fortios_router_multicast -- Configure router multicast in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_multicastyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_multicast - Configure router multicast. type: dict + more... + +
              • +
                +
              • interface - PIM interfaces. type: list member_path: interface:name + more... + +
                • +
                  +
                • bfd - Enable/disable Protocol Independent Multicast (PIM) Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable + more... + +
                  • +
                • cisco_exclude_genid - Exclude GenID from hello packets (compatibility with old Cisco IOS). type: str choices: enable, disable + more... + +
                  • +
                • dr_priority - DR election priority. type: int + more... + +
                  • +
                • hello_holdtime - Time before old neighbor information expires (0 - 65535 sec). type: int + more... + +
                  • +
                • hello_interval - Interval between sending PIM hello messages (0 - 65535 sec). type: int + more... + +
                  • +
                • igmp - IGMP configuration options. type: dict + more... + +
                  • +
                    +
                  • access_group - Groups IGMP hosts are allowed to join. Source router.access-list.name. type: str + more... + +
                    • +
                  • immediate_leave_group - Groups to drop membership for immediately after receiving IGMPv2 leave. Source router.access-list.name. type: str + more... + +
                    • +
                  • last_member_query_count - Number of group specific queries before removing group (2 - 7). type: int + more... + +
                    • +
                  • last_member_query_interval - Timeout between IGMPv2 leave and removing group (1 - 65535 msec). type: int + more... + +
                    • +
                  • query_interval - Interval between queries to IGMP hosts (1 - 65535 sec). type: int + more... + +
                    • +
                  • query_max_response_time - Maximum time to wait for a IGMP query response (1 - 25 sec). type: int + more... + +
                    • +
                  • query_timeout - Timeout between queries before becoming querying unit for network (60 - 900). type: int + more... + +
                    • +
                  • router_alert_check - Enable/disable require IGMP packets contain router alert option. type: str choices: enable, disable + more... + +
                    • +
                  • version - Maximum version of IGMP to support. type: str choices: 3, 2, 1 + more... + +
                    • +
                  +
                • join_group - Join multicast groups. type: list member_path: interface:name/join_group:address + more... + +
                  • +
                    +
                  • address - Multicast group IP address. type: str required: true + more... + +
                    • +
                  +
                • multicast_flow - Acceptable source for multicast group. Source router.multicast-flow.name. type: str + more... + +
                  • +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                • neighbour_filter - Routers acknowledged as neighbor routers. Source router.access-list.name. type: str + more... + +
                  • +
                • passive - Enable/disable listening to IGMP but not participating in PIM. type: str choices: enable, disable + more... + +
                  • +
                • pim_mode - PIM operation mode. type: str choices: sparse-mode, dense-mode + more... + +
                  • +
                • propagation_delay - Delay flooding packets on this interface (100 - 5000 msec). type: int + more... + +
                  • +
                • rp_candidate - Enable/disable compete to become RP in elections. type: str choices: enable, disable + more... + +
                  • +
                • rp_candidate_group - Multicast groups managed by this RP. Source router.access-list.name. type: str + more... + +
                  • +
                • rp_candidate_interval - RP candidate advertisement interval (1 - 16383 sec). type: int + more... + +
                  • +
                • rp_candidate_priority - Router"s priority as RP. type: int + more... + +
                  • +
                • rpf_nbr_fail_back - Enable/disable fail back for RPF neighbor query. type: str choices: enable, disable + more... + +
                  • +
                • rpf_nbr_fail_back_filter - Filter for fail back RPF neighbors. Source router.access-list.name. type: str + more... + +
                  • +
                • state_refresh_interval - Interval between sending state-refresh packets (1 - 100 sec). type: int + more... + +
                  • +
                • static_group - Statically set multicast groups to forward out. Source router.multicast-flow.name. type: str + more... + +
                  • +
                • ttl_threshold - Minimum TTL of multicast packets that will be forwarded (applied only to new multicast routes) (1 - 255). type: int + more... + +
                  • +
                +
              • multicast_routing - Enable/disable IP multicast routing. type: str choices: enable, disable + more... + +
                • +
              • pim_sm_global - PIM sparse-mode global settings. type: dict + more... + +
                • +
                  +
                • accept_register_list - Sources allowed to register packets with this Rendezvous Point (RP). Source router.access-list.name. type: str + more... + +
                  • +
                • accept_source_list - Sources allowed to send multicast traffic. Source router.access-list.name. type: str + more... + +
                  • +
                • bsr_allow_quick_refresh - Enable/disable accept BSR quick refresh packets from neighbors. type: str choices: enable, disable + more... + +
                  • +
                • bsr_candidate - Enable/disable allowing this router to become a bootstrap router (BSR). type: str choices: enable, disable + more... + +
                  • +
                • bsr_hash - BSR hash length (0 - 32). type: int + more... + +
                  • +
                • bsr_interface - Interface to advertise as candidate BSR. Source system.interface.name. type: str + more... + +
                  • +
                • bsr_priority - BSR priority (0 - 255). type: int + more... + +
                  • +
                • cisco_crp_prefix - Enable/disable making candidate RP compatible with old Cisco IOS. type: str choices: enable, disable + more... + +
                  • +
                • cisco_ignore_rp_set_priority - Use only hash for RP selection (compatibility with old Cisco IOS). type: str choices: enable, disable + more... + +
                  • +
                • cisco_register_checksum - Checksum entire register packet(for old Cisco IOS compatibility). type: str choices: enable, disable + more... + +
                  • +
                • cisco_register_checksum_group - Cisco register checksum only these groups. Source router.access-list.name. type: str + more... + +
                  • +
                • join_prune_holdtime - Join/prune holdtime (1 - 65535). type: int + more... + +
                  • +
                • message_interval - Period of time between sending periodic PIM join/prune messages in seconds (1 - 65535). type: int + more... + +
                  • +
                • null_register_retries - Maximum retries of null register (1 - 20). type: int + more... + +
                  • +
                • register_rate_limit - Limit of packets/sec per source registered through this RP (0 - 65535). type: int + more... + +
                  • +
                • register_rp_reachability - Enable/disable check RP is reachable before registering packets. type: str choices: enable, disable + more... + +
                  • +
                • register_source - Override source address in register packets. type: str choices: disable, interface, ip-address + more... + +
                  • +
                • register_source_interface - Override with primary interface address. Source system.interface.name. type: str + more... + +
                  • +
                • register_source_ip - Override with local IP address. type: str + more... + +
                  • +
                • register_supression - Period of time to honor register-stop message (1 - 65535 sec). type: int + more... + +
                  • +
                • rp_address - Statically configure RP addresses. type: list member_path: pim_sm_global/rp_address:id + more... + +
                  • +
                    +
                  • group - Groups to use this RP. Source router.access-list.name. type: str + more... + +
                    • +
                  • id - ID. type: int required: true + more... + +
                    • +
                  • ip_address - RP router address. type: str + more... + +
                    • +
                  +
                • rp_register_keepalive - Timeout for RP receiving data on (S,G) tree (1 - 65535 sec). type: int + more... + +
                  • +
                • spt_threshold - Enable/disable switching to source specific trees. type: str choices: enable, disable + more... + +
                  • +
                • spt_threshold_group - Groups allowed to switch to source tree. Source router.access-list.name. type: str + more... + +
                  • +
                • ssm - Enable/disable source specific multicast. type: str choices: enable, disable + more... + +
                  • +
                • ssm_range - Groups allowed to source specific multicast. Source router.access-list.name. type: str + more... + +
                  • +
                +
              • route_limit - Maximum number of multicast routes. type: int + more... + +
                • +
              • route_threshold - Generate warnings when the number of multicast routes exceeds this number, must not be greater than route-limit. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure router multicast. + fortios_router_multicast: + vdom: "{{ vdom }}" + router_multicast: + interface: + - + bfd: "enable" + cisco_exclude_genid: "enable" + dr_priority: "6" + hello_holdtime: "7" + hello_interval: "8" + igmp: + access_group: " (source router.access-list.name)" + immediate_leave_group: " (source router.access-list.name)" + last_member_query_count: "12" + last_member_query_interval: "13" + query_interval: "14" + query_max_response_time: "15" + query_timeout: "16" + router_alert_check: "enable" + version: "3" + join_group: + - + address: "" + multicast_flow: " (source router.multicast-flow.name)" + name: "default_name_22 (source system.interface.name)" + neighbour_filter: " (source router.access-list.name)" + passive: "enable" + pim_mode: "sparse-mode" + propagation_delay: "26" + rp_candidate: "enable" + rp_candidate_group: " (source router.access-list.name)" + rp_candidate_interval: "29" + rp_candidate_priority: "30" + rpf_nbr_fail_back: "enable" + rpf_nbr_fail_back_filter: " (source router.access-list.name)" + state_refresh_interval: "33" + static_group: " (source router.multicast-flow.name)" + ttl_threshold: "35" + multicast_routing: "enable" + pim_sm_global: + accept_register_list: " (source router.access-list.name)" + accept_source_list: " (source router.access-list.name)" + bsr_allow_quick_refresh: "enable" + bsr_candidate: "enable" + bsr_hash: "42" + bsr_interface: " (source system.interface.name)" + bsr_priority: "44" + cisco_crp_prefix: "enable" + cisco_ignore_rp_set_priority: "enable" + cisco_register_checksum: "enable" + cisco_register_checksum_group: " (source router.access-list.name)" + join_prune_holdtime: "49" + message_interval: "50" + null_register_retries: "51" + register_rate_limit: "52" + register_rp_reachability: "enable" + register_source: "disable" + register_source_interface: " (source system.interface.name)" + register_source_ip: "" + register_supression: "57" + rp_address: + - + group: " (source router.access-list.name)" + id: "60" + ip_address: "" + rp_register_keepalive: "62" + spt_threshold: "enable" + spt_threshold_group: " (source router.access-list.name)" + ssm: "enable" + ssm_range: " (source router.access-list.name)" + route_limit: "67" + route_threshold: "68" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_multicast6.rst b/gen/fortios_router_multicast6.rst new file mode 100644 index 00000000..54545952 --- /dev/null +++ b/gen/fortios_router_multicast6.rst @@ -0,0 +1,803 @@ +:source: fortios_router_multicast6.py + +:orphan: + +.. fortios_router_multicast6: + +fortios_router_multicast6 -- Configure IPv6 multicast in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_multicast6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_multicast6 - Configure IPv6 multicast. type: dict + more... + +
              • +
                +
              • interface - Protocol Independent Multicast (PIM) interfaces. type: list member_path: interface:name + more... + +
                • +
                  +
                • hello_holdtime - Time before old neighbor information expires in seconds (1 - 65535). type: int + more... + +
                  • +
                • hello_interval - Interval between sending PIM hello messages in seconds (1 - 65535). type: int + more... + +
                  • +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • multicast_pmtu - Enable/disable PMTU for IPv6 multicast. type: str choices: enable, disable + more... + +
                • +
              • multicast_routing - Enable/disable IPv6 multicast routing. type: str choices: enable, disable + more... + +
                • +
              • pim_sm_global - PIM sparse-mode global settings. type: dict + more... + +
                • +
                  +
                • register_rate_limit - Limit of packets/sec per source registered through this RP (0 means unlimited). type: int + more... + +
                  • +
                • rp_address - Statically configured RP addresses. type: list member_path: pim_sm_global/rp_address:id + more... + +
                  • +
                    +
                  • id - ID of the entry. type: int required: true + more... + +
                    • +
                  • ip6_address - RP router IPv6 address. type: str + more... + +
                    • +
                  +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 multicast. + fortios_router_multicast6: + vdom: "{{ vdom }}" + router_multicast6: + interface: + - + hello_holdtime: "4" + hello_interval: "5" + name: "default_name_6 (source system.interface.name)" + multicast_pmtu: "enable" + multicast_routing: "enable" + pim_sm_global: + register_rate_limit: "10" + rp_address: + - + id: "12" + ip6_address: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_multicast_flow.rst b/gen/fortios_router_multicast_flow.rst new file mode 100644 index 00000000..2b7d974a --- /dev/null +++ b/gen/fortios_router_multicast_flow.rst @@ -0,0 +1,495 @@ +:source: fortios_router_multicast_flow.py + +:orphan: + +.. fortios_router_multicast_flow: + +fortios_router_multicast_flow -- Configure multicast-flow in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast_flow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_multicast_flowyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_multicast_flow - Configure multicast-flow. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • flows - Multicast-flow entries. type: list member_path: flows:id + more... + +
                • +
                  +
                • group_addr - Multicast group IP address. type: str + more... + +
                  • +
                • id - Flow ID. type: int required: true + more... + +
                  • +
                • source_addr - Multicast source IP address. type: str + more... + +
                  • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure multicast-flow. + fortios_router_multicast_flow: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_multicast_flow: + comments: "" + flows: + - + group_addr: "" + id: "6" + source_addr: "" + name: "default_name_8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_ospf.rst b/gen/fortios_router_ospf.rst new file mode 100644 index 00000000..050f9b56 --- /dev/null +++ b/gen/fortios_router_ospf.rst @@ -0,0 +1,7085 @@ +:source: fortios_router_ospf.py + +:orphan: + +.. fortios_router_ospf: + +fortios_router_ospf -- Configure OSPF in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_ospfyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_ospf - Configure OSPF. type: dict + more... + +
              • +
                +
              • abr_type - Area border router type. type: str choices: cisco, ibm, shortcut, standard + more... + +
                • +
              • area - OSPF area configuration. type: list member_path: area:id + more... + +
                • +
                  +
                • authentication - Authentication type. type: str choices: none, text, message-digest, md5 + more... + +
                  • +
                • comments - Comment. type: str + more... + +
                  • +
                • default_cost - Summary default cost of stub or NSSA area. type: int + more... + +
                  • +
                • filter_list - OSPF area filter-list configuration. type: list member_path: area:id/filter_list:id + more... + +
                  • +
                    +
                  • direction - Direction. type: str choices: in, out + more... + +
                    • +
                  • id - Filter list entry ID. type: int required: true + more... + +
                    • +
                  • list - Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name. type: str + more... + +
                    • +
                  +
                • id - Area entry IP address. type: str required: true + more... + +
                  • +
                • nssa_default_information_originate - Redistribute, advertise, or do not originate Type-7 default route into NSSA area. type: str choices: enable, always, disable + more... + +
                  • +
                • nssa_default_information_originate_metric - OSPF default metric. type: int + more... + +
                  • +
                • nssa_default_information_originate_metric_type - OSPF metric type for default routes. type: str choices: 1, 2 + more... + +
                  • +
                • nssa_redistribution - Enable/disable redistribute into NSSA area. type: str choices: enable, disable + more... + +
                  • +
                • nssa_translator_role - NSSA translator role type. type: str choices: candidate, never, always + more... + +
                  • +
                • range - OSPF area range configuration. type: list member_path: area:id/range:id + more... + +
                  • +
                    +
                  • advertise - Enable/disable advertise status. type: str choices: disable, enable + more... + +
                    • +
                  • id - Range entry ID. type: int required: true + more... + +
                    • +
                  • prefix - Prefix. type: str + more... + +
                    • +
                  • substitute - Substitute prefix. type: str + more... + +
                    • +
                  • substitute_status - Enable/disable substitute status. type: str choices: enable, disable + more... + +
                    • +
                  +
                • shortcut - Enable/disable shortcut option. type: str choices: disable, enable, default + more... + +
                  • +
                • stub_type - Stub summary setting. type: str choices: no-summary, summary + more... + +
                  • +
                • type - Area type setting. type: str choices: regular, nssa, stub + more... + +
                  • +
                • virtual_link - OSPF virtual link configuration. type: list member_path: area:id/virtual_link:name + more... + +
                  • +
                    +
                  • authentication - Authentication type. type: str choices: none, text, message-digest, md5 + more... + +
                    • +
                  • authentication_key - Authentication key. type: str + more... + +
                    • +
                  • dead_interval - Dead interval. type: int + more... + +
                    • +
                  • hello_interval - Hello interval. type: int + more... + +
                    • +
                  • keychain - Message-digest key-chain name. Source router.key-chain.name. type: str + more... + +
                    • +
                  • md5_key - MD5 key. type: str + more... + +
                    • +
                  • md5_keychain - Authentication MD5 key-chain name. Source router.key-chain.name. type: str + more... + +
                    • +
                  • md5_keys - MD5 key. type: list member_path: area:id/virtual_link:name/md5_keys:id + more... + +
                    • +
                      +
                    • id - Key ID (1 - 255). type: int required: true + more... + +
                      • +
                    • key_string - Password for the key. type: str + more... + +
                      • +
                    +
                  • name - Virtual link entry name. type: str required: true + more... + +
                    • +
                  • peer - Peer IP. type: str + more... + +
                    • +
                  • retransmit_interval - Retransmit interval. type: int + more... + +
                    • +
                  • transmit_delay - Transmit delay. type: int + more... + +
                    • +
                  +
                +
              • auto_cost_ref_bandwidth - Reference bandwidth in terms of megabits per second. type: int + more... + +
                • +
              • bfd - Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable + more... + +
                • +
              • database_overflow - Enable/disable database overflow. type: str choices: enable, disable + more... + +
                • +
              • database_overflow_max_lsas - Database overflow maximum LSAs. type: int + more... + +
                • +
              • database_overflow_time_to_recover - Database overflow time to recover (sec). type: int + more... + +
                • +
              • default_information_metric - Default information metric. type: int + more... + +
                • +
              • default_information_metric_type - Default information metric type. type: str choices: 1, 2 + more... + +
                • +
              • default_information_originate - Enable/disable generation of default route. type: str choices: enable, always, disable + more... + +
                • +
              • default_information_route_map - Default information route map. Source router.route-map.name. type: str + more... + +
                • +
              • default_metric - Default metric of redistribute routes. type: int + more... + +
                • +
              • distance - Distance of the route. type: int + more... + +
                • +
              • distance_external - Administrative external distance. type: int + more... + +
                • +
              • distance_inter_area - Administrative inter-area distance. type: int + more... + +
                • +
              • distance_intra_area - Administrative intra-area distance. type: int + more... + +
                • +
              • distribute_list - Distribute list configuration. type: list member_path: distribute_list:id + more... + +
                • +
                  +
                • access_list - Access list name. Source router.access-list.name. type: str + more... + +
                  • +
                • id - Distribute list entry ID. type: int required: true + more... + +
                  • +
                • protocol - Protocol type. type: str choices: connected, static, rip + more... + +
                  • +
                +
              • distribute_list_in - Filter incoming routes. Source router.access-list.name router.prefix-list.name. type: str + more... + +
                • +
              • distribute_route_map_in - Filter incoming external routes by route-map. Source router.route-map.name. type: str + more... + +
                • +
              • log_neighbour_changes - Log of OSPF neighbor changes. type: str choices: enable, disable + more... + +
                • +
              • neighbor - OSPF neighbor configuration are used when OSPF runs on non-broadcast media. type: list member_path: neighbor:id + more... + +
                • +
                  +
                • cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int + more... + +
                  • +
                • id - Neighbor entry ID. type: int required: true + more... + +
                  • +
                • ip - Interface IP address of the neighbor. type: str + more... + +
                  • +
                • poll_interval - Poll interval time in seconds. type: int + more... + +
                  • +
                • priority - Priority. type: int + more... + +
                  • +
                +
              • network - OSPF network configuration. type: list member_path: network:id + more... + +
                • +
                  +
                • area - Attach the network to area. type: str + more... + +
                  • +
                • comments - Comment. type: str + more... + +
                  • +
                • id - Network entry ID. type: int required: true + more... + +
                  • +
                • prefix - Prefix. type: str + more... + +
                  • +
                +
              • ospf_interface - OSPF interface configuration. type: list member_path: ospf_interface:name + more... + +
                • +
                  +
                • authentication - Authentication type. type: str choices: none, text, message-digest, md5 + more... + +
                  • +
                • authentication_key - Authentication key. type: str + more... + +
                  • +
                • bfd - Bidirectional Forwarding Detection (BFD). type: str choices: global, enable, disable + more... + +
                  • +
                • comments - Comment. type: str + more... + +
                  • +
                • cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int + more... + +
                  • +
                • database_filter_out - Enable/disable control of flooding out LSAs. type: str choices: enable, disable + more... + +
                  • +
                • dead_interval - Dead interval. type: int + more... + +
                  • +
                • hello_interval - Hello interval. type: int + more... + +
                  • +
                • hello_multiplier - Number of hello packets within dead interval. type: int + more... + +
                  • +
                • interface - Configuration interface name. Source system.interface.name. type: str + more... + +
                  • +
                • ip - IP address. type: str + more... + +
                  • +
                • keychain - Message-digest key-chain name. Source router.key-chain.name. type: str + more... + +
                  • +
                • md5_key - MD5 key. type: str + more... + +
                  • +
                • md5_keychain - Authentication MD5 key-chain name. Source router.key-chain.name. type: str + more... + +
                  • +
                • md5_keys - MD5 key. type: list member_path: ospf_interface:name/md5_keys:id + more... + +
                  • +
                    +
                  • id - Key ID (1 - 255). type: int required: true + more... + +
                    • +
                  • key_string - Password for the key. type: str + more... + +
                    • +
                  +
                • mtu - MTU for database description packets. type: int + more... + +
                  • +
                • mtu_ignore - Enable/disable ignore MTU. type: str choices: enable, disable + more... + +
                  • +
                • name - Interface entry name. type: str required: true + more... + +
                  • +
                • network_type - Network type. type: str choices: broadcast, non-broadcast, point-to-point, point-to-multipoint, point-to-multipoint-non-broadcast + more... + +
                  • +
                • prefix_length - Prefix length. type: int + more... + +
                  • +
                • priority - Priority. type: int + more... + +
                  • +
                • resync_timeout - Graceful restart neighbor resynchronization timeout. type: int + more... + +
                  • +
                • retransmit_interval - Retransmit interval. type: int + more... + +
                  • +
                • status - Enable/disable status. type: str choices: disable, enable + more... + +
                  • +
                • transmit_delay - Transmit delay. type: int + more... + +
                  • +
                +
              • passive_interface - Passive interface configuration. type: list member_path: passive_interface:name + more... + +
                • +
                  +
                • name - Passive interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • redistribute - Redistribute configuration. type: list member_path: redistribute:name + more... + +
                • +
                  +
                • metric - Redistribute metric setting. type: int + more... + +
                  • +
                • metric_type - Metric type. type: str choices: 1, 2 + more... + +
                  • +
                • name - Redistribute name. type: str required: true + more... + +
                  • +
                • routemap - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                • tag - Tag value. type: int + more... + +
                  • +
                +
              • restart_mode - OSPF restart mode (graceful or LLS). type: str choices: none, lls, graceful-restart + more... + +
                • +
              • restart_period - Graceful restart period. type: int + more... + +
                • +
              • rfc1583_compatible - Enable/disable RFC1583 compatibility. type: str choices: enable, disable + more... + +
                • +
              • router_id - Router ID. type: str + more... + +
                • +
              • spf_timers - SPF calculation frequency. type: str + more... + +
                • +
              • summary_address - IP address summary configuration. type: list member_path: summary_address:id + more... + +
                • +
                  +
                • advertise - Enable/disable advertise status. type: str choices: disable, enable + more... + +
                  • +
                • id - Summary address entry ID. type: int required: true + more... + +
                  • +
                • prefix - Prefix. type: str + more... + +
                  • +
                • tag - Tag value. type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure OSPF. + fortios_router_ospf: + vdom: "{{ vdom }}" + router_ospf: + abr_type: "cisco" + area: + - + authentication: "none" + comments: "" + default_cost: "7" + filter_list: + - + direction: "in" + id: "10" + list: " (source router.access-list.name router.prefix-list.name)" + id: "12" + nssa_default_information_originate: "enable" + nssa_default_information_originate_metric: "14" + nssa_default_information_originate_metric_type: "1" + nssa_redistribution: "enable" + nssa_translator_role: "candidate" + range: + - + advertise: "disable" + id: "20" + prefix: "" + substitute: "" + substitute_status: "enable" + shortcut: "disable" + stub_type: "no-summary" + type: "regular" + virtual_link: + - + authentication: "none" + authentication_key: "" + dead_interval: "30" + hello_interval: "31" + keychain: " (source router.key-chain.name)" + md5_key: "" + md5_keychain: " (source router.key-chain.name)" + md5_keys: + - + id: "36" + key_string: "" + name: "default_name_38" + peer: "" + retransmit_interval: "40" + transmit_delay: "41" + auto_cost_ref_bandwidth: "42" + bfd: "enable" + database_overflow: "enable" + database_overflow_max_lsas: "45" + database_overflow_time_to_recover: "46" + default_information_metric: "47" + default_information_metric_type: "1" + default_information_originate: "enable" + default_information_route_map: " (source router.route-map.name)" + default_metric: "51" + distance: "52" + distance_external: "53" + distance_inter_area: "54" + distance_intra_area: "55" + distribute_list: + - + access_list: " (source router.access-list.name)" + id: "58" + protocol: "connected" + distribute_list_in: " (source router.access-list.name router.prefix-list.name)" + distribute_route_map_in: " (source router.route-map.name)" + log_neighbour_changes: "enable" + neighbor: + - + cost: "64" + id: "65" + ip: "" + poll_interval: "67" + priority: "68" + network: + - + area: "" + comments: "" + id: "72" + prefix: "" + ospf_interface: + - + authentication: "none" + authentication_key: "" + bfd: "global" + comments: "" + cost: "79" + database_filter_out: "enable" + dead_interval: "81" + hello_interval: "82" + hello_multiplier: "83" + interface: " (source system.interface.name)" + ip: "" + keychain: " (source router.key-chain.name)" + md5_key: "" + md5_keychain: " (source router.key-chain.name)" + md5_keys: + - + id: "90" + key_string: "" + mtu: "92" + mtu_ignore: "enable" + name: "default_name_94" + network_type: "broadcast" + prefix_length: "96" + priority: "97" + resync_timeout: "98" + retransmit_interval: "99" + status: "disable" + transmit_delay: "101" + passive_interface: + - + name: "default_name_103 (source system.interface.name)" + redistribute: + - + metric: "105" + metric_type: "1" + name: "default_name_107" + routemap: " (source router.route-map.name)" + status: "enable" + tag: "110" + restart_mode: "none" + restart_period: "112" + rfc1583_compatible: "enable" + router_id: "" + spf_timers: "" + summary_address: + - + advertise: "disable" + id: "118" + prefix: "" + tag: "120" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_ospf6.rst b/gen/fortios_router_ospf6.rst new file mode 100644 index 00000000..6b37f554 --- /dev/null +++ b/gen/fortios_router_ospf6.rst @@ -0,0 +1,5996 @@ +:source: fortios_router_ospf6.py + +:orphan: + +.. fortios_router_ospf6: + +fortios_router_ospf6 -- Configure IPv6 OSPF in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_ospf6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_ospf6 - Configure IPv6 OSPF. type: dict + more... + +
              • +
                +
              • abr_type - Area border router type. type: str choices: cisco, ibm, standard + more... + +
                • +
              • area - OSPF6 area configuration. type: list member_path: area:id + more... + +
                • +
                  +
                • authentication - Authentication mode. type: str choices: none, ah, esp + more... + +
                  • +
                • default_cost - Summary default cost of stub or NSSA area. type: int + more... + +
                  • +
                • id - Area entry IP address. type: str required: true + more... + +
                  • +
                • ipsec_auth_alg - Authentication algorithm. type: str choices: md5, sha1, sha256, sha384, sha512 + more... + +
                  • +
                • ipsec_enc_alg - Encryption algorithm. type: str choices: None, des, 3des, aes128, aes192, aes256 + more... + +
                  • +
                • ipsec_keys - IPsec authentication and encryption keys. type: list member_path: area:id/ipsec_keys:spi + more... + +
                  • +
                    +
                  • auth_key - Authentication key. type: str + more... + +
                    • +
                  • enc_key - Encryption key. type: str + more... + +
                    • +
                  • spi - Security Parameters Index. type: int required: true + more... + +
                    • +
                  +
                • key_rollover_interval - Key roll-over interval. type: int + more... + +
                  • +
                • nssa_default_information_originate - Enable/disable originate type 7 default into NSSA area. type: str choices: enable, disable + more... + +
                  • +
                • nssa_default_information_originate_metric - OSPFv3 default metric. type: int + more... + +
                  • +
                • nssa_default_information_originate_metric_type - OSPFv3 metric type for default routes. type: str choices: 1, 2 + more... + +
                  • +
                • nssa_redistribution - Enable/disable redistribute into NSSA area. type: str choices: enable, disable + more... + +
                  • +
                • nssa_translator_role - NSSA translator role type. type: str choices: candidate, never, always + more... + +
                  • +
                • range - OSPF6 area range configuration. type: list member_path: area:id/range:id + more... + +
                  • +
                    +
                  • advertise - Enable/disable advertise status. type: str choices: disable, enable + more... + +
                    • +
                  • id - Range entry ID. type: int required: true + more... + +
                    • +
                  • prefix6 - IPv6 prefix. type: str + more... + +
                    • +
                  +
                • stub_type - Stub summary setting. type: str choices: no-summary, summary + more... + +
                  • +
                • type - Area type setting. type: str choices: regular, nssa, stub + more... + +
                  • +
                • virtual_link - OSPF6 virtual link configuration. type: list member_path: area:id/virtual_link:name + more... + +
                  • +
                    +
                  • authentication - Authentication mode. type: str choices: none, ah, esp, area + more... + +
                    • +
                  • dead_interval - Dead interval. type: int + more... + +
                    • +
                  • hello_interval - Hello interval. type: int + more... + +
                    • +
                  • ipsec_auth_alg - Authentication algorithm. type: str choices: md5, sha1, sha256, sha384, sha512 + more... + +
                    • +
                  • ipsec_enc_alg - Encryption algorithm. type: str choices: None, des, 3des, aes128, aes192, aes256 + more... + +
                    • +
                  • ipsec_keys - IPsec authentication and encryption keys. type: list member_path: area:id/virtual_link:name/ipsec_keys:spi + more... + +
                    • +
                      +
                    • auth_key - Authentication key. type: str + more... + +
                      • +
                    • enc_key - Encryption key. type: str + more... + +
                      • +
                    • spi - Security Parameters Index. type: int required: true + more... + +
                      • +
                    +
                  • key_rollover_interval - Key roll-over interval. type: int + more... + +
                    • +
                  • name - Virtual link entry name. type: str required: true + more... + +
                    • +
                  • peer - A.B.C.D, peer router ID. type: str + more... + +
                    • +
                  • retransmit_interval - Retransmit interval. type: int + more... + +
                    • +
                  • transmit_delay - Transmit delay. type: int + more... + +
                    • +
                  +
                +
              • auto_cost_ref_bandwidth - Reference bandwidth in terms of megabits per second. type: int + more... + +
                • +
              • bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable + more... + +
                • +
              • default_information_metric - Default information metric. type: int + more... + +
                • +
              • default_information_metric_type - Default information metric type. type: str choices: 1, 2 + more... + +
                • +
              • default_information_originate - Enable/disable generation of default route. type: str choices: enable, always, disable + more... + +
                • +
              • default_information_route_map - Default information route map. Source router.route-map.name. type: str + more... + +
                • +
              • default_metric - Default metric of redistribute routes. type: int + more... + +
                • +
              • log_neighbour_changes - Log OSPFv3 neighbor changes. type: str choices: enable, disable + more... + +
                • +
              • ospf6_interface - OSPF6 interface configuration. type: list member_path: ospf6_interface:name + more... + +
                • +
                  +
                • area_id - A.B.C.D, in IPv4 address format. type: str + more... + +
                  • +
                • authentication - Authentication mode. type: str choices: none, ah, esp, area + more... + +
                  • +
                • bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: global, enable, disable + more... + +
                  • +
                • cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int + more... + +
                  • +
                • dead_interval - Dead interval. type: int + more... + +
                  • +
                • hello_interval - Hello interval. type: int + more... + +
                  • +
                • interface - Configuration interface name. Source system.interface.name. type: str + more... + +
                  • +
                • ipsec_auth_alg - Authentication algorithm. type: str choices: md5, sha1, sha256, sha384, sha512 + more... + +
                  • +
                • ipsec_enc_alg - Encryption algorithm. type: str choices: None, des, 3des, aes128, aes192, aes256 + more... + +
                  • +
                • ipsec_keys - IPsec authentication and encryption keys. type: list member_path: ospf6_interface:name/ipsec_keys:spi + more... + +
                  • +
                    +
                  • auth_key - Authentication key. type: str + more... + +
                    • +
                  • enc_key - Encryption key. type: str + more... + +
                    • +
                  • spi - Security Parameters Index. type: int required: true + more... + +
                    • +
                  +
                • key_rollover_interval - Key roll-over interval. type: int + more... + +
                  • +
                • mtu - MTU for OSPFv3 packets. type: int + more... + +
                  • +
                • mtu_ignore - Enable/disable ignoring MTU field in DBD packets. type: str choices: enable, disable + more... + +
                  • +
                • name - Interface entry name. type: str required: true + more... + +
                  • +
                • neighbor - OSPFv3 neighbors are used when OSPFv3 runs on non-broadcast media. type: list member_path: ospf6_interface:name/neighbor:ip6 + more... + +
                  • +
                    +
                  • cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int + more... + +
                    • +
                  • ip6 - IPv6 link local address of the neighbor. type: str required: true + more... + +
                    • +
                  • poll_interval - Poll interval time in seconds. type: int + more... + +
                    • +
                  • priority - Priority. type: int + more... + +
                    • +
                  +
                • network_type - Network type. type: str choices: broadcast, point-to-point, non-broadcast, point-to-multipoint, point-to-multipoint-non-broadcast + more... + +
                  • +
                • priority - Priority. type: int + more... + +
                  • +
                • retransmit_interval - Retransmit interval. type: int + more... + +
                  • +
                • status - Enable/disable OSPF6 routing on this interface. type: str choices: disable, enable + more... + +
                  • +
                • transmit_delay - Transmit delay. type: int + more... + +
                  • +
                +
              • passive_interface - Passive interface configuration. type: list member_path: passive_interface:name + more... + +
                • +
                  +
                • name - Passive interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • redistribute - Redistribute configuration. type: list member_path: redistribute:name + more... + +
                • +
                  +
                • metric - Redistribute metric setting. type: int + more... + +
                  • +
                • metric_type - Metric type. type: str choices: 1, 2 + more... + +
                  • +
                • name - Redistribute name. type: str required: true + more... + +
                  • +
                • routemap - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • router_id - A.B.C.D, in IPv4 address format. type: str + more... + +
                • +
              • spf_timers - SPF calculation frequency. type: str + more... + +
                • +
              • summary_address - IPv6 address summary configuration. type: list member_path: summary_address:id + more... + +
                • +
                  +
                • advertise - Enable/disable advertise status. type: str choices: disable, enable + more... + +
                  • +
                • id - Summary address entry ID. type: int required: true + more... + +
                  • +
                • prefix6 - IPv6 prefix. type: str + more... + +
                  • +
                • tag - Tag value. type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 OSPF. + fortios_router_ospf6: + vdom: "{{ vdom }}" + router_ospf6: + abr_type: "cisco" + area: + - + authentication: "none" + default_cost: "6" + id: "7" + ipsec_auth_alg: "md5" + ipsec_enc_alg: "null" + ipsec_keys: + - + auth_key: "" + enc_key: "" + spi: "13" + key_rollover_interval: "14" + nssa_default_information_originate: "enable" + nssa_default_information_originate_metric: "16" + nssa_default_information_originate_metric_type: "1" + nssa_redistribution: "enable" + nssa_translator_role: "candidate" + range: + - + advertise: "disable" + id: "22" + prefix6: "" + stub_type: "no-summary" + type: "regular" + virtual_link: + - + authentication: "none" + dead_interval: "28" + hello_interval: "29" + ipsec_auth_alg: "md5" + ipsec_enc_alg: "null" + ipsec_keys: + - + auth_key: "" + enc_key: "" + spi: "35" + key_rollover_interval: "36" + name: "default_name_37" + peer: "" + retransmit_interval: "39" + transmit_delay: "40" + auto_cost_ref_bandwidth: "41" + bfd: "enable" + default_information_metric: "43" + default_information_metric_type: "1" + default_information_originate: "enable" + default_information_route_map: " (source router.route-map.name)" + default_metric: "47" + log_neighbour_changes: "enable" + ospf6_interface: + - + area_id: "" + authentication: "none" + bfd: "global" + cost: "53" + dead_interval: "54" + hello_interval: "55" + interface: " (source system.interface.name)" + ipsec_auth_alg: "md5" + ipsec_enc_alg: "null" + ipsec_keys: + - + auth_key: "" + enc_key: "" + spi: "62" + key_rollover_interval: "63" + mtu: "64" + mtu_ignore: "enable" + name: "default_name_66" + neighbor: + - + cost: "68" + ip6: "" + poll_interval: "70" + priority: "71" + network_type: "broadcast" + priority: "73" + retransmit_interval: "74" + status: "disable" + transmit_delay: "76" + passive_interface: + - + name: "default_name_78 (source system.interface.name)" + redistribute: + - + metric: "80" + metric_type: "1" + name: "default_name_82" + routemap: " (source router.route-map.name)" + status: "enable" + router_id: "" + spf_timers: "" + summary_address: + - + advertise: "disable" + id: "89" + prefix6: "" + tag: "91" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_policy.rst b/gen/fortios_router_policy.rst new file mode 100644 index 00000000..11156f67 --- /dev/null +++ b/gen/fortios_router_policy.rst @@ -0,0 +1,1795 @@ +:source: fortios_router_policy.py + +:orphan: + +.. fortios_router_policy: + +fortios_router_policy -- Configure IPv4 routing policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_policy - Configure IPv4 routing policies. type: dict + more... + +
              • +
                +
              • action - Action of the policy route. type: str choices: deny, permit + more... + +
                • +
              • comments - Optional comments. type: str + more... + +
                • +
              • dst - Destination IP and mask (x.x.x.x/x). type: list member_path: dst:subnet + more... + +
                • +
                  +
                • subnet - IP and mask. type: str required: true + more... + +
                  • +
                +
              • dst_negate - Enable/disable negating destination address match. type: str choices: enable, disable + more... + +
                • +
              • dstaddr - Destination address name. type: list member_path: dstaddr:name + more... + +
                • +
                  +
                • name - Address/group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • end_port - End destination port number (0 - 65535). type: int + more... + +
                • +
              • end_source_port - End source port number (0 - 65535). type: int + more... + +
                • +
              • gateway - IP address of the gateway. type: str + more... + +
                • +
              • input_device - Incoming interface name. type: list member_path: input_device:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • input_device_negate - Enable/disable negation of input device match. type: str choices: enable, disable + more... + +
                • +
              • internet_service_custom - Custom Destination Internet Service name. type: list member_path: internet_service_custom:name + more... + +
                • +
                  +
                • name - Custom Destination Internet Service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                  • +
                +
              • internet_service_id - Destination Internet Service ID. type: list member_path: internet_service_id:id + more... + +
                • +
                  +
                • id - Destination Internet Service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                  • +
                +
              • output_device - Outgoing interface name. Source system.interface.name. type: str + more... + +
                • +
              • protocol - Protocol number (0 - 255). type: int + more... + +
                • +
              • seq_num - Sequence number(1-65535). type: int + more... + +
                • +
              • src - Source IP and mask (x.x.x.x/x). type: list member_path: src:subnet + more... + +
                • +
                  +
                • subnet - IP and mask. type: str required: true + more... + +
                  • +
                +
              • src_negate - Enable/disable negating source address match. type: str choices: enable, disable + more... + +
                • +
              • srcaddr - Source address name. type: list member_path: srcaddr:name + more... + +
                • +
                  +
                • name - Address/group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • start_port - Start destination port number (0 - 65535). type: int + more... + +
                • +
              • start_source_port - Start source port number (0 - 65535). type: int + more... + +
                • +
              • status - Enable/disable this policy route. type: str choices: enable, disable + more... + +
                • +
              • tos - Type of service bit pattern. type: str + more... + +
                • +
              • tos_mask - Type of service evaluated bits. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 routing policies. + fortios_router_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_policy: + action: "deny" + comments: "" + dst: + - + subnet: "" + dst_negate: "enable" + dstaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + end_port: "10" + end_source_port: "11" + gateway: "" + input_device: + - + name: "default_name_14 (source system.interface.name)" + input_device_negate: "enable" + internet_service_custom: + - + name: "default_name_17 (source firewall.internet-service-custom.name)" + internet_service_id: + - + id: "19 (source firewall.internet-service.id)" + output_device: " (source system.interface.name)" + protocol: "21" + seq_num: "22" + src: + - + subnet: "" + src_negate: "enable" + srcaddr: + - + name: "default_name_27 (source firewall.address.name firewall.addrgrp.name)" + start_port: "28" + start_source_port: "29" + status: "enable" + tos: "" + tos_mask: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_policy6.rst b/gen/fortios_router_policy6.rst new file mode 100644 index 00000000..b83f886c --- /dev/null +++ b/gen/fortios_router_policy6.rst @@ -0,0 +1,854 @@ +:source: fortios_router_policy6.py + +:orphan: + +.. fortios_router_policy6: + +fortios_router_policy6 -- Configure IPv6 routing policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_policy6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_policy6 - Configure IPv6 routing policies. type: dict + more... + +
              • +
                +
              • comments - Optional comments. type: str + more... + +
                • +
              • dst - Destination IPv6 prefix. type: str + more... + +
                • +
              • end_port - End destination port number (1 - 65535). type: int + more... + +
                • +
              • gateway - IPv6 address of the gateway. type: str + more... + +
                • +
              • input_device - Incoming interface name. Source system.interface.name. type: str + more... + +
                • +
              • output_device - Outgoing interface name. Source system.interface.name. type: str + more... + +
                • +
              • protocol - Protocol number (0 - 255). type: int + more... + +
                • +
              • seq_num - Sequence number(1-65535). type: int + more... + +
                • +
              • src - Source IPv6 prefix. type: str + more... + +
                • +
              • start_port - Start destination port number (1 - 65535). type: int + more... + +
                • +
              • status - Enable/disable this policy route. type: str choices: enable, disable + more... + +
                • +
              • tos - Type of service bit pattern. type: str + more... + +
                • +
              • tos_mask - Type of service evaluated bits. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 routing policies. + fortios_router_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_policy6: + comments: "" + dst: "" + end_port: "5" + gateway: "" + input_device: + - + name: "default_name_8 (source system.interface.name)" + output_device: " (source system.interface.name)" + protocol: "10" + seq_num: "11" + src: "" + start_port: "13" + status: "enable" + tos: "" + tos_mask: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_prefix_list.rst b/gen/fortios_router_prefix_list.rst new file mode 100644 index 00000000..4b70e765 --- /dev/null +++ b/gen/fortios_router_prefix_list.rst @@ -0,0 +1,659 @@ +:source: fortios_router_prefix_list.py + +:orphan: + +.. fortios_router_prefix_list: + +fortios_router_prefix_list -- Configure IPv4 prefix lists in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and prefix_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_prefix_listyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_prefix_list - Configure IPv4 prefix lists. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • rule - IPv4 prefix list rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Permit or deny this IP address and netmask prefix. type: str choices: permit, deny + more... + +
                  • +
                • flags - Flags. type: int + more... + +
                  • +
                • ge - Minimum prefix length to be matched (0 - 32). type: int + more... + +
                  • +
                • id - Rule ID. type: int required: true + more... + +
                  • +
                • le - Maximum prefix length to be matched (0 - 32). type: int + more... + +
                  • +
                • prefix - IPv4 prefix to define regular filter criteria, such as "any" or subnets. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 prefix lists. + fortios_router_prefix_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_prefix_list: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + flags: "7" + ge: "8" + id: "9" + le: "10" + prefix: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_prefix_list6.rst b/gen/fortios_router_prefix_list6.rst new file mode 100644 index 00000000..11875121 --- /dev/null +++ b/gen/fortios_router_prefix_list6.rst @@ -0,0 +1,671 @@ +:source: fortios_router_prefix_list6.py + +:orphan: + +.. fortios_router_prefix_list6: + +fortios_router_prefix_list6 -- Configure IPv6 prefix lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and prefix_list6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_prefix_list6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_prefix_list6 - Configure IPv6 prefix lists. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • rule - IPv6 prefix list rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Permit or deny packets that match this rule. type: str choices: permit, deny + more... + +
                  • +
                • flags - Flags. type: int + more... + +
                  • +
                • ge - Minimum prefix length to be matched (0 - 128). type: int + more... + +
                  • +
                • id - Rule ID. type: int required: true + more... + +
                  • +
                • le - Maximum prefix length to be matched (0 - 128). type: int + more... + +
                  • +
                • prefix6 - IPv6 prefix to define regular filter criteria, such as "any" or subnets. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 prefix lists. + fortios_router_prefix_list6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_prefix_list6: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + flags: "7" + ge: "8" + id: "9" + le: "10" + prefix6: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_rip.rst b/gen/fortios_router_rip.rst new file mode 100644 index 00000000..b941873c --- /dev/null +++ b/gen/fortios_router_rip.rst @@ -0,0 +1,3042 @@ +:source: fortios_router_rip.py + +:orphan: + +.. fortios_router_rip: + +fortios_router_rip -- Configure RIP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and rip category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_ripyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_rip - Configure RIP. type: dict + more... + +
              • +
                +
              • default_information_originate - Enable/disable generation of default route. type: str choices: enable, disable + more... + +
                • +
              • default_metric - Default metric. type: int + more... + +
                • +
              • distance - Distance. type: list member_path: distance:id + more... + +
                • +
                  +
                • access_list - Access list for route destination. Source router.access-list.name. type: str + more... + +
                  • +
                • distance - Distance (1 - 255). type: int + more... + +
                  • +
                • id - Distance ID. type: int required: true + more... + +
                  • +
                • prefix - Distance prefix. type: str + more... + +
                  • +
                +
              • distribute_list - Distribute list. type: list member_path: distribute_list:id + more... + +
                • +
                  +
                • direction - Distribute list direction. type: str choices: in, out + more... + +
                  • +
                • id - Distribute list ID. type: int required: true + more... + +
                  • +
                • interface - Distribute list interface name. Source system.interface.name. type: str + more... + +
                  • +
                • listname - Distribute access/prefix list name. Source router.access-list.name router.prefix-list.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • garbage_timer - Garbage timer in seconds. type: int + more... + +
                • +
              • interface - RIP interface configuration. type: list member_path: interface:name + more... + +
                • +
                  +
                • auth_keychain - Authentication key-chain name. Source router.key-chain.name. type: str + more... + +
                  • +
                • auth_mode - Authentication mode. type: str choices: none, text, md5 + more... + +
                  • +
                • auth_string - Authentication string/password. type: str + more... + +
                  • +
                • flags - Flags. type: int + more... + +
                  • +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                • receive_version - Receive version. type: list choices: 1, 2 + more... + +
                  • +
                • send_version - Send version. type: list choices: 1, 2 + more... + +
                  • +
                • send_version2_broadcast - Enable/disable broadcast version 1 compatible packets. type: str choices: disable, enable + more... + +
                  • +
                • split_horizon - Enable/disable split horizon. type: str choices: poisoned, regular + more... + +
                  • +
                • split_horizon_status - Enable/disable split horizon. type: str choices: enable, disable + more... + +
                  • +
                +
              • max_out_metric - Maximum metric allowed to output(0 means "not set"). type: int + more... + +
                • +
              • neighbor - Neighbor. type: list member_path: neighbor:id + more... + +
                • +
                  +
                • id - Neighbor entry ID. type: int required: true + more... + +
                  • +
                • ip - IP address. type: str + more... + +
                  • +
                +
              • network - Network. type: list member_path: network:id + more... + +
                • +
                  +
                • id - Network entry ID. type: int required: true + more... + +
                  • +
                • prefix - Network prefix. type: str + more... + +
                  • +
                +
              • offset_list - Offset list. type: list member_path: offset_list:id + more... + +
                • +
                  +
                • access_list - Access list name. Source router.access-list.name. type: str + more... + +
                  • +
                • direction - Offset list direction. type: str choices: in, out + more... + +
                  • +
                • id - Offset-list ID. type: int required: true + more... + +
                  • +
                • interface - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                • offset - Offset. type: int + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • passive_interface - Passive interface configuration. type: list member_path: passive_interface:name + more... + +
                • +
                  +
                • name - Passive interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • recv_buffer_size - Receiving buffer size. type: int + more... + +
                • +
              • redistribute - Redistribute configuration. type: list member_path: redistribute:name + more... + +
                • +
                  +
                • metric - Redistribute metric setting. type: int + more... + +
                  • +
                • name - Redistribute name. type: str required: true + more... + +
                  • +
                • routemap - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • timeout_timer - Timeout timer in seconds. type: int + more... + +
                • +
              • update_timer - Update timer in seconds. type: int + more... + +
                • +
              • version - RIP version. type: str choices: 1, 2 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure RIP. + fortios_router_rip: + vdom: "{{ vdom }}" + router_rip: + default_information_originate: "enable" + default_metric: "4" + distance: + - + access_list: " (source router.access-list.name)" + distance: "7" + id: "8" + prefix: "" + distribute_list: + - + direction: "in" + id: "12" + interface: " (source system.interface.name)" + listname: " (source router.access-list.name router.prefix-list.name)" + status: "enable" + garbage_timer: "16" + interface: + - + auth_keychain: " (source router.key-chain.name)" + auth_mode: "none" + auth_string: "" + flags: "21" + name: "default_name_22 (source system.interface.name)" + receive_version: "1" + send_version: "1" + send_version2_broadcast: "disable" + split_horizon: "poisoned" + split_horizon_status: "enable" + max_out_metric: "28" + neighbor: + - + id: "30" + ip: "" + network: + - + id: "33" + prefix: "" + offset_list: + - + access_list: " (source router.access-list.name)" + direction: "in" + id: "38" + interface: " (source system.interface.name)" + offset: "40" + status: "enable" + passive_interface: + - + name: "default_name_43 (source system.interface.name)" + recv_buffer_size: "44" + redistribute: + - + metric: "46" + name: "default_name_47" + routemap: " (source router.route-map.name)" + status: "enable" + timeout_timer: "50" + update_timer: "51" + version: "1" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_ripng.rst b/gen/fortios_router_ripng.rst new file mode 100644 index 00000000..346edc43 --- /dev/null +++ b/gen/fortios_router_ripng.rst @@ -0,0 +1,2660 @@ +:source: fortios_router_ripng.py + +:orphan: + +.. fortios_router_ripng: + +fortios_router_ripng -- Configure RIPng in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ripng category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_ripngyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_ripng - Configure RIPng. type: dict + more... + +
              • +
                +
              • aggregate_address - Aggregate address. type: list member_path: aggregate_address:id + more... + +
                • +
                  +
                • id - Aggregate address entry ID. type: int required: true + more... + +
                  • +
                • prefix6 - Aggregate address prefix. type: str + more... + +
                  • +
                +
              • default_information_originate - Enable/disable generation of default route. type: str choices: enable, disable + more... + +
                • +
              • default_metric - Default metric. type: int + more... + +
                • +
              • distance - Distance. type: list member_path: distance:id + more... + +
                • +
                  +
                • access_list6 - Access list for route destination. Source router.access-list6.name. type: str + more... + +
                  • +
                • distance - Distance (1 - 255). type: int + more... + +
                  • +
                • id - Distance ID. type: int required: true + more... + +
                  • +
                • prefix6 - Distance prefix6. type: str + more... + +
                  • +
                +
              • distribute_list - Distribute list. type: list member_path: distribute_list:id + more... + +
                • +
                  +
                • direction - Distribute list direction. type: str choices: in, out + more... + +
                  • +
                • id - Distribute list ID. type: int required: true + more... + +
                  • +
                • interface - Distribute list interface name. Source system.interface.name. type: str + more... + +
                  • +
                • listname - Distribute access/prefix list name. Source router.access-list6.name router.prefix-list6.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • garbage_timer - Garbage timer. type: int + more... + +
                • +
              • interface - RIPng interface configuration. type: list member_path: interface:name + more... + +
                • +
                  +
                • flags - Flags. type: int + more... + +
                  • +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                • split_horizon - Enable/disable split horizon. type: str choices: poisoned, regular + more... + +
                  • +
                • split_horizon_status - Enable/disable split horizon. type: str choices: enable, disable + more... + +
                  • +
                +
              • max_out_metric - Maximum metric allowed to output(0 means "not set"). type: int + more... + +
                • +
              • neighbor - Neighbor. type: list member_path: neighbor:id + more... + +
                • +
                  +
                • id - Neighbor entry ID. type: int required: true + more... + +
                  • +
                • interface - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                • ip6 - IPv6 link-local address. type: str + more... + +
                  • +
                +
              • network - Network. type: list member_path: network:id + more... + +
                • +
                  +
                • id - Network entry ID. type: int required: true + more... + +
                  • +
                • prefix - Network IPv6 link-local prefix. type: str + more... + +
                  • +
                +
              • offset_list - Offset list. type: list member_path: offset_list:id + more... + +
                • +
                  +
                • access_list6 - IPv6 access list name. Source router.access-list6.name. type: str + more... + +
                  • +
                • direction - Offset list direction. type: str choices: in, out + more... + +
                  • +
                • id - Offset-list ID. type: int required: true + more... + +
                  • +
                • interface - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                • offset - Offset. type: int + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • passive_interface - Passive interface configuration. type: list member_path: passive_interface:name + more... + +
                • +
                  +
                • name - Passive interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • redistribute - Redistribute configuration. type: list member_path: redistribute:name + more... + +
                • +
                  +
                • metric - Redistribute metric setting. type: int + more... + +
                  • +
                • name - Redistribute name. type: str required: true + more... + +
                  • +
                • routemap - Route map name. Source router.route-map.name. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • timeout_timer - Timeout timer. type: int + more... + +
                • +
              • update_timer - Update timer. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure RIPng. + fortios_router_ripng: + vdom: "{{ vdom }}" + router_ripng: + aggregate_address: + - + id: "4" + prefix6: "" + default_information_originate: "enable" + default_metric: "7" + distance: + - + access_list6: " (source router.access-list6.name)" + distance: "10" + id: "11" + prefix6: "" + distribute_list: + - + direction: "in" + id: "15" + interface: " (source system.interface.name)" + listname: " (source router.access-list6.name router.prefix-list6.name)" + status: "enable" + garbage_timer: "19" + interface: + - + flags: "21" + name: "default_name_22 (source system.interface.name)" + split_horizon: "poisoned" + split_horizon_status: "enable" + max_out_metric: "25" + neighbor: + - + id: "27" + interface: " (source system.interface.name)" + ip6: "" + network: + - + id: "31" + prefix: "" + offset_list: + - + access_list6: " (source router.access-list6.name)" + direction: "in" + id: "36" + interface: " (source system.interface.name)" + offset: "38" + status: "enable" + passive_interface: + - + name: "default_name_41 (source system.interface.name)" + redistribute: + - + metric: "43" + name: "default_name_44" + routemap: " (source router.route-map.name)" + status: "enable" + timeout_timer: "47" + update_timer: "48" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_route_map.rst b/gen/fortios_router_route_map.rst new file mode 100644 index 00000000..b3b4dfd5 --- /dev/null +++ b/gen/fortios_router_route_map.rst @@ -0,0 +1,3039 @@ +:source: fortios_router_route_map.py + +:orphan: + +.. fortios_router_route_map: + +fortios_router_route_map -- Configure route maps in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and route_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_route_mapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_route_map - Configure route maps. type: dict + more... + +
              • +
                +
              • comments - Optional comments. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • rule - Rule. type: list member_path: rule:id + more... + +
                • +
                  +
                • action - Action. type: str choices: permit, deny + more... + +
                  • +
                • id - Rule ID. type: int required: true + more... + +
                  • +
                • match_as_path - Match BGP AS path list. Source router.aspath-list.name. type: str + more... + +
                  • +
                • match_community - Match BGP community list. Source router.community-list.name. type: str + more... + +
                  • +
                • match_community_exact - Enable/disable exact matching of communities. type: str choices: enable, disable + more... + +
                  • +
                • match_flags - BGP flag value to match (0 - 65535) type: int + more... + +
                  • +
                • match_interface - Match interface configuration. Source system.interface.name. type: str + more... + +
                  • +
                • match_ip_address - Match IP address permitted by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. type: str + more... + +
                  • +
                • match_ip_nexthop - Match next hop IP address passed by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. type: str + more... + +
                  • +
                • match_ip6_address - Match IPv6 address permitted by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. type: str + more... + +
                  • +
                • match_ip6_nexthop - Match next hop IPv6 address passed by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. type: str + more... + +
                  • +
                • match_metric - Match metric for redistribute routes. type: int + more... + +
                  • +
                • match_origin - Match BGP origin code. type: str choices: none, egp, igp, incomplete + more... + +
                  • +
                • match_route_type - Match route type. type: str choices: external-type1, external-type2, none, 1, 2 + more... + +
                  • +
                • match_tag - Match tag. type: int + more... + +
                  • +
                • match_vrf - Match VRF ID. type: int + more... + +
                  • +
                • set_aggregator_as - BGP aggregator AS. type: int + more... + +
                  • +
                • set_aggregator_ip - BGP aggregator IP. type: str + more... + +
                  • +
                • set_aspath - Prepend BGP AS path attribute. type: list member_path: rule:id/set_aspath:as + more... + +
                  • +
                    +
                  • as - AS number (0 - 4294967295). Use quotes for repeating numbers, For example, "1 1 2". type: str required: true + more... + +
                    • +
                  +
                • set_aspath_action - Specify preferred action of set-aspath. type: str choices: prepend, replace + more... + +
                  • +
                • set_atomic_aggregate - Enable/disable BGP atomic aggregate attribute. type: str choices: enable, disable + more... + +
                  • +
                • set_community - BGP community attribute. type: list member_path: rule:id/set_community:community + more... + +
                  • +
                    +
                  • community - Attribute: AA|AA:NN|internet|local-AS|no-advertise|no-export. type: str required: true + more... + +
                    • +
                  +
                • set_community_additive - Enable/disable adding set-community to existing community. type: str choices: enable, disable + more... + +
                  • +
                • set_community_delete - Delete communities matching community list. Source router.community-list.name. type: str + more... + +
                  • +
                • set_dampening_max_suppress - Maximum duration to suppress a route (1 - 255 min, 0 = unset). type: int + more... + +
                  • +
                • set_dampening_reachability_half_life - Reachability half-life time for the penalty (1 - 45 min, 0 = unset). type: int + more... + +
                  • +
                • set_dampening_reuse - Value to start reusing a route (1 - 20000, 0 = unset). type: int + more... + +
                  • +
                • set_dampening_suppress - Value to start suppressing a route (1 - 20000, 0 = unset). type: int + more... + +
                  • +
                • set_dampening_unreachability_half_life - Unreachability Half-life time for the penalty (1 - 45 min, 0 = unset). type: int + more... + +
                  • +
                • set_extcommunity_rt - Route Target extended community. type: list member_path: rule:id/set_extcommunity_rt:community + more... + +
                  • +
                    +
                  • community - AA:NN. type: str required: true + more... + +
                    • +
                  +
                • set_extcommunity_soo - Site-of-Origin extended community. type: list member_path: rule:id/set_extcommunity_soo:community + more... + +
                  • +
                    +
                  • community - Community (format = AA:NN). type: str required: true + more... + +
                    • +
                  +
                • set_flags - BGP flags value (0 - 65535) type: int + more... + +
                  • +
                • set_ip_nexthop - IP address of next hop. type: str + more... + +
                  • +
                • set_ip6_nexthop - IPv6 global address of next hop. type: str + more... + +
                  • +
                • set_ip6_nexthop_local - IPv6 local address of next hop. type: str + more... + +
                  • +
                • set_local_preference - BGP local preference path attribute. type: int + more... + +
                  • +
                • set_metric - Metric value. type: int + more... + +
                  • +
                • set_metric_type - Metric type. type: str choices: external-type1, external-type2, none, 1, 2 + more... + +
                  • +
                • set_origin - BGP origin code. type: str choices: none, egp, igp, incomplete + more... + +
                  • +
                • set_originator_id - BGP originator ID attribute. type: str + more... + +
                  • +
                • set_route_tag - Route tag for routing table. type: int + more... + +
                  • +
                • set_tag - Tag value. type: int + more... + +
                  • +
                • set_weight - BGP weight for routing table. type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure route maps. + fortios_router_route_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_route_map: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + id: "7" + match_as_path: " (source router.aspath-list.name)" + match_community: " (source router.community-list.name)" + match_community_exact: "enable" + match_flags: "11" + match_interface: " (source system.interface.name)" + match_ip_address: " (source router.access-list.name router.prefix-list.name)" + match_ip_nexthop: " (source router.access-list.name router.prefix-list.name)" + match_ip6_address: " (source router.access-list6.name router.prefix-list6.name)" + match_ip6_nexthop: " (source router.access-list6.name router.prefix-list6.name)" + match_metric: "17" + match_origin: "none" + match_route_type: "external-type1" + match_tag: "20" + match_vrf: "21" + set_aggregator_as: "22" + set_aggregator_ip: "" + set_aspath: + - + as: "" + set_aspath_action: "prepend" + set_atomic_aggregate: "enable" + set_community: + - + community: "" + set_community_additive: "enable" + set_community_delete: " (source router.community-list.name)" + set_dampening_max_suppress: "32" + set_dampening_reachability_half_life: "33" + set_dampening_reuse: "34" + set_dampening_suppress: "35" + set_dampening_unreachability_half_life: "36" + set_extcommunity_rt: + - + community: "" + set_extcommunity_soo: + - + community: "" + set_flags: "41" + set_ip_nexthop: "" + set_ip6_nexthop: "" + set_ip6_nexthop_local: "" + set_local_preference: "45" + set_metric: "46" + set_metric_type: "external-type1" + set_origin: "none" + set_originator_id: "" + set_route_tag: "50" + set_tag: "51" + set_weight: "52" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_setting.rst b/gen/fortios_router_setting.rst new file mode 100644 index 00000000..ee97be7f --- /dev/null +++ b/gen/fortios_router_setting.rst @@ -0,0 +1,881 @@ +:source: fortios_router_setting.py + +:orphan: + +.. fortios_router_setting: + +fortios_router_setting -- Configure router settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • router_setting - Configure router settings. type: dict + more... + +
              • +
                +
              • bgp_debug_flags - bgp_debug_flags type: str + more... + +
                • +
              • hostname - Hostname for this virtual domain router. type: str + more... + +
                • +
              • igmp_debug_flags - igmp_debug_flags type: str + more... + +
                • +
              • imi_debug_flags - imi_debug_flags type: str + more... + +
                • +
              • isis_debug_flags - isis_debug_flags type: str + more... + +
                • +
              • ospf6_debug_events_flags - ospf6_debug_events_flags type: str + more... + +
                • +
              • ospf6_debug_ifsm_flags - ospf6_debug_ifsm_flags type: str + more... + +
                • +
              • ospf6_debug_lsa_flags - ospf6_debug_lsa_flags type: str + more... + +
                • +
              • ospf6_debug_nfsm_flags - ospf6_debug_nfsm_flags type: str + more... + +
                • +
              • ospf6_debug_nsm_flags - ospf6_debug_nsm_flags type: str + more... + +
                • +
              • ospf6_debug_packet_flags - ospf6_debug_packet_flags type: str + more... + +
                • +
              • ospf6_debug_route_flags - ospf6_debug_route_flags type: str + more... + +
                • +
              • ospf_debug_events_flags - ospf_debug_events_flags type: str + more... + +
                • +
              • ospf_debug_ifsm_flags - ospf_debug_ifsm_flags type: str + more... + +
                • +
              • ospf_debug_lsa_flags - ospf_debug_lsa_flags type: str + more... + +
                • +
              • ospf_debug_nfsm_flags - ospf_debug_nfsm_flags type: str + more... + +
                • +
              • ospf_debug_nsm_flags - ospf_debug_nsm_flags type: str + more... + +
                • +
              • ospf_debug_packet_flags - ospf_debug_packet_flags type: str + more... + +
                • +
              • ospf_debug_route_flags - ospf_debug_route_flags type: str + more... + +
                • +
              • pimdm_debug_flags - pimdm_debug_flags type: str + more... + +
                • +
              • pimsm_debug_joinprune_flags - pimsm_debug_joinprune_flags type: str + more... + +
                • +
              • pimsm_debug_simple_flags - pimsm_debug_simple_flags type: str + more... + +
                • +
              • pimsm_debug_timer_flags - pimsm_debug_timer_flags type: str + more... + +
                • +
              • rip_debug_flags - rip_debug_flags type: str + more... + +
                • +
              • ripng_debug_flags - ripng_debug_flags type: str + more... + +
                • +
              • show_filter - Prefix-list as filter for showing routes. Source router.prefix-list.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure router settings. + fortios_router_setting: + vdom: "{{ vdom }}" + router_setting: + bgp_debug_flags: "" + hostname: "myhostname" + igmp_debug_flags: "" + imi_debug_flags: "" + isis_debug_flags: "" + ospf6_debug_events_flags: "" + ospf6_debug_ifsm_flags: "" + ospf6_debug_lsa_flags: "" + ospf6_debug_nfsm_flags: "" + ospf6_debug_nsm_flags: "" + ospf6_debug_packet_flags: "" + ospf6_debug_route_flags: "" + ospf_debug_events_flags: "" + ospf_debug_ifsm_flags: "" + ospf_debug_lsa_flags: "" + ospf_debug_nfsm_flags: "" + ospf_debug_nsm_flags: "" + ospf_debug_packet_flags: "" + ospf_debug_route_flags: "" + pimdm_debug_flags: "" + pimsm_debug_joinprune_flags: "" + pimsm_debug_simple_flags: "" + pimsm_debug_timer_flags: "" + rip_debug_flags: "" + ripng_debug_flags: "" + show_filter: " (source router.prefix-list.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_static.rst b/gen/fortios_router_static.rst new file mode 100644 index 00000000..e57b5094 --- /dev/null +++ b/gen/fortios_router_static.rst @@ -0,0 +1,1419 @@ +:source: fortios_router_static.py + +:orphan: + +.. fortios_router_static: + +fortios_router_static -- Configure IPv4 static routing tables in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and static category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_staticyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_static - Configure IPv4 static routing tables. type: dict + more... + +
              • +
                +
              • bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable + more... + +
                • +
              • blackhole - Enable/disable black hole. type: str choices: enable, disable + more... + +
                • +
              • comment - Optional comments. type: str + more... + +
                • +
              • device - Gateway out interface or tunnel. Source system.interface.name. type: str + more... + +
                • +
              • distance - Administrative distance (1 - 255). type: int + more... + +
                • +
              • dst - Destination IP and mask for this route. type: str + more... + +
                • +
              • dstaddr - Name of firewall address or address group. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • dynamic_gateway - Enable use of dynamic gateway retrieved from a DHCP or PPP server. type: str choices: enable, disable + more... + +
                • +
              • gateway - Gateway IP for this route. type: str + more... + +
                • +
              • internet_service - Application ID in the Internet service database. Source firewall.internet-service.id. type: int + more... + +
                • +
              • internet_service_custom - Application name in the Internet service custom database. Source firewall.internet-service-custom.name. type: str + more... + +
                • +
              • link_monitor_exempt - Enable/disable withdrawal of this static route when link monitor or health check is down. type: str choices: enable, disable + more... + +
                • +
              • priority - Administrative priority (1 - 65535). type: int + more... + +
                • +
              • sdwan - Enable/disable egress through SD-WAN. type: str choices: enable, disable + more... + +
                • +
              • sdwan_zone - Choose SD-WAN Zone. type: list member_path: sdwan_zone:name + more... + +
                • +
                  +
                • name - SD-WAN zone name. Source system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • seq_num - Sequence number. type: int + more... + +
                • +
              • src - Source prefix for this route. type: str + more... + +
                • +
              • status - Enable/disable this static route. type: str choices: enable, disable + more... + +
                • +
              • virtual_wan_link - Enable/disable egress through the virtual-wan-link. type: str choices: enable, disable + more... + +
                • +
              • vrf - Virtual Routing Forwarding ID. type: int + more... + +
                • +
              • weight - Administrative weight (0 - 255). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 static routing tables. + fortios_router_static: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_static: + bfd: "enable" + blackhole: "enable" + comment: "Optional comments." + device: " (source system.interface.name)" + distance: "7" + dst: "" + dstaddr: " (source firewall.address.name firewall.addrgrp.name)" + dynamic_gateway: "enable" + gateway: "" + internet_service: "12 (source firewall.internet-service.id)" + internet_service_custom: " (source firewall.internet-service-custom.name)" + link_monitor_exempt: "enable" + priority: "15" + sdwan: "enable" + sdwan_zone: + - + name: "default_name_18 (source system.sdwan.zone.name)" + seq_num: "19" + src: "" + status: "enable" + virtual_wan_link: "enable" + vrf: "23" + weight: "24" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_router_static6.rst b/gen/fortios_router_static6.rst new file mode 100644 index 00000000..d48a2ac8 --- /dev/null +++ b/gen/fortios_router_static6.rst @@ -0,0 +1,1235 @@ +:source: fortios_router_static6.py + +:orphan: + +.. fortios_router_static6: + +fortios_router_static6 -- Configure IPv6 static routing tables in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and static6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_router_static6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • router_static6 - Configure IPv6 static routing tables. type: dict + more... + +
              • +
                +
              • bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable + more... + +
                • +
              • blackhole - Enable/disable black hole. type: str choices: enable, disable + more... + +
                • +
              • comment - Optional comments. type: str + more... + +
                • +
              • device - Gateway out interface or tunnel. Source system.interface.name. type: str + more... + +
                • +
              • devindex - Device index (0 - 4294967295). type: int + more... + +
                • +
              • distance - Administrative distance (1 - 255). type: int + more... + +
                • +
              • dst - Destination IPv6 prefix. type: str + more... + +
                • +
              • dynamic_gateway - Enable use of dynamic gateway retrieved from Router Advertisement (RA). type: str choices: enable, disable + more... + +
                • +
              • gateway - IPv6 address of the gateway. type: str + more... + +
                • +
              • link_monitor_exempt - Enable/disable withdrawal of this static route when link monitor or health check is down. type: str choices: enable, disable + more... + +
                • +
              • priority - Administrative priority (1 - 65535). type: int + more... + +
                • +
              • sdwan - Enable/disable egress through the SD-WAN. type: str choices: enable, disable + more... + +
                • +
              • sdwan_zone - Choose SD-WAN Zone. type: list member_path: sdwan_zone:name + more... + +
                • +
                  +
                • name - SD-WAN zone name. Source system.sdwan.zone.name. type: str required: true + more... + +
                  • +
                +
              • seq_num - Sequence number. type: int + more... + +
                • +
              • status - Enable/disable this static route. type: str choices: enable, disable + more... + +
                • +
              • virtual_wan_link - Enable/disable egress through the virtual-wan-link. type: str choices: enable, disable + more... + +
                • +
              • vrf - Virtual Routing Forwarding ID. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 static routing tables. + fortios_router_static6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_static6: + bfd: "enable" + blackhole: "enable" + comment: "Optional comments." + device: " (source system.interface.name)" + devindex: "7" + distance: "8" + dst: "" + dynamic_gateway: "enable" + gateway: "" + link_monitor_exempt: "enable" + priority: "13" + sdwan: "enable" + sdwan_zone: + - + name: "default_name_16 (source system.sdwan.zone.name)" + seq_num: "17" + status: "enable" + virtual_wan_link: "enable" + vrf: "20" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_sctp_filter_profile.rst b/gen/fortios_sctp_filter_profile.rst new file mode 100644 index 00000000..a9a1f80d --- /dev/null +++ b/gen/fortios_sctp_filter_profile.rst @@ -0,0 +1,367 @@ +:source: fortios_sctp_filter_profile.py + +:orphan: + +.. fortios_sctp_filter_profile: + +fortios_sctp_filter_profile -- Configure SCTP filter profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify sctp_filter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_sctp_filter_profileyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • sctp_filter_profile - Configure SCTP filter profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • ppid_filters - PPID filters list. type: list member_path: ppid_filters:id + more... + +
                • +
                  +
                • action - Action taken when PPID is matched. type: str choices: pass, reset, replace + more... + +
                  • +
                • comment - Comment. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ppid - Payload protocol identifier. type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SCTP filter profiles. + fortios_sctp_filter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + sctp_filter_profile: + comment: "Comment." + name: "default_name_4" + ppid_filters: + - + action: "pass" + comment: "Comment." + id: "8" + ppid: "9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_bwl.rst b/gen/fortios_spamfilter_bwl.rst new file mode 100644 index 00000000..014bfabb --- /dev/null +++ b/gen/fortios_spamfilter_bwl.rst @@ -0,0 +1,493 @@ +:source: fortios_spamfilter_bwl.py + +:orphan: + +.. fortios_spamfilter_bwl: + +fortios_spamfilter_bwl -- Configure anti-spam black/white list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and bwl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_bwlyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • spamfilter_bwl - Configure anti-spam black/white list. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Anti-spam black/white list entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Reject, mark as spam or good email. type: str choices: reject, spam, clear + more... + +
                  • +
                • addr_type - IP address type. type: str choices: ipv4, ipv6 + more... + +
                  • +
                • email_pattern - Email address pattern. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • ip4_subnet - IPv4 network address/subnet mask bits. type: str + more... + +
                  • +
                • ip6_subnet - IPv6 network address/subnet mask bits. type: str + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                • type - Entry type. type: str choices: ip, email + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure anti-spam black/white list. + fortios_spamfilter_bwl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_bwl: + comment: "Optional comments." + entries: + - + action: "reject" + addr_type: "ipv4" + email_pattern: "" + id: "8" + ip4_subnet: "" + ip6_subnet: "" + pattern_type: "wildcard" + status: "enable" + type: "ip" + id: "14" + name: "default_name_15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_bword.rst b/gen/fortios_spamfilter_bword.rst new file mode 100644 index 00000000..ef247639 --- /dev/null +++ b/gen/fortios_spamfilter_bword.rst @@ -0,0 +1,509 @@ +:source: fortios_spamfilter_bword.py + +:orphan: + +.. fortios_spamfilter_bword: + +fortios_spamfilter_bword -- Configure AntiSpam banned word list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and bword category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_bwordyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • spamfilter_bword - Configure AntiSpam banned word list. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter banned word. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Mark spam or good. type: str choices: spam, clear + more... + +
                  • +
                • id - Banned word entry ID. type: int required: true + more... + +
                  • +
                • language - Language for the banned word. type: str choices: western, simch, trach, japanese, korean, french, thai, spanish + more... + +
                  • +
                • pattern - Pattern for the banned word. type: str + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • score - Score value. type: int + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                • where - Component of the email to be scanned. type: str choices: subject, body, all + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam banned word list. + fortios_spamfilter_bword: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_bword: + comment: "Optional comments." + entries: + - + action: "spam" + id: "6" + language: "western" + pattern: "" + pattern_type: "wildcard" + score: "10" + status: "enable" + where: "subject" + id: "13" + name: "default_name_14" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_dnsbl.rst b/gen/fortios_spamfilter_dnsbl.rst new file mode 100644 index 00000000..bb57850a --- /dev/null +++ b/gen/fortios_spamfilter_dnsbl.rst @@ -0,0 +1,351 @@ +:source: fortios_spamfilter_dnsbl.py + +:orphan: + +.. fortios_spamfilter_dnsbl: + +fortios_spamfilter_dnsbl -- Configure AntiSpam DNSBL/ORBL in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and dnsbl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_dnsblyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • spamfilter_dnsbl - Configure AntiSpam DNSBL/ORBL. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter DNSBL and ORBL server. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Reject connection or mark as spam email. type: str choices: reject, spam + more... + +
                  • +
                • id - DNSBL/ORBL entry ID. type: int required: true + more... + +
                  • +
                • server - DNSBL or ORBL server name. type: str + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam DNSBL/ORBL. + fortios_spamfilter_dnsbl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_dnsbl: + comment: "Optional comments." + entries: + - + action: "reject" + id: "6" + server: "192.168.100.40" + status: "enable" + id: "9" + name: "default_name_10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_fortishield.rst b/gen/fortios_spamfilter_fortishield.rst new file mode 100644 index 00000000..c2835528 --- /dev/null +++ b/gen/fortios_spamfilter_fortishield.rst @@ -0,0 +1,245 @@ +:source: fortios_spamfilter_fortishield.py + +:orphan: + +.. fortios_spamfilter_fortishield: + +fortios_spamfilter_fortishield -- Configure FortiGuard - AntiSpam in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and fortishield category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_fortishieldyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • spamfilter_fortishield - Configure FortiGuard - AntiSpam. type: dict + more... + +
              • +
                +
              • spam_submit_force - Enable/disable force insertion of a new mime entity for the submission text. type: str choices: enable, disable + more... + +
                • +
              • spam_submit_srv - Hostname of the spam submission server. type: str + more... + +
                • +
              • spam_submit_txt2htm - Enable/disable conversion of text email to HTML email. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard - AntiSpam. + fortios_spamfilter_fortishield: + vdom: "{{ vdom }}" + spamfilter_fortishield: + spam_submit_force: "enable" + spam_submit_srv: "" + spam_submit_txt2htm: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_iptrust.rst b/gen/fortios_spamfilter_iptrust.rst new file mode 100644 index 00000000..530ce9ad --- /dev/null +++ b/gen/fortios_spamfilter_iptrust.rst @@ -0,0 +1,371 @@ +:source: fortios_spamfilter_iptrust.py + +:orphan: + +.. fortios_spamfilter_iptrust: + +fortios_spamfilter_iptrust -- Configure AntiSpam IP trust in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and iptrust category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_iptrustyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • spamfilter_iptrust - Configure AntiSpam IP trust. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter trusted IP addresses. type: list member_path: entries:id + more... + +
                • +
                  +
                • addr_type - Type of address. type: str choices: ipv4, ipv6 + more... + +
                  • +
                • id - Trusted IP entry ID. type: int required: true + more... + +
                  • +
                • ip4_subnet - IPv4 network address or network address/subnet mask bits. type: str + more... + +
                  • +
                • ip6_subnet - IPv6 network address/subnet mask bits. type: str + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam IP trust. + fortios_spamfilter_iptrust: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_iptrust: + comment: "Optional comments." + entries: + - + addr_type: "ipv4" + id: "6" + ip4_subnet: "" + ip6_subnet: "" + status: "enable" + id: "10" + name: "default_name_11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_mheader.rst b/gen/fortios_spamfilter_mheader.rst new file mode 100644 index 00000000..9e94f8c9 --- /dev/null +++ b/gen/fortios_spamfilter_mheader.rst @@ -0,0 +1,403 @@ +:source: fortios_spamfilter_mheader.py + +:orphan: + +.. fortios_spamfilter_mheader: + +fortios_spamfilter_mheader -- Configure AntiSpam MIME header in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and mheader category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_mheaderyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • spamfilter_mheader - Configure AntiSpam MIME header. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Spam filter mime header content. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Mark spam or good. type: str choices: spam, clear + more... + +
                  • +
                • fieldbody - Pattern for the header field body. type: str + more... + +
                  • +
                • fieldname - Pattern for header field name. type: str + more... + +
                  • +
                • id - Mime header entry ID. type: int required: true + more... + +
                  • +
                • pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • status - Enable/disable status. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam MIME header. + fortios_spamfilter_mheader: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_mheader: + comment: "Optional comments." + entries: + - + action: "spam" + fieldbody: "" + fieldname: "" + id: "8" + pattern_type: "wildcard" + status: "enable" + id: "11" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_options.rst b/gen/fortios_spamfilter_options.rst new file mode 100644 index 00000000..5c5c7df6 --- /dev/null +++ b/gen/fortios_spamfilter_options.rst @@ -0,0 +1,181 @@ +:source: fortios_spamfilter_options.py + +:orphan: + +.. fortios_spamfilter_options: + +fortios_spamfilter_options -- Configure AntiSpam options in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_optionsyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • spamfilter_options - Configure AntiSpam options. type: dict + more... + +
              • +
                +
              • dns_timeout - DNS query time out (1 - 30 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam options. + fortios_spamfilter_options: + vdom: "{{ vdom }}" + spamfilter_options: + dns_timeout: "3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_spamfilter_profile.rst b/gen/fortios_spamfilter_profile.rst new file mode 100644 index 00000000..22bdd4de --- /dev/null +++ b/gen/fortios_spamfilter_profile.rst @@ -0,0 +1,1340 @@ +:source: fortios_spamfilter_profile.py + +:orphan: + +.. fortios_spamfilter_profile: + +fortios_spamfilter_profile -- Configure AntiSpam profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_spamfilter_profileyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • spamfilter_profile - Configure AntiSpam profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • external - Enable/disable external Email inspection. type: str choices: enable, disable + more... + +
                • +
              • flow_based - Enable/disable flow-based spam filtering. type: str choices: enable, disable + more... + +
                • +
              • gmail - Gmail. type: dict + more... + +
                • +
                  +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                +
              • imap - IMAP. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, tag + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • tag_msg - Subject text or header added to spam email. type: str + more... + +
                  • +
                • tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo + more... + +
                  • +
                +
              • mapi - MAPI. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, discard + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                +
              • msn_hotmail - MSN Hotmail. type: dict + more... + +
                • +
                  +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • options - Options. type: list choices: bannedword, spambwl, spamfsip, spamfssubmit, spamfschksum, spamfsurl, spamhelodns, spamraddrdns, spamrbl, spamhdrcheck, spamfsphish + more... + +
                • +
              • pop3 - POP3. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, tag + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • tag_msg - Subject text or header added to spam email. type: str + more... + +
                  • +
                • tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo + more... + +
                  • +
                +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • smtp - SMTP. type: dict + more... + +
                • +
                  +
                • action - Action for spam email. type: str choices: pass, tag, discard + more... + +
                  • +
                • hdrip - Enable/disable SMTP email header IP checks for spamfsip, spamrbl and spambwl filters. type: str choices: disable, enable + more... + +
                  • +
                • local_override - Enable/disable local filter to override SMTP remote check result. type: str choices: disable, enable + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • tag_msg - Subject text or header added to spam email. type: str + more... + +
                  • +
                • tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo + more... + +
                  • +
                +
              • spam_bwl_table - Anti-spam black/white list table ID. Source spamfilter.bwl.id. type: int + more... + +
                • +
              • spam_bword_table - Anti-spam banned word table ID. Source spamfilter.bword.id. type: int + more... + +
                • +
              • spam_bword_threshold - Spam banned word threshold. type: int + more... + +
                • +
              • spam_filtering - Enable/disable spam filtering. type: str choices: enable, disable + more... + +
                • +
              • spam_iptrust_table - Anti-spam IP trust table ID. Source spamfilter.iptrust.id. type: int + more... + +
                • +
              • spam_log - Enable/disable spam logging for email filtering. type: str choices: disable, enable + more... + +
                • +
              • spam_log_fortiguard_response - Enable/disable logging FortiGuard spam response. type: str choices: disable, enable + more... + +
                • +
              • spam_mheader_table - Anti-spam MIME header table ID. Source spamfilter.mheader.id. type: int + more... + +
                • +
              • spam_rbl_table - Anti-spam DNSBL table ID. Source spamfilter.dnsbl.id. type: int + more... + +
                • +
              • yahoo_mail - Yahoo! Mail. type: dict + more... + +
                • +
                  +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam profiles. + fortios_spamfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_profile: + comment: "Comment." + external: "enable" + flow_based: "enable" + gmail: + log: "enable" + imap: + action: "pass" + log: "enable" + tag_msg: "" + tag_type: "subject" + mapi: + action: "pass" + log: "enable" + msn_hotmail: + log: "enable" + name: "default_name_18" + options: "bannedword" + pop3: + action: "pass" + log: "enable" + tag_msg: "" + tag_type: "subject" + replacemsg_group: " (source system.replacemsg-group.name)" + smtp: + action: "pass" + hdrip: "disable" + local_override: "disable" + log: "enable" + tag_msg: "" + tag_type: "subject" + spam_bwl_table: "33 (source spamfilter.bwl.id)" + spam_bword_table: "34 (source spamfilter.bword.id)" + spam_bword_threshold: "35" + spam_filtering: "enable" + spam_iptrust_table: "37 (source spamfilter.iptrust.id)" + spam_log: "disable" + spam_log_fortiguard_response: "disable" + spam_mheader_table: "40 (source spamfilter.mheader.id)" + spam_rbl_table: "41 (source spamfilter.dnsbl.id)" + yahoo_mail: + log: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_ssh_filter_profile.rst b/gen/fortios_ssh_filter_profile.rst new file mode 100644 index 00000000..7e75e794 --- /dev/null +++ b/gen/fortios_ssh_filter_profile.rst @@ -0,0 +1,1733 @@ +:source: fortios_ssh_filter_profile.py + +:orphan: + +.. fortios_ssh_filter_profile: + +fortios_ssh_filter_profile -- Configure SSH filter profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ssh_filter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_ssh_filter_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • ssh_filter_profile - Configure SSH filter profile. type: dict + more... + +
              • +
                +
              • block - SSH blocking options. type: list choices: x11, shell, exec, port-forward, tun-forward, sftp, scp, unknown + more... + +
                • +
              • default_command_log - Enable/disable logging unmatched shell commands. type: str choices: enable, disable + more... + +
                • +
              • file_filter - File filter. type: dict + more... + +
                • +
                  +
                • entries - File filter entries. type: list member_path: file_filter/entries:filter + more... + +
                  • +
                    +
                  • action - Action taken for matched file. type: str choices: log, block + more... + +
                    • +
                  • comment - Comment. type: str + more... + +
                    • +
                  • direction - Match files transmitted in the session"s originating or reply direction. type: str choices: incoming, outgoing, any + more... + +
                    • +
                  • file_type - Select file type. type: list member_path: file_filter/entries:filter/file_type:name + more... + +
                    • +
                      +
                    • name - File type name. Source antivirus.filetype.name. type: str required: true + more... + +
                      • +
                    +
                  • filter - Add a file filter. type: str required: true + more... + +
                    • +
                  • password_protected - Match password-protected files. type: str choices: True, any + more... + +
                    • +
                  • protocol - Protocols to apply with. type: str choices: ssh + more... + +
                    • +
                  +
                • log - Enable/disable file filter logging. type: str choices: enable, disable + more... + +
                  • +
                • scan_archive_contents - Enable/disable file filter archive contents scan. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable file filter. type: str choices: enable, disable + more... + +
                  • +
                +
              • log - SSH logging options. type: list choices: x11, shell, exec, port-forward, tun-forward, sftp, scp, unknown + more... + +
                • +
              • name - SSH filter profile name. type: str required: true + more... + +
                • +
              • shell_commands - SSH command filter. type: list member_path: shell_commands:id + more... + +
                • +
                  +
                • action - Action to take for SSH shell command matches. type: str choices: block, allow + more... + +
                  • +
                • alert - Enable/disable alert. type: str choices: enable, disable + more... + +
                  • +
                • id - Id. type: int required: true + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • pattern - SSH shell command pattern. type: str + more... + +
                  • +
                • severity - Log severity. type: str choices: low, medium, high, critical + more... + +
                  • +
                • type - Matching type. type: str choices: simple, regex + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSH filter profile. + fortios_ssh_filter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ssh_filter_profile: + block: "x11" + default_command_log: "enable" + file_filter: + entries: + - + action: "log" + comment: "Comment." + direction: "incoming" + file_type: + - + name: "default_name_11 (source antivirus.filetype.name)" + filter: "" + password_protected: "yes" + protocol: "ssh" + log: "enable" + scan_archive_contents: "enable" + status: "enable" + log: "x11" + name: "default_name_19" + shell_commands: + - + action: "block" + alert: "enable" + id: "23" + log: "enable" + pattern: "" + severity: "low" + type: "simple" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_802_1x_settings.rst b/gen/fortios_switch_controller_802_1x_settings.rst new file mode 100644 index 00000000..42eaf75e --- /dev/null +++ b/gen/fortios_switch_controller_802_1x_settings.rst @@ -0,0 +1,435 @@ +:source: fortios_switch_controller_802_1x_settings.py + +:orphan: + +.. fortios_switch_controller_802_1x_settings: + +fortios_switch_controller_802_1x_settings -- Configure global 802.1X settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and 802_1x_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_802_1x_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_802_1x_settings - Configure global 802.1X settings. type: dict + more... + +
              • +
                +
              • link_down_auth - Interface-reauthentication state to set if a link is down. type: str choices: set-unauth, no-action + more... + +
                • +
              • max_reauth_attempt - Maximum number of authentication attempts (0 - 15). type: int + more... + +
                • +
              • reauth_period - Period of time to allow for reauthentication (1 - 1440 sec). type: int + more... + +
                • +
              • tx_period - 802.1X Tx period (seconds). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global 802.1X settings. + fortios_switch_controller_802_1x_settings: + vdom: "{{ vdom }}" + switch_controller_802_1x_settings: + link_down_auth: "set-unauth" + max_reauth_attempt: "4" + reauth_period: "5" + tx_period: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_auto_config_custom.rst b/gen/fortios_switch_controller_auto_config_custom.rst new file mode 100644 index 00000000..f443b14e --- /dev/null +++ b/gen/fortios_switch_controller_auto_config_custom.rst @@ -0,0 +1,367 @@ +:source: fortios_switch_controller_auto_config_custom.py + +:orphan: + +.. fortios_switch_controller_auto_config_custom: + +fortios_switch_controller_auto_config_custom -- Policies which can override the 'default' for specific ISL/ICL/FortiLink interface in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_auto_config feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_auto_config_customyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_auto_config_custom - Policies which can override the 'default' for specific ISL/ICL/FortiLink interface. type: dict + more... + +
              • +
                +
              • name - Auto-Config FortiLink or ISL/ICL interface name. type: str required: true + more... + +
                • +
              • switch_binding - Switch binding list. type: list + more... + +
                • +
                  +
                • policy - Custom auto-config policy. Source switch-controller.auto-config.policy.name. type: str + more... + +
                  • +
                • switch_id - Switch name. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Policies which can override the 'default' for specific ISL/ICL/FortiLink interface. + fortios_switch_controller_auto_config_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_auto_config_custom: + name: "default_name_3" + switch_binding: + - + policy: " (source switch-controller.auto-config.policy.name)" + switch_id: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_auto_config_default.rst b/gen/fortios_switch_controller_auto_config_default.rst new file mode 100644 index 00000000..901b34c7 --- /dev/null +++ b/gen/fortios_switch_controller_auto_config_default.rst @@ -0,0 +1,321 @@ +:source: fortios_switch_controller_auto_config_default.py + +:orphan: + +.. fortios_switch_controller_auto_config_default: + +fortios_switch_controller_auto_config_default -- Policies which are applied automatically to all ISL/ICL/FortiLink interfaces in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_auto_config feature and default category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_auto_config_defaultyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_auto_config_default - Policies which are applied automatically to all ISL/ICL/FortiLink interfaces. type: dict + more... + +
              • +
                +
              • fgt_policy - Default FortiLink auto-config policy. Source switch-controller.auto-config.policy.name. type: str + more... + +
                • +
              • icl_policy - Default ICL auto-config policy. Source switch-controller.auto-config.policy.name. type: str + more... + +
                • +
              • isl_policy - Default ISL auto-config policy. Source switch-controller.auto-config.policy.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Policies which are applied automatically to all ISL/ICL/FortiLink interfaces. + fortios_switch_controller_auto_config_default: + vdom: "{{ vdom }}" + switch_controller_auto_config_default: + fgt_policy: " (source switch-controller.auto-config.policy.name)" + icl_policy: " (source switch-controller.auto-config.policy.name)" + isl_policy: " (source switch-controller.auto-config.policy.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_auto_config_policy.rst b/gen/fortios_switch_controller_auto_config_policy.rst new file mode 100644 index 00000000..8423f60c --- /dev/null +++ b/gen/fortios_switch_controller_auto_config_policy.rst @@ -0,0 +1,540 @@ +:source: fortios_switch_controller_auto_config_policy.py + +:orphan: + +.. fortios_switch_controller_auto_config_policy: + +fortios_switch_controller_auto_config_policy -- Policy definitions which can define the behavior on auto configured interfaces in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_auto_config feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_auto_config_policyyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_auto_config_policy - Policy definitions which can define the behavior on auto configured interfaces. type: dict + more... + +
              • +
                +
              • igmp_flood_report - Enable/disable IGMP flood report. type: str choices: enable, disable + more... + +
                • +
              • igmp_flood_traffic - Enable/disable IGMP flood traffic. type: str choices: enable, disable + more... + +
                • +
              • name - Auto-config policy name. type: str required: true + more... + +
                • +
              • poe_status - Enable/disable PoE status. type: str choices: enable, disable + more... + +
                • +
              • qos_policy - Auto-Config QoS policy. Source switch-controller.qos.qos-policy.name. type: str + more... + +
                • +
              • storm_control_policy - Auto-Config storm control policy. Source switch-controller.storm-control-policy.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Policy definitions which can define the behavior on auto configured interfaces. + fortios_switch_controller_auto_config_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_auto_config_policy: + igmp_flood_report: "enable" + igmp_flood_traffic: "enable" + name: "default_name_5" + poe_status: "enable" + qos_policy: " (source switch-controller.qos.qos-policy.name)" + storm_control_policy: " (source switch-controller.storm-control-policy.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_custom_command.rst b/gen/fortios_switch_controller_custom_command.rst new file mode 100644 index 00000000..f003bbd8 --- /dev/null +++ b/gen/fortios_switch_controller_custom_command.rst @@ -0,0 +1,354 @@ +:source: fortios_switch_controller_custom_command.py + +:orphan: + +.. fortios_switch_controller_custom_command: + +fortios_switch_controller_custom_command -- Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and custom_command category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_custom_commandyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_custom_command - Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. type: dict + more... + +
              • +
                +
              • command - String of commands to send to FortiSwitch devices (For example (%0a = return key): config switch trunk %0a edit myTrunk %0a set members port1 port2 %0a end %0a). type: str + more... + +
                • +
              • command_name - Command name called by the FortiGate switch controller in the execute command. type: str + more... + +
                • +
              • description - Description. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. + fortios_switch_controller_custom_command: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_custom_command: + command: "" + command_name: "" + description: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_dynamic_port_policy.rst b/gen/fortios_switch_controller_dynamic_port_policy.rst new file mode 100644 index 00000000..0d1efbd5 --- /dev/null +++ b/gen/fortios_switch_controller_dynamic_port_policy.rst @@ -0,0 +1,756 @@ +:source: fortios_switch_controller_dynamic_port_policy.py + +:orphan: + +.. fortios_switch_controller_dynamic_port_policy: + +fortios_switch_controller_dynamic_port_policy -- Configure Dynamic port policy to be applied on the managed FortiSwitch ports through DPP device in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and dynamic_port_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_dynamic_port_policyyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_dynamic_port_policy - Configure Dynamic port policy to be applied on the managed FortiSwitch ports through DPP device. type: dict + more... + +
              • +
                +
              • description - Description for the Dynamic port policy. type: str + more... + +
                • +
              • fortilink - FortiLink interface for which this Dynamic port policy belongs to. Source system.interface.name. type: str + more... + +
                • +
              • name - Dynamic port policy name. type: str required: true + more... + +
                • +
              • policy - Port policies with matching criteria and actions. type: list member_path: policy:name + more... + +
                • +
                  +
                • 802_1x - 802.1x security policy to be applied when using this policy. Source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal.name. type: str + more... + +
                  • +
                • bounce_port_link - Enable/disable bouncing (administratively bring the link down, up) of a switch port where this policy is applied. Helps to clear and reassign VLAN from lldp-profile. type: str choices: disable, enable + more... + +
                  • +
                • category - Category of Dynamic port policy. type: str choices: device, interface-tag + more... + +
                  • +
                • description - Description for the policy. type: str + more... + +
                  • +
                • family - Match policy based on family. type: str + more... + +
                  • +
                • host - Match policy based on host. type: str + more... + +
                  • +
                • hw_vendor - Match policy based on hardware vendor. type: str + more... + +
                  • +
                • interface_tags - Match policy based on the FortiSwitch interface object tags. type: list + more... + +
                  • +
                    +
                  • tag_name - FortiSwitch port tag name. Source switch-controller.switch-interface-tag.name. type: str + more... + +
                    • +
                  +
                • lldp_profile - LLDP profile to be applied when using this policy. Source switch-controller.lldp-profile.name. type: str + more... + +
                  • +
                • mac - Match policy based on MAC address. type: str + more... + +
                  • +
                • name - Policy name. type: str required: true + more... + +
                  • +
                • qos_policy - QoS policy to be applied when using this policy. Source switch-controller.qos.qos-policy.name. type: str + more... + +
                  • +
                • status - Enable/disable policy. type: str choices: enable, disable + more... + +
                  • +
                • type - Match policy based on type. type: str + more... + +
                  • +
                • vlan_policy - VLAN policy to be applied when using this policy. Source switch-controller.vlan-policy.name. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Dynamic port policy to be applied on the managed FortiSwitch ports through DPP device. + fortios_switch_controller_dynamic_port_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_dynamic_port_policy: + description: "" + fortilink: " (source system.interface.name)" + name: "default_name_5" + policy: + - + 802_1x: " (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal.name)" + bounce_port_link: "disable" + category: "device" + description: "" + family: "" + host: "myhostname" + hw_vendor: "" + interface_tags: + - + tag_name: " (source switch-controller.switch-interface-tag.name)" + lldp_profile: " (source switch-controller.lldp-profile.name)" + mac: "" + name: "default_name_18" + qos_policy: " (source switch-controller.qos.qos-policy.name)" + status: "enable" + type: "" + vlan_policy: " (source switch-controller.vlan-policy.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_flow_tracking.rst b/gen/fortios_switch_controller_flow_tracking.rst new file mode 100644 index 00000000..5ff04a1e --- /dev/null +++ b/gen/fortios_switch_controller_flow_tracking.rst @@ -0,0 +1,1164 @@ +:source: fortios_switch_controller_flow_tracking.py + +:orphan: + +.. fortios_switch_controller_flow_tracking: + +fortios_switch_controller_flow_tracking -- Configure FortiSwitch flow tracking and export via ipfix/netflow in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and flow_tracking category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_flow_trackingyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_flow_tracking - Configure FortiSwitch flow tracking and export via ipfix/netflow. type: dict + more... + +
              • +
                +
              • aggregates - Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow. type: list member_path: aggregates:id + more... + +
                • +
                  +
                • id - Aggregate id. type: int required: true + more... + +
                  • +
                • ip - IP address to group all matching traffic sessions to a flow. type: str + more... + +
                  • +
                +
              • collector_ip - Configure collector ip address. type: str + more... + +
                • +
              • collector_port - Configure collector port number(0-65535). type: int + more... + +
                • +
              • format - Configure flow tracking protocol. type: str choices: netflow1, netflow5, netflow9, ipfix + more... + +
                • +
              • level - Configure flow tracking level. type: str choices: vlan, ip, port, proto, mac + more... + +
                • +
              • max_export_pkt_size - Configure flow max export packet size (512-9216). type: int + more... + +
                • +
              • sample_mode - Configure sample mode for the flow tracking. type: str choices: local, perimeter, device-ingress + more... + +
                • +
              • sample_rate - Configure sample rate for the perimeter and device-ingress sampling(0 - 99999). type: int + more... + +
                • +
              • timeout_general - Configure flow session general timeout (60-604800). type: int + more... + +
                • +
              • timeout_icmp - Configure flow session ICMP timeout (60-604800). type: int + more... + +
                • +
              • timeout_max - Configure flow session max timeout (60-604800). type: int + more... + +
                • +
              • timeout_tcp - Configure flow session TCP timeout (60-604800). type: int + more... + +
                • +
              • timeout_tcp_fin - Configure flow session TCP FIN timeout (60-604800). type: int + more... + +
                • +
              • timeout_tcp_rst - Configure flow session TCP RST timeout (60-604800). type: int + more... + +
                • +
              • timeout_udp - Configure flow session UDP timeout (60-604800). type: int + more... + +
                • +
              • transport - Configure L4 transport protocol for exporting packets. type: str choices: udp, tcp, sctp + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch flow tracking and export via ipfix/netflow. + fortios_switch_controller_flow_tracking: + vdom: "{{ vdom }}" + switch_controller_flow_tracking: + aggregates: + - + id: "4" + ip: "" + collector_ip: "" + collector_port: "7" + format: "netflow1" + level: "vlan" + max_export_pkt_size: "10" + sample_mode: "local" + sample_rate: "12" + timeout_general: "13" + timeout_icmp: "14" + timeout_max: "15" + timeout_tcp: "16" + timeout_tcp_fin: "17" + timeout_tcp_rst: "18" + timeout_udp: "19" + transport: "udp" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_fortilink_settings.rst b/gen/fortios_switch_controller_fortilink_settings.rst new file mode 100644 index 00000000..73bb3881 --- /dev/null +++ b/gen/fortios_switch_controller_fortilink_settings.rst @@ -0,0 +1,563 @@ +:source: fortios_switch_controller_fortilink_settings.py + +:orphan: + +.. fortios_switch_controller_fortilink_settings: + +fortios_switch_controller_fortilink_settings -- Configure integrated FortiLink settings for FortiSwitch in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and fortilink_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_fortilink_settingsyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_fortilink_settings - Configure integrated FortiLink settings for FortiSwitch. type: dict + more... + +
              • +
                +
              • fortilink - FortiLink interface to which this fortilink-setting belongs. Source system.interface.name. type: str + more... + +
                • +
              • inactive_timer - Time interval(minutes) to be included in the inactive devices expiry calculation (mac age-out + inactive-time + periodic scan interval). type: int + more... + +
                • +
              • link_down_flush - Clear NAC and dynamic devices on switch ports on link down event. type: str choices: disable, enable + more... + +
                • +
              • nac_ports - NAC specific configuration. type: dict + more... + +
                • +
                  +
                • bounce_nac_port - Enable/disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured on the port. Helps to re-initiate the DHCP process for a device. type: str choices: disable, enable + more... + +
                  • +
                • lan_segment - Enable/disable LAN segment feature on the FortiLink interface. type: str choices: enabled, disabled + more... + +
                  • +
                • member_change - Member change flag. type: int + more... + +
                  • +
                • nac_lan_interface - Configure NAC LAN interface. Source system.interface.name. type: str + more... + +
                  • +
                • nac_segment_vlans - Configure NAC segment VLANs. type: list + more... + +
                  • +
                    +
                  • vlan_name - VLAN interface name. Source system.interface.name. type: str + more... + +
                    • +
                  +
                • onboarding_vlan - Default NAC Onboarding VLAN when NAC devices are discovered. Source system.interface.name. type: str + more... + +
                  • +
                • parent_key - Parent key name. type: str + more... + +
                  • +
                +
              • name - FortiLink settings name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure integrated FortiLink settings for FortiSwitch. + fortios_switch_controller_fortilink_settings: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_fortilink_settings: + fortilink: " (source system.interface.name)" + inactive_timer: "4" + link_down_flush: "disable" + nac_ports: + bounce_nac_port: "disable" + lan_segment: "enabled" + member_change: "9" + nac_lan_interface: " (source system.interface.name)" + nac_segment_vlans: + - + vlan_name: " (source system.interface.name)" + onboarding_vlan: " (source system.interface.name)" + parent_key: "" + name: "default_name_15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_global.rst b/gen/fortios_switch_controller_global.rst new file mode 100644 index 00000000..244daf18 --- /dev/null +++ b/gen/fortios_switch_controller_global.rst @@ -0,0 +1,1742 @@ +:source: fortios_switch_controller_global.py + +:orphan: + +.. fortios_switch_controller_global: + +fortios_switch_controller_global -- Configure FortiSwitch global settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_globalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_global - Configure FortiSwitch global settings. type: dict + more... + +
              • +
                +
              • allow_multiple_interfaces - Enable/disable multiple FortiLink interfaces for redundant connections between a managed FortiSwitch and FortiGate. type: str choices: enable, disable + more... + +
                • +
              • bounce_quarantined_link - Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device. type: str choices: disable, enable + more... + +
                • +
              • custom_command - List of custom commands to be pushed to all FortiSwitches in the VDOM. type: list + more... + +
                • +
                  +
                • command_entry - List of FortiSwitch commands. type: str + more... + +
                  • +
                • command_name - Name of custom command to push to all FortiSwitches in VDOM. Source switch-controller.custom-command.command-name. type: str + more... + +
                  • +
                +
              • default_virtual_switch_vlan - Default VLAN for ports when added to the virtual-switch. Source system.interface.name. type: str + more... + +
                • +
              • dhcp_server_access_list - Enable/disable DHCP snooping server access list. type: str choices: enable, disable + more... + +
                • +
              • disable_discovery - Prevent this FortiSwitch from discovering. type: list member_path: disable_discovery:name + more... + +
                • +
                  +
                • name - Managed device ID. type: str required: true + more... + +
                  • +
                +
              • fips_enforce - Enable/disable enforcement of FIPS on managed FortiSwitch devices. type: str choices: disable, enable + more... + +
                • +
              • firmware_provision_on_authorization - Enable/disable automatic provisioning of latest firmware on authorization. type: str choices: enable, disable + more... + +
                • +
              • https_image_push - Enable/disable image push to FortiSwitch using HTTPS. type: str choices: enable, disable + more... + +
                • +
              • log_mac_limit_violations - Enable/disable logs for Learning Limit Violations. type: str choices: enable, disable + more... + +
                • +
              • mac_aging_interval - Time after which an inactive MAC is aged out (10 - 1000000 sec). type: int + more... + +
                • +
              • mac_event_logging - Enable/disable MAC address event logging. type: str choices: enable, disable + more... + +
                • +
              • mac_retention_period - Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval). type: int + more... + +
                • +
              • mac_violation_timer - Set timeout for Learning Limit Violations (0 = disabled). type: int + more... + +
                • +
              • quarantine_mode - Quarantine mode. type: str choices: by-vlan, by-redirect + more... + +
                • +
              • sn_dns_resolution - Enable/disable DNS resolution of the FortiSwitch unit"s IP address by use of its serial number. type: str choices: enable, disable + more... + +
                • +
              • update_user_device - Control which sources update the device user list. type: list choices: mac-cache, lldp, dhcp-snooping, l2-db, l3-db + more... + +
                • +
              • vlan_all_mode - VLAN configuration mode, user-defined-vlans or all-possible-vlans. type: str choices: all, defined + more... + +
                • +
              • vlan_optimization - FortiLink VLAN optimization. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch global settings. + fortios_switch_controller_global: + vdom: "{{ vdom }}" + switch_controller_global: + allow_multiple_interfaces: "enable" + bounce_quarantined_link: "disable" + custom_command: + - + command_entry: "" + command_name: " (source switch-controller.custom-command.command-name)" + default_virtual_switch_vlan: " (source system.interface.name)" + dhcp_server_access_list: "enable" + disable_discovery: + - + name: "default_name_11" + fips_enforce: "disable" + firmware_provision_on_authorization: "enable" + https_image_push: "enable" + log_mac_limit_violations: "enable" + mac_aging_interval: "16" + mac_event_logging: "enable" + mac_retention_period: "18" + mac_violation_timer: "19" + quarantine_mode: "by-vlan" + sn_dns_resolution: "enable" + update_user_device: "mac-cache" + vlan_all_mode: "all" + vlan_optimization: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_igmp_snooping.rst b/gen/fortios_switch_controller_igmp_snooping.rst new file mode 100644 index 00000000..38a4608f --- /dev/null +++ b/gen/fortios_switch_controller_igmp_snooping.rst @@ -0,0 +1,343 @@ +:source: fortios_switch_controller_igmp_snooping.py + +:orphan: + +.. fortios_switch_controller_igmp_snooping: + +fortios_switch_controller_igmp_snooping -- Configure FortiSwitch IGMP snooping global settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and igmp_snooping category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_igmp_snoopingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_igmp_snooping - Configure FortiSwitch IGMP snooping global settings. type: dict + more... + +
              • +
                +
              • aging_time - Maximum number of seconds to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). type: int + more... + +
                • +
              • flood_unknown_multicast - Enable/disable unknown multicast flooding. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch IGMP snooping global settings. + fortios_switch_controller_igmp_snooping: + vdom: "{{ vdom }}" + switch_controller_igmp_snooping: + aging_time: "3" + flood_unknown_multicast: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_initial_config_template.rst b/gen/fortios_switch_controller_initial_config_template.rst new file mode 100644 index 00000000..6710a52b --- /dev/null +++ b/gen/fortios_switch_controller_initial_config_template.rst @@ -0,0 +1,560 @@ +:source: fortios_switch_controller_initial_config_template.py + +:orphan: + +.. fortios_switch_controller_initial_config_template: + +fortios_switch_controller_initial_config_template -- Configure template for auto-generated VLANs in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_initial_config feature and template category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_initial_config_templateyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_initial_config_template - Configure template for auto-generated VLANs. type: dict + more... + +
              • +
                +
              • allowaccess - Permitted types of management access to this interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, fabric, ftm + more... + +
                • +
              • auto_ip - Automatically allocate interface address and subnet block. type: str choices: enable, disable + more... + +
                • +
              • dhcp_server - Enable/disable a DHCP server on this interface. type: str choices: enable, disable + more... + +
                • +
              • ip - Interface IPv4 address and subnet mask. type: str + more... + +
                • +
              • name - Initial config template name. type: str required: true + more... + +
                • +
              • vlanid - Unique VLAN ID. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure template for auto-generated VLANs. + fortios_switch_controller_initial_config_template: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_initial_config_template: + allowaccess: "ping" + auto_ip: "enable" + dhcp_server: "enable" + ip: "" + name: "default_name_7" + vlanid: "8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_initial_config_vlans.rst b/gen/fortios_switch_controller_initial_config_vlans.rst new file mode 100644 index 00000000..07e03f04 --- /dev/null +++ b/gen/fortios_switch_controller_initial_config_vlans.rst @@ -0,0 +1,409 @@ +:source: fortios_switch_controller_initial_config_vlans.py + +:orphan: + +.. fortios_switch_controller_initial_config_vlans: + +fortios_switch_controller_initial_config_vlans -- Configure initial template for auto-generated VLAN interfaces in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_initial_config feature and vlans category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_initial_config_vlansyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_initial_config_vlans - Configure initial template for auto-generated VLAN interfaces. type: dict + more... + +
              • +
                +
              • default_vlan - Default VLAN (native) assigned to all switch ports upon discovery. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              • nac - VLAN for NAC onboarding devices. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              • nac_segment - VLAN for NAC segment primary interface. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              • quarantine - VLAN for quarantined traffic. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              • rspan - VLAN for RSPAN/ERSPAN mirrored traffic. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              • video - VLAN dedicated for video devices. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              • voice - VLAN dedicated for voice devices. Source switch-controller.initial-config.template.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure initial template for auto-generated VLAN interfaces. + fortios_switch_controller_initial_config_vlans: + vdom: "{{ vdom }}" + switch_controller_initial_config_vlans: + default_vlan: " (source switch-controller.initial-config.template.name)" + nac: " (source switch-controller.initial-config.template.name)" + nac_segment: " (source switch-controller.initial-config.template.name)" + quarantine: " (source switch-controller.initial-config.template.name)" + rspan: " (source switch-controller.initial-config.template.name)" + video: " (source switch-controller.initial-config.template.name)" + voice: " (source switch-controller.initial-config.template.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_lldp_profile.rst b/gen/fortios_switch_controller_lldp_profile.rst new file mode 100644 index 00000000..fc12af74 --- /dev/null +++ b/gen/fortios_switch_controller_lldp_profile.rst @@ -0,0 +1,1553 @@ +:source: fortios_switch_controller_lldp_profile.py + +:orphan: + +.. fortios_switch_controller_lldp_profile: + +fortios_switch_controller_lldp_profile -- Configure FortiSwitch LLDP profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and lldp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_lldp_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_lldp_profile - Configure FortiSwitch LLDP profiles. type: dict + more... + +
              • +
                +
              • tlvs_802dot1 - Transmitted IEEE 802.1 TLVs. type: str choices: port-vlan-id
                • +
              • tlvs_802dot3 - Transmitted IEEE 802.3 TLVs. type: str choices: max-frame-size, power-negotiation
                • +
              • auto_isl - Enable/disable auto inter-switch LAG. type: str choices: disable, enable + more... + +
                • +
              • auto_isl_hello_timer - Auto inter-switch LAG hello timer duration (1 - 30 sec). type: int + more... + +
                • +
              • auto_isl_port_group - Auto inter-switch LAG port group ID (0 - 9). type: int + more... + +
                • +
              • auto_isl_receive_timeout - Auto inter-switch LAG timeout if no response is received (3 - 90 sec). type: int + more... + +
                • +
              • auto_mclag_icl - Enable/disable MCLAG inter chassis link. type: str choices: disable, enable + more... + +
                • +
              • custom_tlvs - Configuration method to edit custom TLV entries. type: list member_path: custom_tlvs:name + more... + +
                • +
                  +
                • information_string - Organizationally defined information string (0 - 507 hexadecimal bytes). type: str + more... + +
                  • +
                • name - TLV name (not sent). type: str required: true + more... + +
                  • +
                • oui - Organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV. type: str + more... + +
                  • +
                • subtype - Organizationally defined subtype (0 - 255). type: int + more... + +
                  • +
                +
              • med_location_service - Configuration method to edit Media Endpoint Discovery (MED) location service type-length-value (TLV) categories. type: list member_path: med_location_service:name + more... + +
                • +
                  +
                • name - Location service type name. type: str required: true + more... + +
                  • +
                • status - Enable or disable this TLV. type: str choices: disable, enable + more... + +
                  • +
                • sys_location_id - Location service ID. Source switch-controller.location.name. type: str + more... + +
                  • +
                +
              • med_network_policy - Configuration method to edit Media Endpoint Discovery (MED) network policy type-length-value (TLV) categories. type: list member_path: med_network_policy:name + more... + +
                • +
                  +
                • assign_vlan - Enable/disable VLAN assignment when this profile is applied on managed FortiSwitch port. type: str choices: disable, enable + more... + +
                  • +
                • dscp - Advertised Differentiated Services Code Point (DSCP) value, a packet header value indicating the level of service requested for traffic, such as high priority or best effort delivery. type: int + more... + +
                  • +
                • name - Policy type name. type: str required: true + more... + +
                  • +
                • priority - Advertised Layer 2 priority (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable or disable this TLV. type: str choices: disable, enable + more... + +
                  • +
                • vlan - ID of VLAN to advertise, if configured on port (0 - 4094, 0 = priority tag). type: int + more... + +
                  • +
                • vlan_intf - VLAN interface to advertise; if configured on port. Source system.interface.name. type: str + more... + +
                  • +
                +
              • med_tlvs - Transmitted LLDP-MED TLVs (type-length-value descriptions). type: list choices: inventory-management, network-policy, power-management, location-identification + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch LLDP profiles. + fortios_switch_controller_lldp_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_lldp_profile: + tlvs_802dot1: "port-vlan-id" + tlvs_802dot3: "max-frame-size" + auto_isl: "disable" + auto_isl_hello_timer: "6" + auto_isl_port_group: "7" + auto_isl_receive_timeout: "8" + auto_mclag_icl: "disable" + custom_tlvs: + - + information_string: "" + name: "default_name_12" + oui: "" + subtype: "14" + med_location_service: + - + name: "default_name_16" + status: "disable" + sys_location_id: " (source switch-controller.location.name)" + med_network_policy: + - + assign_vlan: "disable" + dscp: "21" + name: "default_name_22" + priority: "23" + status: "disable" + vlan: "25" + vlan_intf: " (source system.interface.name)" + med_tlvs: "inventory-management" + name: "default_name_28" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_lldp_settings.rst b/gen/fortios_switch_controller_lldp_settings.rst new file mode 100644 index 00000000..f20d373a --- /dev/null +++ b/gen/fortios_switch_controller_lldp_settings.rst @@ -0,0 +1,551 @@ +:source: fortios_switch_controller_lldp_settings.py + +:orphan: + +.. fortios_switch_controller_lldp_settings: + +fortios_switch_controller_lldp_settings -- Configure FortiSwitch LLDP settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and lldp_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_lldp_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_lldp_settings - Configure FortiSwitch LLDP settings. type: dict + more... + +
              • +
                +
              • device_detection - Enable/disable dynamic detection of LLDP neighbor devices for VLAN assignment. type: str choices: disable, enable + more... + +
                • +
              • fast_start_interval - Frequency of LLDP PDU transmission from FortiSwitch for the first 4 packets when the link is up (2 - 5 sec). type: int + more... + +
                • +
              • management_interface - Primary management interface to be advertised in LLDP and CDP PDUs. type: str choices: internal, mgmt + more... + +
                • +
              • status - Enable/disable LLDP global settings. type: str choices: enable, disable + more... + +
                • +
              • tx_hold - Number of tx-intervals before local LLDP data expires (1 - 16). Packet TTL is tx-hold * tx-interval. type: int + more... + +
                • +
              • tx_interval - Frequency of LLDP PDU transmission from FortiSwitch (5 - 4095 sec). Packet TTL is tx-hold * tx-interval. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch LLDP settings. + fortios_switch_controller_lldp_settings: + vdom: "{{ vdom }}" + switch_controller_lldp_settings: + device_detection: "disable" + fast_start_interval: "4" + management_interface: "internal" + status: "enable" + tx_hold: "7" + tx_interval: "8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_location.rst b/gen/fortios_switch_controller_location.rst new file mode 100644 index 00000000..51a3ddbc --- /dev/null +++ b/gen/fortios_switch_controller_location.rst @@ -0,0 +1,2130 @@ +:source: fortios_switch_controller_location.py + +:orphan: + +.. fortios_switch_controller_location: + +fortios_switch_controller_location -- Configure FortiSwitch location services in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and location category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_locationyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_location - Configure FortiSwitch location services. type: dict + more... + +
              • +
                +
              • address_civic - Configure location civic address. type: dict + more... + +
                • +
                  +
                • additional - Location additional details. type: str + more... + +
                  • +
                • additional_code - Location additional code details. type: str + more... + +
                  • +
                • block - Location block details. type: str + more... + +
                  • +
                • branch_road - Location branch road details. type: str + more... + +
                  • +
                • building - Location building details. type: str + more... + +
                  • +
                • city - Location city details. type: str + more... + +
                  • +
                • city_division - Location city division details. type: str + more... + +
                  • +
                • country - The two-letter ISO 3166 country code in capital ASCII letters eg. US, CA, DK, DE. type: str + more... + +
                  • +
                • country_subdivision - National subdivisions (state, canton, region, province, or prefecture). type: str + more... + +
                  • +
                • county - County, parish, gun (JP), or district (IN). type: str + more... + +
                  • +
                • direction - Leading street direction. type: str + more... + +
                  • +
                • floor - Floor. type: str + more... + +
                  • +
                • landmark - Landmark or vanity address. type: str + more... + +
                  • +
                • language - Language. type: str + more... + +
                  • +
                • name - Name (residence and office occupant). type: str + more... + +
                  • +
                • number - House number. type: str + more... + +
                  • +
                • number_suffix - House number suffix. type: str + more... + +
                  • +
                • parent_key - Parent key name. type: str + more... + +
                  • +
                • place_type - Place type. type: str + more... + +
                  • +
                • post_office_box - Post office box. type: str + more... + +
                  • +
                • postal_community - Postal community name. type: str + more... + +
                  • +
                • primary_road - Primary road name. type: str + more... + +
                  • +
                • road_section - Road section. type: str + more... + +
                  • +
                • room - Room number. type: str + more... + +
                  • +
                • script - Script used to present the address information. type: str + more... + +
                  • +
                • seat - Seat number. type: str + more... + +
                  • +
                • street - Street. type: str + more... + +
                  • +
                • street_name_post_mod - Street name post modifier. type: str + more... + +
                  • +
                • street_name_pre_mod - Street name pre modifier. type: str + more... + +
                  • +
                • street_suffix - Street suffix. type: str + more... + +
                  • +
                • sub_branch_road - Sub branch road name. type: str + more... + +
                  • +
                • trailing_str_suffix - Trailing street suffix. type: str + more... + +
                  • +
                • unit - Unit (apartment, suite). type: str + more... + +
                  • +
                • zip - Postal/zip code. type: str + more... + +
                  • +
                +
              • coordinates - Configure location GPS coordinates. type: dict + more... + +
                • +
                  +
                • altitude - Plus or minus floating point number. For example, 117.47. type: str + more... + +
                  • +
                • altitude_unit - Configure the unit for which the altitude is to (m = meters, f = floors of a building). type: str choices: m, f + more... + +
                  • +
                • datum - WGS84, NAD83, NAD83/MLLW. type: str choices: WGS84, NAD83, NAD83/MLLW + more... + +
                  • +
                • latitude - Floating point starting with +/- or ending with (N or S). For example, +/-16.67 or 16.67N. type: str + more... + +
                  • +
                • longitude - Floating point starting with +/- or ending with (N or S). For example, +/-26.789 or 26.789E. type: str + more... + +
                  • +
                • parent_key - Parent key name. type: str + more... + +
                  • +
                +
              • elin_number - Configure location ELIN number. type: dict + more... + +
                • +
                  +
                • elin_num - Configure ELIN callback number. type: str + more... + +
                  • +
                • parent_key - Parent key name. type: str + more... + +
                  • +
                +
              • name - Unique location item name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch location services. + fortios_switch_controller_location: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_location: + address_civic: + additional: "" + additional_code: "" + block: "" + branch_road: "" + building: "" + city: "" + city_division: "" + country: "" + country_subdivision: "" + county: "" + direction: "" + floor: "" + landmark: "" + language: "" + name: "default_name_18" + number: "" + number_suffix: "" + parent_key: "" + place_type: "" + post_office_box: "" + postal_community: "" + primary_road: "" + road_section: "" + room: "" + script: "" + seat: "" + street: "" + street_name_post_mod: "" + street_name_pre_mod: "" + street_suffix: "" + sub_branch_road: "" + trailing_str_suffix: "" + unit: "" + zip: "" + coordinates: + altitude: "" + altitude_unit: "m" + datum: "WGS84" + latitude: "" + longitude: "" + parent_key: "" + elin_number: + elin_num: "" + parent_key: "" + name: "default_name_48" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_mac_policy.rst b/gen/fortios_switch_controller_mac_policy.rst new file mode 100644 index 00000000..910f69b6 --- /dev/null +++ b/gen/fortios_switch_controller_mac_policy.rst @@ -0,0 +1,488 @@ +:source: fortios_switch_controller_mac_policy.py + +:orphan: + +.. fortios_switch_controller_mac_policy: + +fortios_switch_controller_mac_policy -- Configure MAC policy to be applied on the managed FortiSwitch devices through NAC device in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and mac_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_mac_policyyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_mac_policy - Configure MAC policy to be applied on the managed FortiSwitch devices through NAC device. type: dict + more... + +
              • +
                +
              • bounce_port_link - Enable/disable bouncing (administratively bring the link down, up) of a switch port where this mac-policy is applied. type: str choices: disable, enable + more... + +
                • +
              • count - Enable/disable packet count on the NAC device. type: str choices: disable, enable + more... + +
                • +
              • description - Description for the MAC policy. type: str + more... + +
                • +
              • drop - Enable/disable dropping of NAC device traffic. type: str choices: disable, enable + more... + +
                • +
              • fortilink - FortiLink interface for which this MAC policy belongs to. Source system.interface.name. type: str + more... + +
                • +
              • name - MAC policy name. type: str required: true + more... + +
                • +
              • traffic_policy - Traffic policy to be applied when using this MAC policy. Source switch-controller.traffic-policy.name. type: str + more... + +
                • +
              • vlan - Ingress traffic VLAN assignment for the MAC address matching this MAC policy. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MAC policy to be applied on the managed FortiSwitch devices through NAC device. + fortios_switch_controller_mac_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_mac_policy: + bounce_port_link: "disable" + count: "disable" + description: "" + drop: "disable" + fortilink: " (source system.interface.name)" + name: "default_name_8" + traffic_policy: " (source switch-controller.traffic-policy.name)" + vlan: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_mac_sync_settings.rst b/gen/fortios_switch_controller_mac_sync_settings.rst new file mode 100644 index 00000000..43765eeb --- /dev/null +++ b/gen/fortios_switch_controller_mac_sync_settings.rst @@ -0,0 +1,181 @@ +:source: fortios_switch_controller_mac_sync_settings.py + +:orphan: + +.. fortios_switch_controller_mac_sync_settings: + +fortios_switch_controller_mac_sync_settings -- Configure global MAC synchronization settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and mac_sync_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_switch_controller_mac_sync_settingsyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_mac_sync_settings - Configure global MAC synchronization settings. type: dict + more... + +
              • +
                +
              • mac_sync_interval - Time interval between MAC synchronizations (30 - 1800 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global MAC synchronization settings. + fortios_switch_controller_mac_sync_settings: + vdom: "{{ vdom }}" + switch_controller_mac_sync_settings: + mac_sync_interval: "3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_managed_switch.rst b/gen/fortios_switch_controller_managed_switch.rst new file mode 100644 index 00000000..dd788c15 --- /dev/null +++ b/gen/fortios_switch_controller_managed_switch.rst @@ -0,0 +1,15065 @@ +:source: fortios_switch_controller_managed_switch.py + +:orphan: + +.. fortios_switch_controller_managed_switch: + +fortios_switch_controller_managed_switch -- Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_managed_switchyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_managed_switch - Configure FortiSwitch devices that are managed by this FortiGate. type: dict + more... + +
              • +
                +
              • settings_802_1X - Configuration method to edit FortiSwitch 802.1X global settings. type: dict
                • +
                  +
                • link_down_auth - Authentication state to set if a link is down. type: str choices: set-unauth, no-action
                  • +
                • local_override - Enable to override global 802.1X settings on individual FortiSwitches. type: str choices: enable, disable
                  • +
                • max_reauth_attempt - Maximum number of authentication attempts (0 - 15). type: int
                  • +
                • reauth_period - Reauthentication time interval (1 - 1440 min). type: int
                  • +
                • tx_period - 802.1X Tx period (seconds). type: int
                  • +
                +
              • access_profile - FortiSwitch access profile. Source switch-controller.security-policy.local-access.name. type: str + more... + +
                • +
              • custom_command - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch. type: list + more... + +
                • +
                  +
                • command_entry - List of FortiSwitch commands. type: str + more... + +
                  • +
                • command_name - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name. type: str + more... + +
                  • +
                +
              • delayed_restart_trigger - Delayed restart triggered for this FortiSwitch. type: int + more... + +
                • +
              • description - Description. type: str + more... + +
                • +
              • dhcp_server_access_list - DHCP snooping server access list. type: str choices: global, enable, disable + more... + +
                • +
              • directly_connected - Directly connected FortiSwitch. type: int + more... + +
                • +
              • dynamic_capability - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. type: str + more... + +
                • +
              • dynamically_discovered - Dynamically discovered FortiSwitch. type: int + more... + +
                • +
              • firmware_provision - Enable/disable provisioning of firmware to FortiSwitches on join connection. type: str choices: enable, disable + more... + +
                • +
              • firmware_provision_latest - Enable/disable one-time automatic provisioning of the latest firmware version. type: str choices: disable, once + more... + +
                • +
              • firmware_provision_version - Firmware version to provision to this FortiSwitch on bootup (major.minor.build, i.e. 6.2.1234). type: str + more... + +
                • +
              • flow_identity - Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF ). type: str + more... + +
                • +
              • fsw_wan1_admin - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. type: str choices: discovered, disable, enable + more... + +
                • +
              • fsw_wan1_peer - FortiSwitch WAN1 peer port. Source system.interface.name. type: str + more... + +
                • +
              • fsw_wan2_admin - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. type: str choices: discovered, disable, enable + more... + +
                • +
              • fsw_wan2_peer - FortiSwitch WAN2 peer port. type: str + more... + +
                • +
              • igmp_snooping - Configure FortiSwitch IGMP snooping global settings. type: dict + more... + +
                • +
                  +
                • aging_time - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). type: int + more... + +
                  • +
                • flood_unknown_multicast - Enable/disable unknown multicast flooding. type: str choices: enable, disable + more... + +
                  • +
                • local_override - Enable/disable overriding the global IGMP snooping configuration. type: str choices: enable, disable + more... + +
                  • +
                • vlans - Configure IGMP snooping VLAN. type: list + more... + +
                  • +
                    +
                  • proxy - IGMP snooping proxy for the VLAN interface. type: str choices: disable, enable, global + more... + +
                    • +
                  • querier - Enable/disable IGMP snooping querier for the VLAN interface. type: str choices: disable, enable + more... + +
                    • +
                  • querier_addr - IGMP snooping querier address. type: str + more... + +
                    • +
                  • version - IGMP snooping querying version. type: int + more... + +
                    • +
                  • vlan_name - List of FortiSwitch VLANs. Source system.interface.name. type: str + more... + +
                    • +
                  +
                +
              • ip_source_guard - IP source guard. type: list member_path: ip_source_guard:port + more... + +
                • +
                  +
                • binding_entry - IP and MAC address configuration. type: list + more... + +
                  • +
                    +
                  • entry_name - Configure binding pair. type: str + more... + +
                    • +
                  • ip - Source IP for this rule. type: str + more... + +
                    • +
                  • mac - MAC address for this rule. type: str + more... + +
                    • +
                  +
                • description - Description. type: str + more... + +
                  • +
                • port - Ingress interface to which source guard is bound. type: str required: true + more... + +
                  • +
                +
              • l3_discovered - Layer 3 management discovered. type: int + more... + +
                • +
              • max_allowed_trunk_members - FortiSwitch maximum allowed trunk members. type: int + more... + +
                • +
              • mclag_igmp_snooping_aware - Enable/disable MCLAG IGMP-snooping awareness. type: str choices: enable, disable + more... + +
                • +
              • mirror - Configuration method to edit FortiSwitch packet mirror. type: list member_path: mirror:name + more... + +
                • +
                  +
                • dst - Destination port. type: str + more... + +
                  • +
                • name - Mirror name. type: str required: true + more... + +
                  • +
                • src_egress - Source egress interfaces. type: list member_path: mirror:name/src_egress:name + more... + +
                  • +
                    +
                  • name - Interface name. type: str required: true + more... + +
                    • +
                  +
                • src_ingress - Source ingress interfaces. type: list member_path: mirror:name/src_ingress:name + more... + +
                  • +
                    +
                  • name - Interface name. type: str required: true + more... + +
                    • +
                  +
                • status - Active/inactive mirror configuration. type: str choices: active, inactive + more... + +
                  • +
                • switching_packet - Enable/disable switching functionality when mirroring. type: str choices: enable, disable + more... + +
                  • +
                +
              • name - Managed-switch name. type: str + more... + +
                • +
              • override_snmp_community - Enable/disable overriding the global SNMP communities. type: str choices: enable, disable + more... + +
                • +
              • override_snmp_sysinfo - Enable/disable overriding the global SNMP system information. type: str choices: disable, enable + more... + +
                • +
              • override_snmp_trap_threshold - Enable/disable overriding the global SNMP trap threshold values. type: str choices: enable, disable + more... + +
                • +
              • override_snmp_user - Enable/disable overriding the global SNMP users. type: str choices: enable, disable + more... + +
                • +
              • owner_vdom - VDOM which owner of port belongs to. type: str + more... + +
                • +
              • poe_detection_type - PoE detection type for FortiSwitch. type: int + more... + +
                • +
              • poe_lldp_detection - Enable/disable PoE LLDP detection. type: str choices: enable, disable + more... + +
                • +
              • poe_pre_standard_detection - Enable/disable PoE pre-standard detection. type: str choices: enable, disable + more... + +
                • +
              • ports - Managed-switch port list. type: list + more... + +
                • +
                  +
                • access_mode - Access mode of the port. type: str choices: dynamic, nac, static, normal + more... + +
                  • +
                • aggregator_mode - LACP member select mode. type: str choices: bandwidth, count + more... + +
                  • +
                • allowed_vlans - Configure switch port tagged VLANs. type: list + more... + +
                  • +
                    +
                  • vlan_name - VLAN name. Source system.interface.name. type: str + more... + +
                    • +
                  +
                • allowed_vlans_all - Enable/disable all defined vlans on this port. type: str choices: enable, disable + more... + +
                  • +
                • arp_inspection_trust - Trusted or untrusted dynamic ARP inspection. type: str choices: untrusted, trusted + more... + +
                  • +
                • bundle - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. type: str choices: enable, disable + more... + +
                  • +
                • description - Description for port. type: str + more... + +
                  • +
                • dhcp_snoop_option82_trust - Enable/disable allowance of DHCP with option-82 on untrusted interface. type: str choices: enable, disable + more... + +
                  • +
                • dhcp_snooping - Trusted or untrusted DHCP-snooping interface. type: str choices: untrusted, trusted + more... + +
                  • +
                • discard_mode - Configure discard mode for port. type: str choices: none, all-untagged, all-tagged + more... + +
                  • +
                • edge_port - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. type: str choices: enable, disable + more... + +
                  • +
                • export_tags - Configure export tag(s) for FortiSwitch port when exported to a virtual port pool. type: list + more... + +
                  • +
                    +
                  • tag_name - FortiSwitch port tag name when exported to a virtual port pool. Source switch-controller.switch-interface-tag.name. type: str + more... + +
                    • +
                  +
                • export_to - Export managed-switch port to a tenant VDOM. Source system.vdom.name. type: str + more... + +
                  • +
                • export_to_pool - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. type: str + more... + +
                  • +
                • export_to_pool_flag - Switch controller export port to pool-list. type: int + more... + +
                  • +
                • fec_capable - FEC capable. type: int + more... + +
                  • +
                • fec_state - State of forward error correction. type: str choices: disabled, cl74, cl91 + more... + +
                  • +
                • fgt_peer_device_name - FGT peer device name. type: str + more... + +
                  • +
                • fgt_peer_port_name - FGT peer port name. type: str + more... + +
                  • +
                • fiber_port - Fiber-port. type: int + more... + +
                  • +
                • flags - Port properties flags. type: int + more... + +
                  • +
                • flow_control - Flow control direction. type: str choices: disable, tx, rx, both + more... + +
                  • +
                • fortilink_port - FortiLink uplink port. type: int + more... + +
                  • +
                • igmp_snooping - Set IGMP snooping mode for the physical port interface. type: str choices: enable, disable + more... + +
                  • +
                • igmps_flood_reports - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str choices: enable, disable + more... + +
                  • +
                • igmps_flood_traffic - Enable/disable flooding of IGMP snooping traffic to this interface. type: str choices: enable, disable + more... + +
                  • +
                • interface_tags - Tag(s) associated with the interface for various features including virtual port pool, dynamic port policy. type: list + more... + +
                  • +
                    +
                  • tag_name - FortiSwitch port tag name when exported to a virtual port pool or matched to dynamic port policy. Source switch-controller.switch-interface-tag.name. type: str + more... + +
                    • +
                  +
                • ip_source_guard - Enable/disable IP source guard. type: str choices: disable, enable + more... + +
                  • +
                • isl_local_trunk_name - ISL local trunk name. type: str + more... + +
                  • +
                • isl_peer_device_name - ISL peer device name. type: str + more... + +
                  • +
                • isl_peer_port_name - ISL peer port name. type: str + more... + +
                  • +
                • lacp_speed - End Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). type: str choices: slow, fast + more... + +
                  • +
                • learning_limit - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). type: int + more... + +
                  • +
                • lldp_profile - LLDP port TLV profile. Source switch-controller.lldp-profile.name. type: str + more... + +
                  • +
                • lldp_status - LLDP transmit and receive status. type: str choices: disable, rx-only, tx-only, tx-rx + more... + +
                  • +
                • loop_guard - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. type: str choices: enabled, disabled + more... + +
                  • +
                • loop_guard_timeout - Loop-guard timeout (0 - 120 min). type: int + more... + +
                  • +
                • mac_addr - Port/Trunk MAC. type: str + more... + +
                  • +
                • matched_dpp_intf_tags - Matched interface tags in the dynamic port policy. type: str + more... + +
                  • +
                • matched_dpp_policy - Matched child policy in the dynamic port policy. type: str + more... + +
                  • +
                • max_bundle - Maximum size of LAG bundle (1 - 24). type: int + more... + +
                  • +
                • mclag - Enable/disable multi-chassis link aggregation (MCLAG). type: str choices: enable, disable + more... + +
                  • +
                • mclag_icl_port - MCLAG-ICL port. type: int + more... + +
                  • +
                • media_type - Media type. type: str + more... + +
                  • +
                • member_withdrawal_behavior - Port behavior after it withdraws because of loss of control packets. type: str choices: forward, block + more... + +
                  • +
                • members - Aggregated LAG bundle interfaces. type: list + more... + +
                  • +
                    +
                  • member_name - Interface name from available options. type: str + more... + +
                    • +
                  +
                • min_bundle - Minimum size of LAG bundle (1 - 24). type: int + more... + +
                  • +
                • mode - LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. type: str choices: static, lacp-passive, lacp-active + more... + +
                  • +
                • p2p_port - General peer to peer tunnel port. type: int + more... + +
                  • +
                • packet_sample_rate - Packet sampling rate (0 - 99999 p/sec). type: int + more... + +
                  • +
                • packet_sampler - Enable/disable packet sampling on this interface. type: str choices: enabled, disabled + more... + +
                  • +
                • pause_meter - Configure ingress pause metering rate, in kbps . type: int + more... + +
                  • +
                • pause_meter_resume - Resume threshold for resuming traffic on ingress port. type: str choices: 75%, 50%, 25% + more... + +
                  • +
                • poe_capable - PoE capable. type: int + more... + +
                  • +
                • poe_max_power - PoE maximum power. type: str + more... + +
                  • +
                • poe_pre_standard_detection - Enable/disable PoE pre-standard detection. type: str choices: enable, disable + more... + +
                  • +
                • poe_standard - PoE standard supported. type: str + more... + +
                  • +
                • poe_status - Enable/disable PoE status. type: str choices: enable, disable + more... + +
                  • +
                • port_name - Switch port name. type: str + more... + +
                  • +
                • port_number - Port number. type: int + more... + +
                  • +
                • port_owner - Switch port name. type: str + more... + +
                  • +
                • port_policy - Switch controller dynamic port policy from available options. Source switch-controller.dynamic-port-policy.name. type: str + more... + +
                  • +
                • port_prefix_type - Port prefix type. type: int + more... + +
                  • +
                • port_security_policy - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name. type: str + more... + +
                  • +
                • port_selection_criteria - Algorithm for aggregate port selection. type: str choices: src-mac, dst-mac, src-dst-mac, src-ip, dst-ip, src-dst-ip + more... + +
                  • +
                • ptp_policy - PTP policy configuration. Source switch-controller.ptp.policy.name. type: str + more... + +
                  • +
                • qos_policy - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. type: str + more... + +
                  • +
                • rpvst_port - Enable/disable inter-operability with rapid PVST on this interface. type: str choices: disabled, enabled + more... + +
                  • +
                • sample_direction - Packet sampling direction. type: str choices: tx, rx, both + more... + +
                  • +
                • sflow_counter_interval - sFlow sampling counter polling interval in seconds (0 - 255). type: int + more... + +
                  • +
                • sflow_sample_rate - sFlow sampler sample rate (0 - 99999 p/sec). type: int + more... + +
                  • +
                • sflow_sampler - Enable/disable sFlow protocol on this interface. type: str choices: enabled, disabled + more... + +
                  • +
                • speed - Switch port speed; default and available settings depend on hardware. type: str choices: 10half, 10full, 100half, 100full, 1000auto, 1000fiber, 1000full, 10000, 40000, auto, auto-module, 100FX-half, 100FX-full, 100000full, 2500auto, 25000full, 50000full, 10000cr, 10000sr, 100000sr4, 100000cr4, 25000cr4, 25000sr4, 5000full, 2500full + more... + +
                  • +
                • speed_mask - Switch port speed mask. type: int + more... + +
                  • +
                • stacking_port - Stacking port. type: int + more... + +
                  • +
                • status - Switch port admin status: up or down. type: str choices: up, down + more... + +
                  • +
                • sticky_mac - Enable or disable sticky-mac on the interface. type: str choices: enable, disable + more... + +
                  • +
                • storm_control_policy - Switch controller storm control policy from available options. Source switch-controller.storm-control-policy.name. type: str + more... + +
                  • +
                • stp_bpdu_guard - Enable/disable STP BPDU guard on this interface. type: str choices: enabled, disabled + more... + +
                  • +
                • stp_bpdu_guard_timeout - BPDU Guard disabling protection (0 - 120 min). type: int + more... + +
                  • +
                • stp_root_guard - Enable/disable STP root guard on this interface. type: str choices: enabled, disabled + more... + +
                  • +
                • stp_state - Enable/disable Spanning Tree Protocol (STP) on this interface. type: str choices: enabled, disabled + more... + +
                  • +
                • switch_id - Switch id. type: str + more... + +
                  • +
                • type - Interface type: physical or trunk port. type: str choices: physical, trunk + more... + +
                  • +
                • untagged_vlans - Configure switch port untagged VLANs. type: list + more... + +
                  • +
                    +
                  • vlan_name - VLAN name. Source system.interface.name. type: str + more... + +
                    • +
                  +
                • virtual_port - Virtualized switch port. type: int + more... + +
                  • +
                • vlan - Assign switch ports to a VLAN. Source system.interface.name. type: str + more... + +
                  • +
                +
              • pre_provisioned - Pre-provisioned managed switch. type: int + more... + +
                • +
              • qos_drop_policy - Set QoS drop-policy. type: str choices: taildrop, random-early-detection + more... + +
                • +
              • qos_red_probability - Set QoS RED/WRED drop probability. type: int + more... + +
                • +
              • remote_log - Configure logging by FortiSwitch device to a remote syslog server. type: list member_path: remote_log:name + more... + +
                • +
                  +
                • csv - Enable/disable comma-separated value (CSV) strings. type: str choices: enable, disable + more... + +
                  • +
                • facility - Facility to log to remote syslog server. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                  • +
                • name - Remote log name. type: str required: true + more... + +
                  • +
                • port - Remote syslog server listening port. type: int + more... + +
                  • +
                • server - IPv4 address of the remote syslog server. type: str + more... + +
                  • +
                • severity - Severity of logs to be transferred to remote log server. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                  • +
                • status - Enable/disable logging by FortiSwitch device to a remote syslog server. type: str choices: enable, disable + more... + +
                  • +
                +
              • snmp_community - Configuration method to edit Simple Network Management Protocol (SNMP) communities. type: list member_path: snmp_community:id + more... + +
                • +
                  +
                • events - SNMP notifications (traps) to send. type: str choices: cpu-high, mem-low, log-full, intf-ip, ent-conf-change + more... + +
                  • +
                • hosts - Configure IPv4 SNMP managers (hosts). type: list member_path: snmp_community:id/hosts:id + more... + +
                  • +
                    +
                  • id - Host entry ID. type: int required: true + more... + +
                    • +
                  • ip - IPv4 address of the SNMP manager (host). type: str + more... + +
                    • +
                  +
                • id - SNMP community ID. type: int required: true + more... + +
                  • +
                • name - SNMP community name. type: str + more... + +
                  • +
                • query_v1_port - SNMP v1 query port . type: int + more... + +
                  • +
                • query_v1_status - Enable/disable SNMP v1 queries. type: str choices: disable, enable + more... + +
                  • +
                • query_v2c_port - SNMP v2c query port . type: int + more... + +
                  • +
                • query_v2c_status - Enable/disable SNMP v2c queries. type: str choices: disable, enable + more... + +
                  • +
                • status - Enable/disable this SNMP community. type: str choices: disable, enable + more... + +
                  • +
                • trap_v1_lport - SNMP v2c trap local port . type: int + more... + +
                  • +
                • trap_v1_rport - SNMP v2c trap remote port . type: int + more... + +
                  • +
                • trap_v1_status - Enable/disable SNMP v1 traps. type: str choices: disable, enable + more... + +
                  • +
                • trap_v2c_lport - SNMP v2c trap local port . type: int + more... + +
                  • +
                • trap_v2c_rport - SNMP v2c trap remote port . type: int + more... + +
                  • +
                • trap_v2c_status - Enable/disable SNMP v2c traps. type: str choices: disable, enable + more... + +
                  • +
                +
              • snmp_sysinfo - Configuration method to edit Simple Network Management Protocol (SNMP) system info. type: dict + more... + +
                • +
                  +
                • contact_info - Contact information. type: str + more... + +
                  • +
                • description - System description. type: str + more... + +
                  • +
                • engine_id - Local SNMP engine ID string (max 24 char). type: str + more... + +
                  • +
                • location - System location. type: str + more... + +
                  • +
                • status - Enable/disable SNMP. type: str choices: disable, enable + more... + +
                  • +
                +
              • snmp_trap_threshold - Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values. type: dict + more... + +
                • +
                  +
                • trap_high_cpu_threshold - CPU usage when trap is sent. type: int + more... + +
                  • +
                • trap_log_full_threshold - Log disk usage when trap is sent. type: int + more... + +
                  • +
                • trap_low_memory_threshold - Memory usage when trap is sent. type: int + more... + +
                  • +
                +
              • snmp_user - Configuration method to edit Simple Network Management Protocol (SNMP) users. type: list member_path: snmp_user:name + more... + +
                • +
                  +
                • auth_proto - Authentication protocol. type: str choices: md5, sha1, sha224, sha256, sha384, sha512, sha + more... + +
                  • +
                • auth_pwd - Password for authentication protocol. type: str + more... + +
                  • +
                • name - SNMP user name. type: str required: true + more... + +
                  • +
                • priv_proto - Privacy (encryption) protocol. type: str choices: aes128, aes192, aes192c, aes256, aes256c, des, aes + more... + +
                  • +
                • priv_pwd - Password for privacy (encryption) protocol. type: str + more... + +
                  • +
                • queries - Enable/disable SNMP queries for this user. type: str choices: disable, enable + more... + +
                  • +
                • query_port - SNMPv3 query port . type: int + more... + +
                  • +
                • security_level - Security level for message authentication and encryption. type: str choices: no-auth-no-priv, auth-no-priv, auth-priv + more... + +
                  • +
                +
              • staged_image_version - Staged image version for FortiSwitch. type: str + more... + +
                • +
              • static_mac - Configuration method to edit FortiSwitch Static and Sticky MAC. type: list member_path: static_mac:id + more... + +
                • +
                  +
                • description - Description. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • interface - Interface name. type: str + more... + +
                  • +
                • mac - MAC address. type: str + more... + +
                  • +
                • type - Type. type: str choices: static, sticky + more... + +
                  • +
                • vlan - Vlan. Source system.interface.name. type: str + more... + +
                  • +
                +
              • storm_control - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. type: dict + more... + +
                • +
                  +
                • broadcast - Enable/disable storm control to drop broadcast traffic. type: str choices: enable, disable + more... + +
                  • +
                • local_override - Enable to override global FortiSwitch storm control settings for this FortiSwitch. type: str choices: enable, disable + more... + +
                  • +
                • rate - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond this threshold. type: int + more... + +
                  • +
                • unknown_multicast - Enable/disable storm control to drop unknown multicast traffic. type: str choices: enable, disable + more... + +
                  • +
                • unknown_unicast - Enable/disable storm control to drop unknown unicast traffic. type: str choices: enable, disable + more... + +
                  • +
                +
              • stp_instance - Configuration method to edit Spanning Tree Protocol (STP) instances. type: list member_path: stp_instance:id + more... + +
                • +
                  +
                • id - Instance ID. type: str required: true + more... + +
                  • +
                • priority - Priority. type: str choices: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 + more... + +
                  • +
                +
              • stp_settings - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. type: dict + more... + +
                • +
                  +
                • forward_time - Period of time a port is in listening and learning state (4 - 30 sec). type: int + more... + +
                  • +
                • hello_time - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). type: int + more... + +
                  • +
                • local_override - Enable to configure local STP settings that override global STP settings. type: str choices: enable, disable + more... + +
                  • +
                • max_age - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). type: int + more... + +
                  • +
                • max_hops - Maximum number of hops between the root bridge and the furthest bridge (1- 40). type: int + more... + +
                  • +
                • name - Name of local STP settings configuration. type: str + more... + +
                  • +
                • pending_timer - Pending time (1 - 15 sec). type: int + more... + +
                  • +
                • revision - STP revision number (0 - 65535). type: int + more... + +
                  • +
                • status - Enable/disable STP. type: str choices: enable, disable + more... + +
                  • +
                +
              • switch_device_tag - User definable label/tag. type: str + more... + +
                • +
              • switch_dhcp_opt43_key - DHCP option43 key. type: str + more... + +
                • +
              • switch_id - Managed-switch id. type: str + more... + +
                • +
              • switch_log - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). type: dict + more... + +
                • +
                  +
                • local_override - Enable to configure local logging settings that override global logging settings. type: str choices: enable, disable + more... + +
                  • +
                • severity - Severity of FortiSwitch logs that are added to the FortiGate event log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                  • +
                • status - Enable/disable adding FortiSwitch logs to the FortiGate event log. type: str choices: enable, disable + more... + +
                  • +
                +
              • switch_profile - FortiSwitch profile. Source switch-controller.switch-profile.name. type: str + more... + +
                • +
              • switch_stp_settings - Configure spanning tree protocol (STP). type: dict + more... + +
                • +
                  +
                • status - Enable/disable STP. type: str choices: enable, disable + more... + +
                  • +
                +
              • tdr_supported - TDR supported. type: str + more... + +
                • +
              • type - Indication of switch type, physical or virtual. type: str choices: virtual, physical + more... + +
                • +
              • version - FortiSwitch version. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch devices that are managed by this FortiGate. + fortios_switch_controller_managed_switch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_managed_switch: + settings_802_1X: + link_down_auth: "set-unauth" + local_override: "enable" + max_reauth_attempt: "6" + reauth_period: "7" + tx_period: "8" + access_profile: " (source switch-controller.security-policy.local-access.name)" + custom_command: + - + command_entry: "" + command_name: " (source switch-controller.custom-command.command-name)" + delayed_restart_trigger: "13" + description: "" + dhcp_server_access_list: "global" + directly_connected: "16" + dynamic_capability: "" + dynamically_discovered: "18" + firmware_provision: "enable" + firmware_provision_latest: "disable" + firmware_provision_version: "" + flow_identity: "" + fsw_wan1_admin: "discovered" + fsw_wan1_peer: " (source system.interface.name)" + fsw_wan2_admin: "discovered" + fsw_wan2_peer: "" + igmp_snooping: + aging_time: "28" + flood_unknown_multicast: "enable" + local_override: "enable" + vlans: + - + proxy: "disable" + querier: "disable" + querier_addr: "" + version: "35" + vlan_name: " (source system.interface.name)" + ip_source_guard: + - + binding_entry: + - + entry_name: "" + ip: "" + mac: "" + description: "" + port: "" + l3_discovered: "44" + max_allowed_trunk_members: "45" + mclag_igmp_snooping_aware: "enable" + mirror: + - + dst: "" + name: "default_name_49" + src_egress: + - + name: "default_name_51" + src_ingress: + - + name: "default_name_53" + status: "active" + switching_packet: "enable" + name: "default_name_56" + override_snmp_community: "enable" + override_snmp_sysinfo: "disable" + override_snmp_trap_threshold: "enable" + override_snmp_user: "enable" + owner_vdom: "" + poe_detection_type: "62" + poe_lldp_detection: "enable" + poe_pre_standard_detection: "enable" + ports: + - + access_mode: "dynamic" + aggregator_mode: "bandwidth" + allowed_vlans: + - + vlan_name: " (source system.interface.name)" + allowed_vlans_all: "enable" + arp_inspection_trust: "untrusted" + bundle: "enable" + description: "" + dhcp_snoop_option82_trust: "enable" + dhcp_snooping: "untrusted" + discard_mode: "none" + edge_port: "enable" + export_tags: + - + tag_name: " (source switch-controller.switch-interface-tag.name)" + export_to: " (source system.vdom.name)" + export_to_pool: " (source switch-controller.virtual-port-pool.name)" + export_to_pool_flag: "82" + export_to_pool_flag: "83" + fec_capable: "84" + fec_state: "disabled" + fgt_peer_device_name: "" + fgt_peer_port_name: "" + fiber_port: "88" + flags: "89" + flow_control: "disable" + fortilink_port: "91" + igmp_snooping: "enable" + igmps_flood_reports: "enable" + igmps_flood_traffic: "enable" + interface_tags: + - + tag_name: " (source switch-controller.switch-interface-tag.name)" + ip_source_guard: "disable" + isl_local_trunk_name: "" + isl_peer_device_name: "" + isl_peer_port_name: "" + lacp_speed: "slow" + learning_limit: "102" + lldp_profile: " (source switch-controller.lldp-profile.name)" + lldp_status: "disable" + loop_guard: "enabled" + loop_guard_timeout: "106" + mac_addr: "" + matched_dpp_intf_tags: "" + matched_dpp_policy: "" + max_bundle: "110" + mclag: "enable" + mclag_icl_port: "112" + media_type: "" + member_withdrawal_behavior: "forward" + members: + - + member_name: "" + min_bundle: "117" + mode: "static" + p2p_port: "119" + packet_sample_rate: "120" + packet_sampler: "enabled" + pause_meter: "122" + pause_meter_resume: "75%" + poe_capable: "124" + poe_max_power: "" + poe_pre_standard_detection: "enable" + poe_standard: "" + poe_status: "enable" + port_name: "" + port_number: "130" + port_owner: "" + port_policy: " (source switch-controller.dynamic-port-policy.name)" + port_prefix_type: "133" + port_security_policy: " (source switch-controller.security-policy.802-1X.name)" + port_selection_criteria: "src-mac" + ptp_policy: " (source switch-controller.ptp.policy.name)" + qos_policy: " (source switch-controller.qos.qos-policy.name)" + rpvst_port: "disabled" + sample_direction: "tx" + sflow_counter_interval: "140" + sflow_sample_rate: "141" + sflow_sampler: "enabled" + speed: "10half" + speed_mask: "144" + stacking_port: "145" + status: "up" + sticky_mac: "enable" + storm_control_policy: " (source switch-controller.storm-control-policy.name)" + stp_bpdu_guard: "enabled" + stp_bpdu_guard_timeout: "150" + stp_root_guard: "enabled" + stp_state: "enabled" + switch_id: "" + type: "physical" + untagged_vlans: + - + vlan_name: " (source system.interface.name)" + virtual_port: "157" + vlan: " (source system.interface.name)" + pre_provisioned: "159" + qos_drop_policy: "taildrop" + qos_red_probability: "161" + remote_log: + - + csv: "enable" + facility: "kernel" + name: "default_name_165" + port: "166" + server: "192.168.100.40" + severity: "emergency" + status: "enable" + snmp_community: + - + events: "cpu-high" + hosts: + - + id: "173" + ip: "" + id: "175" + name: "default_name_176" + query_v1_port: "177" + query_v1_status: "disable" + query_v2c_port: "179" + query_v2c_status: "disable" + status: "disable" + trap_v1_lport: "182" + trap_v1_rport: "183" + trap_v1_status: "disable" + trap_v2c_lport: "185" + trap_v2c_rport: "186" + trap_v2c_status: "disable" + snmp_sysinfo: + contact_info: "" + description: "" + engine_id: "" + location: "" + status: "disable" + snmp_trap_threshold: + trap_high_cpu_threshold: "195" + trap_log_full_threshold: "196" + trap_low_memory_threshold: "197" + snmp_user: + - + auth_proto: "md5" + auth_pwd: "" + name: "default_name_201" + priv_proto: "aes128" + priv_pwd: "" + queries: "disable" + query_port: "205" + security_level: "no-auth-no-priv" + staged_image_version: "" + static_mac: + - + description: "" + id: "210" + interface: "" + mac: "" + type: "static" + vlan: " (source system.interface.name)" + storm_control: + broadcast: "enable" + local_override: "enable" + rate: "218" + unknown_multicast: "enable" + unknown_unicast: "enable" + stp_instance: + - + id: "222" + priority: "0" + stp_settings: + forward_time: "225" + hello_time: "226" + local_override: "enable" + max_age: "228" + max_hops: "229" + name: "default_name_230" + pending_timer: "231" + revision: "232" + status: "enable" + switch_device_tag: "" + switch_dhcp_opt43_key: "" + switch_id: "" + switch_log: + local_override: "enable" + severity: "emergency" + status: "enable" + switch_profile: " (source switch-controller.switch-profile.name)" + switch_stp_settings: + status: "enable" + tdr_supported: "" + type: "virtual" + version: "246" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_nac_device.rst b/gen/fortios_switch_controller_nac_device.rst new file mode 100644 index 00000000..320f5c6b --- /dev/null +++ b/gen/fortios_switch_controller_nac_device.rst @@ -0,0 +1,376 @@ +:source: fortios_switch_controller_nac_device.py + +:orphan: + +.. fortios_switch_controller_nac_device: + +fortios_switch_controller_nac_device -- Configure/list NAC devices learned on the managed FortiSwitch ports which matches NAC policy in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and nac_device category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4
            fortios_switch_controller_nac_deviceyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_nac_device - Configure/list NAC devices learned on the managed FortiSwitch ports which matches NAC policy. type: dict + more... + +
              • +
                +
              • description - Description for the learned NAC device. type: str + more... + +
                • +
              • id - Device ID. type: int required: true + more... + +
                • +
              • last_known_port - Managed FortiSwitch port where NAC device is last learned. type: str + more... + +
                • +
              • last_known_switch - Managed FortiSwitch where NAC device is last learned. Source switch-controller.managed-switch.switch-id. type: str + more... + +
                • +
              • last_seen - Device last seen. type: int + more... + +
                • +
              • mac - MAC address of the learned NAC device. type: str + more... + +
                • +
              • mac_policy - MAC policy to be applied on this learned NAC device. Source switch-controller.mac-policy.name. type: str + more... + +
                • +
              • matched_nac_policy - Matched NAC policy for the learned NAC device. Source user.nac-policy.name. type: str + more... + +
                • +
              • port_policy - Port policy to be applied on this learned NAC device. Source switch-controller.port-policy.name. type: str + more... + +
                • +
              • status - Status of the learned NAC device. Set enable to authorize the NAC device. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure/list NAC devices learned on the managed FortiSwitch ports which matches NAC policy. + fortios_switch_controller_nac_device: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_nac_device: + description: "" + id: "4" + last_known_port: "" + last_known_switch: " (source switch-controller.managed-switch.switch-id)" + last_seen: "7" + mac: "" + mac_policy: " (source switch-controller.mac-policy.name)" + matched_nac_policy: " (source user.nac-policy.name)" + port_policy: " (source switch-controller.port-policy.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_nac_settings.rst b/gen/fortios_switch_controller_nac_settings.rst new file mode 100644 index 00000000..14a7387d --- /dev/null +++ b/gen/fortios_switch_controller_nac_settings.rst @@ -0,0 +1,352 @@ +:source: fortios_switch_controller_nac_settings.py + +:orphan: + +.. fortios_switch_controller_nac_settings: + +fortios_switch_controller_nac_settings -- Configure integrated NAC settings for FortiSwitch in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and nac_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4
            fortios_switch_controller_nac_settingsyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_nac_settings - Configure integrated NAC settings for FortiSwitch. type: dict + more... + +
              • +
                +
              • auto_auth - Enable/disable NAC device auto authorization when discovered and nac-policy matched. type: str choices: disable, enable + more... + +
                • +
              • bounce_nac_port - Enable/disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured on the port. Helps to re-initiate the DHCP process for a device. type: str choices: disable, enable + more... + +
                • +
              • inactive_timer - Time interval(minutes, 0 = no expiry) to be included in the inactive NAC devices expiry calculation (mac age-out + inactive-time + periodic scan interval). type: int + more... + +
                • +
              • link_down_flush - Clear NAC devices on switch ports on link down event. type: str choices: disable, enable + more... + +
                • +
              • mode - Set NAC mode to be used on the FortiSwitch ports. type: str choices: local, global + more... + +
                • +
              • name - NAC settings name. type: str required: true + more... + +
                • +
              • onboarding_vlan - Default NAC Onboarding VLAN when NAC devices are discovered. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure integrated NAC settings for FortiSwitch. + fortios_switch_controller_nac_settings: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_nac_settings: + auto_auth: "disable" + bounce_nac_port: "disable" + inactive_timer: "5" + link_down_flush: "disable" + mode: "local" + name: "default_name_8" + onboarding_vlan: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_network_monitor_settings.rst b/gen/fortios_switch_controller_network_monitor_settings.rst new file mode 100644 index 00000000..b6b85f24 --- /dev/null +++ b/gen/fortios_switch_controller_network_monitor_settings.rst @@ -0,0 +1,297 @@ +:source: fortios_switch_controller_network_monitor_settings.py + +:orphan: + +.. fortios_switch_controller_network_monitor_settings: + +fortios_switch_controller_network_monitor_settings -- Configure network monitor settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and network_monitor_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_network_monitor_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_network_monitor_settings - Configure network monitor settings. type: dict + more... + +
              • +
                +
              • network_monitoring - Enable/disable passive gathering of information by FortiSwitch units concerning other network devices. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network monitor settings. + fortios_switch_controller_network_monitor_settings: + vdom: "{{ vdom }}" + switch_controller_network_monitor_settings: + network_monitoring: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_poe.rst b/gen/fortios_switch_controller_poe.rst new file mode 100644 index 00000000..0efbe84f --- /dev/null +++ b/gen/fortios_switch_controller_poe.rst @@ -0,0 +1,187 @@ +:source: fortios_switch_controller_poe.py + +:orphan: + +.. fortios_switch_controller_poe: + +fortios_switch_controller_poe -- List PoE end-points status in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and poe category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.1
            fortios_switch_controller_poeyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_poe - List PoE end-points status. type: dict + more... + +
              • +
                +
              • - FortiSwitch device ID. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: List PoE end-points status. + fortios_switch_controller_poe: + vdom: "{{ vdom }}" + switch_controller_poe: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_port_policy.rst b/gen/fortios_switch_controller_port_policy.rst new file mode 100644 index 00000000..d7f8f7f8 --- /dev/null +++ b/gen/fortios_switch_controller_port_policy.rst @@ -0,0 +1,336 @@ +:source: fortios_switch_controller_port_policy.py + +:orphan: + +.. fortios_switch_controller_port_policy: + +fortios_switch_controller_port_policy -- Configure port policy to be applied on the managed FortiSwitch ports through NAC device in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and port_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4
            fortios_switch_controller_port_policyyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_port_policy - Configure port policy to be applied on the managed FortiSwitch ports through NAC device. type: dict + more... + +
              • +
                +
              • 802_1x - 802.1x security policy to be applied when using this port-policy. Source switch-controller.security-policy.802-1X.name switch-controller .security-policy.captive-portal.name. type: str + more... + +
                • +
              • bounce_port_link - Enable/disable bouncing (administratively bring the link down, up) of a switch port where this port policy is applied. Helps to clear and reassign VLAN from lldp-profile. type: str choices: disable, enable + more... + +
                • +
              • description - Description for the port policy. type: str + more... + +
                • +
              • fortilink - FortiLink interface for which this port policy belongs to. Source system.interface.name. type: str + more... + +
                • +
              • lldp_profile - LLDP profile to be applied when using this port-policy. Source switch-controller.lldp-profile.name. type: str + more... + +
                • +
              • name - Port policy name. type: str required: true + more... + +
                • +
              • qos_policy - QoS policy to be applied when using this port-policy. Source switch-controller.qos.qos-policy.name. type: str + more... + +
                • +
              • vlan_policy - VLAN policy to be applied when using this port-policy. Source switch-controller.vlan-policy.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure port policy to be applied on the managed FortiSwitch ports through NAC device. + fortios_switch_controller_port_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_port_policy: + 802_1x: " (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal.name)" + bounce_port_link: "disable" + description: "" + fortilink: " (source system.interface.name)" + lldp_profile: " (source switch-controller.lldp-profile.name)" + name: "default_name_8" + qos_policy: " (source switch-controller.qos.qos-policy.name)" + vlan_policy: " (source switch-controller.vlan-policy.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_ptp_policy.rst b/gen/fortios_switch_controller_ptp_policy.rst new file mode 100644 index 00000000..0ed15e2c --- /dev/null +++ b/gen/fortios_switch_controller_ptp_policy.rst @@ -0,0 +1,266 @@ +:source: fortios_switch_controller_ptp_policy.py + +:orphan: + +.. fortios_switch_controller_ptp_policy: + +fortios_switch_controller_ptp_policy -- PTP policy configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_ptp feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_ptp_policyyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_ptp_policy - PTP policy configuration. type: dict + more... + +
              • +
                +
              • name - Policy name. type: str required: true + more... + +
                • +
              • status - Enable/disable PTP policy. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: PTP policy configuration. + fortios_switch_controller_ptp_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_ptp_policy: + name: "default_name_3" + status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_ptp_settings.rst b/gen/fortios_switch_controller_ptp_settings.rst new file mode 100644 index 00000000..2398c648 --- /dev/null +++ b/gen/fortios_switch_controller_ptp_settings.rst @@ -0,0 +1,244 @@ +:source: fortios_switch_controller_ptp_settings.py + +:orphan: + +.. fortios_switch_controller_ptp_settings: + +fortios_switch_controller_ptp_settings -- Global PTP settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_ptp feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_ptp_settingsyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_ptp_settings - Global PTP settings. type: dict + more... + +
              • +
                +
              • mode - Enable/disable PTP mode. type: str choices: disable, transparent-e2e, transparent-p2p + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global PTP settings. + fortios_switch_controller_ptp_settings: + vdom: "{{ vdom }}" + switch_controller_ptp_settings: + mode: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_qos_dot1p_map.rst b/gen/fortios_switch_controller_qos_dot1p_map.rst new file mode 100644 index 00000000..626dd614 --- /dev/null +++ b/gen/fortios_switch_controller_qos_dot1p_map.rst @@ -0,0 +1,1976 @@ +:source: fortios_switch_controller_qos_dot1p_map.py + +:orphan: + +.. fortios_switch_controller_qos_dot1p_map: + +fortios_switch_controller_qos_dot1p_map -- Configure FortiSwitch QoS 802.1p in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and dot1p_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_qos_dot1p_mapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_qos_dot1p_map - Configure FortiSwitch QoS 802.1p. type: dict + more... + +
              • +
                +
              • description - Description of the 802.1p name. type: str + more... + +
                • +
              • egress_pri_tagging - Enable/disable egress priority-tag frame. type: str choices: disable, enable + more... + +
                • +
              • name - Dot1p map name. type: str required: true + more... + +
                • +
              • priority_0 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_1 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_2 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_3 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_4 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_5 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_6 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              • priority_7 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS 802.1p. + fortios_switch_controller_qos_dot1p_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_dot1p_map: + description: "" + egress_pri_tagging: "disable" + name: "default_name_5" + priority_0: "queue-0" + priority_1: "queue-0" + priority_2: "queue-0" + priority_3: "queue-0" + priority_4: "queue-0" + priority_5: "queue-0" + priority_6: "queue-0" + priority_7: "queue-0" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_qos_ip_dscp_map.rst b/gen/fortios_switch_controller_qos_ip_dscp_map.rst new file mode 100644 index 00000000..50fbfb3a --- /dev/null +++ b/gen/fortios_switch_controller_qos_ip_dscp_map.rst @@ -0,0 +1,1138 @@ +:source: fortios_switch_controller_qos_ip_dscp_map.py + +:orphan: + +.. fortios_switch_controller_qos_ip_dscp_map: + +fortios_switch_controller_qos_ip_dscp_map -- Configure FortiSwitch QoS IP precedence/DSCP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and ip_dscp_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_qos_ip_dscp_mapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_qos_ip_dscp_map - Configure FortiSwitch QoS IP precedence/DSCP. type: dict + more... + +
              • +
                +
              • description - Description of the ip-dscp map name. type: str + more... + +
                • +
              • map - Maps between IP-DSCP value to COS queue. type: list member_path: map:name + more... + +
                • +
                  +
                • cos_queue - COS queue number. type: int + more... + +
                  • +
                • diffserv - Differentiated service. type: list choices: CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, EF, CS6, CS7 + more... + +
                  • +
                • ip_precedence - IP Precedence. type: list choices: network-control, internetwork-control, critic-ecp, flashoverride, flash, immediate, priority, routine + more... + +
                  • +
                • name - Dscp mapping entry name. type: str required: true + more... + +
                  • +
                • value - Raw values of DSCP (0 - 63). type: str + more... + +
                  • +
                +
              • name - Dscp map name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS IP precedence/DSCP. + fortios_switch_controller_qos_ip_dscp_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_ip_dscp_map: + description: "" + map: + - + cos_queue: "5" + diffserv: "CS0" + ip_precedence: "network-control" + name: "default_name_8" + value: "" + name: "default_name_10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_qos_qos_policy.rst b/gen/fortios_switch_controller_qos_qos_policy.rst new file mode 100644 index 00000000..301438e1 --- /dev/null +++ b/gen/fortios_switch_controller_qos_qos_policy.rst @@ -0,0 +1,446 @@ +:source: fortios_switch_controller_qos_qos_policy.py + +:orphan: + +.. fortios_switch_controller_qos_qos_policy: + +fortios_switch_controller_qos_qos_policy -- Configure FortiSwitch QoS policy in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and qos_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_qos_qos_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_qos_qos_policy - Configure FortiSwitch QoS policy. type: dict + more... + +
              • +
                +
              • default_cos - Default cos queue for untagged packets. type: int + more... + +
                • +
              • name - QoS policy name. type: str required: true + more... + +
                • +
              • queue_policy - QoS egress queue policy. Source switch-controller.qos.queue-policy.name. type: str + more... + +
                • +
              • trust_dot1p_map - QoS trust 802.1p map. Source switch-controller.qos.dot1p-map.name. type: str + more... + +
                • +
              • trust_ip_dscp_map - QoS trust ip dscp map. Source switch-controller.qos.ip-dscp-map.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS policy. + fortios_switch_controller_qos_qos_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_qos_policy: + default_cos: "3" + name: "default_name_4" + queue_policy: " (source switch-controller.qos.queue-policy.name)" + trust_dot1p_map: " (source switch-controller.qos.dot1p-map.name)" + trust_ip_dscp_map: " (source switch-controller.qos.ip-dscp-map.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_qos_queue_policy.rst b/gen/fortios_switch_controller_qos_queue_policy.rst new file mode 100644 index 00000000..60bbe5cd --- /dev/null +++ b/gen/fortios_switch_controller_qos_queue_policy.rst @@ -0,0 +1,988 @@ +:source: fortios_switch_controller_qos_queue_policy.py + +:orphan: + +.. fortios_switch_controller_qos_queue_policy: + +fortios_switch_controller_qos_queue_policy -- Configure FortiSwitch QoS egress queue policy in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and queue_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_qos_queue_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_qos_queue_policy - Configure FortiSwitch QoS egress queue policy. type: dict + more... + +
              • +
                +
              • cos_queue - COS queue configuration. type: list member_path: cos_queue:name + more... + +
                • +
                  +
                • description - Description of the COS queue. type: str + more... + +
                  • +
                • drop_policy - COS queue drop policy. type: str choices: taildrop, weighted-random-early-detection + more... + +
                  • +
                • ecn - Enable/disable ECN packet marking to drop eligible packets. type: str choices: disable, enable + more... + +
                  • +
                • max_rate - Maximum rate (0 - 4294967295 kbps, 0 to disable). type: int + more... + +
                  • +
                • max_rate_percent - Maximum rate (% of link speed). type: int + more... + +
                  • +
                • min_rate - Minimum rate (0 - 4294967295 kbps, 0 to disable). type: int + more... + +
                  • +
                • min_rate_percent - Minimum rate (% of link speed). type: int + more... + +
                  • +
                • name - Cos queue ID. type: str required: true + more... + +
                  • +
                • weight - Weight of weighted round robin scheduling. type: int + more... + +
                  • +
                +
              • name - QoS policy name. type: str required: true + more... + +
                • +
              • rate_by - COS queue rate by kbps or percent. type: str choices: kbps, percent + more... + +
                • +
              • schedule - COS queue scheduling. type: str choices: strict, round-robin, weighted + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS egress queue policy. + fortios_switch_controller_qos_queue_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_queue_policy: + cos_queue: + - + description: "" + drop_policy: "taildrop" + ecn: "disable" + max_rate: "7" + max_rate_percent: "8" + min_rate: "9" + min_rate_percent: "10" + name: "default_name_11" + weight: "12" + name: "default_name_13" + rate_by: "kbps" + schedule: "strict" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_quarantine.rst b/gen/fortios_switch_controller_quarantine.rst new file mode 100644 index 00000000..91c5bdee --- /dev/null +++ b/gen/fortios_switch_controller_quarantine.rst @@ -0,0 +1,557 @@ +:source: fortios_switch_controller_quarantine.py + +:orphan: + +.. fortios_switch_controller_quarantine: + +fortios_switch_controller_quarantine -- Configure FortiSwitch quarantine support in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_quarantineyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_quarantine - Configure FortiSwitch quarantine support. type: dict + more... + +
              • +
                +
              • quarantine - Enable/disable quarantine. type: str choices: enable, disable + more... + +
                • +
              • targets - Quarantine MACs. type: list member_path: targets:mac + more... + +
                • +
                  +
                • description - Description for the quarantine MAC. type: str + more... + +
                  • +
                • entry_id - FSW entry id for the quarantine MAC. type: int + more... + +
                  • +
                • mac - Quarantine MAC. type: str required: true + more... + +
                  • +
                • tag - Tags for the quarantine MAC. type: list member_path: targets:mac/tag:tags + more... + +
                  • +
                    +
                  • tags - Tag string. For example, string1 string2 string3. type: str required: true + more... + +
                    • +
                  +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch quarantine support. + fortios_switch_controller_quarantine: + vdom: "{{ vdom }}" + switch_controller_quarantine: + quarantine: "enable" + targets: + - + description: "" + entry_id: "6" + mac: "" + tag: + - + tags: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_remote_log.rst b/gen/fortios_switch_controller_remote_log.rst new file mode 100644 index 00000000..d0753e40 --- /dev/null +++ b/gen/fortios_switch_controller_remote_log.rst @@ -0,0 +1,1060 @@ +:source: fortios_switch_controller_remote_log.py + +:orphan: + +.. fortios_switch_controller_remote_log: + +fortios_switch_controller_remote_log -- Configure logging by FortiSwitch device to a remote syslog server in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and remote_log category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_remote_logyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_remote_log - Configure logging by FortiSwitch device to a remote syslog server. type: dict + more... + +
              • +
                +
              • csv - Enable/disable comma-separated value (CSV) strings. type: str choices: enable, disable + more... + +
                • +
              • facility - Facility to log to remote syslog server. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 + more... + +
                • +
              • name - Remote log name. type: str required: true + more... + +
                • +
              • port - Remote syslog server listening port. type: int + more... + +
                • +
              • server - IPv4 address of the remote syslog server. type: str + more... + +
                • +
              • severity - Severity of logs to be transferred to remote log server. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • status - Enable/disable logging by FortiSwitch device to a remote syslog server. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure logging by FortiSwitch device to a remote syslog server. + fortios_switch_controller_remote_log: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_remote_log: + csv: "enable" + facility: "kernel" + name: "default_name_5" + port: "6" + server: "192.168.100.40" + severity: "emergency" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_security_policy_802_1x.rst b/gen/fortios_switch_controller_security_policy_802_1x.rst new file mode 100644 index 00000000..80785754 --- /dev/null +++ b/gen/fortios_switch_controller_security_policy_802_1x.rst @@ -0,0 +1,1540 @@ +:source: fortios_switch_controller_security_policy_802_1x.py + +:orphan: + +.. fortios_switch_controller_security_policy_802_1x: + +fortios_switch_controller_security_policy_802_1x -- Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and 802_1x category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_security_policy_802_1xyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_security_policy_802_1x - Configure 802.1x MAC Authentication Bypass (MAB) policies. type: dict + more... + +
              • +
                +
              • auth_fail_vlan - Enable to allow limited access to clients that cannot authenticate. type: str choices: disable, enable + more... + +
                • +
              • auth_fail_vlan_id - VLAN ID on which authentication failed. Source system.interface.name. type: str + more... + +
                • +
              • auth_fail_vlanid - VLAN ID on which authentication failed. type: int + more... + +
                • +
              • authserver_timeout_period - Authentication server timeout period (3 - 15 sec). type: int + more... + +
                • +
              • authserver_timeout_vlan - Enable/disable the authentication server timeout VLAN to allow limited access when RADIUS is unavailable. type: str choices: disable, enable + more... + +
                • +
              • authserver_timeout_vlanid - Authentication server timeout VLAN name. Source system.interface.name. type: str + more... + +
                • +
              • eap_auto_untagged_vlans - Enable/disable automatic inclusion of untagged VLANs. type: str choices: disable, enable + more... + +
                • +
              • eap_passthru - Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. type: str choices: disable, enable + more... + +
                • +
              • framevid_apply - Enable/disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. type: str choices: disable, enable + more... + +
                • +
              • guest_auth_delay - Guest authentication delay (1 - 900 sec). type: int + more... + +
                • +
              • guest_vlan - Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. type: str choices: disable, enable + more... + +
                • +
              • guest_vlan_id - Guest VLAN name. Source system.interface.name. type: str + more... + +
                • +
              • guest_vlanid - Guest VLAN ID. type: int + more... + +
                • +
              • mac_auth_bypass - Enable/disable MAB for this policy. type: str choices: disable, enable + more... + +
                • +
              • name - Policy name. type: str required: true + more... + +
                • +
              • open_auth - Enable/disable open authentication for this policy. type: str choices: disable, enable + more... + +
                • +
              • policy_type - Policy type. type: str choices: 802.1X + more... + +
                • +
              • radius_timeout_overwrite - Enable to override the global RADIUS session timeout. type: str choices: disable, enable + more... + +
                • +
              • security_mode - Port or MAC based 802.1X security mode. type: str choices: 802.1X, 802.1X-mac-based + more... + +
                • +
              • user_group - Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. type: list member_path: user_group:name + more... + +
                • +
                  +
                • name - Group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure 802.1x MAC Authentication Bypass (MAB) policies. + fortios_switch_controller_security_policy_802_1x: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_security_policy_802_1x: + auth_fail_vlan: "disable" + auth_fail_vlan_id: " (source system.interface.name)" + auth_fail_vlanid: "5" + authserver_timeout_period: "6" + authserver_timeout_vlan: "disable" + authserver_timeout_vlanid: " (source system.interface.name)" + eap_auto_untagged_vlans: "disable" + eap_passthru: "disable" + framevid_apply: "disable" + guest_auth_delay: "12" + guest_vlan: "disable" + guest_vlan_id: " (source system.interface.name)" + guest_vlanid: "15" + mac_auth_bypass: "disable" + name: "default_name_17" + open_auth: "disable" + policy_type: "802.1X" + radius_timeout_overwrite: "disable" + security_mode: "802.1X" + user_group: + - + name: "default_name_23 (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_security_policy_captive_portal.rst b/gen/fortios_switch_controller_security_policy_captive_portal.rst new file mode 100644 index 00000000..a4ab2dc8 --- /dev/null +++ b/gen/fortios_switch_controller_security_policy_captive_portal.rst @@ -0,0 +1,241 @@ +:source: fortios_switch_controller_security_policy_captive_portal.py + +:orphan: + +.. fortios_switch_controller_security_policy_captive_portal: + +fortios_switch_controller_security_policy_captive_portal -- Names of VLANs that use captive portal authentication in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and captive_portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.3
            fortios_switch_controller_security_policy_captive_portalyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_security_policy_captive_portal - Names of VLANs that use captive portal authentication. type: dict + more... + +
              • +
                +
              • name - Policy name. type: str required: true + more... + +
                • +
              • policy_type - Policy type. type: str choices: captive-portal + more... + +
                • +
              • vlan - Names of VLANs that use captive portal authentication. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Names of VLANs that use captive portal authentication. + fortios_switch_controller_security_policy_captive_portal: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_security_policy_captive_portal: + name: "default_name_3" + policy_type: "captive-portal" + vlan: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_security_policy_local_access.rst b/gen/fortios_switch_controller_security_policy_local_access.rst new file mode 100644 index 00000000..edb0ac51 --- /dev/null +++ b/gen/fortios_switch_controller_security_policy_local_access.rst @@ -0,0 +1,548 @@ +:source: fortios_switch_controller_security_policy_local_access.py + +:orphan: + +.. fortios_switch_controller_security_policy_local_access: + +fortios_switch_controller_security_policy_local_access -- Configure allowaccess list for mgmt and internal interfaces on managed FortiSwitch units in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and local_access category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_security_policy_local_accessyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_security_policy_local_access - Configure allowaccess list for mgmt and internal interfaces on managed FortiSwitch units. type: dict + more... + +
              • +
                +
              • internal_allowaccess - Allowed access on the switch internal interface. type: list choices: https, ping, ssh, snmp, http, telnet, radius-acct + more... + +
                • +
              • mgmt_allowaccess - Allowed access on the switch management interface. type: list choices: https, ping, ssh, snmp, http, telnet, radius-acct + more... + +
                • +
              • name - Policy name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure allowaccess list for mgmt and internal interfaces on managed FortiSwitch units. + fortios_switch_controller_security_policy_local_access: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_security_policy_local_access: + internal_allowaccess: "https" + mgmt_allowaccess: "https" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_sflow.rst b/gen/fortios_switch_controller_sflow.rst new file mode 100644 index 00000000..719b3665 --- /dev/null +++ b/gen/fortios_switch_controller_sflow.rst @@ -0,0 +1,305 @@ +:source: fortios_switch_controller_sflow.py + +:orphan: + +.. fortios_switch_controller_sflow: + +fortios_switch_controller_sflow -- Configure FortiSwitch sFlow in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and sflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_sflowyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_sflow - Configure FortiSwitch sFlow. type: dict + more... + +
              • +
                +
              • collector_ip - Collector IP. type: str + more... + +
                • +
              • collector_port - SFlow collector port (0 - 65535). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch sFlow. + fortios_switch_controller_sflow: + vdom: "{{ vdom }}" + switch_controller_sflow: + collector_ip: "" + collector_port: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_snmp_community.rst b/gen/fortios_switch_controller_snmp_community.rst new file mode 100644 index 00000000..34f5d209 --- /dev/null +++ b/gen/fortios_switch_controller_snmp_community.rst @@ -0,0 +1,1127 @@ +:source: fortios_switch_controller_snmp_community.py + +:orphan: + +.. fortios_switch_controller_snmp_community: + +fortios_switch_controller_snmp_community -- Configure FortiSwitch SNMP v1/v2c communities globally in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and snmp_community category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_snmp_communityyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_snmp_community - Configure FortiSwitch SNMP v1/v2c communities globally. type: dict + more... + +
              • +
                +
              • events - SNMP notifications (traps) to send. type: list choices: cpu-high, mem-low, log-full, intf-ip, ent-conf-change + more... + +
                • +
              • hosts - Configure IPv4 SNMP managers (hosts). type: list member_path: hosts:id + more... + +
                • +
                  +
                • id - Host entry ID. type: int required: true + more... + +
                  • +
                • ip - IPv4 address of the SNMP manager (host). type: str + more... + +
                  • +
                +
              • id - SNMP community ID. type: int required: true + more... + +
                • +
              • name - SNMP community name. type: str + more... + +
                • +
              • query_v1_port - SNMP v1 query port . type: int + more... + +
                • +
              • query_v1_status - Enable/disable SNMP v1 queries. type: str choices: disable, enable + more... + +
                • +
              • query_v2c_port - SNMP v2c query port . type: int + more... + +
                • +
              • query_v2c_status - Enable/disable SNMP v2c queries. type: str choices: disable, enable + more... + +
                • +
              • status - Enable/disable this SNMP community. type: str choices: disable, enable + more... + +
                • +
              • trap_v1_lport - SNMP v2c trap local port . type: int + more... + +
                • +
              • trap_v1_rport - SNMP v2c trap remote port . type: int + more... + +
                • +
              • trap_v1_status - Enable/disable SNMP v1 traps. type: str choices: disable, enable + more... + +
                • +
              • trap_v2c_lport - SNMP v2c trap local port . type: int + more... + +
                • +
              • trap_v2c_rport - SNMP v2c trap remote port . type: int + more... + +
                • +
              • trap_v2c_status - Enable/disable SNMP v2c traps. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch SNMP v1/v2c communities globally. + fortios_switch_controller_snmp_community: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_snmp_community: + events: "cpu-high" + hosts: + - + id: "5" + ip: "" + id: "7" + name: "default_name_8" + query_v1_port: "9" + query_v1_status: "disable" + query_v2c_port: "11" + query_v2c_status: "disable" + status: "disable" + trap_v1_lport: "14" + trap_v1_rport: "15" + trap_v1_status: "disable" + trap_v2c_lport: "17" + trap_v2c_rport: "18" + trap_v2c_status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_snmp_sysinfo.rst b/gen/fortios_switch_controller_snmp_sysinfo.rst new file mode 100644 index 00000000..f1973901 --- /dev/null +++ b/gen/fortios_switch_controller_snmp_sysinfo.rst @@ -0,0 +1,433 @@ +:source: fortios_switch_controller_snmp_sysinfo.py + +:orphan: + +.. fortios_switch_controller_snmp_sysinfo: + +fortios_switch_controller_snmp_sysinfo -- Configure FortiSwitch SNMP system information globally in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and snmp_sysinfo category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_snmp_sysinfoyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_snmp_sysinfo - Configure FortiSwitch SNMP system information globally. type: dict + more... + +
              • +
                +
              • contact_info - Contact information. type: str + more... + +
                • +
              • description - System description. type: str + more... + +
                • +
              • engine_id - Local SNMP engine ID string (max 24 char). type: str + more... + +
                • +
              • location - System location. type: str + more... + +
                • +
              • status - Enable/disable SNMP. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch SNMP system information globally. + fortios_switch_controller_snmp_sysinfo: + vdom: "{{ vdom }}" + switch_controller_snmp_sysinfo: + contact_info: "" + description: "" + engine_id: "" + location: "" + status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_snmp_trap_threshold.rst b/gen/fortios_switch_controller_snmp_trap_threshold.rst new file mode 100644 index 00000000..35a06d37 --- /dev/null +++ b/gen/fortios_switch_controller_snmp_trap_threshold.rst @@ -0,0 +1,321 @@ +:source: fortios_switch_controller_snmp_trap_threshold.py + +:orphan: + +.. fortios_switch_controller_snmp_trap_threshold: + +fortios_switch_controller_snmp_trap_threshold -- Configure FortiSwitch SNMP trap threshold values globally in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and snmp_trap_threshold category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_snmp_trap_thresholdyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_snmp_trap_threshold - Configure FortiSwitch SNMP trap threshold values globally. type: dict + more... + +
              • +
                +
              • trap_high_cpu_threshold - CPU usage when trap is sent. type: int + more... + +
                • +
              • trap_log_full_threshold - Log disk usage when trap is sent. type: int + more... + +
                • +
              • trap_low_memory_threshold - Memory usage when trap is sent. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch SNMP trap threshold values globally. + fortios_switch_controller_snmp_trap_threshold: + vdom: "{{ vdom }}" + switch_controller_snmp_trap_threshold: + trap_high_cpu_threshold: "3" + trap_log_full_threshold: "4" + trap_low_memory_threshold: "5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_snmp_user.rst b/gen/fortios_switch_controller_snmp_user.rst new file mode 100644 index 00000000..bf505a6d --- /dev/null +++ b/gen/fortios_switch_controller_snmp_user.rst @@ -0,0 +1,828 @@ +:source: fortios_switch_controller_snmp_user.py + +:orphan: + +.. fortios_switch_controller_snmp_user: + +fortios_switch_controller_snmp_user -- Configure FortiSwitch SNMP v3 users globally in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and snmp_user category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_snmp_useryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_snmp_user - Configure FortiSwitch SNMP v3 users globally. type: dict + more... + +
              • +
                +
              • auth_proto - Authentication protocol. type: str choices: md5, sha1, sha224, sha256, sha384, sha512, sha + more... + +
                • +
              • auth_pwd - Password for authentication protocol. type: str + more... + +
                • +
              • name - SNMP user name. type: str required: true + more... + +
                • +
              • priv_proto - Privacy (encryption) protocol. type: str choices: aes128, aes192, aes192c, aes256, aes256c, des, aes + more... + +
                • +
              • priv_pwd - Password for privacy (encryption) protocol. type: str + more... + +
                • +
              • queries - Enable/disable SNMP queries for this user. type: str choices: disable, enable + more... + +
                • +
              • query_port - SNMPv3 query port . type: int + more... + +
                • +
              • security_level - Security level for message authentication and encryption. type: str choices: no-auth-no-priv, auth-no-priv, auth-priv + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch SNMP v3 users globally. + fortios_switch_controller_snmp_user: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_snmp_user: + auth_proto: "md5" + auth_pwd: "" + name: "default_name_5" + priv_proto: "aes128" + priv_pwd: "" + queries: "disable" + query_port: "9" + security_level: "no-auth-no-priv" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_storm_control.rst b/gen/fortios_switch_controller_storm_control.rst new file mode 100644 index 00000000..33782555 --- /dev/null +++ b/gen/fortios_switch_controller_storm_control.rst @@ -0,0 +1,511 @@ +:source: fortios_switch_controller_storm_control.py + +:orphan: + +.. fortios_switch_controller_storm_control: + +fortios_switch_controller_storm_control -- Configure FortiSwitch storm control in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and storm_control category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_storm_controlyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_storm_control - Configure FortiSwitch storm control. type: dict + more... + +
              • +
                +
              • broadcast - Enable/disable storm control to drop broadcast traffic. type: str choices: enable, disable + more... + +
                • +
              • rate - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond this threshold. type: int + more... + +
                • +
              • unknown_multicast - Enable/disable storm control to drop unknown multicast traffic. type: str choices: enable, disable + more... + +
                • +
              • unknown_unicast - Enable/disable storm control to drop unknown unicast traffic. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch storm control. + fortios_switch_controller_storm_control: + vdom: "{{ vdom }}" + switch_controller_storm_control: + broadcast: "enable" + rate: "4" + unknown_multicast: "enable" + unknown_unicast: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_storm_control_policy.rst b/gen/fortios_switch_controller_storm_control_policy.rst new file mode 100644 index 00000000..5886a19d --- /dev/null +++ b/gen/fortios_switch_controller_storm_control_policy.rst @@ -0,0 +1,628 @@ +:source: fortios_switch_controller_storm_control_policy.py + +:orphan: + +.. fortios_switch_controller_storm_control_policy: + +fortios_switch_controller_storm_control_policy -- Configure FortiSwitch storm control policy to be applied on managed-switch ports in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and storm_control_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_storm_control_policyyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_storm_control_policy - Configure FortiSwitch storm control policy to be applied on managed-switch ports. type: dict + more... + +
              • +
                +
              • broadcast - Enable/disable storm control to drop/allow broadcast traffic in override mode. type: str choices: enable, disable + more... + +
                • +
              • description - Description of the storm control policy. type: str + more... + +
                • +
              • name - Storm control policy name. type: str required: true + more... + +
                • +
              • rate - Threshold rate in packets per second at which storm traffic is controlled in override mode . type: int + more... + +
                • +
              • storm_control_mode - Set Storm control mode. type: str choices: global, override, disabled + more... + +
                • +
              • unknown_multicast - Enable/disable storm control to drop/allow unknown multicast traffic in override mode. type: str choices: enable, disable + more... + +
                • +
              • unknown_unicast - Enable/disable storm control to drop/allow unknown unicast traffic in override mode. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch storm control policy to be applied on managed-switch ports. + fortios_switch_controller_storm_control_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_storm_control_policy: + broadcast: "enable" + description: "" + name: "default_name_5" + rate: "6" + storm_control_mode: "global" + unknown_multicast: "enable" + unknown_unicast: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_stp_instance.rst b/gen/fortios_switch_controller_stp_instance.rst new file mode 100644 index 00000000..638b9822 --- /dev/null +++ b/gen/fortios_switch_controller_stp_instance.rst @@ -0,0 +1,327 @@ +:source: fortios_switch_controller_stp_instance.py + +:orphan: + +.. fortios_switch_controller_stp_instance: + +fortios_switch_controller_stp_instance -- Configure FortiSwitch multiple spanning tree protocol (MSTP) instances in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and stp_instance category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_stp_instanceyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_stp_instance - Configure FortiSwitch multiple spanning tree protocol (MSTP) instances. type: dict + more... + +
              • +
                +
              • id - Instance ID. type: str required: true + more... + +
                • +
              • vlan_range - Configure VLAN range for STP instance. type: list + more... + +
                • +
                  +
                • vlan_name - VLAN name. Source system.interface.name. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch multiple spanning tree protocol (MSTP) instances. + fortios_switch_controller_stp_instance: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_stp_instance: + id: "3" + vlan_range: + - + vlan_name: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_stp_settings.rst b/gen/fortios_switch_controller_stp_settings.rst new file mode 100644 index 00000000..9e8d732b --- /dev/null +++ b/gen/fortios_switch_controller_stp_settings.rst @@ -0,0 +1,575 @@ +:source: fortios_switch_controller_stp_settings.py + +:orphan: + +.. fortios_switch_controller_stp_settings: + +fortios_switch_controller_stp_settings -- Configure FortiSwitch spanning tree protocol (STP) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and stp_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_stp_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_stp_settings - Configure FortiSwitch spanning tree protocol (STP). type: dict + more... + +
              • +
                +
              • forward_time - Period of time a port is in listening and learning state (4 - 30 sec). type: int + more... + +
                • +
              • hello_time - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). type: int + more... + +
                • +
              • max_age - Maximum time before a bridge port expires its configuration BPDU information (6 - 40 sec). type: int + more... + +
                • +
              • max_hops - Maximum number of hops between the root bridge and the furthest bridge (1- 40). type: int + more... + +
                • +
              • name - Name of global STP settings configuration. type: str + more... + +
                • +
              • pending_timer - Pending time (1 - 15 sec). type: int + more... + +
                • +
              • revision - STP revision number (0 - 65535). type: int + more... + +
                • +
              • status - Enable/disable STP. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch spanning tree protocol (STP). + fortios_switch_controller_stp_settings: + vdom: "{{ vdom }}" + switch_controller_stp_settings: + forward_time: "3" + hello_time: "4" + max_age: "5" + max_hops: "6" + name: "default_name_7" + pending_timer: "8" + revision: "9" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_switch_group.rst b/gen/fortios_switch_controller_switch_group.rst new file mode 100644 index 00000000..b0b09ee6 --- /dev/null +++ b/gen/fortios_switch_controller_switch_group.rst @@ -0,0 +1,477 @@ +:source: fortios_switch_controller_switch_group.py + +:orphan: + +.. fortios_switch_controller_switch_group: + +fortios_switch_controller_switch_group -- Configure FortiSwitch switch groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_switch_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_switch_group - Configure FortiSwitch switch groups. type: dict + more... + +
              • +
                +
              • description - Optional switch group description. type: str + more... + +
                • +
              • fortilink - FortiLink interface to which switch group members belong. Source system.interface.name. type: str + more... + +
                • +
              • members - FortiSwitch members belonging to this switch group. type: list + more... + +
                • +
                  +
                • name - Managed device ID. Source switch-controller.managed-switch.switch-id. type: str + more... + +
                  • +
                • switch_id - Managed device ID. Source switch-controller.managed-switch.switch-id. type: str + more... + +
                  • +
                +
              • name - Switch group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch switch groups. + fortios_switch_controller_switch_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_switch_group: + description: "" + fortilink: " (source system.interface.name)" + members: + - + name: "default_name_6 (source switch-controller.managed-switch.switch-id)" + switch_id: " (source switch-controller.managed-switch.switch-id)" + name: "default_name_8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_switch_interface_tag.rst b/gen/fortios_switch_controller_switch_interface_tag.rst new file mode 100644 index 00000000..92f9f9c4 --- /dev/null +++ b/gen/fortios_switch_controller_switch_interface_tag.rst @@ -0,0 +1,262 @@ +:source: fortios_switch_controller_switch_interface_tag.py + +:orphan: + +.. fortios_switch_controller_switch_interface_tag: + +fortios_switch_controller_switch_interface_tag -- Configure switch object tags in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_interface_tag category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_switch_interface_tagyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_switch_interface_tag - Configure switch object tags. type: dict + more... + +
              • +
                +
              • name - Tag name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure switch object tags. + fortios_switch_controller_switch_interface_tag: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_switch_interface_tag: + name: "default_name_3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_switch_log.rst b/gen/fortios_switch_controller_switch_log.rst new file mode 100644 index 00000000..937b9273 --- /dev/null +++ b/gen/fortios_switch_controller_switch_log.rst @@ -0,0 +1,495 @@ +:source: fortios_switch_controller_switch_log.py + +:orphan: + +.. fortios_switch_controller_switch_log: + +fortios_switch_controller_switch_log -- Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log) in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_log category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_switch_logyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_switch_log - Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). type: dict + more... + +
              • +
                +
              • severity - Severity of FortiSwitch logs that are added to the FortiGate event log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • status - Enable/disable adding FortiSwitch logs to FortiGate event log. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). + fortios_switch_controller_switch_log: + vdom: "{{ vdom }}" + switch_controller_switch_log: + severity: "emergency" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_switch_profile.rst b/gen/fortios_switch_controller_switch_profile.rst new file mode 100644 index 00000000..9fc08a4f --- /dev/null +++ b/gen/fortios_switch_controller_switch_profile.rst @@ -0,0 +1,392 @@ +:source: fortios_switch_controller_switch_profile.py + +:orphan: + +.. fortios_switch_controller_switch_profile: + +fortios_switch_controller_switch_profile -- Configure FortiSwitch switch profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_switch_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_switch_profile - Configure FortiSwitch switch profile. type: dict + more... + +
              • +
                +
              • login_passwd - Login password of managed FortiSwitch. type: str + more... + +
                • +
              • login_passwd_override - Enable/disable overriding the admin administrator password for a managed FortiSwitch with the FortiGate admin administrator account password. type: str choices: enable, disable + more... + +
                • +
              • name - FortiSwitch Profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch switch profile. + fortios_switch_controller_switch_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_switch_profile: + login_passwd: "" + login_passwd_override: "enable" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_system.rst b/gen/fortios_switch_controller_system.rst new file mode 100644 index 00000000..fc78bd6b --- /dev/null +++ b/gen/fortios_switch_controller_system.rst @@ -0,0 +1,749 @@ +:source: fortios_switch_controller_system.py + +:orphan: + +.. fortios_switch_controller_system: + +fortios_switch_controller_system -- Configure system-wide switch controller settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and system category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_systemyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_system - Configure system-wide switch controller settings. type: dict + more... + +
              • +
                +
              • data_sync_interval - Time interval between collection of switch data (30 - 1800 sec). type: int + more... + +
                • +
              • dynamic_periodic_interval - Periodic time interval to run Dynamic port policy engine (5 - 60 sec). type: int + more... + +
                • +
              • iot_holdoff - MAC entry"s creation time. Time must be greater than this value for an entry to be created (0 - 10080 mins). type: int + more... + +
                • +
              • iot_mac_idle - MAC entry"s idle time. MAC entry is removed after this value (0 - 10080 mins). type: int + more... + +
                • +
              • iot_scan_interval - IoT scan interval (2 - 10080 mins). type: int + more... + +
                • +
              • iot_weight_threshold - MAC entry"s confidence value. Value is re-queried when below this value . type: int + more... + +
                • +
              • nac_periodic_interval - Periodic time interval to run NAC engine (5 - 60 sec). type: int + more... + +
                • +
              • parallel_process - Maximum number of parallel processes. type: int + more... + +
                • +
              • parallel_process_override - Enable/disable parallel process override. type: str choices: disable, enable + more... + +
                • +
              • tunnel_mode - Compatible/strict tunnel mode. type: str choices: compatible, strict + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system-wide switch controller settings. + fortios_switch_controller_system: + vdom: "{{ vdom }}" + switch_controller_system: + data_sync_interval: "3" + dynamic_periodic_interval: "4" + iot_holdoff: "5" + iot_mac_idle: "6" + iot_scan_interval: "7" + iot_weight_threshold: "8" + nac_periodic_interval: "9" + parallel_process: "10" + parallel_process_override: "disable" + tunnel_mode: "compatible" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_traffic_policy.rst b/gen/fortios_switch_controller_traffic_policy.rst new file mode 100644 index 00000000..87502c98 --- /dev/null +++ b/gen/fortios_switch_controller_traffic_policy.rst @@ -0,0 +1,606 @@ +:source: fortios_switch_controller_traffic_policy.py + +:orphan: + +.. fortios_switch_controller_traffic_policy: + +fortios_switch_controller_traffic_policy -- Configure FortiSwitch traffic policy in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and traffic_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_traffic_policyyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_traffic_policy - Configure FortiSwitch traffic policy. type: dict + more... + +
              • +
                +
              • cos_queue - COS queue(0 - 7), or unset to disable. type: int + more... + +
                • +
              • description - Description of the traffic policy. type: str + more... + +
                • +
              • guaranteed_bandwidth - Guaranteed bandwidth in kbps (max value = 524287000). type: int + more... + +
                • +
              • guaranteed_burst - Guaranteed burst size in bytes (max value = 4294967295). type: int + more... + +
                • +
              • id - FSW Policer id type: int + more... + +
                • +
              • maximum_burst - Maximum burst size in bytes (max value = 4294967295). type: int + more... + +
                • +
              • name - Traffic policy name. type: str required: true + more... + +
                • +
              • policer_status - Enable/disable policer config on the traffic policy. type: str choices: enable, disable + more... + +
                • +
              • type - Configure type of policy(ingress/egress). type: str choices: ingress, egress + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch traffic policy. + fortios_switch_controller_traffic_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_traffic_policy: + cos_queue: "3" + description: "" + guaranteed_bandwidth: "5" + guaranteed_burst: "6" + id: "7" + maximum_burst: "8" + name: "default_name_9" + policer_status: "enable" + type: "ingress" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_traffic_sniffer.rst b/gen/fortios_switch_controller_traffic_sniffer.rst new file mode 100644 index 00000000..c5206dff --- /dev/null +++ b/gen/fortios_switch_controller_traffic_sniffer.rst @@ -0,0 +1,936 @@ +:source: fortios_switch_controller_traffic_sniffer.py + +:orphan: + +.. fortios_switch_controller_traffic_sniffer: + +fortios_switch_controller_traffic_sniffer -- Configure FortiSwitch RSPAN/ERSPAN traffic sniffing parameters in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and traffic_sniffer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_traffic_snifferyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • switch_controller_traffic_sniffer - Configure FortiSwitch RSPAN/ERSPAN traffic sniffing parameters. type: dict + more... + +
              • +
                +
              • erspan_ip - Configure ERSPAN collector IP address. type: str + more... + +
                • +
              • mode - Configure traffic sniffer mode. type: str choices: erspan-auto, rspan, none + more... + +
                • +
              • target_ip - Sniffer IPs to filter. type: list member_path: target_ip:ip + more... + +
                • +
                  +
                • description - Description for the sniffer IP. type: str + more... + +
                  • +
                • dst_entry_id - FortiSwitch dest entry ID for the sniffer IP. type: int + more... + +
                  • +
                • ip - Sniffer IP. type: str required: true + more... + +
                  • +
                • src_entry_id - FortiSwitch source entry ID for the sniffer IP. type: int + more... + +
                  • +
                +
              • target_mac - Sniffer MACs to filter. type: list member_path: target_mac:mac + more... + +
                • +
                  +
                • description - Description for the sniffer MAC. type: str + more... + +
                  • +
                • dst_entry_id - FortiSwitch dest entry ID for the sniffer MAC. type: int + more... + +
                  • +
                • mac - Sniffer MAC. type: str required: true + more... + +
                  • +
                • src_entry_id - FortiSwitch source entry ID for the sniffer MAC. type: int + more... + +
                  • +
                +
              • target_port - Sniffer ports to filter. type: list + more... + +
                • +
                  +
                • description - Description for the sniffer port entry. type: str + more... + +
                  • +
                • in_ports - Configure source ingress port interfaces. type: list member_path: in_ports:name + more... + +
                  • +
                    +
                  • name - Interface name. type: str required: true + more... + +
                    • +
                  +
                • out_ports - Configure source egress port interfaces. type: list member_path: out_ports:name + more... + +
                  • +
                    +
                  • name - Interface name. type: str required: true + more... + +
                    • +
                  +
                • switch_id - Managed-switch ID. Source switch-controller.managed-switch.switch-id. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch RSPAN/ERSPAN traffic sniffing parameters. + fortios_switch_controller_traffic_sniffer: + vdom: "{{ vdom }}" + switch_controller_traffic_sniffer: + erspan_ip: "" + mode: "erspan-auto" + target_ip: + - + description: "" + dst_entry_id: "7" + ip: "" + src_entry_id: "9" + target_mac: + - + description: "" + dst_entry_id: "12" + mac: "" + src_entry_id: "14" + target_port: + - + description: "" + in_ports: + - + name: "default_name_18" + out_ports: + - + name: "default_name_20" + switch_id: " (source switch-controller.managed-switch.switch-id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_virtual_port_pool.rst b/gen/fortios_switch_controller_virtual_port_pool.rst new file mode 100644 index 00000000..db61f02c --- /dev/null +++ b/gen/fortios_switch_controller_virtual_port_pool.rst @@ -0,0 +1,308 @@ +:source: fortios_switch_controller_virtual_port_pool.py + +:orphan: + +.. fortios_switch_controller_virtual_port_pool: + +fortios_switch_controller_virtual_port_pool -- Configure virtual pool in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and virtual_port_pool category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_virtual_port_poolyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_virtual_port_pool - Configure virtual pool. type: dict + more... + +
              • +
                +
              • description - Virtual switch pool description. type: str + more... + +
                • +
              • name - Virtual switch pool name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual pool. + fortios_switch_controller_virtual_port_pool: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_virtual_port_pool: + description: "" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_vlan.rst b/gen/fortios_switch_controller_vlan.rst new file mode 100644 index 00000000..a33fa4b4 --- /dev/null +++ b/gen/fortios_switch_controller_vlan.rst @@ -0,0 +1,582 @@ +:source: fortios_switch_controller_vlan.py + +:orphan: + +.. fortios_switch_controller_vlan: + +fortios_switch_controller_vlan -- Configure VLANs for switch controller in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and vlan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.3
            fortios_switch_controller_vlanyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_vlan - Configure VLANs for switch controller. type: dict + more... + +
              • +
                +
              • auth - Authentication. type: str choices: radius, usergroup + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • name - Switch VLAN name. type: str required: true + more... + +
                • +
              • portal_message_override_group - Specify captive portal replacement message override group. type: str + more... + +
                • +
              • portal_message_overrides - Individual message overrides. type: dict + more... + +
                • +
                  +
                • auth_disclaimer_page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                • auth_login_failed_page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                • auth_login_page - Override auth-login-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                • auth_reject_page - Override auth-reject-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                +
              • radius_server - Authentication radius server. Source user.radius.name. type: str + more... + +
                • +
              • security - Security. type: str choices: open, captive-portal, 8021x + more... + +
                • +
              • selected_usergroups - Selected user group. type: list member_path: selected_usergroups:name + more... + +
                • +
                  +
                • name - User group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • usergroup - Authentication usergroup. Source user.group.name. type: str + more... + +
                • +
              • vdom - Virtual domain, type: str + more... + +
                • +
              • vlanid - VLAN ID. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VLANs for switch controller. + fortios_switch_controller_vlan: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_vlan: + auth: "radius" + color: "4" + comments: "" + name: "default_name_6" + portal_message_override_group: "" + portal_message_overrides: + auth_disclaimer_page: "" + auth_login_failed_page: "" + auth_login_page: "" + auth_reject_page: "" + radius_server: " (source user.radius.name)" + security: "open" + selected_usergroups: + - + name: "default_name_16 (source user.group.name)" + usergroup: " (source user.group.name)" + vdom: "" + vlanid: "19" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_switch_controller_vlan_policy.rst b/gen/fortios_switch_controller_vlan_policy.rst new file mode 100644 index 00000000..7565efdb --- /dev/null +++ b/gen/fortios_switch_controller_vlan_policy.rst @@ -0,0 +1,574 @@ +:source: fortios_switch_controller_vlan_policy.py + +:orphan: + +.. fortios_switch_controller_vlan_policy: + +fortios_switch_controller_vlan_policy -- Configure VLAN policy to be applied on the managed FortiSwitch ports through dynamic-port-policy in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and vlan_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_switch_controller_vlan_policyyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • switch_controller_vlan_policy - Configure VLAN policy to be applied on the managed FortiSwitch ports through dynamic-port-policy. type: dict + more... + +
              • +
                +
              • allowed_vlans - Allowed VLANs to be applied when using this VLAN policy. type: list + more... + +
                • +
                  +
                • vlan_name - VLAN name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • allowed_vlans_all - Enable/disable all defined VLANs when using this VLAN policy. type: str choices: enable, disable + more... + +
                • +
              • description - Description for the VLAN policy. type: str + more... + +
                • +
              • discard_mode - Discard mode to be applied when using this VLAN policy. type: str choices: none, all-untagged, all-tagged + more... + +
                • +
              • fortilink - FortiLink interface for which this VLAN policy belongs to. Source system.interface.name. type: str + more... + +
                • +
              • name - VLAN policy name. type: str required: true + more... + +
                • +
              • untagged_vlans - Untagged VLANs to be applied when using this VLAN policy. type: list + more... + +
                • +
                  +
                • vlan_name - VLAN name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • vlan - Native VLAN to be applied when using this VLAN policy. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VLAN policy to be applied on the managed FortiSwitch ports through dynamic-port-policy. + fortios_switch_controller_vlan_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_vlan_policy: + allowed_vlans: + - + vlan_name: " (source system.interface.name)" + allowed_vlans_all: "enable" + description: "" + discard_mode: "none" + fortilink: " (source system.interface.name)" + name: "default_name_9" + untagged_vlans: + - + vlan_name: " (source system.interface.name)" + vlan: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_3g_modem_custom.rst b/gen/fortios_system_3g_modem_custom.rst new file mode 100644 index 00000000..03f87060 --- /dev/null +++ b/gen/fortios_system_3g_modem_custom.rst @@ -0,0 +1,584 @@ +:source: fortios_system_3g_modem_custom.py + +:orphan: + +.. fortios_system_3g_modem_custom: + +fortios_system_3g_modem_custom -- 3G MODEM custom in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_3g_modem feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_3g_modem_customyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_3g_modem_custom - 3G MODEM custom. type: dict + more... + +
              • +
                +
              • class_id - USB interface class in hexadecimal format (00-ff). type: str + more... + +
                • +
              • id - ID. type: int required: true + more... + +
                • +
              • init_string - Init string in hexadecimal format (even length). type: str + more... + +
                • +
              • model - MODEM model name. type: str + more... + +
                • +
              • modeswitch_string - USB modeswitch arguments. e.g: "-v 1410 -p 9030 -V 1410 -P 9032 -u 3" type: str + more... + +
                • +
              • product_id - USB product ID in hexadecimal format (0000-ffff). type: str + more... + +
                • +
              • vendor - MODEM vendor name. type: str + more... + +
                • +
              • vendor_id - USB vendor ID in hexadecimal format (0000-ffff). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: 3G MODEM custom. + fortios_system_3g_modem_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_3g_modem_custom: + class_id: "" + id: "4" + init_string: "" + model: "" + modeswitch_string: "" + product_id: "" + vendor: "" + vendor_id: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_accprofile.rst b/gen/fortios_system_accprofile.rst new file mode 100644 index 00000000..37390240 --- /dev/null +++ b/gen/fortios_system_accprofile.rst @@ -0,0 +1,5099 @@ +:source: fortios_system_accprofile.py + +:orphan: + +.. fortios_system_accprofile: + +fortios_system_accprofile -- Configure access profiles for system administrators in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and accprofile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_accprofileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_accprofile - Configure access profiles for system administrators. type: dict + more... + +
              • +
                +
              • admintimeout - Administrator timeout for this access profile (0 - 480 min). type: int + more... + +
                • +
              • admintimeout_override - Enable/disable overriding the global administrator idle timeout. type: str choices: enable, disable + more... + +
                • +
              • authgrp - Administrator access to Users and Devices. type: str choices: none, read, read-write + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • ftviewgrp - FortiView. type: str choices: none, read, read-write + more... + +
                • +
              • fwgrp - Administrator access to the Firewall configuration. type: str choices: none, read, read-write, custom + more... + +
                • +
              • fwgrp_permission - Custom firewall permission. type: dict + more... + +
                • +
                  +
                • address - Address Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • others - Other Firewall Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • policy - Policy Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • schedule - Schedule Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • service - Service Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                +
              • loggrp - Administrator access to Logging and Reporting including viewing log messages. type: str choices: none, read, read-write, custom + more... + +
                • +
              • loggrp_permission - Custom Log & Report permission. type: dict + more... + +
                • +
                  +
                • config - Log & Report configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • data_access - Log & Report Data Access. type: str choices: none, read, read-write + more... + +
                  • +
                • report_access - Log & Report Report Access. type: str choices: none, read, read-write + more... + +
                  • +
                • threat_weight - Log & Report Threat Weight. type: str choices: none, read, read-write + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • netgrp - Network Configuration. type: str choices: none, read, read-write, custom + more... + +
                • +
              • netgrp_permission - Custom network permission. type: dict + more... + +
                • +
                  +
                • cfg - Network Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • packet_capture - Packet Capture Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • route_cfg - Router Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                +
              • scope - Scope of admin access: global or specific VDOM(s). type: str choices: vdom, global + more... + +
                • +
              • secfabgrp - Security Fabric. type: str choices: none, read, read-write + more... + +
                • +
              • sysgrp - System Configuration. type: str choices: none, read, read-write, custom + more... + +
                • +
              • sysgrp_permission - Custom system permission. type: dict + more... + +
                • +
                  +
                • admin - Administrator Users. type: str choices: none, read, read-write + more... + +
                  • +
                • cfg - System Configuration. type: str choices: none, read, read-write + more... + +
                  • +
                • mnt - Maintenance. type: str choices: none, read, read-write + more... + +
                  • +
                • upd - FortiGuard Updates. type: str choices: none, read, read-write + more... + +
                  • +
                +
              • system_diagnostics - Enable/disable permission to run system diagnostic commands. type: str choices: enable, disable + more... + +
                • +
              • utmgrp - Administrator access to Security Profiles. type: str choices: none, read, read-write, custom + more... + +
                • +
              • utmgrp_permission - Custom Security Profile permissions. type: dict + more... + +
                • +
                  +
                • antivirus - Antivirus profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • application_control - Application Control profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • data_loss_prevention - DLP profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • dnsfilter - DNS Filter profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • emailfilter - Email Filter and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • endpoint_control - FortiClient Profiles. type: str choices: none, read, read-write + more... + +
                  • +
                • file_filter - File-filter profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • icap - ICAP profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • ips - IPS profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • mmsgtp - UTM permission. type: str choices: none, read, read-write + more... + +
                  • +
                • spamfilter - AntiSpam filter and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • voip - VoIP profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • waf - Web Application Firewall profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                • webfilter - Web Filter profiles and settings. type: str choices: none, read, read-write + more... + +
                  • +
                +
              • vpngrp - Administrator access to IPsec, SSL, PPTP, and L2TP VPN. type: str choices: none, read, read-write + more... + +
                • +
              • wanoptgrp - Administrator access to WAN Opt & Cache. type: str choices: none, read, read-write + more... + +
                • +
              • wifi - Administrator access to the WiFi controller and Switch controller. type: str choices: none, read, read-write + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure access profiles for system administrators. + fortios_system_accprofile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_accprofile: + admintimeout: "3" + admintimeout_override: "enable" + authgrp: "none" + comments: "" + ftviewgrp: "none" + fwgrp: "none" + fwgrp_permission: + address: "none" + others: "none" + policy: "none" + schedule: "none" + service: "none" + loggrp: "none" + loggrp_permission: + config: "none" + data_access: "none" + report_access: "none" + threat_weight: "none" + name: "default_name_21" + netgrp: "none" + netgrp_permission: + cfg: "none" + packet_capture: "none" + route_cfg: "none" + scope: "vdom" + secfabgrp: "none" + sysgrp: "none" + sysgrp_permission: + admin: "none" + cfg: "none" + mnt: "none" + upd: "none" + system_diagnostics: "enable" + utmgrp: "none" + utmgrp_permission: + antivirus: "none" + application_control: "none" + data_loss_prevention: "none" + dnsfilter: "none" + emailfilter: "none" + endpoint_control: "none" + file_filter: "none" + icap: "none" + ips: "none" + mmsgtp: "none" + spamfilter: "none" + voip: "none" + waf: "none" + webfilter: "none" + vpngrp: "none" + wanoptgrp: "none" + wifi: "none" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_acme.rst b/gen/fortios_system_acme.rst new file mode 100644 index 00000000..95365b9b --- /dev/null +++ b/gen/fortios_system_acme.rst @@ -0,0 +1,413 @@ +:source: fortios_system_acme.py + +:orphan: + +.. fortios_system_acme: + +fortios_system_acme -- Configure ACME client in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and acme category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_acmeyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_acme - Configure ACME client. type: dict + more... + +
              • +
                +
              • accounts - ACME accounts list. type: list member_path: accounts:id + more... + +
                • +
                  +
                • ca_url - Account ca_url. type: str + more... + +
                  • +
                • email - Account email. type: str + more... + +
                  • +
                • id - Account id. type: str required: true + more... + +
                  • +
                • privatekey - Account Private Key. type: str + more... + +
                  • +
                • status - Account status. type: str + more... + +
                  • +
                • url - Account url. type: str + more... + +
                  • +
                +
              • interface - Interface(s) on which the ACME client will listen for challenges. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ACME client. + fortios_system_acme: + vdom: "{{ vdom }}" + system_acme: + accounts: + - + ca_url: "" + email: "" + id: "6" + privatekey: "" + status: "" + url: "myurl.com" + interface: + - + interface_name: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_admin.rst b/gen/fortios_system_admin.rst new file mode 100644 index 00000000..36d6abf0 --- /dev/null +++ b/gen/fortios_system_admin.rst @@ -0,0 +1,4414 @@ +:source: fortios_system_admin.py + +:orphan: + +.. fortios_system_admin: + +fortios_system_admin -- Configure admin users in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_adminyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_admin - Configure admin users. type: dict + more... + +
              • +
                +
              • accprofile - Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name. type: str + more... + +
                • +
              • accprofile_override - Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this administrator can access. type: str choices: enable, disable + more... + +
                • +
              • allow_remove_admin_session - Enable/disable allow admin session to be removed by privileged admin users. type: str choices: enable, disable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • email_to - This administrator"s email address. type: str + more... + +
                • +
              • force_password_change - Enable/disable force password change on next login. type: str choices: enable, disable + more... + +
                • +
              • fortitoken - This administrator"s FortiToken serial number. type: str + more... + +
                • +
              • guest_auth - Enable/disable guest authentication. type: str choices: disable, enable + more... + +
                • +
              • guest_lang - Guest management portal language. Source system.custom-language.name. type: str + more... + +
                • +
              • guest_usergroups - Select guest user groups. type: list member_path: guest_usergroups:name + more... + +
                • +
                  +
                • name - Select guest user groups. type: str required: true + more... + +
                  • +
                +
              • gui_dashboard - GUI dashboards. type: list member_path: gui_dashboard:id + more... + +
                • +
                  +
                • columns - Number of columns. type: int + more... + +
                  • +
                • id - Dashboard ID. type: int required: true + more... + +
                  • +
                • layout_type - Layout type. type: str choices: responsive, fixed + more... + +
                  • +
                • name - Dashboard name. type: str + more... + +
                  • +
                • permanent - Permanent dashboard (can"t be removed via the GUI). type: str choices: disable, enable + more... + +
                  • +
                • scope - Dashboard scope. type: str choices: global, vdom + more... + +
                  • +
                • vdom - Virtual domain. Source system.vdom.name. type: str + more... + +
                  • +
                • widget - Dashboard widgets. type: list member_path: gui_dashboard:id/widget:id + more... + +
                  • +
                    +
                  • fabric_device - Fabric device to monitor. type: str + more... + +
                    • +
                  • fabric_device_widget_name - Fabric device widget name. type: str + more... + +
                    • +
                  • fabric_device_widget_visualization_type - Visualization type for fabric device widget. type: str + more... + +
                    • +
                  • fortiview_device - FortiView device. type: str + more... + +
                    • +
                  • fortiview_filters - FortiView filters. type: list member_path: gui_dashboard:id/widget:id/fortiview_filters:id + more... + +
                    • +
                      +
                    • id - FortiView Filter ID. type: int required: true + more... + +
                      • +
                    • key - Filter key. type: str + more... + +
                      • +
                    • value - Filter value. type: str + more... + +
                      • +
                    +
                  • fortiview_sort_by - FortiView sort by. type: str + more... + +
                    • +
                  • fortiview_timeframe - FortiView timeframe. type: str + more... + +
                    • +
                  • fortiview_type - FortiView type. type: str + more... + +
                    • +
                  • fortiview_visualization - FortiView visualization. type: str + more... + +
                    • +
                  • height - Height. type: int + more... + +
                    • +
                  • id - Widget ID. type: int required: true + more... + +
                    • +
                  • industry - Security Audit Rating industry. type: str choices: default, custom + more... + +
                    • +
                  • interface - Interface to monitor. Source system.interface.name. type: str + more... + +
                    • +
                  • region - Security Audit Rating region. type: str choices: default, custom + more... + +
                    • +
                  • title - Widget title. type: str + more... + +
                    • +
                  • type - Widget type. type: str choices: sysinfo, licinfo, forticloud, cpu-usage, memory-usage, disk-usage, log-rate, sessions, session-rate, tr-history, analytics, usb-modem, admins, security-fabric, security-fabric-ranking, sensor-info, ha-status, vulnerability-summary, host-scan-summary, fortiview, botnet-activity, fabric-device, fortimail + more... + +
                    • +
                  • width - Width. type: int + more... + +
                    • +
                  • x_pos - X position. type: int + more... + +
                    • +
                  • y_pos - Y position. type: int + more... + +
                    • +
                  +
                +
              • gui_global_menu_favorites - Favorite GUI menu IDs for the global VDOM. type: list member_path: gui_global_menu_favorites:id + more... + +
                • +
                  +
                • id - Select menu ID. type: str required: true + more... + +
                  • +
                +
              • gui_new_feature_acknowledge - Acknowledgement of new features. type: list member_path: gui_new_feature_acknowledge:id + more... + +
                • +
                  +
                • id - Select menu ID. type: str required: true + more... + +
                  • +
                +
              • gui_vdom_menu_favorites - Favorite GUI menu IDs for VDOMs. type: list member_path: gui_vdom_menu_favorites:id + more... + +
                • +
                  +
                • id - Select menu ID. type: str required: true + more... + +
                  • +
                +
              • hidden - Admin user hidden attribute. type: int + more... + +
                • +
              • history0 - history0 type: str + more... + +
                • +
              • history1 - history1 type: str + more... + +
                • +
              • ip6_trusthost1 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost10 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost2 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost3 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost4 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost5 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost6 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost7 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost8 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • ip6_trusthost9 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str + more... + +
                • +
              • login_time - Record user login time. type: list + more... + +
                • +
                  +
                • last_failed_login - Last failed login time. type: str + more... + +
                  • +
                • last_login - Last successful login time. type: str + more... + +
                  • +
                • usr_name - User name. type: str + more... + +
                  • +
                +
              • name - User name. type: str required: true + more... + +
                • +
              • password - Admin user password. type: str + more... + +
                • +
              • password_expire - Password expire time. type: str + more... + +
                • +
              • peer_auth - Set to enable peer certificate authentication (for HTTPS admin access). type: str choices: enable, disable + more... + +
                • +
              • peer_group - Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin access). type: str + more... + +
                • +
              • radius_vdom_override - Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. type: str choices: enable, disable + more... + +
                • +
              • remote_auth - Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server. type: str choices: enable, disable + more... + +
                • +
              • remote_group - User group name used for remote auth. type: str + more... + +
                • +
              • schedule - Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions. type: str + more... + +
                • +
              • sms_custom_server - Custom SMS server to send SMS messages to. Source system.sms-server.name. type: str + more... + +
                • +
              • sms_phone - Phone number on which the administrator receives SMS messages. type: str + more... + +
                • +
              • sms_server - Send SMS messages using the FortiGuard SMS server or a custom server. type: str choices: fortiguard, custom + more... + +
                • +
              • ssh_certificate - Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.remote.name. type: str + more... + +
                • +
              • ssh_public_key1 - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str + more... + +
                • +
              • ssh_public_key2 - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str + more... + +
                • +
              • ssh_public_key3 - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str + more... + +
                • +
              • trusthost1 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost10 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost2 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost3 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost4 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost5 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost6 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost7 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost8 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • trusthost9 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str + more... + +
                • +
              • two_factor - Enable/disable two-factor authentication. type: str choices: disable, fortitoken, fortitoken-cloud, email, sms + more... + +
                • +
              • two_factor_authentication - Authentication method by FortiToken Cloud. type: str choices: fortitoken, email, sms + more... + +
                • +
              • two_factor_notification - Notification method for user activation by FortiToken Cloud. type: str choices: email, sms + more... + +
                • +
              • vdom - Virtual domain(s) that the administrator can access. type: list member_path: vdom:name + more... + +
                • +
                  +
                • name - Virtual domain name. Source system.vdom.name. type: str required: true + more... + +
                  • +
                +
              • wildcard - Enable/disable wildcard RADIUS authentication. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure admin users. + fortios_system_admin: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_admin: + accprofile: " (source system.accprofile.name)" + accprofile_override: "enable" + allow_remove_admin_session: "enable" + comments: "" + email_to: "" + force_password_change: "enable" + fortitoken: "" + guest_auth: "disable" + guest_lang: " (source system.custom-language.name)" + guest_usergroups: + - + name: "default_name_13" + gui_dashboard: + - + columns: "15" + id: "16" + layout_type: "responsive" + name: "default_name_18" + permanent: "disable" + scope: "global" + vdom: " (source system.vdom.name)" + widget: + - + fabric_device: "" + fabric_device_widget_name: "" + fabric_device_widget_visualization_type: "" + fortiview_device: "" + fortiview_filters: + - + id: "28" + key: "" + value: "" + fortiview_sort_by: "" + fortiview_timeframe: "" + fortiview_type: "" + fortiview_visualization: "" + height: "35" + id: "36" + industry: "default" + interface: " (source system.interface.name)" + region: "default" + title: "" + type: "sysinfo" + width: "42" + x_pos: "43" + y_pos: "44" + gui_global_menu_favorites: + - + id: "46" + gui_new_feature_acknowledge: + - + id: "48" + gui_vdom_menu_favorites: + - + id: "50" + hidden: "51" + history0: "" + history1: "" + ip6_trusthost1: "" + ip6_trusthost10: "" + ip6_trusthost2: "" + ip6_trusthost3: "" + ip6_trusthost4: "" + ip6_trusthost5: "" + ip6_trusthost6: "" + ip6_trusthost7: "" + ip6_trusthost8: "" + ip6_trusthost9: "" + login_time: + - + last_failed_login: "" + last_login: "" + usr_name: "" + name: "default_name_68" + password: "" + password_expire: "" + peer_auth: "enable" + peer_group: "" + radius_vdom_override: "enable" + remote_auth: "enable" + remote_group: "" + schedule: "" + sms_custom_server: " (source system.sms-server.name)" + sms_phone: "" + sms_server: "fortiguard" + ssh_certificate: " (source certificate.remote.name)" + ssh_public_key1: "" + ssh_public_key2: "" + ssh_public_key3: "" + trusthost1: "" + trusthost10: "" + trusthost2: "" + trusthost3: "" + trusthost4: "" + trusthost5: "" + trusthost6: "" + trusthost7: "" + trusthost8: "" + trusthost9: "" + two_factor: "disable" + two_factor_authentication: "fortitoken" + two_factor_notification: "email" + vdom: + - + name: "default_name_98 (source system.vdom.name)" + wildcard: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_affinity_interrupt.rst b/gen/fortios_system_affinity_interrupt.rst new file mode 100644 index 00000000..ab50a738 --- /dev/null +++ b/gen/fortios_system_affinity_interrupt.rst @@ -0,0 +1,254 @@ +:source: fortios_system_affinity_interrupt.py + +:orphan: + +.. fortios_system_affinity_interrupt: + +fortios_system_affinity_interrupt -- Configure interrupt affinity in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and affinity_interrupt category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_affinity_interruptyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_affinity_interrupt - Configure interrupt affinity. type: dict + more... + +
              • +
                +
              • affinity_cpumask - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • id - ID of the interrupt affinity setting. type: int required: true + more... + +
                • +
              • interrupt - Interrupt name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure interrupt affinity. + fortios_system_affinity_interrupt: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_affinity_interrupt: + affinity_cpumask: "" + id: "4" + interrupt: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_affinity_packet_redistribution.rst b/gen/fortios_system_affinity_packet_redistribution.rst new file mode 100644 index 00000000..1952822d --- /dev/null +++ b/gen/fortios_system_affinity_packet_redistribution.rst @@ -0,0 +1,280 @@ +:source: fortios_system_affinity_packet_redistribution.py + +:orphan: + +.. fortios_system_affinity_packet_redistribution: + +fortios_system_affinity_packet_redistribution -- Configure packet redistribution in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and affinity_packet_redistribution category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_affinity_packet_redistributionyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_affinity_packet_redistribution - Configure packet redistribution. type: dict + more... + +
              • +
                +
              • affinity_cpumask - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • id - ID of the packet redistribution setting. type: int required: true + more... + +
                • +
              • interface - Physical interface name on which to perform packet redistribution. Source system.interface.name. type: str + more... + +
                • +
              • rxqid - ID of the receive queue (when the interface has multiple queues) on which to perform packet redistribution. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure packet redistribution. + fortios_system_affinity_packet_redistribution: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_affinity_packet_redistribution: + affinity_cpumask: "" + id: "4" + interface: " (source system.interface.name)" + rxqid: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_alarm.rst b/gen/fortios_system_alarm.rst new file mode 100644 index 00000000..a77c4725 --- /dev/null +++ b/gen/fortios_system_alarm.rst @@ -0,0 +1,1353 @@ +:source: fortios_system_alarm.py + +:orphan: + +.. fortios_system_alarm: + +fortios_system_alarm -- Configure alarm in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and alarm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_alarmyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_alarm - Configure alarm. type: dict + more... + +
              • +
                +
              • audible - Enable/disable audible alarm. type: str choices: enable, disable + more... + +
                • +
              • groups - Alarm groups. type: list member_path: groups:id + more... + +
                • +
                  +
                • admin_auth_failure_threshold - Admin authentication failure threshold. type: int + more... + +
                  • +
                • admin_auth_lockout_threshold - Admin authentication lockout threshold. type: int + more... + +
                  • +
                • decryption_failure_threshold - Decryption failure threshold. type: int + more... + +
                  • +
                • encryption_failure_threshold - Encryption failure threshold. type: int + more... + +
                  • +
                • fw_policy_id - Firewall policy ID. type: int + more... + +
                  • +
                • fw_policy_id_threshold - Firewall policy ID threshold. type: int + more... + +
                  • +
                • fw_policy_violations - Firewall policy violations. type: list member_path: groups:id/fw_policy_violations:id + more... + +
                  • +
                    +
                  • dst_ip - Destination IP (0=all). type: str + more... + +
                    • +
                  • dst_port - Destination port (0=all). type: int + more... + +
                    • +
                  • id - Firewall policy violations ID. type: int required: true + more... + +
                    • +
                  • src_ip - Source IP (0=all). type: str + more... + +
                    • +
                  • src_port - Source port (0=all). type: int + more... + +
                    • +
                  • threshold - Firewall policy violation threshold. type: int + more... + +
                    • +
                  +
                • id - Group ID. type: int required: true + more... + +
                  • +
                • log_full_warning_threshold - Log full warning threshold. type: int + more... + +
                  • +
                • period - Time period in seconds (0 = from start up). type: int + more... + +
                  • +
                • replay_attempt_threshold - Replay attempt threshold. type: int + more... + +
                  • +
                • self_test_failure_threshold - Self-test failure threshold. type: int + more... + +
                  • +
                • user_auth_failure_threshold - User authentication failure threshold. type: int + more... + +
                  • +
                • user_auth_lockout_threshold - User authentication lockout threshold. type: int + more... + +
                  • +
                +
              • status - Enable/disable alarm. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure alarm. + fortios_system_alarm: + vdom: "{{ vdom }}" + system_alarm: + audible: "enable" + groups: + - + admin_auth_failure_threshold: "5" + admin_auth_lockout_threshold: "6" + decryption_failure_threshold: "7" + encryption_failure_threshold: "8" + fw_policy_id: "9" + fw_policy_id_threshold: "10" + fw_policy_violations: + - + dst_ip: "" + dst_port: "13" + id: "14" + src_ip: "" + src_port: "16" + threshold: "17" + id: "18" + log_full_warning_threshold: "19" + period: "20" + replay_attempt_threshold: "21" + self_test_failure_threshold: "22" + user_auth_failure_threshold: "23" + user_auth_lockout_threshold: "24" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_alias.rst b/gen/fortios_system_alias.rst new file mode 100644 index 00000000..7b11baaf --- /dev/null +++ b/gen/fortios_system_alias.rst @@ -0,0 +1,308 @@ +:source: fortios_system_alias.py + +:orphan: + +.. fortios_system_alias: + +fortios_system_alias -- Configure alias command in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and alias category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_aliasyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_alias - Configure alias command. type: dict + more... + +
              • +
                +
              • command - Command list to execute. type: str + more... + +
                • +
              • name - Alias command name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure alias command. + fortios_system_alias: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_alias: + command: "" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_api_user.rst b/gen/fortios_system_api_user.rst new file mode 100644 index 00000000..8ac16357 --- /dev/null +++ b/gen/fortios_system_api_user.rst @@ -0,0 +1,988 @@ +:source: fortios_system_api_user.py + +:orphan: + +.. fortios_system_api_user: + +fortios_system_api_user -- Configure API users in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and api_user category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_api_useryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_api_user - Configure API users. type: dict + more... + +
              • +
                +
              • accprofile - Admin user access profile. Source system.accprofile.name. type: str + more... + +
                • +
              • api_key - Admin user password. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • cors_allow_origin - Value for Access-Control-Allow-Origin on API responses. Avoid using "*" if possible. type: str + more... + +
                • +
              • name - User name. type: str required: true + more... + +
                • +
              • peer_auth - Enable/disable peer authentication. type: str choices: enable, disable + more... + +
                • +
              • peer_group - Peer group name. type: str + more... + +
                • +
              • schedule - Schedule name. type: str + more... + +
                • +
              • trusthost - Trusthost. type: list member_path: trusthost:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • ipv4_trusthost - IPv4 trusted host address. type: str + more... + +
                  • +
                • ipv6_trusthost - IPv6 trusted host address. type: str + more... + +
                  • +
                • type - Trusthost type. type: str choices: ipv4-trusthost, ipv6-trusthost + more... + +
                  • +
                +
              • vdom - Virtual domains. type: list member_path: vdom:name + more... + +
                • +
                  +
                • name - Virtual domain name. Source system.vdom.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure API users. + fortios_system_api_user: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_api_user: + accprofile: " (source system.accprofile.name)" + api_key: "" + comments: "" + cors_allow_origin: "" + name: "default_name_7" + peer_auth: "enable" + peer_group: "" + schedule: "" + trusthost: + - + id: "12" + ipv4_trusthost: "" + ipv6_trusthost: "" + type: "ipv4-trusthost" + vdom: + - + name: "default_name_17 (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_arp_table.rst b/gen/fortios_system_arp_table.rst new file mode 100644 index 00000000..9577dceb --- /dev/null +++ b/gen/fortios_system_arp_table.rst @@ -0,0 +1,400 @@ +:source: fortios_system_arp_table.py + +:orphan: + +.. fortios_system_arp_table: + +fortios_system_arp_table -- Configure ARP table in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and arp_table category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_arp_tableyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_arp_table - Configure ARP table. type: dict + more... + +
              • +
                +
              • id - Unique integer ID of the entry. type: int required: true + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • ip - IP address. type: str + more... + +
                • +
              • mac - MAC address. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ARP table. + fortios_system_arp_table: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_arp_table: + id: "3" + interface: " (source system.interface.name)" + ip: "" + mac: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_auto_install.rst b/gen/fortios_system_auto_install.rst new file mode 100644 index 00000000..5e2b454d --- /dev/null +++ b/gen/fortios_system_auto_install.rst @@ -0,0 +1,473 @@ +:source: fortios_system_auto_install.py + +:orphan: + +.. fortios_system_auto_install: + +fortios_system_auto_install -- Configure USB auto installation in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and auto_install category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_auto_installyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_auto_install - Configure USB auto installation. type: dict + more... + +
              • +
                +
              • auto_install_config - Enable/disable auto install the config in USB disk. type: str choices: enable, disable + more... + +
                • +
              • auto_install_image - Enable/disable auto install the image in USB disk. type: str choices: enable, disable + more... + +
                • +
              • default_config_file - Default config file name in USB disk. type: str + more... + +
                • +
              • default_image_file - Default image file name in USB disk. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure USB auto installation. + fortios_system_auto_install: + vdom: "{{ vdom }}" + system_auto_install: + auto_install_config: "enable" + auto_install_image: "enable" + default_config_file: "" + default_image_file: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_auto_script.rst b/gen/fortios_system_auto_script.rst new file mode 100644 index 00000000..39decbb7 --- /dev/null +++ b/gen/fortios_system_auto_script.rst @@ -0,0 +1,576 @@ +:source: fortios_system_auto_script.py + +:orphan: + +.. fortios_system_auto_script: + +fortios_system_auto_script -- Configure auto script in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and auto_script category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_auto_scriptyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_auto_script - Configure auto script. type: dict + more... + +
              • +
                +
              • interval - Repeat interval in seconds. type: int + more... + +
                • +
              • name - Auto script name. type: str required: true + more... + +
                • +
              • output_size - Number of megabytes to limit script output to (10 - 1024). type: int + more... + +
                • +
              • repeat - Number of times to repeat this script (0 = infinite). type: int + more... + +
                • +
              • script - List of FortiOS CLI commands to repeat. type: str + more... + +
                • +
              • start - Script starting mode. type: str choices: manual, auto + more... + +
                • +
              • timeout - Maximum running time for this script in seconds (0 = no timeout). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure auto script. + fortios_system_auto_script: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_auto_script: + interval: "3" + name: "default_name_4" + output_size: "5" + repeat: "6" + script: "" + start: "manual" + timeout: "9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_automation_action.rst b/gen/fortios_system_automation_action.rst new file mode 100644 index 00000000..ec85c46e --- /dev/null +++ b/gen/fortios_system_automation_action.rst @@ -0,0 +1,3199 @@ +:source: fortios_system_automation_action.py + +:orphan: + +.. fortios_system_automation_action: + +fortios_system_automation_action -- Action for automation stitches in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_action category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_automation_actionyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_automation_action - Action for automation stitches. type: dict + more... + +
              • +
                +
              • accprofile - Access profile for CLI script action to access FortiGate features. Source system.accprofile.name. type: str + more... + +
                • +
              • action_type - Action type. type: str choices: email, fortiexplorer-notification, alert, disable-ssid, quarantine, quarantine-forticlient, quarantine-nsx, quarantine-fortinac, ban-ip, aws-lambda, azure-function, google-cloud-function, alicloud-function, webhook, cli-script, slack-notification, microsoft-teams-notification, ios-notification + more... + +
                • +
              • alicloud_access_key_id - AliCloud AccessKey ID. type: str + more... + +
                • +
              • alicloud_access_key_secret - AliCloud AccessKey secret. type: str + more... + +
                • +
              • alicloud_account_id - AliCloud account ID. type: str + more... + +
                • +
              • alicloud_function - AliCloud function name. type: str + more... + +
                • +
              • alicloud_function_authorization - AliCloud function authorization type. type: str choices: anonymous, function + more... + +
                • +
              • alicloud_function_domain - AliCloud function domain. type: str + more... + +
                • +
              • alicloud_region - AliCloud region. type: str + more... + +
                • +
              • alicloud_service - AliCloud service name. type: str + more... + +
                • +
              • alicloud_version - AliCloud version. type: str + more... + +
                • +
              • aws_api_id - AWS API Gateway ID. type: str + more... + +
                • +
              • aws_api_key - AWS API Gateway API key. type: str + more... + +
                • +
              • aws_api_path - AWS API Gateway path. type: str + more... + +
                • +
              • aws_api_stage - AWS API Gateway deployment stage name. type: str + more... + +
                • +
              • aws_domain - AWS domain. type: str + more... + +
                • +
              • aws_region - AWS region. type: str + more... + +
                • +
              • azure_api_key - Azure function API key. type: str + more... + +
                • +
              • azure_app - Azure function application name. type: str + more... + +
                • +
              • azure_domain - Azure function domain. type: str + more... + +
                • +
              • azure_function - Azure function name. type: str + more... + +
                • +
              • azure_function_authorization - Azure function authorization level. type: str choices: anonymous, function, admin + more... + +
                • +
              • delay - Delay before execution (in seconds). type: int + more... + +
                • +
              • description - Description. type: str + more... + +
                • +
              • email_body - Email body. type: str + more... + +
                • +
              • email_from - Email sender name. type: str + more... + +
                • +
              • email_subject - Email subject. type: str + more... + +
                • +
              • email_to - Email addresses. type: list member_path: email_to:name + more... + +
                • +
                  +
                • name - Email address. type: str required: true + more... + +
                  • +
                +
              • execute_security_fabric - Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric. type: str choices: enable, disable + more... + +
                • +
              • gcp_function - Google Cloud function name. type: str + more... + +
                • +
              • gcp_function_domain - Google Cloud function domain. type: str + more... + +
                • +
              • gcp_function_region - Google Cloud function region. type: str + more... + +
                • +
              • gcp_project - Google Cloud Platform project name. type: str + more... + +
                • +
              • headers - Request headers. type: list member_path: headers:header + more... + +
                • +
                  +
                • header - Request header. type: str required: true + more... + +
                  • +
                +
              • http_body - Request body (if necessary). Should be serialized json string. type: str + more... + +
                • +
              • message - Message content. type: str + more... + +
                • +
              • message_type - Message type. type: str choices: text, json + more... + +
                • +
              • method - Request method (POST, PUT, GET, PATCH or DELETE). type: str choices: post, put, get, patch, delete + more... + +
                • +
              • minimum_interval - Limit execution to no more than once in this interval (in seconds). type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • port - Protocol port. type: int + more... + +
                • +
              • protocol - Request protocol. type: str choices: http, https + more... + +
                • +
              • replacement_message - Enable/disable replacement message. type: str choices: enable, disable + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • required - Required in action chain. type: str choices: enable, disable + more... + +
                • +
              • script - CLI script. type: str + more... + +
                • +
              • sdn_connector - NSX SDN connector names. type: list member_path: sdn_connector:name + more... + +
                • +
                  +
                • name - SDN connector name. Source system.sdn-connector.name. type: str required: true + more... + +
                  • +
                +
              • security_tag - NSX security tag. type: str + more... + +
                • +
              • tls_certificate - Custom TLS certificate for API request. Source certificate.local.name. type: str + more... + +
                • +
              • uri - Request API URI. type: str + more... + +
                • +
              • verify_host_cert - Enable/disable verification of the remote host certificate. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Action for automation stitches. + fortios_system_automation_action: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_action: + accprofile: " (source system.accprofile.name)" + action_type: "email" + alicloud_access_key_id: "" + alicloud_access_key_secret: "" + alicloud_account_id: "" + alicloud_function: "" + alicloud_function_authorization: "anonymous" + alicloud_function_domain: "" + alicloud_region: "" + alicloud_service: "" + alicloud_version: "" + aws_api_id: "" + aws_api_key: "" + aws_api_path: "" + aws_api_stage: "" + aws_domain: "" + aws_region: "" + azure_api_key: "" + azure_app: "" + azure_domain: "" + azure_function: "" + azure_function_authorization: "anonymous" + delay: "25" + description: "" + email_body: "" + email_from: "" + email_subject: "" + email_to: + - + name: "default_name_31" + execute_security_fabric: "enable" + gcp_function: "" + gcp_function_domain: "" + gcp_function_region: "" + gcp_project: "" + headers: + - + header: "" + http_body: "" + message: "" + message_type: "text" + method: "post" + minimum_interval: "43" + name: "default_name_44" + port: "45" + protocol: "http" + replacement_message: "enable" + replacemsg_group: " (source system.replacemsg-group.name)" + required: "enable" + script: "" + sdn_connector: + - + name: "default_name_52 (source system.sdn-connector.name)" + security_tag: "" + tls_certificate: " (source certificate.local.name)" + uri: "" + verify_host_cert: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_automation_destination.rst b/gen/fortios_system_automation_destination.rst new file mode 100644 index 00000000..e685a93a --- /dev/null +++ b/gen/fortios_system_automation_destination.rst @@ -0,0 +1,487 @@ +:source: fortios_system_automation_destination.py + +:orphan: + +.. fortios_system_automation_destination: + +fortios_system_automation_destination -- Automation destinations in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_destination category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_automation_destinationyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_automation_destination - Automation destinations. type: dict + more... + +
              • +
                +
              • destination - Destinations. type: list member_path: destination:name + more... + +
                • +
                  +
                • name - Destination. type: str required: true + more... + +
                  • +
                +
              • ha_group_id - Cluster group ID set for this destination . type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • type - Destination type. type: str choices: fortigate, ha-cluster + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Automation destinations. + fortios_system_automation_destination: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_destination: + destination: + - + name: "default_name_4" + ha_group_id: "5" + name: "default_name_6" + type: "fortigate" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_automation_stitch.rst b/gen/fortios_system_automation_stitch.rst new file mode 100644 index 00000000..fbe5f4b1 --- /dev/null +++ b/gen/fortios_system_automation_stitch.rst @@ -0,0 +1,769 @@ +:source: fortios_system_automation_stitch.py + +:orphan: + +.. fortios_system_automation_stitch: + +fortios_system_automation_stitch -- Automation stitches in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_stitch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_automation_stitchyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_automation_stitch - Automation stitches. type: dict + more... + +
              • +
                +
              • action - Action names. type: list member_path: action:name + more... + +
                • +
                  +
                • name - Action name. Source system.automation-action.name. type: str required: true + more... + +
                  • +
                +
              • actions - Configure stitch actions. type: list member_path: actions:id + more... + +
                • +
                  +
                • action - Action name. Source system.automation-action.name. type: str + more... + +
                  • +
                • delay - Delay before execution (in seconds). type: int + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • required - Required in action chain. type: str choices: enable, disable + more... + +
                  • +
                +
              • description - Description. type: str + more... + +
                • +
              • destination - Serial number/HA group-name of destination devices. type: list member_path: destination:name + more... + +
                • +
                  +
                • name - Destination name. Source system.automation-destination.name. type: str required: true + more... + +
                  • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • status - Enable/disable this stitch. type: str choices: enable, disable + more... + +
                • +
              • trigger - Trigger name. Source system.automation-trigger.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Automation stitches. + fortios_system_automation_stitch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_stitch: + action: + - + name: "default_name_4 (source system.automation-action.name)" + actions: + - + action: " (source system.automation-action.name)" + delay: "7" + id: "8" + required: "enable" + description: "" + destination: + - + name: "default_name_12 (source system.automation-destination.name)" + name: "default_name_13" + status: "enable" + trigger: " (source system.automation-trigger.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_automation_trigger.rst b/gen/fortios_system_automation_trigger.rst new file mode 100644 index 00000000..37f1b163 --- /dev/null +++ b/gen/fortios_system_automation_trigger.rst @@ -0,0 +1,2078 @@ +:source: fortios_system_automation_trigger.py + +:orphan: + +.. fortios_system_automation_trigger: + +fortios_system_automation_trigger -- Trigger for automation stitches in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_trigger category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_automation_triggeryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_automation_trigger - Trigger for automation stitches. type: dict + more... + +
              • +
                +
              • description - Description. type: str + more... + +
                • +
              • event_type - Event type. type: str choices: ioc, event-log, reboot, low-memory, high-cpu, license-near-expiry, ha-failover, config-change, security-rating-summary, virus-ips-db-updated, faz-event, incoming-webhook, fabric-event + more... + +
                • +
              • fabric_event_name - Fabric connector event handler name. type: str + more... + +
                • +
              • fabric_event_severity - Fabric connector event severity. type: str + more... + +
                • +
              • faz_event_name - FortiAnalyzer event handler name. type: str + more... + +
                • +
              • faz_event_severity - FortiAnalyzer event severity. type: str + more... + +
                • +
              • faz_event_tags - FortiAnalyzer event tags. type: str + more... + +
                • +
              • fields - Customized trigger field settings. type: list member_path: fields:id + more... + +
                • +
                  +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                • name - Name. type: str + more... + +
                  • +
                • value - Value. type: str + more... + +
                  • +
                +
              • ioc_level - IOC threat level. type: str choices: medium, high + more... + +
                • +
              • license_type - License type. type: str choices: forticare-support, fortiguard-webfilter, fortiguard-antispam, fortiguard-antivirus, fortiguard-ips, fortiguard-management, forticloud, any + more... + +
                • +
              • logid - Log IDs to trigger event. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • report_type - Security Rating report. type: str choices: posture, coverage, optimization, any, PostureReport, CoverageReport, OptimizationReport + more... + +
                • +
              • serial - Fabric connector serial number. type: str + more... + +
                • +
              • trigger_day - Day within a month to trigger. type: int + more... + +
                • +
              • trigger_frequency - Scheduled trigger frequency . type: str choices: hourly, daily, weekly, monthly + more... + +
                • +
              • trigger_hour - Hour of the day on which to trigger (0 - 23). type: int + more... + +
                • +
              • trigger_minute - Minute of the hour on which to trigger (0 - 59). type: int + more... + +
                • +
              • trigger_type - Trigger type. type: str choices: event-based, scheduled + more... + +
                • +
              • trigger_weekday - Day of week for trigger. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Trigger for automation stitches. + fortios_system_automation_trigger: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_trigger: + description: "" + event_type: "ioc" + fabric_event_name: "" + fabric_event_severity: "" + faz_event_name: "" + faz_event_severity: "" + faz_event_tags: "" + fields: + - + id: "11" + name: "default_name_12" + value: "" + ioc_level: "medium" + license_type: "forticare-support" + logid: + - + id: "17" + name: "default_name_18" + report_type: "posture" + serial: "" + trigger_day: "21" + trigger_frequency: "hourly" + trigger_hour: "23" + trigger_minute: "24" + trigger_type: "event-based" + trigger_weekday: "sunday" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_autoupdate_push_update.rst b/gen/fortios_system_autoupdate_push_update.rst new file mode 100644 index 00000000..3a796a7e --- /dev/null +++ b/gen/fortios_system_autoupdate_push_update.rst @@ -0,0 +1,377 @@ +:source: fortios_system_autoupdate_push_update.py + +:orphan: + +.. fortios_system_autoupdate_push_update: + +fortios_system_autoupdate_push_update -- Configure push updates in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_autoupdate feature and push_update category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4
            fortios_system_autoupdate_push_updateyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_autoupdate_push_update - Configure push updates. type: dict + more... + +
              • +
                +
              • address - IPv4 or IPv6 address used by FortiGuard servers to send push updates to this FortiGate. type: str + more... + +
                • +
              • override - Enable/disable push update override server. type: str choices: enable, disable + more... + +
                • +
              • port - Push update override port. (Do not overlap with other service ports) type: int + more... + +
                • +
              • status - Enable/disable push updates. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure push updates. + fortios_system_autoupdate_push_update: + vdom: "{{ vdom }}" + system_autoupdate_push_update: + address: "" + override: "enable" + port: "5" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_autoupdate_schedule.rst b/gen/fortios_system_autoupdate_schedule.rst new file mode 100644 index 00000000..7d5bc229 --- /dev/null +++ b/gen/fortios_system_autoupdate_schedule.rst @@ -0,0 +1,644 @@ +:source: fortios_system_autoupdate_schedule.py + +:orphan: + +.. fortios_system_autoupdate_schedule: + +fortios_system_autoupdate_schedule -- Configure update schedule in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_autoupdate feature and schedule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_autoupdate_scheduleyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_autoupdate_schedule - Configure update schedule. type: dict + more... + +
              • +
                +
              • day - Update day. type: str choices: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday + more... + +
                • +
              • frequency - Update frequency. type: str choices: every, daily, weekly, automatic + more... + +
                • +
              • status - Enable/disable scheduled updates. type: str choices: enable, disable + more... + +
                • +
              • time - Update time. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure update schedule. + fortios_system_autoupdate_schedule: + vdom: "{{ vdom }}" + system_autoupdate_schedule: + day: "Sunday" + frequency: "every" + status: "enable" + time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_autoupdate_tunneling.rst b/gen/fortios_system_autoupdate_tunneling.rst new file mode 100644 index 00000000..d83c10c7 --- /dev/null +++ b/gen/fortios_system_autoupdate_tunneling.rst @@ -0,0 +1,481 @@ +:source: fortios_system_autoupdate_tunneling.py + +:orphan: + +.. fortios_system_autoupdate_tunneling: + +fortios_system_autoupdate_tunneling -- Configure web proxy tunneling for the FDN in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_autoupdate feature and tunneling category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_autoupdate_tunnelingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_autoupdate_tunneling - Configure web proxy tunneling for the FDN. type: dict + more... + +
              • +
                +
              • address - Web proxy IP address or FQDN. type: str + more... + +
                • +
              • password - Web proxy password. type: str + more... + +
                • +
              • port - Web proxy port. type: int + more... + +
                • +
              • status - Enable/disable web proxy tunneling. type: str choices: enable, disable + more... + +
                • +
              • username - Web proxy username. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web proxy tunneling for the FDN. + fortios_system_autoupdate_tunneling: + vdom: "{{ vdom }}" + system_autoupdate_tunneling: + address: "" + password: "" + port: "5" + status: "enable" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_central_management.rst b/gen/fortios_system_central_management.rst new file mode 100644 index 00000000..1a55e95d --- /dev/null +++ b/gen/fortios_system_central_management.rst @@ -0,0 +1,2066 @@ +:source: fortios_system_central_management.py + +:orphan: + +.. fortios_system_central_management: + +fortios_system_central_management -- Configure central management in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and central_management category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_central_managementyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_central_management - Configure central management. type: dict + more... + +
              • +
                +
              • allow_monitor - Enable/disable allowing the central management server to remotely monitor this FortiGate unit. type: str choices: enable, disable + more... + +
                • +
              • allow_push_configuration - Enable/disable allowing the central management server to push configuration changes to this FortiGate. type: str choices: enable, disable + more... + +
                • +
              • allow_push_firmware - Enable/disable allowing the central management server to push firmware updates to this FortiGate. type: str choices: enable, disable + more... + +
                • +
              • allow_remote_firmware_upgrade - Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. type: str choices: enable, disable + more... + +
                • +
              • ca_cert - CA certificate to be used by FGFM protocol. type: str + more... + +
                • +
              • enc_algorithm - Encryption strength for communications between the FortiGate and central management. type: str choices: default, high, low + more... + +
                • +
              • fmg - IP address or FQDN of the FortiManager. type: str + more... + +
                • +
              • fmg_source_ip - IPv4 source address that this FortiGate uses when communicating with FortiManager. type: str + more... + +
                • +
              • fmg_source_ip6 - IPv6 source address that this FortiGate uses when communicating with FortiManager. type: str + more... + +
                • +
              • fmg_update_port - Port used to communicate with FortiManager that is acting as a FortiGuard update server. type: str choices: 8890, 443 + more... + +
                • +
              • include_default_servers - Enable/disable inclusion of public FortiGuard servers in the override server list. type: str choices: enable, disable + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • local_cert - Certificate to be used by FGFM protocol. type: str + more... + +
                • +
              • mode - Central management mode. type: str choices: normal, backup + more... + +
                • +
              • schedule_config_restore - Enable/disable allowing the central management server to restore the configuration of this FortiGate. type: str choices: enable, disable + more... + +
                • +
              • schedule_script_restore - Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. type: str choices: enable, disable + more... + +
                • +
              • serial_number - Serial number. type: str + more... + +
                • +
              • server_list - Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers. type: list member_path: server_list:id + more... + +
                • +
                  +
                • addr_type - Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. type: str choices: ipv4, ipv6, fqdn + more... + +
                  • +
                • fqdn - FQDN address of override server. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • server_address - IPv4 address of override server. type: str + more... + +
                  • +
                • server_address6 - IPv6 address of override server. type: str + more... + +
                  • +
                • server_type - FortiGuard service type. type: str choices: update, rating + more... + +
                  • +
                +
              • type - Central management type. type: str choices: fortimanager, fortiguard, none + more... + +
                • +
              • vdom - Virtual domain (VDOM) name to use when communicating with FortiManager. Source system.vdom.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure central management. + fortios_system_central_management: + vdom: "{{ vdom }}" + system_central_management: + allow_monitor: "enable" + allow_push_configuration: "enable" + allow_push_firmware: "enable" + allow_remote_firmware_upgrade: "enable" + ca_cert: "" + enc_algorithm: "default" + fmg: "" + fmg_source_ip: "" + fmg_source_ip6: "" + fmg_update_port: "8890" + include_default_servers: "enable" + interface: " (source system.interface.name)" + interface_select_method: "auto" + local_cert: "" + mode: "normal" + schedule_config_restore: "enable" + schedule_script_restore: "enable" + serial_number: "" + server_list: + - + addr_type: "ipv4" + fqdn: "" + id: "24" + server_address: "" + server_address6: "" + server_type: "update" + type: "fortimanager" + vdom: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_cluster_sync.rst b/gen/fortios_system_cluster_sync.rst new file mode 100644 index 00000000..4576f3af --- /dev/null +++ b/gen/fortios_system_cluster_sync.rst @@ -0,0 +1,1591 @@ +:source: fortios_system_cluster_sync.py + +:orphan: + +.. fortios_system_cluster_sync: + +fortios_system_cluster_sync -- Configure FortiGate Session Life Support Protocol (FGSP) session synchronization in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and cluster_sync category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_cluster_syncyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_cluster_sync - Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. type: dict + more... + +
              • +
                +
              • down_intfs_before_sess_sync - List of interfaces to be turned down before session synchronization is complete. type: list member_path: down_intfs_before_sess_sync:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • hb_interval - Heartbeat interval (1 - 10 sec). type: int + more... + +
                • +
              • hb_lost_threshold - Lost heartbeat threshold (1 - 10). type: int + more... + +
                • +
              • ike_heartbeat_interval - IKE heartbeat interval (1 - 60 secs). type: int + more... + +
                • +
              • ike_monitor - Enable/disable IKE HA monitor. type: str choices: enable, disable + more... + +
                • +
              • ike_monitor_interval - IKE HA monitor interval (10 - 300 secs). type: int + more... + +
                • +
              • ike_seqjump_speed - ESP jump ahead factor (1G - 10G pps equivalent). type: int + more... + +
                • +
              • ipsec_tunnel_sync - Enable/disable IPsec tunnel synchronization. type: str choices: enable, disable + more... + +
                • +
              • peerip - IP address of the interface on the peer unit that is used for the session synchronization link. type: str + more... + +
                • +
              • peervd - VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd. Source system.vdom.name. type: str + more... + +
                • +
              • secondary_add_ipsec_routes - Enable/disable IKE route announcement on the backup unit. type: str choices: enable, disable + more... + +
                • +
              • session_sync_filter - Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize. type: dict + more... + +
                • +
                  +
                • custom_service - Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom services. type: list member_path: session_sync_filter/custom_service:id + more... + +
                  • +
                    +
                  • dst_port_range - Custom service destination port range. type: str + more... + +
                    • +
                  • id - Custom service ID. type: int required: true + more... + +
                    • +
                  • src_port_range - Custom service source port range. type: str + more... + +
                    • +
                  +
                • dstaddr - Only sessions to this IPv4 address are synchronized. You can only enter one address. To synchronize sessions for multiple destination addresses, add multiple filters. type: str + more... + +
                  • +
                • dstaddr6 - Only sessions to this IPv6 address are synchronized. You can only enter one address. To synchronize sessions for multiple destination addresses, add multiple filters. type: str + more... + +
                  • +
                • dstintf - Only sessions to this interface are synchronized. You can only enter one interface name. To synchronize sessions to multiple destination interfaces, add multiple filters. Source system.interface.name. type: str + more... + +
                  • +
                • srcaddr - Only sessions from this IPv4 address are synchronized. You can only enter one address. To synchronize sessions from multiple source addresses, add multiple filters. type: str + more... + +
                  • +
                • srcaddr6 - Only sessions from this IPv6 address are synchronized. You can only enter one address. To synchronize sessions from multiple source addresses, add multiple filters. type: str + more... + +
                  • +
                • srcintf - Only sessions from this interface are synchronized. You can only enter one interface name. To synchronize sessions for multiple source interfaces, add multiple filters. Source system.interface.name. type: str + more... + +
                  • +
                +
              • slave_add_ike_routes - Enable/disable IKE route announcement on the backup unit. type: str choices: enable, disable + more... + +
                • +
              • sync_id - Sync ID. type: int + more... + +
                • +
              • syncvd - Sessions from these VDOMs are synchronized using this session synchronization configuration. type: list member_path: syncvd:name + more... + +
                • +
                  +
                • name - VDOM name. Source system.vdom.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. + fortios_system_cluster_sync: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_cluster_sync: + down_intfs_before_sess_sync: + - + name: "default_name_4 (source system.interface.name)" + hb_interval: "5" + hb_lost_threshold: "6" + ike_heartbeat_interval: "7" + ike_monitor: "enable" + ike_monitor_interval: "9" + ike_seqjump_speed: "10" + ipsec_tunnel_sync: "enable" + peerip: "" + peervd: " (source system.vdom.name)" + secondary_add_ipsec_routes: "enable" + session_sync_filter: + custom_service: + - + dst_port_range: "" + id: "18" + src_port_range: "" + dstaddr: "" + dstaddr6: "" + dstintf: " (source system.interface.name)" + srcaddr: "" + srcaddr6: "" + srcintf: " (source system.interface.name)" + slave_add_ike_routes: "enable" + sync_id: "27" + syncvd: + - + name: "default_name_29 (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_console.rst b/gen/fortios_system_console.rst new file mode 100644 index 00000000..8d35df7f --- /dev/null +++ b/gen/fortios_system_console.rst @@ -0,0 +1,690 @@ +:source: fortios_system_console.py + +:orphan: + +.. fortios_system_console: + +fortios_system_console -- Configure console in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and console category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_consoleyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_console - Configure console. type: dict + more... + +
              • +
                +
              • baudrate - Console baud rate. type: str choices: 9600, 19200, 38400, 57600, 115200 + more... + +
                • +
              • fortiexplorer - Enable/disable access for FortiExplorer. type: str choices: enable, disable + more... + +
                • +
              • login - Enable/disable serial console and FortiExplorer. type: str choices: enable, disable + more... + +
                • +
              • mode - Console mode. type: str choices: batch, line + more... + +
                • +
              • output - Console output mode. type: str choices: standard, more + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure console. + fortios_system_console: + vdom: "{{ vdom }}" + system_console: + baudrate: "9600" + fortiexplorer: "enable" + login: "enable" + mode: "batch" + output: "standard" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_csf.rst b/gen/fortios_system_csf.rst new file mode 100644 index 00000000..f6c0c3e6 --- /dev/null +++ b/gen/fortios_system_csf.rst @@ -0,0 +1,2306 @@ +:source: fortios_system_csf.py + +:orphan: + +.. fortios_system_csf: + +fortios_system_csf -- Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and csf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_csfyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_csf - Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. type: dict + more... + +
              • +
                +
              • accept_auth_by_cert - Accept connections with unknown certificates and ask admin for approval. type: str choices: disable, enable + more... + +
                • +
              • authorization_request_type - Authorization request type. type: str choices: serial, certificate + more... + +
                • +
              • certificate - Certificate. Source certificate.local.name. type: str + more... + +
                • +
              • configuration_sync - Configuration sync mode. type: str choices: default, local + more... + +
                • +
              • downstream_access - Enable/disable downstream device access to this device"s configuration and data. type: str choices: enable, disable + more... + +
                • +
              • downstream_accprofile - Default access profile for requests from downstream devices. Source system.accprofile.name. type: str + more... + +
                • +
              • fabric_connector - Fabric connector configuration. type: list member_path: fabric_connector:serial + more... + +
                • +
                  +
                • accprofile - Override access profile. Source system.accprofile.name. type: str + more... + +
                  • +
                • configuration_write_access - Enable/disable downstream device write access to configuration. type: str choices: enable, disable + more... + +
                  • +
                • serial - Serial. type: str required: true + more... + +
                  • +
                +
              • fabric_device - Fabric device configuration. type: list member_path: fabric_device:name + more... + +
                • +
                  +
                • access_token - Device access token. type: varlen_password
                  • +
                • device_ip - Device IP. type: str + more... + +
                  • +
                • device_type - Device type. type: str choices: fortimail + more... + +
                  • +
                • https_port - HTTPS port for fabric device. type: int + more... + +
                  • +
                • login - Device login name. type: str + more... + +
                  • +
                • name - Device name. type: str required: true + more... + +
                  • +
                • password - Device login password. type: str + more... + +
                  • +
                +
              • fabric_object_unification - Fabric CMDB Object Unification. type: str choices: default, local + more... + +
                • +
              • fabric_workers - Number of worker processes for Security Fabric daemon. type: int + more... + +
                • +
              • fixed_key - Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) type: str + more... + +
                • +
              • forticloud_account_enforcement - Fabric FortiCloud account unification. type: str choices: enable, disable + more... + +
                • +
              • group_name - Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. type: str + more... + +
                • +
              • group_password - Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. type: str + more... + +
                • +
              • log_unification - Enable/disable broadcast of discovery messages for log unification. type: str choices: disable, enable + more... + +
                • +
              • management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str + more... + +
                • +
              • management_port - Overriding port for management connection (Overrides admin port). type: int + more... + +
                • +
              • saml_configuration_sync - SAML setting configuration synchronization. type: str choices: default, local + more... + +
                • +
              • status - Enable/disable Security Fabric. type: str choices: enable, disable + more... + +
                • +
              • trusted_list - Pre-authorized and blocked security fabric nodes. type: list member_path: trusted_list:name + more... + +
                • +
                  +
                • action - Security fabric authorization action. type: str choices: accept, deny + more... + +
                  • +
                • authorization_type - Authorization type. type: str choices: serial, certificate + more... + +
                  • +
                • certificate - Certificate. type: str + more... + +
                  • +
                • downstream_authorization - Trust authorizations by this node"s administrator. type: str choices: enable, disable + more... + +
                  • +
                • ha_members - HA members. type: str + more... + +
                  • +
                • name - Name. type: str required: true + more... + +
                  • +
                • serial - Serial. type: str + more... + +
                  • +
                +
              • upstream - IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric. type: str + more... + +
                • +
              • upstream_ip - IP address of the FortiGate upstream from this FortiGate in the Security Fabric. type: str + more... + +
                • +
              • upstream_port - The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. + fortios_system_csf: + vdom: "{{ vdom }}" + system_csf: + accept_auth_by_cert: "disable" + authorization_request_type: "serial" + certificate: " (source certificate.local.name)" + configuration_sync: "default" + downstream_access: "enable" + downstream_accprofile: " (source system.accprofile.name)" + fabric_connector: + - + accprofile: " (source system.accprofile.name)" + configuration_write_access: "enable" + serial: "" + fabric_device: + - + access_token: "" + device_ip: "" + device_type: "fortimail" + https_port: "17" + login: "" + name: "default_name_19" + password: "" + fabric_object_unification: "default" + fabric_workers: "22" + fixed_key: "" + forticloud_account_enforcement: "enable" + group_name: "" + group_password: "" + log_unification: "disable" + management_ip: "" + management_port: "29" + saml_configuration_sync: "default" + status: "enable" + trusted_list: + - + action: "accept" + authorization_type: "serial" + certificate: "" + downstream_authorization: "enable" + ha_members: "" + name: "default_name_38" + serial: "" + upstream: "" + upstream_ip: "" + upstream_port: "42" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_custom_language.rst b/gen/fortios_system_custom_language.rst new file mode 100644 index 00000000..30afe472 --- /dev/null +++ b/gen/fortios_system_custom_language.rst @@ -0,0 +1,354 @@ +:source: fortios_system_custom_language.py + +:orphan: + +.. fortios_system_custom_language: + +fortios_system_custom_language -- Configure custom languages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and custom_language category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_custom_languageyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_custom_language - Configure custom languages. type: dict + more... + +
              • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • filename - Custom language file path. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom languages. + fortios_system_custom_language: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_custom_language: + comments: "" + filename: "" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ddns.rst b/gen/fortios_system_ddns.rst new file mode 100644 index 00000000..27627996 --- /dev/null +++ b/gen/fortios_system_ddns.rst @@ -0,0 +1,1647 @@ +:source: fortios_system_ddns.py + +:orphan: + +.. fortios_system_ddns: + +fortios_system_ddns -- Configure DDNS in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ddns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ddnsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ddns - Configure DDNS. type: dict + more... + +
              • +
                +
              • addr_type - Address type of interface address in DDNS update. type: str choices: ipv4, ipv6 + more... + +
                • +
              • bound_ip - Bound IP address. type: str + more... + +
                • +
              • clear_text - Enable/disable use of clear text connections. type: str choices: disable, enable + more... + +
                • +
              • ddns_auth - Enable/disable TSIG authentication for your DDNS server. type: str choices: disable, tsig + more... + +
                • +
              • ddns_domain - Your fully qualified domain name. For example, yourname.ddns.com. type: str + more... + +
                • +
              • ddns_key - DDNS update key (base 64 encoding). type: str + more... + +
                • +
              • ddns_keyname - DDNS update key name. type: str + more... + +
                • +
              • ddns_password - DDNS password. type: str + more... + +
                • +
              • ddns_server - Select a DDNS service provider. type: str choices: dyndns.org, dyns.net, tzo.com, vavic.com, dipdns.net, now.net.cn, dhs.org, easydns.com, genericDDNS, FortiGuardDDNS, noip.com + more... + +
                • +
              • ddns_server_addr - Generic DDNS server IP/FQDN list. type: list member_path: ddns_server_addr:addr + more... + +
                • +
                  +
                • addr - IP address or FQDN of the server. type: str required: true + more... + +
                  • +
                +
              • ddns_server_ip - Generic DDNS server IP. type: str + more... + +
                • +
              • ddns_sn - DDNS Serial Number. type: str + more... + +
                • +
              • ddns_ttl - Time-to-live for DDNS packets. type: int + more... + +
                • +
              • ddns_username - DDNS user name. type: str + more... + +
                • +
              • ddns_zone - Zone of your domain name (for example, DDNS.com). type: str + more... + +
                • +
              • ddnsid - DDNS ID. type: int required: true + more... + +
                • +
              • monitor_interface - Monitored interface. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • server_type - Address type of the DDNS server. type: str choices: ipv4, ipv6 + more... + +
                • +
              • ssl_certificate - Name of local certificate for SSL connections. Source certificate.local.name. type: str + more... + +
                • +
              • update_interval - DDNS update interval (60 - 2592000 sec, 0 means default). type: int + more... + +
                • +
              • use_public_ip - Enable/disable use of public IP address. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DDNS. + fortios_system_ddns: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ddns: + addr_type: "ipv4" + bound_ip: "" + clear_text: "disable" + ddns_auth: "disable" + ddns_domain: "" + ddns_key: "" + ddns_keyname: "" + ddns_password: "" + ddns_server: "dyndns.org" + ddns_server_addr: + - + addr: "" + ddns_server_ip: "" + ddns_sn: "" + ddns_ttl: "16" + ddns_username: "" + ddns_zone: "" + ddnsid: "19" + monitor_interface: + - + interface_name: " (source system.interface.name)" + server_type: "ipv4" + ssl_certificate: " (source certificate.local.name)" + update_interval: "24" + use_public_ip: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dedicated_mgmt.rst b/gen/fortios_system_dedicated_mgmt.rst new file mode 100644 index 00000000..3ead4177 --- /dev/null +++ b/gen/fortios_system_dedicated_mgmt.rst @@ -0,0 +1,611 @@ +:source: fortios_system_dedicated_mgmt.py + +:orphan: + +.. fortios_system_dedicated_mgmt: + +fortios_system_dedicated_mgmt -- Configure dedicated management in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dedicated_mgmt category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dedicated_mgmtyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_dedicated_mgmt - Configure dedicated management. type: dict + more... + +
              • +
                +
              • default_gateway - Default gateway for dedicated management interface. type: str + more... + +
                • +
              • dhcp_end_ip - DHCP end IP for dedicated management. type: str + more... + +
                • +
              • dhcp_netmask - DHCP netmask. type: str + more... + +
                • +
              • dhcp_server - Enable/disable DHCP server on management interface. type: str choices: enable, disable + more... + +
                • +
              • dhcp_start_ip - DHCP start IP for dedicated management. type: str + more... + +
                • +
              • interface - Dedicated management interface. Source system.interface.name. type: str + more... + +
                • +
              • status - Enable/disable dedicated management. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure dedicated management. + fortios_system_dedicated_mgmt: + vdom: "{{ vdom }}" + system_dedicated_mgmt: + default_gateway: "" + dhcp_end_ip: "" + dhcp_netmask: "" + dhcp_server: "enable" + dhcp_start_ip: "" + interface: " (source system.interface.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dhcp6_server.rst b/gen/fortios_system_dhcp6_server.rst new file mode 100644 index 00000000..982f4d31 --- /dev/null +++ b/gen/fortios_system_dhcp6_server.rst @@ -0,0 +1,1803 @@ +:source: fortios_system_dhcp6_server.py + +:orphan: + +.. fortios_system_dhcp6_server: + +fortios_system_dhcp6_server -- Configure DHCPv6 servers in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_dhcp6 feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dhcp6_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_dhcp6_server - Configure DHCPv6 servers. type: dict + more... + +
              • +
                +
              • delegated_prefix_iaid - IAID of obtained delegated-prefix from the upstream interface. type: int + more... + +
                • +
              • dns_search_list - DNS search list options. type: str choices: delegated, specify + more... + +
                • +
              • dns_server1 - DNS server 1. type: str + more... + +
                • +
              • dns_server2 - DNS server 2. type: str + more... + +
                • +
              • dns_server3 - DNS server 3. type: str + more... + +
                • +
              • dns_server4 - DNS server 4. type: str + more... + +
                • +
              • dns_service - Options for assigning DNS servers to DHCPv6 clients. type: str choices: delegated, default, specify + more... + +
                • +
              • domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str + more... + +
                • +
              • id - ID. type: int required: true + more... + +
                • +
              • interface - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. type: str + more... + +
                • +
              • ip_mode - Method used to assign client IP. type: str choices: range, delegated + more... + +
                • +
              • ip_range - DHCP IP range configuration. type: list member_path: ip_range:id + more... + +
                • +
                  +
                • end_ip - End of IP range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IP range. type: str + more... + +
                  • +
                +
              • lease_time - Lease time in seconds, 0 means unlimited. type: int + more... + +
                • +
              • option1 - Option 1. type: str + more... + +
                • +
              • option2 - Option 2. type: str + more... + +
                • +
              • option3 - Option 3. type: str + more... + +
                • +
              • prefix_mode - Assigning a prefix from a DHCPv6 client or RA. type: str choices: dhcp6, ra + more... + +
                • +
              • prefix_range - DHCP prefix configuration. type: list member_path: prefix_range:id + more... + +
                • +
                  +
                • end_prefix - End of prefix range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • prefix_length - Prefix length. type: int + more... + +
                  • +
                • start_prefix - Start of prefix range. type: str + more... + +
                  • +
                +
              • rapid_commit - Enable/disable allow/disallow rapid commit. type: str choices: disable, enable + more... + +
                • +
              • status - Enable/disable this DHCPv6 configuration. type: str choices: disable, enable + more... + +
                • +
              • subnet - Subnet or subnet-id if the IP mode is delegated. type: str + more... + +
                • +
              • upstream_interface - Interface name from where delegated information is provided. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DHCPv6 servers. + fortios_system_dhcp6_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dhcp6_server: + delegated_prefix_iaid: "3" + dns_search_list: "delegated" + dns_server1: "" + dns_server2: "" + dns_server3: "" + dns_server4: "" + dns_service: "delegated" + domain: "" + id: "11" + interface: " (source system.interface.name)" + ip_mode: "range" + ip_range: + - + end_ip: "" + id: "16" + start_ip: "" + lease_time: "18" + option1: "" + option2: "" + option3: "" + prefix_mode: "dhcp6" + prefix_range: + - + end_prefix: "" + id: "25" + prefix_length: "26" + start_prefix: "" + rapid_commit: "disable" + status: "disable" + subnet: "" + upstream_interface: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dhcp_server.rst b/gen/fortios_system_dhcp_server.rst new file mode 100644 index 00000000..3110a0c1 --- /dev/null +++ b/gen/fortios_system_dhcp_server.rst @@ -0,0 +1,6132 @@ +:source: fortios_system_dhcp_server.py + +:orphan: + +.. fortios_system_dhcp_server: + +fortios_system_dhcp_server -- Configure DHCP servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_dhcp feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dhcp_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_dhcp_server - Configure DHCP servers. type: dict + more... + +
              • +
                +
              • auto_configuration - Enable/disable auto configuration. type: str choices: disable, enable + more... + +
                • +
              • auto_managed_status - Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. type: str choices: disable, enable + more... + +
                • +
              • conflicted_ip_timeout - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. type: int + more... + +
                • +
              • ddns_auth - DDNS authentication mode. type: str choices: disable, tsig + more... + +
                • +
              • ddns_key - DDNS update key (base 64 encoding). type: str + more... + +
                • +
              • ddns_keyname - DDNS update key name. type: str + more... + +
                • +
              • ddns_server_ip - DDNS server IP. type: str + more... + +
                • +
              • ddns_ttl - TTL. type: int + more... + +
                • +
              • ddns_update - Enable/disable DDNS update for DHCP. type: str choices: disable, enable + more... + +
                • +
              • ddns_update_override - Enable/disable DDNS update override for DHCP. type: str choices: disable, enable + more... + +
                • +
              • ddns_zone - Zone of your domain name (ex. DDNS.com). type: str + more... + +
                • +
              • default_gateway - Default gateway IP address assigned by the DHCP server. type: str + more... + +
                • +
              • dhcp_settings_from_fortiipam - Enable/disable populating of DHCP server settings from FortiIPAM. type: str choices: disable, enable + more... + +
                • +
              • dns_server1 - DNS server 1. type: str + more... + +
                • +
              • dns_server2 - DNS server 2. type: str + more... + +
                • +
              • dns_server3 - DNS server 3. type: str + more... + +
                • +
              • dns_server4 - DNS server 4. type: str + more... + +
                • +
              • dns_service - Options for assigning DNS servers to DHCP clients. type: str choices: local, default, specify + more... + +
                • +
              • domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str + more... + +
                • +
              • exclude_range - Exclude one or more ranges of IP addresses from being assigned to clients. type: list member_path: exclude_range:id + more... + +
                • +
                  +
                • end_ip - End of IP range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IP range. type: str + more... + +
                  • +
                +
              • filename - Name of the boot file on the TFTP server. type: str + more... + +
                • +
              • forticlient_on_net_status - Enable/disable FortiClient-On-Net service for this DHCP server. type: str choices: disable, enable + more... + +
                • +
              • id - ID. type: int required: true + more... + +
                • +
              • interface - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. type: str + more... + +
                • +
              • ip_mode - Method used to assign client IP. type: str choices: range, usrgrp + more... + +
                • +
              • ip_range - DHCP IP range configuration. type: list member_path: ip_range:id + more... + +
                • +
                  +
                • end_ip - End of IP range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IP range. type: str + more... + +
                  • +
                +
              • ipsec_lease_hold - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). type: int + more... + +
                • +
              • lease_time - Lease time in seconds, 0 means unlimited. type: int + more... + +
                • +
              • mac_acl_default_action - MAC access control default action (allow or block assigning IP settings). type: str choices: assign, block + more... + +
                • +
              • netmask - Netmask assigned by the DHCP server. type: str + more... + +
                • +
              • next_server - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. type: str + more... + +
                • +
              • ntp_server1 - NTP server 1. type: str + more... + +
                • +
              • ntp_server2 - NTP server 2. type: str + more... + +
                • +
              • ntp_server3 - NTP server 3. type: str + more... + +
                • +
              • ntp_service - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. type: str choices: local, default, specify + more... + +
                • +
              • options - DHCP options. type: list member_path: options:id + more... + +
                • +
                  +
                • code - DHCP option code. type: int + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ip - DHCP option IPs. type: list
                  • +
                • type - DHCP option type. type: str choices: hex, string, ip, fqdn + more... + +
                  • +
                • value - DHCP option value. type: str + more... + +
                  • +
                +
              • reserved_address - Options for the DHCP server to assign IP settings to specific MAC addresses. type: list member_path: reserved_address:id + more... + +
                • +
                  +
                • action - Options for the DHCP server to configure the client with the reserved MAC address. type: str choices: assign, block, reserved + more... + +
                  • +
                • circuit_id - Option 82 circuit-ID of the client that will get the reserved IP address. type: str + more... + +
                  • +
                • circuit_id_type - DHCP option type. type: str choices: hex, string + more... + +
                  • +
                • description - Description. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ip - IP address to be reserved for the MAC address. type: str + more... + +
                  • +
                • mac - MAC address of the client that will get the reserved IP address. type: str + more... + +
                  • +
                • remote_id - Option 82 remote-ID of the client that will get the reserved IP address. type: str + more... + +
                  • +
                • remote_id_type - DHCP option type. type: str choices: hex, string + more... + +
                  • +
                • type - DHCP reserved-address type. type: str choices: mac, option82 + more... + +
                  • +
                +
              • server_type - DHCP server can be a normal DHCP server or an IPsec DHCP server. type: str choices: regular, ipsec + more... + +
                • +
              • status - Enable/disable this DHCP configuration. type: str choices: disable, enable + more... + +
                • +
              • tftp_server - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. type: list + more... + +
                • +
                  +
                • tftp_server - TFTP server. type: str + more... + +
                  • +
                +
              • timezone - Select the time zone to be assigned to DHCP clients. type: str choices: 1, 2, 3, 4, 5, 81, 6, 7, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 41, 42, 43, 39, 44, 46, 47, 51, 48, 45, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 61, 64, 65, 66, 67, 68, 69, 70, 71, 72, 0, 82, 73, 86, 76 + more... + +
                • +
              • timezone_option - Options for the DHCP server to set the client"s time zone. type: str choices: disable, default, specify + more... + +
                • +
              • vci_match - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. type: str choices: disable, enable + more... + +
                • +
              • vci_string - One or more VCI strings in quotes separated by spaces. type: list + more... + +
                • +
                  +
                • vci_string - VCI strings. type: str + more... + +
                  • +
                +
              • wifi_ac_service - Options for assigning WiFi access controllers to DHCP clients. type: str choices: specify, local + more... + +
                • +
              • wifi_ac1 - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). type: str + more... + +
                • +
              • wifi_ac2 - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). type: str + more... + +
                • +
              • wifi_ac3 - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). type: str + more... + +
                • +
              • wins_server1 - WINS server 1. type: str + more... + +
                • +
              • wins_server2 - WINS server 2. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DHCP servers. + fortios_system_dhcp_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dhcp_server: + auto_configuration: "disable" + auto_managed_status: "disable" + conflicted_ip_timeout: "5" + ddns_auth: "disable" + ddns_key: "" + ddns_keyname: "" + ddns_server_ip: "" + ddns_ttl: "10" + ddns_update: "disable" + ddns_update_override: "disable" + ddns_zone: "" + default_gateway: "" + dhcp_settings_from_fortiipam: "disable" + dns_server1: "" + dns_server2: "" + dns_server3: "" + dns_server4: "" + dns_service: "local" + domain: "" + exclude_range: + - + end_ip: "" + id: "24" + start_ip: "" + filename: "" + forticlient_on_net_status: "disable" + id: "28" + interface: " (source system.interface.name)" + ip_mode: "range" + ip_range: + - + end_ip: "" + id: "33" + start_ip: "" + ipsec_lease_hold: "35" + lease_time: "36" + mac_acl_default_action: "assign" + netmask: "" + next_server: "" + ntp_server1: "" + ntp_server2: "" + ntp_server3: "" + ntp_service: "local" + options: + - + code: "45" + id: "46" + ip: "" + type: "hex" + value: "" + reserved_address: + - + action: "assign" + circuit_id: "" + circuit_id_type: "hex" + description: "" + id: "55" + ip: "" + mac: "" + remote_id: "" + remote_id_type: "hex" + type: "mac" + server_type: "regular" + status: "disable" + tftp_server: + - + tftp_server: "" + timezone: "01" + timezone_option: "disable" + vci_match: "disable" + vci_string: + - + vci_string: "" + wifi_ac_service: "specify" + wifi_ac1: "" + wifi_ac2: "" + wifi_ac3: "" + wins_server1: "" + wins_server2: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dns.rst b/gen/fortios_system_dns.rst new file mode 100644 index 00000000..9e88636a --- /dev/null +++ b/gen/fortios_system_dns.rst @@ -0,0 +1,1545 @@ +:source: fortios_system_dns.py + +:orphan: + +.. fortios_system_dns: + +fortios_system_dns -- Configure DNS in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dnsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_dns - Configure DNS. type: dict + more... + +
              • +
                +
              • alt_primary - Alternate primary DNS server. This is not used as a failover DNS server. type: str + more... + +
                • +
              • alt_secondary - Alternate secondary DNS server. This is not used as a failover DNS server. type: str + more... + +
                • +
              • cache_notfound_responses - Enable/disable response from the DNS server when a record is not in cache. type: str choices: disable, enable + more... + +
                • +
              • dns_cache_limit - Maximum number of records in the DNS cache. type: int + more... + +
                • +
              • dns_cache_ttl - Duration in seconds that the DNS cache retains information. type: int + more... + +
                • +
              • dns_over_tls - Enable/disable/enforce DNS over TLS. type: str choices: disable, enable, enforce + more... + +
                • +
              • domain - Search suffix list for hostname lookup. type: list member_path: domain:domain + more... + +
                • +
                  +
                • domain - DNS search domain list separated by space (maximum 8 domains). type: str required: true + more... + +
                  • +
                +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ip6_primary - Primary DNS server IPv6 address. type: str + more... + +
                • +
              • ip6_secondary - Secondary DNS server IPv6 address. type: str + more... + +
                • +
              • log - Local DNS log setting. type: str choices: disable, error, all + more... + +
                • +
              • primary - Primary DNS server IP address. type: str + more... + +
                • +
              • protocol - DNS transport protocols. type: list choices: cleartext, dot, doh + more... + +
                • +
              • retry - Number of times to retry (0 - 5). type: int + more... + +
                • +
              • secondary - Secondary DNS server IP address. type: str + more... + +
                • +
              • server_hostname - DNS server host name list. type: list member_path: server_hostname:hostname + more... + +
                • +
                  +
                • hostname - DNS server host name list separated by space (maximum 4 domains). type: str required: true + more... + +
                  • +
                +
              • server_select_method - Specify how configured servers are prioritized. type: str choices: least-rtt, failover + more... + +
                • +
              • source_ip - IP address used by the DNS server as its source IP. type: str + more... + +
                • +
              • ssl_certificate - Name of local certificate for SSL connections. Source certificate.local.name. type: str + more... + +
                • +
              • timeout - DNS query timeout interval in seconds (1 - 10). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS. + fortios_system_dns: + vdom: "{{ vdom }}" + system_dns: + alt_primary: "" + alt_secondary: "" + cache_notfound_responses: "disable" + dns_cache_limit: "6" + dns_cache_ttl: "7" + dns_over_tls: "disable" + domain: + - + domain: "" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ip6_primary: "" + ip6_secondary: "" + log: "disable" + primary: "" + protocol: "cleartext" + retry: "18" + secondary: "" + server_hostname: + - + hostname: "myhostname" + server_select_method: "least-rtt" + source_ip: "84.230.14.43" + ssl_certificate: " (source certificate.local.name)" + timeout: "25" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dns64.rst b/gen/fortios_system_dns64.rst new file mode 100644 index 00000000..6b80c23f --- /dev/null +++ b/gen/fortios_system_dns64.rst @@ -0,0 +1,273 @@ +:source: fortios_system_dns64.py + +:orphan: + +.. fortios_system_dns64: + +fortios_system_dns64 -- Configure DNS64 in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dns64yesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_dns64 - Configure DNS64. type: dict + more... + +
              • +
                +
              • always_synthesize_aaaa_record - Enable/disable AAAA record synthesis . type: str choices: enable, disable + more... + +
                • +
              • dns64_prefix - DNS64 prefix must be ::/96 . type: str + more... + +
                • +
              • status - Enable/disable DNS64 . type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS64. + fortios_system_dns64: + vdom: "{{ vdom }}" + system_dns64: + always_synthesize_aaaa_record: "enable" + dns64_prefix: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dns_database.rst b/gen/fortios_system_dns_database.rst new file mode 100644 index 00000000..f7cb8f57 --- /dev/null +++ b/gen/fortios_system_dns_database.rst @@ -0,0 +1,1630 @@ +:source: fortios_system_dns_database.py + +:orphan: + +.. fortios_system_dns_database: + +fortios_system_dns_database -- Configure DNS databases in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns_database category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dns_databaseyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_dns_database - Configure DNS databases. type: dict + more... + +
              • +
                +
              • allow_transfer - DNS zone transfer IP address list. type: list
                • +
              • authoritative - Enable/disable authoritative zone. type: str choices: enable, disable + more... + +
                • +
              • contact - Email address of the administrator for this zone. You can specify only the username, such as admin or the full email address, such as admin@test.com When using only a username, the domain of the email will be this zone. type: str + more... + +
                • +
              • dns_entry - DNS entry. type: list member_path: dns_entry:id + more... + +
                • +
                  +
                • canonical_name - Canonical name of the host. type: str + more... + +
                  • +
                • hostname - Name of the host. type: str + more... + +
                  • +
                • id - DNS entry ID. type: int required: true + more... + +
                  • +
                • ip - IPv4 address of the host. type: str + more... + +
                  • +
                • ipv6 - IPv6 address of the host. type: str + more... + +
                  • +
                • preference - DNS entry preference (0 - 65535, highest preference = 0). type: int + more... + +
                  • +
                • status - Enable/disable resource record status. type: str choices: enable, disable + more... + +
                  • +
                • ttl - Time-to-live for this entry (0 to 2147483647 sec). type: int + more... + +
                  • +
                • type - Resource record type. type: str choices: A, NS, CNAME, MX, AAAA, PTR, PTR_V6 + more... + +
                  • +
                +
              • domain - Domain name. type: str + more... + +
                • +
              • forwarder - DNS zone forwarder IP address list. type: list
                • +
              • ip_master - IP address of master DNS server. Entries in this master DNS server and imported into the DNS zone. type: str + more... + +
                • +
              • ip_primary - IP address of primary DNS server. Entries in this primary DNS server and imported into the DNS zone. type: str + more... + +
                • +
              • name - Zone name. type: str required: true + more... + +
                • +
              • primary_name - Domain name of the default DNS server for this zone. type: str + more... + +
                • +
              • rr_max - Maximum number of resource records (10 - 65536, 0 means infinite). type: int + more... + +
                • +
              • source_ip - Source IP for forwarding to DNS server. type: str + more... + +
                • +
              • status - Enable/disable this DNS zone. type: str choices: enable, disable + more... + +
                • +
              • ttl - Default time-to-live value for the entries of this DNS zone (0 - 2147483647 sec). type: int + more... + +
                • +
              • type - Zone type (primary to manage entries directly, secondary to import entries from other zones). type: str choices: primary, secondary, master, slave + more... + +
                • +
              • view - Zone view (public to serve public clients, shadow to serve internal clients). type: str choices: shadow, public + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS databases. + fortios_system_dns_database: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dns_database: + allow_transfer: "" + authoritative: "enable" + contact: "" + dns_entry: + - + canonical_name: "" + hostname: "myhostname" + id: "9" + ip: "" + ipv6: "" + preference: "12" + status: "enable" + ttl: "14" + type: "A" + domain: "" + forwarder: "" + ip_master: "" + ip_primary: "" + name: "default_name_20" + primary_name: "" + rr_max: "22" + source_ip: "84.230.14.43" + status: "enable" + ttl: "25" + type: "primary" + view: "shadow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dns_server.rst b/gen/fortios_system_dns_server.rst new file mode 100644 index 00000000..0a57ea12 --- /dev/null +++ b/gen/fortios_system_dns_server.rst @@ -0,0 +1,495 @@ +:source: fortios_system_dns_server.py + +:orphan: + +.. fortios_system_dns_server: + +fortios_system_dns_server -- Configure DNS servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dns_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_dns_server - Configure DNS servers. type: dict + more... + +
              • +
                +
              • dnsfilter_profile - DNS filter profile. Source dnsfilter.profile.name. type: str + more... + +
                • +
              • doh - DNS over HTTPS/443. type: str choices: enable, disable + more... + +
                • +
              • mode - DNS server mode. type: str choices: recursive, non-recursive, forward-only + more... + +
                • +
              • name - DNS server name. Source system.interface.name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS servers. + fortios_system_dns_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dns_server: + dnsfilter_profile: " (source dnsfilter.profile.name)" + doh: "enable" + mode: "recursive" + name: "default_name_6 (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_dscp_based_priority.rst b/gen/fortios_system_dscp_based_priority.rst new file mode 100644 index 00000000..649e2826 --- /dev/null +++ b/gen/fortios_system_dscp_based_priority.rst @@ -0,0 +1,411 @@ +:source: fortios_system_dscp_based_priority.py + +:orphan: + +.. fortios_system_dscp_based_priority: + +fortios_system_dscp_based_priority -- Configure DSCP based priority table in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dscp_based_priority category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_dscp_based_priorityyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_dscp_based_priority - Configure DSCP based priority table. type: dict + more... + +
              • +
                +
              • ds - DSCP(DiffServ) DS value (0 - 63). type: int + more... + +
                • +
              • id - Item ID. type: int required: true + more... + +
                • +
              • priority - DSCP based priority level. type: str choices: low, medium, high + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DSCP based priority table. + fortios_system_dscp_based_priority: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dscp_based_priority: + ds: "3" + id: "4" + priority: "low" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_email_server.rst b/gen/fortios_system_email_server.rst new file mode 100644 index 00000000..28da4721 --- /dev/null +++ b/gen/fortios_system_email_server.rst @@ -0,0 +1,1162 @@ +:source: fortios_system_email_server.py + +:orphan: + +.. fortios_system_email_server: + +fortios_system_email_server -- Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and email_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_email_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_email_server - Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features. type: dict + more... + +
              • +
                +
              • authenticate - Enable/disable authentication. type: str choices: enable, disable + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • password - SMTP server user password for authentication. type: str + more... + +
                • +
              • port - SMTP server port. type: int + more... + +
                • +
              • reply_to - Reply-To email address. type: str + more... + +
                • +
              • security - Connection security used by the email server. type: str choices: none, starttls, smtps + more... + +
                • +
              • server - SMTP server IP address or hostname. type: str + more... + +
                • +
              • source_ip - SMTP server IPv4 source IP. type: str + more... + +
                • +
              • source_ip6 - SMTP server IPv6 source IP. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • type - Use FortiGuard Message service or custom email server. type: str choices: custom + more... + +
                • +
              • username - SMTP server user name for authentication. type: str + more... + +
                • +
              • validate_server - Enable/disable validation of server certificate. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication + features. + fortios_system_email_server: + vdom: "{{ vdom }}" + system_email_server: + authenticate: "enable" + interface: " (source system.interface.name)" + interface_select_method: "auto" + password: "" + port: "7" + reply_to: "" + security: "none" + server: "192.168.100.40" + source_ip: "84.230.14.43" + source_ip6: "" + ssl_min_proto_version: "default" + type: "custom" + username: "" + validate_server: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_external_resource.rst b/gen/fortios_system_external_resource.rst new file mode 100644 index 00000000..3ff6e4b3 --- /dev/null +++ b/gen/fortios_system_external_resource.rst @@ -0,0 +1,1031 @@ +:source: fortios_system_external_resource.py + +:orphan: + +.. fortios_system_external_resource: + +fortios_system_external_resource -- Configure external resource in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and external_resource category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_external_resourceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_external_resource - Configure external resource. type: dict + more... + +
              • +
                +
              • category - User resource category. type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • name - External resource name. type: str required: true + more... + +
                • +
              • password - HTTP basic authentication password. type: str + more... + +
                • +
              • refresh_rate - Time interval to refresh external resource (1 - 43200 min). type: int + more... + +
                • +
              • resource - URI of external resource. type: str + more... + +
                • +
              • source_ip - Source IPv4 address used to communicate with server. type: str + more... + +
                • +
              • status - Enable/disable user resource. type: str choices: enable, disable + more... + +
                • +
              • type - User resource type. type: str choices: category, address, domain, malware + more... + +
                • +
              • user_agent - HTTP User-Agent header . type: str + more... + +
                • +
              • username - HTTP basic authentication user name. type: str + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure external resource. + fortios_system_external_resource: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_external_resource: + category: "3" + comments: "" + interface: " (source system.interface.name)" + interface_select_method: "auto" + name: "default_name_7" + password: "" + refresh_rate: "9" + resource: "" + source_ip: "84.230.14.43" + status: "enable" + type: "category" + user_agent: "" + username: "" + uuid: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_federated_upgrade.rst b/gen/fortios_system_federated_upgrade.rst new file mode 100644 index 00000000..16a6bf74 --- /dev/null +++ b/gen/fortios_system_federated_upgrade.rst @@ -0,0 +1,793 @@ +:source: fortios_system_federated_upgrade.py + +:orphan: + +.. fortios_system_federated_upgrade: + +fortios_system_federated_upgrade -- Coordinate federated upgrades within the Security Fabric in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and federated_upgrade category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_federated_upgradeyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_federated_upgrade - Coordinate federated upgrades within the Security Fabric. type: dict + more... + +
              • +
                +
              • failure_device - Serial number of the node to include. type: str + more... + +
                • +
              • failure_reason - Reason for upgrade failure. type: str choices: none, internal, timeout, device-type-unsupported, download-failed, device-missing, version-unavailable, staging-failed, reboot-failed, device-not-reconnected, node-not-ready, no-final-confirmation, no-confirmation-query + more... + +
                • +
              • next_path_index - The index of the next image to upgrade to. type: int + more... + +
                • +
              • node_list - Nodes which will be included in the upgrade. type: list member_path: node_list:serial + more... + +
                • +
                  +
                • coordinating_fortigate - Serial number of the FortiGate unit that controls this device. type: str + more... + +
                  • +
                • device_type - What type of device this node represents. type: str choices: fortigate, fortiswitch, fortiap + more... + +
                  • +
                • serial - Serial number of the node to include. type: str required: true + more... + +
                  • +
                • setup_time - When the upgrade was configured. Format hh:mm yyyy/mm/dd UTC. type: str + more... + +
                  • +
                • time - Scheduled time for the upgrade. Format hh:mm yyyy/mm/dd UTC. type: str + more... + +
                  • +
                • timing - Whether the upgrade should be run immediately, or at a scheduled time. type: str choices: immediate, scheduled + more... + +
                  • +
                • upgrade_path - Image IDs to upgrade through. type: str + more... + +
                  • +
                +
              • status - Current status of the upgrade. type: str choices: disabled, initialized, downloading, device-disconnected, ready, staging, final-check, upgrade-devices, cancelled, confirmed, done, failed, download-failed + more... + +
                • +
              • upgrade_id - Unique identifier for this upgrade. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Coordinate federated upgrades within the Security Fabric. + fortios_system_federated_upgrade: + vdom: "{{ vdom }}" + system_federated_upgrade: + failure_device: "" + failure_reason: "none" + next_path_index: "5" + node_list: + - + coordinating_fortigate: "" + device_type: "fortigate" + serial: "" + setup_time: "" + time: "" + timing: "immediate" + upgrade_path: "" + status: "disabled" + upgrade_id: "15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fips_cc.rst b/gen/fortios_system_fips_cc.rst new file mode 100644 index 00000000..3cc51a65 --- /dev/null +++ b/gen/fortios_system_fips_cc.rst @@ -0,0 +1,530 @@ +:source: fortios_system_fips_cc.py + +:orphan: + +.. fortios_system_fips_cc: + +fortios_system_fips_cc -- Configure FIPS-CC mode in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fips_cc category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_fips_ccyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fips_cc - Configure FIPS-CC mode. type: dict + more... + +
              • +
                +
              • entropy_token - Enable/disable/dynamic entropy token. type: str choices: enable, disable, dynamic + more... + +
                • +
              • key_generation_self_test - Enable/disable self tests after key generation. type: str choices: enable, disable + more... + +
                • +
              • self_test_period - Self test period. type: int + more... + +
                • +
              • status - Enable/disable ciphers for FIPS mode of operation. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FIPS-CC mode. + fortios_system_fips_cc: + vdom: "{{ vdom }}" + system_fips_cc: + entropy_token: "enable" + key_generation_self_test: "enable" + self_test_period: "5" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fm.rst b/gen/fortios_system_fm.rst new file mode 100644 index 00000000..ed62e51d --- /dev/null +++ b/gen/fortios_system_fm.rst @@ -0,0 +1,583 @@ +:source: fortios_system_fm.py + +:orphan: + +.. fortios_system_fm: + +fortios_system_fm -- Configure FM in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1
            fortios_system_fmyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fm - Configure FM. type: dict + more... + +
              • +
                +
              • auto_backup - Enable/disable automatic backup. type: str choices: enable, disable + more... + +
                • +
              • id - ID. type: str + more... + +
                • +
              • ip - IP address. type: str + more... + +
                • +
              • ipsec - Enable/disable IPsec. type: str choices: enable, disable + more... + +
                • +
              • scheduled_config_restore - Enable/disable scheduled configuration restore. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable FM. type: str choices: enable, disable + more... + +
                • +
              • vdom - VDOM. Source system.vdom.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FM. + fortios_system_fm: + vdom: "{{ vdom }}" + system_fm: + auto_backup: "enable" + id: "4" + ip: "" + ipsec: "enable" + scheduled_config_restore: "enable" + status: "enable" + vdom: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fortiai.rst b/gen/fortios_system_fortiai.rst new file mode 100644 index 00000000..2a546f57 --- /dev/null +++ b/gen/fortios_system_fortiai.rst @@ -0,0 +1,305 @@ +:source: fortios_system_fortiai.py + +:orphan: + +.. fortios_system_fortiai: + +fortios_system_fortiai -- Configure FortiAI in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortiai category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_fortiaiyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fortiai - Configure FortiAI. type: dict + more... + +
              • +
                +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • source_ip - Source IP address for communications to FortiAI. type: str + more... + +
                • +
              • status - Enable/disable FortiAI. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiAI. + fortios_system_fortiai: + vdom: "{{ vdom }}" + system_fortiai: + interface: " (source system.interface.name)" + interface_select_method: "auto" + source_ip: "84.230.14.43" + status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fortiguard.rst b/gen/fortios_system_fortiguard.rst new file mode 100644 index 00000000..e07ec46c --- /dev/null +++ b/gen/fortios_system_fortiguard.rst @@ -0,0 +1,3375 @@ +:source: fortios_system_fortiguard.py + +:orphan: + +.. fortios_system_fortiguard: + +fortios_system_fortiguard -- Configure FortiGuard services in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_fortiguardyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fortiguard - Configure FortiGuard services. type: dict + more... + +
              • +
                +
              • antispam_cache - Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. type: str choices: enable, disable + more... + +
                • +
              • antispam_cache_mpercent - Maximum percentage of FortiGate memory the antispam cache is allowed to use (1 - 15). type: int + more... + +
                • +
              • antispam_cache_ttl - Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. type: int + more... + +
                • +
              • antispam_expiration - Expiration date of the FortiGuard antispam contract. type: int + more... + +
                • +
              • antispam_force_off - Enable/disable turning off the FortiGuard antispam service. type: str choices: enable, disable + more... + +
                • +
              • antispam_license - Interval of time between license checks for the FortiGuard antispam contract. type: int + more... + +
                • +
              • antispam_timeout - Antispam query time out (1 - 30 sec). type: int + more... + +
                • +
              • anycast_sdns_server_ip - IP address of the FortiGuard anycast DNS rating server. type: str + more... + +
                • +
              • anycast_sdns_server_port - Port to connect to on the FortiGuard anycast DNS rating server. type: int + more... + +
                • +
              • auto_join_forticloud - Automatically connect to and login to FortiCloud. type: str choices: enable, disable + more... + +
                • +
              • ddns_server_ip - IP address of the FortiDDNS server. type: str + more... + +
                • +
              • ddns_server_ip6 - IPv6 address of the FortiDDNS server. type: str + more... + +
                • +
              • ddns_server_port - Port used to communicate with FortiDDNS servers. type: int + more... + +
                • +
              • fortiguard_anycast - Enable/disable use of FortiGuard"s Anycast network. type: str choices: enable, disable + more... + +
                • +
              • fortiguard_anycast_source - Configure which of Fortinet"s servers to provide FortiGuard services in FortiGuard"s anycast network. Default is Fortinet. type: str choices: fortinet, aws, debug + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • load_balance_servers - Number of servers to alternate between as first FortiGuard option. type: int + more... + +
                • +
              • outbreak_prevention_cache - Enable/disable FortiGuard Virus Outbreak Prevention cache. type: str choices: enable, disable + more... + +
                • +
              • outbreak_prevention_cache_mpercent - Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%). type: int + more... + +
                • +
              • outbreak_prevention_cache_ttl - Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec). type: int + more... + +
                • +
              • outbreak_prevention_expiration - Expiration date of FortiGuard Virus Outbreak Prevention contract. type: int + more... + +
                • +
              • outbreak_prevention_force_off - Turn off FortiGuard Virus Outbreak Prevention service. type: str choices: enable, disable + more... + +
                • +
              • outbreak_prevention_license - Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. type: int + more... + +
                • +
              • outbreak_prevention_timeout - FortiGuard Virus Outbreak Prevention time out (1 - 30 sec). type: int + more... + +
                • +
              • persistent_connection - Enable/disable use of persistent connection to receive update notification from FortiGuard. type: str choices: enable, disable + more... + +
                • +
              • port - Port used to communicate with the FortiGuard servers. type: str choices: 8888, 53, 80, 443 + more... + +
                • +
              • protocol - Protocol used to communicate with the FortiGuard servers. type: str choices: udp, http, https + more... + +
                • +
              • proxy_password - Proxy user password. type: str + more... + +
                • +
              • proxy_server_ip - IP address of the proxy server. type: str + more... + +
                • +
              • proxy_server_port - Port used to communicate with the proxy server. type: int + more... + +
                • +
              • proxy_username - Proxy user name. type: str + more... + +
                • +
              • sandbox_region - Cloud sandbox region. type: str + more... + +
                • +
              • sdns_options - Customization options for the FortiGuard DNS service. type: list choices: include-question-section + more... + +
                • +
              • sdns_server_ip - IP address of the FortiGuard DNS rating server. type: list
                • +
              • sdns_server_port - Port to connect to on the FortiGuard DNS rating server. type: int + more... + +
                • +
              • service_account_id - Service account ID. type: str + more... + +
                • +
              • source_ip - Source IPv4 address used to communicate with FortiGuard. type: str + more... + +
                • +
              • source_ip6 - Source IPv6 address used to communicate with FortiGuard. type: str + more... + +
                • +
              • update_build_proxy - Enable/disable proxy dictionary rebuild. type: str choices: enable, disable + more... + +
                • +
              • update_extdb - Enable/disable external resource update. type: str choices: enable, disable + more... + +
                • +
              • update_ffdb - Enable/disable Internet Service Database update. type: str choices: enable, disable + more... + +
                • +
              • update_server_location - Location from which to receive FortiGuard updates. type: str choices: automatic, usa, eu, any + more... + +
                • +
              • update_uwdb - Enable/disable allowlist update. type: str choices: enable, disable + more... + +
                • +
              • videofilter_expiration - Expiration date of the FortiGuard video filter contract. type: int + more... + +
                • +
              • videofilter_license - Interval of time between license checks for the FortiGuard video filter contract. type: int + more... + +
                • +
              • webfilter_cache - Enable/disable FortiGuard web filter caching. type: str choices: enable, disable + more... + +
                • +
              • webfilter_cache_ttl - Time-to-live for web filter cache entries in seconds (300 - 86400). type: int + more... + +
                • +
              • webfilter_expiration - Expiration date of the FortiGuard web filter contract. type: int + more... + +
                • +
              • webfilter_force_off - Enable/disable turning off the FortiGuard web filtering service. type: str choices: enable, disable + more... + +
                • +
              • webfilter_license - Interval of time between license checks for the FortiGuard web filter contract. type: int + more... + +
                • +
              • webfilter_timeout - Web filter query time out (1 - 30 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard services. + fortios_system_fortiguard: + vdom: "{{ vdom }}" + system_fortiguard: + antispam_cache: "enable" + antispam_cache_mpercent: "4" + antispam_cache_ttl: "5" + antispam_expiration: "6" + antispam_force_off: "enable" + antispam_license: "8" + antispam_timeout: "9" + anycast_sdns_server_ip: "" + anycast_sdns_server_port: "11" + auto_join_forticloud: "enable" + ddns_server_ip: "" + ddns_server_ip6: "" + ddns_server_port: "15" + fortiguard_anycast: "enable" + fortiguard_anycast_source: "fortinet" + interface: " (source system.interface.name)" + interface_select_method: "auto" + load_balance_servers: "20" + outbreak_prevention_cache: "enable" + outbreak_prevention_cache_mpercent: "22" + outbreak_prevention_cache_ttl: "23" + outbreak_prevention_expiration: "24" + outbreak_prevention_force_off: "enable" + outbreak_prevention_license: "26" + outbreak_prevention_timeout: "27" + persistent_connection: "enable" + port: "8888" + protocol: "udp" + proxy_password: "" + proxy_server_ip: "" + proxy_server_port: "33" + proxy_username: "" + sandbox_region: "" + sdns_options: "include-question-section" + sdns_server_ip: "" + sdns_server_port: "38" + service_account_id: "" + source_ip: "84.230.14.43" + source_ip6: "" + update_build_proxy: "enable" + update_extdb: "enable" + update_ffdb: "enable" + update_server_location: "automatic" + update_uwdb: "enable" + videofilter_expiration: "47" + videofilter_license: "48" + webfilter_cache: "enable" + webfilter_cache_ttl: "50" + webfilter_expiration: "51" + webfilter_force_off: "enable" + webfilter_license: "53" + webfilter_timeout: "54" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fortimanager.rst b/gen/fortios_system_fortimanager.rst new file mode 100644 index 00000000..3438c81e --- /dev/null +++ b/gen/fortios_system_fortimanager.rst @@ -0,0 +1,613 @@ +:source: fortios_system_fortimanager.py + +:orphan: + +.. fortios_system_fortimanager: + +fortios_system_fortimanager -- Configure FortiManager in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortimanager category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1
            fortios_system_fortimanageryesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fortimanager - Configure FortiManager. type: dict + more... + +
              • +
                +
              • central_management - Enable/disable FortiManager central management. type: str choices: enable, disable + more... + +
                • +
              • central_mgmt_auto_backup - Enable/disable central management auto backup. type: str choices: enable, disable + more... + +
                • +
              • central_mgmt_schedule_config_restore - Enable/disable central management schedule config restore. type: str choices: enable, disable + more... + +
                • +
              • central_mgmt_schedule_script_restore - Enable/disable central management schedule script restore. type: str choices: enable, disable + more... + +
                • +
              • ip - IP address. type: str + more... + +
                • +
              • ipsec - Enable/disable FortiManager IPsec tunnel. type: str choices: enable, disable + more... + +
                • +
              • vdom - Virtual domain name. Source system.vdom.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiManager. + fortios_system_fortimanager: + vdom: "{{ vdom }}" + system_fortimanager: + central_management: "enable" + central_mgmt_auto_backup: "enable" + central_mgmt_schedule_config_restore: "enable" + central_mgmt_schedule_script_restore: "enable" + ip: "" + ipsec: "enable" + vdom: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fortisandbox.rst b/gen/fortios_system_fortisandbox.rst new file mode 100644 index 00000000..68d2918b --- /dev/null +++ b/gen/fortios_system_fortisandbox.rst @@ -0,0 +1,912 @@ +:source: fortios_system_fortisandbox.py + +:orphan: + +.. fortios_system_fortisandbox: + +fortios_system_fortisandbox -- Configure FortiSandbox in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortisandbox category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_fortisandboxyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fortisandbox - Configure FortiSandbox. type: dict + more... + +
              • +
                +
              • email - Notifier email address. type: str + more... + +
                • +
              • enc_algorithm - Configure the level of SSL protection for secure communication with FortiSandbox. type: str choices: default, high, low + more... + +
                • +
              • forticloud - Enable/disable FortiSandbox Cloud. type: str choices: enable, disable + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • server - Server address of the remote FortiSandbox. type: str + more... + +
                • +
              • source_ip - Source IP address for communications to FortiSandbox. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • status - Enable/disable FortiSandbox. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSandbox. + fortios_system_fortisandbox: + vdom: "{{ vdom }}" + system_fortisandbox: + email: "" + enc_algorithm: "default" + forticloud: "enable" + interface: " (source system.interface.name)" + interface_select_method: "auto" + server: "192.168.100.40" + source_ip: "84.230.14.43" + ssl_min_proto_version: "default" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_fsso_polling.rst b/gen/fortios_system_fsso_polling.rst new file mode 100644 index 00000000..187a57eb --- /dev/null +++ b/gen/fortios_system_fsso_polling.rst @@ -0,0 +1,473 @@ +:source: fortios_system_fsso_polling.py + +:orphan: + +.. fortios_system_fsso_polling: + +fortios_system_fsso_polling -- Configure Fortinet Single Sign On (FSSO) server in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fsso_polling category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_fsso_pollingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_fsso_polling - Configure Fortinet Single Sign On (FSSO) server. type: dict + more... + +
              • +
                +
              • auth_password - Password to connect to FSSO Agent. type: str + more... + +
                • +
              • authentication - Enable/disable FSSO Agent Authentication. type: str choices: enable, disable + more... + +
                • +
              • listening_port - Listening port to accept clients (1 - 65535). type: int + more... + +
                • +
              • status - Enable/disable FSSO Polling Mode. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Fortinet Single Sign On (FSSO) server. + fortios_system_fsso_polling: + vdom: "{{ vdom }}" + system_fsso_polling: + auth_password: "" + authentication: "enable" + listening_port: "5" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ftm_push.rst b/gen/fortios_system_ftm_push.rst new file mode 100644 index 00000000..2b819cfa --- /dev/null +++ b/gen/fortios_system_ftm_push.rst @@ -0,0 +1,481 @@ +:source: fortios_system_ftm_push.py + +:orphan: + +.. fortios_system_ftm_push: + +fortios_system_ftm_push -- Configure FortiToken Mobile push services in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ftm_push category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ftm_pushyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ftm_push - Configure FortiToken Mobile push services. type: dict + more... + +
              • +
                +
              • server - IPv4 address or domain name of FortiToken Mobile push services server. type: str + more... + +
                • +
              • server_cert - Name of the server certificate to be used for SSL . Source certificate.local.name. type: str + more... + +
                • +
              • server_ip - IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • server_port - Port to communicate with FortiToken Mobile push services server (1 - 65535). type: int + more... + +
                • +
              • status - Enable/disable the use of FortiToken Mobile push services. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiToken Mobile push services. + fortios_system_ftm_push: + vdom: "{{ vdom }}" + system_ftm_push: + server: "192.168.100.40" + server_cert: " (source certificate.local.name)" + server_ip: "" + server_port: "6" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_geneve.rst b/gen/fortios_system_geneve.rst new file mode 100644 index 00000000..6b410473 --- /dev/null +++ b/gen/fortios_system_geneve.rst @@ -0,0 +1,588 @@ +:source: fortios_system_geneve.py + +:orphan: + +.. fortios_system_geneve: + +fortios_system_geneve -- Configure GENEVE devices in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and geneve category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_geneveyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_geneve - Configure GENEVE devices. type: dict + more... + +
              • +
                +
              • dstport - GENEVE destination port (1 - 65535). type: int + more... + +
                • +
              • interface - Outgoing interface for GENEVE encapsulated traffic. Source system.interface.name. type: str + more... + +
                • +
              • ip_version - IP version to use for the GENEVE interface and so for communication over the GENEVE. IPv4 or IPv6 unicast. type: str choices: ipv4-unicast, ipv6-unicast + more... + +
                • +
              • name - GENEVE device or interface name. Must be an unique interface name. type: str required: true + more... + +
                • +
              • remote_ip - IPv4 address of the GENEVE interface on the device at the remote end of the GENEVE. type: str + more... + +
                • +
              • remote_ip6 - IPv6 IP address of the GENEVE interface on the device at the remote end of the GENEVE. type: str + more... + +
                • +
              • type - GENEVE type. type: str choices: ethernet, ppp + more... + +
                • +
              • vni - GENEVE network ID. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure GENEVE devices. + fortios_system_geneve: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_geneve: + dstport: "3" + interface: " (source system.interface.name)" + ip_version: "ipv4-unicast" + name: "default_name_6" + remote_ip: "" + remote_ip6: "" + type: "ethernet" + vni: "10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_geoip_country.rst b/gen/fortios_system_geoip_country.rst new file mode 100644 index 00000000..11a8e6a0 --- /dev/null +++ b/gen/fortios_system_geoip_country.rst @@ -0,0 +1,276 @@ +:source: fortios_system_geoip_country.py + +:orphan: + +.. fortios_system_geoip_country: + +fortios_system_geoip_country -- Define geoip country name-ID table in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and geoip_country category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_geoip_countryyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_geoip_country - Define geoip country name-ID table. type: dict + more... + +
              • +
                +
              • id - Country ID. type: str required: true + more... + +
                • +
              • name - Country name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Define geoip country name-ID table. + fortios_system_geoip_country: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_geoip_country: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_geoip_override.rst b/gen/fortios_system_geoip_override.rst new file mode 100644 index 00000000..3dc496d3 --- /dev/null +++ b/gen/fortios_system_geoip_override.rst @@ -0,0 +1,686 @@ +:source: fortios_system_geoip_override.py + +:orphan: + +.. fortios_system_geoip_override: + +fortios_system_geoip_override -- Configure geographical location mapping for IP address(es) to override mappings from FortiGuard in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and geoip_override category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_geoip_overrideyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_geoip_override - Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. type: dict + more... + +
              • +
                +
              • country_id - Two character Country ID code. type: str + more... + +
                • +
              • description - Description. type: str + more... + +
                • +
              • ip_range - Table of IP ranges assigned to country. type: list member_path: ip_range:id + more... + +
                • +
                  +
                • end_ip - Ending IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx). type: str + more... + +
                  • +
                • id - ID of individual entry in the IP range table. type: int required: true + more... + +
                  • +
                • start_ip - Starting IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx). type: str + more... + +
                  • +
                +
              • ip6_range - Table of IPv6 ranges assigned to country. type: list member_path: ip6_range:id + more... + +
                • +
                  +
                • end_ip - Ending IP address, inclusive, of the address range (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                  • +
                • id - ID of individual entry in the IPv6 range table. type: int required: true + more... + +
                  • +
                • start_ip - Starting IP address, inclusive, of the address range (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                  • +
                +
              • name - Location name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. + fortios_system_geoip_override: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_geoip_override: + country_id: "" + description: "" + ip_range: + - + end_ip: "" + id: "7" + start_ip: "" + ip6_range: + - + end_ip: "" + id: "11" + start_ip: "" + name: "default_name_13" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_gi_gk.rst b/gen/fortios_system_gi_gk.rst new file mode 100644 index 00000000..c584f05c --- /dev/null +++ b/gen/fortios_system_gi_gk.rst @@ -0,0 +1,305 @@ +:source: fortios_system_gi_gk.py + +:orphan: + +.. fortios_system_gi_gk: + +fortios_system_gi_gk -- Configure Gi Firewall Gatekeeper in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and gi_gk category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_gi_gkyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_gi_gk - Configure Gi Firewall Gatekeeper. type: dict + more... + +
              • +
                +
              • context - Context ID type: int + more... + +
                • +
              • port - UDP port to listen, range 0-65535. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Gi Firewall Gatekeeper. + fortios_system_gi_gk: + vdom: "{{ vdom }}" + system_gi_gk: + context: "3" + port: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_global.rst b/gen/fortios_system_global.rst new file mode 100644 index 00000000..6cb8de65 --- /dev/null +++ b/gen/fortios_system_global.rst @@ -0,0 +1,18986 @@ +:source: fortios_system_global.py + +:orphan: + +.. fortios_system_global: + +fortios_system_global -- Configure global attributes in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_globalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_global - Configure global attributes. type: dict + more... + +
              • +
                +
              • admin_concurrent - Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. type: str choices: enable, disable + more... + +
                • +
              • admin_console_timeout - Console login timeout that overrides the admin timeout value (15 - 300 seconds). type: int + more... + +
                • +
              • admin_forticloud_sso_login - Enable/disable FortiCloud admin login via SSO. type: str choices: enable, disable + more... + +
                • +
              • admin_hsts_max_age - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. type: int + more... + +
                • +
              • admin_https_pki_required - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. type: str choices: enable, disable + more... + +
                • +
              • admin_https_redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str choices: enable, disable + more... + +
                • +
              • admin_https_ssl_banned_ciphers - Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. type: list choices: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM + more... + +
                • +
              • admin_https_ssl_ciphersuites - Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. type: list choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256 + more... + +
                • +
              • admin_https_ssl_versions - Allowed TLS versions for web administration. type: list choices: tlsv1-1, tlsv1-2, tlsv1-3, tlsv1-0 + more... + +
                • +
              • admin_lockout_duration - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int + more... + +
                • +
              • admin_lockout_threshold - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int + more... + +
                • +
              • admin_login_max - Maximum number of administrators who can be logged in at the same time (1 - 100). type: int + more... + +
                • +
              • admin_maintainer - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. type: str choices: enable, disable + more... + +
                • +
              • admin_port - Administrative access port for HTTP. (1 - 65535). type: int + more... + +
                • +
              • admin_restrict_local - Enable/disable local admin authentication restriction when remote authenticator is up and running . type: str choices: enable, disable + more... + +
                • +
              • admin_scp - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. type: str choices: enable, disable + more... + +
                • +
              • admin_server_cert - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. type: str + more... + +
                • +
              • admin_sport - Administrative access port for HTTPS. (1 - 65535). type: int + more... + +
                • +
              • admin_ssh_grace_time - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). type: int + more... + +
                • +
              • admin_ssh_password - Enable/disable password authentication for SSH admin access. type: str choices: enable, disable + more... + +
                • +
              • admin_ssh_port - Administrative access port for SSH. (1 - 65535). type: int + more... + +
                • +
              • admin_ssh_v1 - Enable/disable SSH v1 compatibility. type: str choices: enable, disable + more... + +
                • +
              • admin_telnet - Enable/disable TELNET service. type: str choices: enable, disable + more... + +
                • +
              • admin_telnet_port - Administrative access port for TELNET. (1 - 65535). type: int + more... + +
                • +
              • admintimeout - Number of minutes before an idle administrator session times out (1 - 480 minutes (8 hours)). A shorter idle timeout is more secure. type: int + more... + +
                • +
              • alias - Alias for your FortiGate unit. type: str + more... + +
                • +
              • allow_traffic_redirect - Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable + more... + +
                • +
              • anti_replay - Level of checking for packet replay and TCP sequence checking. type: str choices: disable, loose, strict + more... + +
                • +
              • arp_max_entry - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). type: int + more... + +
                • +
              • asymroute - Enable/disable asymmetric route. type: str choices: enable, disable + more... + +
                • +
              • auth_cert - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. type: str + more... + +
                • +
              • auth_http_port - User authentication HTTP port. (1 - 65535). type: int + more... + +
                • +
              • auth_https_port - User authentication HTTPS port. (1 - 65535). type: int + more... + +
                • +
              • auth_keepalive - Enable to prevent user authentication sessions from timing out when idle. type: str choices: enable, disable + more... + +
                • +
              • auth_session_limit - Action to take when the number of allowed user authenticated sessions is reached. type: str choices: block-new, logout-inactive + more... + +
                • +
              • auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension devices. type: str choices: enable, disable + more... + +
                • +
              • autorun_log_fsck - Enable/disable automatic log partition check after ungraceful shutdown. type: str choices: enable, disable + more... + +
                • +
              • av_affinity - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • av_failopen - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. type: str choices: pass, False, one-shot + more... + +
                • +
              • av_failopen_session - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str choices: enable, disable + more... + +
                • +
              • batch_cmdb - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. type: str choices: enable, disable + more... + +
                • +
              • block_session_timer - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). type: int + more... + +
                • +
              • br_fdb_max_entry - Maximum number of bridge forwarding database (FDB) entries. type: int + more... + +
                • +
              • cert_chain_max - Maximum number of certificates that can be traversed in a certificate chain. type: int + more... + +
                • +
              • cfg_revert_timeout - Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds). type: int + more... + +
                • +
              • cfg_save - Configuration file save mode for CLI changes. type: str choices: automatic, manual, revert + more... + +
                • +
              • check_protocol_header - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is OK in most cases. type: str choices: loose, strict + more... + +
                • +
              • check_reset_range - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. type: str choices: strict, disable + more... + +
                • +
              • cli_audit_log - Enable/disable CLI audit log. type: str choices: enable, disable + more... + +
                • +
              • cloud_communication - Enable/disable all cloud communication. type: str choices: enable, disable + more... + +
                • +
              • clt_cert_req - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. type: str choices: enable, disable + more... + +
                • +
              • cmdbsvr_affinity - Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • compliance_check - Enable/disable global PCI DSS compliance check. type: str choices: enable, disable + more... + +
                • +
              • compliance_check_time - Time of day to run scheduled PCI DSS compliance checks. type: str + more... + +
                • +
              • cpu_use_threshold - Threshold at which CPU usage is reported (% of total CPU). type: int + more... + +
                • +
              • csr_ca_attribute - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. type: str choices: enable, disable + more... + +
                • +
              • daily_restart - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. type: str choices: enable, disable + more... + +
                • +
              • default_service_source_port - Default service source port range . type: str + more... + +
                • +
              • device_identification_active_scan_delay - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). type: int + more... + +
                • +
              • device_idle_timeout - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). type: int + more... + +
                • +
              • dh_params - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. type: str choices: 1024, 1536, 2048, 3072, 4096, 6144, 8192 + more... + +
                • +
              • dnsproxy_worker_count - DNS proxy worker count. For a FortiGate with multiple logical CPUs, you can set the DNS process number from 1 to the number of logical CPUs. type: int + more... + +
                • +
              • dst - Enable/disable daylight saving time. type: str choices: enable, disable + more... + +
                • +
              • edit_vdom_prompt - Enable/disable edit new VDOM prompt. type: str choices: enable, disable + more... + +
                • +
              • endpoint_control_fds_access - Enable/disable access to the FortiGuard network for non-compliant endpoints. type: str choices: enable, disable + more... + +
                • +
              • endpoint_control_portal_port - Endpoint control portal port (1 - 65535). type: int + more... + +
                • +
              • extender_controller_reserved_network - Configure reserved network subnet for managed LAN extension FortiExtender units. This is available when the FortiExtender daemon is running. type: str + more... + +
                • +
              • failtime - Fail-time for server lost. type: int + more... + +
                • +
              • faz_disk_buffer_size - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailable. type: int + more... + +
                • +
              • fds_statistics - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet"s privacy policy. type: str choices: enable, disable + more... + +
                • +
              • fds_statistics_period - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). type: int + more... + +
                • +
              • fec_port - Local UDP port for Forward Error Correction (49152 - 65535). type: int + more... + +
                • +
              • fgd_alert_subscription - Type of alert to retrieve from FortiGuard. type: list choices: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db + more... + +
                • +
              • forticarrier_bypass - Enable/disable forticarrier-bypass. type: str choices: enable, disable + more... + +
                • +
              • fortiextender - Enable/disable FortiExtender. type: str choices: disable, enable + more... + +
                • +
              • fortiextender_data_port - FortiExtender data port (1024 - 49150). type: int + more... + +
                • +
              • fortiextender_discovery_lockdown - Enable/disable FortiExtender CAPWAP lockdown. type: str choices: disable, enable + more... + +
                • +
              • fortiextender_vlan_mode - Enable/disable FortiExtender VLAN mode. type: str choices: enable, disable + more... + +
                • +
              • fortiipam_integration - Enable/disable integration with the FortiIPAM cloud service. type: str choices: enable, disable + more... + +
                • +
              • fortiservice_port - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int + more... + +
                • +
              • fortitoken_cloud - Enable/disable FortiToken Cloud service. type: str choices: enable, disable + more... + +
                • +
              • gui_allow_default_hostname - Enable/disable the factory default hostname warning on the GUI setup wizard. type: str choices: enable, disable + more... + +
                • +
              • gui_cdn_usage - Enable/disable Load GUI static files from a CDN. type: str choices: enable, disable + more... + +
                • +
              • gui_certificates - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_custom_language - Enable/disable custom languages in GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_date_format - Default date format used throughout GUI. type: str choices: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy + more... + +
                • +
              • gui_date_time_source - Source from which the FortiGate GUI uses to display date and time entries. type: str choices: system, browser + more... + +
                • +
              • gui_device_latitude - Add the latitude of the location of this FortiGate to position it on the Threat Map. type: str + more... + +
                • +
              • gui_device_longitude - Add the longitude of the location of this FortiGate to position it on the Threat Map. type: str + more... + +
                • +
              • gui_display_hostname - Enable/disable displaying the FortiGate"s hostname on the GUI login page. type: str choices: enable, disable + more... + +
                • +
              • gui_firmware_upgrade_warning - Enable/disable the firmware upgrade warning on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_forticare_registration_setup_warning - Enable/disable the FortiCare registration setup warning on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_fortigate_cloud_sandbox - Enable/disable displaying FortiGate Cloud Sandbox on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_fortisandbox_cloud - Enable/disable displaying FortiSandbox Cloud on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_ipv6 - Enable/disable IPv6 settings on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_lines_per_page - Number of lines to display per page for web administration. type: int + more... + +
                • +
              • gui_local_out - Enable/disable Local-out traffic on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_rest_api_cache - Enable/disable REST API result caching on FortiGate. type: str choices: enable, disable + more... + +
                • +
              • gui_theme - Color scheme for the administration GUI. type: str choices: jade, neutrino, mariner, graphite, melongene, retro, dark-matter, onyx, eclipse, green, blue, red + more... + +
                • +
              • gui_wireless_opensecurity - Enable/disable wireless open security option on the GUI. type: str choices: enable, disable + more... + +
                • +
              • ha_affinity - Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • honor_df - Enable/disable honoring of Don"t-Fragment (DF) flag. type: str choices: enable, disable + more... + +
                • +
              • hostname - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. type: str + more... + +
                • +
              • igmp_state_limit - Maximum number of IGMP memberships (96 - 64000). type: int + more... + +
                • +
              • internet_service_database - Configure which Internet Service database size to download from FortiGuard and use. type: str choices: mini, standard, full + more... + +
                • +
              • interval - Dead gateway detection interval. type: int + more... + +
                • +
              • ip_src_port_range - IP source port range used for traffic originating from the FortiGate unit. type: str + more... + +
                • +
              • ips_affinity - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). type: str + more... + +
                • +
              • ipsec_asic_offload - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. type: str choices: enable, disable + more... + +
                • +
              • ipsec_ha_seqjump_rate - ESP jump ahead rate (1G - 10G pps equivalent). type: int + more... + +
                • +
              • ipsec_hmac_offload - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. type: str choices: enable, disable + more... + +
                • +
              • ipsec_soft_dec_async - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. type: str choices: enable, disable + more... + +
                • +
              • ipv6_accept_dad - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). type: int + more... + +
                • +
              • ipv6_allow_anycast_probe - Enable/disable IPv6 address probe through Anycast. type: str choices: enable, disable + more... + +
                • +
              • ipv6_allow_traffic_redirect - Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable + more... + +
                • +
              • irq_time_accounting - Configure CPU IRQ time accounting mode. type: str choices: auto, force + more... + +
                • +
              • language - GUI display language. type: str choices: english, french, spanish, portuguese, japanese, trach, simch, korean + more... + +
                • +
              • ldapconntimeout - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). type: int + more... + +
                • +
              • lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: enable, disable + more... + +
                • +
              • lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable + more... + +
                • +
              • log_ssl_connection - Enable/disable logging of SSL connection events. type: str choices: enable, disable + more... + +
                • +
              • log_uuid - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. type: str choices: disable, policy-only, extended + more... + +
                • +
              • log_uuid_address - Enable/disable insertion of address UUIDs to traffic logs. type: str choices: enable, disable + more... + +
                • +
              • log_uuid_policy - Enable/disable insertion of policy UUIDs to traffic logs. type: str choices: enable, disable + more... + +
                • +
              • login_timestamp - Enable/disable login time recording. type: str choices: enable, disable + more... + +
                • +
              • long_vdom_name - Enable/disable long VDOM name support. type: str choices: enable, disable + more... + +
                • +
              • management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str + more... + +
                • +
              • management_port - Overriding port for management connection (Overrides admin port). type: int + more... + +
                • +
              • management_port_use_admin_sport - Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. type: str choices: enable, disable + more... + +
                • +
              • management_vdom - Management virtual domain name. Source system.vdom.name. type: str + more... + +
                • +
              • max_dlpstat_memory - Maximum DLP stat memory (0 - 4294967295). type: int + more... + +
                • +
              • max_route_cache_size - Maximum number of IP route cache entries (0 - 2147483647). type: int + more... + +
                • +
              • mc_ttl_notchange - Enable/disable no modification of multicast TTL. type: str choices: enable, disable + more... + +
                • +
              • memory_use_threshold_extreme - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). type: int + more... + +
                • +
              • memory_use_threshold_green - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). type: int + more... + +
                • +
              • memory_use_threshold_red - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). type: int + more... + +
                • +
              • miglog_affinity - Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • miglogd_children - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed. type: int + more... + +
                • +
              • multi_factor_authentication - Enforce all login methods to require an additional authentication factor . type: str choices: optional, mandatory + more... + +
                • +
              • multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable + more... + +
                • +
              • ndp_max_entry - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int + more... + +
                • +
              • per_user_bal - Enable/disable per-user block/allow list filter. type: str choices: enable, disable + more... + +
                • +
              • per_user_bwl - Enable/disable per-user black/white list filter. type: str choices: enable, disable + more... + +
                • +
              • pmtu_discovery - Enable/disable path MTU discovery. type: str choices: enable, disable + more... + +
                • +
              • policy_auth_concurrent - Number of concurrent firewall use logins from the same user (1 - 100). type: int + more... + +
                • +
              • post_login_banner - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str choices: disable, enable + more... + +
                • +
              • pre_login_banner - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str choices: enable, disable + more... + +
                • +
              • private_data_encryption - Enable/disable private data encryption using an AES 128-bit key or passpharse. type: str choices: disable, enable + more... + +
                • +
              • proxy_auth_lifetime - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. type: str choices: enable, disable + more... + +
                • +
              • proxy_auth_lifetime_timeout - Lifetime timeout in minutes for authenticated users (5 - 65535 min). type: int + more... + +
                • +
              • proxy_auth_timeout - Authentication timeout in minutes for authenticated users (1 - 300 min). type: int + more... + +
                • +
              • proxy_cert_use_mgmt_vdom - Enable/disable using management VDOM to send requests. type: str choices: enable, disable + more... + +
                • +
              • proxy_cipher_hardware_acceleration - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. type: str choices: disable, enable + more... + +
                • +
              • proxy_hardware_acceleration - Enable/disable email proxy hardware acceleration. type: str choices: disable, enable + more... + +
                • +
              • proxy_kxp_hardware_acceleration - Enable/disable using the content processor to accelerate KXP traffic. type: str choices: disable, enable + more... + +
                • +
              • proxy_re_authentication_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str choices: session, traffic, absolute + more... + +
                • +
              • proxy_resource_mode - Enable/disable use of the maximum memory usage on the FortiGate unit"s proxy processing of resources, such as block lists, allow lists, and external resources. type: str choices: enable, disable + more... + +
                • +
              • proxy_worker_count - Proxy worker count. type: int + more... + +
                • +
              • radius_port - RADIUS service port number. type: int + more... + +
                • +
              • reboot_upon_config_restore - Enable/disable reboot of system upon restoring configuration. type: str choices: enable, disable + more... + +
                • +
              • refresh - Statistics refresh interval second(s) in GUI. type: int + more... + +
                • +
              • remoteauthtimeout - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (1-300 sec). type: int + more... + +
                • +
              • reset_sessionless_tcp - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. type: str choices: enable, disable + more... + +
                • +
              • restart_time - Daily restart time (hh:mm). type: str + more... + +
                • +
              • revision_backup_on_logout - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. type: str choices: enable, disable + more... + +
                • +
              • revision_image_auto_backup - Enable/disable back-up of the latest image revision after the firmware is upgraded. type: str choices: enable, disable + more... + +
                • +
              • scanunit_count - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. type: int + more... + +
                • +
              • security_rating_result_submission - Enable/disable the submission of Security Rating results to FortiGuard. type: str choices: enable, disable + more... + +
                • +
              • security_rating_run_on_schedule - Enable/disable scheduled runs of Security Rating. type: str choices: enable, disable + more... + +
                • +
              • send_pmtu_icmp - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. type: str choices: enable, disable + more... + +
                • +
              • snat_route_change - Enable/disable the ability to change the static NAT route. type: str choices: enable, disable + more... + +
                • +
              • special_file_23_support - Enable/disable detection of those special format files when using Data Leak Protection. type: str choices: disable, enable + more... + +
                • +
              • speedtest_server - Enable/disable speed test server. type: str choices: enable, disable + more... + +
                • +
              • split_port - Split port(s) to multiple 10Gbps ports. type: list
                • +
              • ssd_trim_date - Date within a month to run ssd trim. type: int + more... + +
                • +
              • ssd_trim_freq - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. type: str choices: never, hourly, daily, weekly, monthly + more... + +
                • +
              • ssd_trim_hour - Hour of the day on which to run SSD Trim (0 - 23). type: int + more... + +
                • +
              • ssd_trim_min - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). type: int + more... + +
                • +
              • ssd_trim_weekday - Day of week to run SSD Trim. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              • ssh_cbc_cipher - Enable/disable CBC cipher for SSH access. type: str choices: enable, disable + more... + +
                • +
              • ssh_enc_algo - Select one or more SSH ciphers. type: list choices: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com + more... + +
                • +
              • ssh_hmac_md5 - Enable/disable HMAC-MD5 for SSH access. type: str choices: enable, disable + more... + +
                • +
              • ssh_kex_algo - Select one or more SSH kex algorithms. type: list choices: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521 + more... + +
                • +
              • ssh_kex_sha1 - Enable/disable SHA1 key exchange for SSH access. type: str choices: enable, disable + more... + +
                • +
              • ssh_mac_algo - Select one or more SSH MAC algorithms. type: list choices: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com + more... + +
                • +
              • ssh_mac_weak - Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. type: str choices: enable, disable + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: SSLv3, TLSv1, TLSv1-1, TLSv1-2, TLSv1-3 + more... + +
                • +
              • ssl_static_key_ciphers - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). type: str choices: enable, disable + more... + +
                • +
              • sslvpn_cipher_hardware_acceleration - Enable/disable SSL-VPN hardware acceleration. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN connection. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_kxp_hardware_acceleration - Enable/disable SSL-VPN KXP hardware acceleration. type: str choices: enable, disable + more... + +
                • +
              • sslvpn_max_worker_count - Maximum number of SSL-VPN processes. Upper limit for this value is the number of CPUs and depends on the model. Default value of zero means the SSLVPN daemon decides the number of worker processes. type: int + more... + +
                • +
              • sslvpn_plugin_version_check - Enable/disable checking browser"s plugin version by SSL-VPN. type: str choices: enable, disable + more... + +
                • +
              • strict_dirty_session_check - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. type: str choices: enable, disable + more... + +
                • +
              • strong_crypto - Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. type: str choices: enable, disable + more... + +
                • +
              • switch_controller - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. type: str choices: disable, enable + more... + +
                • +
              • switch_controller_reserved_network - Configure reserved network subnet for managed switches. This is available when the switch controller is enabled. type: str + more... + +
                • +
              • sys_perf_log_interval - Time in minutes between updates of performance statistics logging. (1 - 15 min). type: int + more... + +
                • +
              • tcp_halfclose_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). type: int + more... + +
                • +
              • tcp_halfopen_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). type: int + more... + +
                • +
              • tcp_option - Enable SACK, timestamp and MSS TCP options. type: str choices: enable, disable + more... + +
                • +
              • tcp_rst_timer - Length of the TCP CLOSE state in seconds (5 - 300 sec). type: int + more... + +
                • +
              • tcp_timewait_timer - Length of the TCP TIME-WAIT state in seconds (1 - 300 sec). type: int + more... + +
                • +
              • tftp - Enable/disable TFTP. type: str choices: enable, disable + more... + +
                • +
              • timezone - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. type: str choices: 1, 2, 3, 4, 5, 81, 6, 7, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 41, 42, 43, 39, 44, 46, 47, 51, 48, 45, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 61, 64, 65, 66, 67, 68, 69, 70, 71, 72, 0, 82, 73, 86, 76 + more... + +
                • +
              • tp_mc_skip_policy - Enable/disable skip policy check and allow multicast through. type: str choices: enable, disable + more... + +
                • +
              • traffic_priority - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. type: str choices: tos, dscp + more... + +
                • +
              • traffic_priority_level - Default system-wide level of priority for traffic prioritization. type: str choices: low, medium, high + more... + +
                • +
              • two_factor_email_expiry - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). type: int + more... + +
                • +
              • two_factor_fac_expiry - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). type: int + more... + +
                • +
              • two_factor_ftk_expiry - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). type: int + more... + +
                • +
              • two_factor_ftm_expiry - FortiToken Mobile session timeout (1 - 168 hours (7 days)). type: int + more... + +
                • +
              • two_factor_sms_expiry - SMS-based two-factor authentication session timeout (30 - 300 sec). type: int + more... + +
                • +
              • udp_idle_timer - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). type: int + more... + +
                • +
              • url_filter_affinity - URL filter CPU affinity. type: str + more... + +
                • +
              • url_filter_count - URL filter daemon count. type: int + more... + +
                • +
              • user_device_store_max_devices - Maximum number of devices allowed in user device store. type: int + more... + +
                • +
              • user_device_store_max_unified_mem - Maximum unified memory allowed in user device store. type: int + more... + +
                • +
              • user_device_store_max_users - Maximum number of users allowed in user device store. type: int + more... + +
                • +
              • user_server_cert - Certificate to use for https user authentication. Source certificate.local.name. type: str + more... + +
                • +
              • vdom_admin - vdom-admin type: str choices: enable, disable + more... + +
                • +
              • vdom_mode - Enable/disable support for split/multiple virtual domains (VDOMs). type: str choices: no-vdom, split-vdom, multi-vdom + more... + +
                • +
              • vip_arp_range - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. type: str choices: unlimited, restricted + more... + +
                • +
              • virtual_server_count - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. type: int + more... + +
                • +
              • virtual_server_hardware_acceleration - Enable/disable virtual server hardware acceleration. type: str choices: disable, enable + more... + +
                • +
              • wad_affinity - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • wad_csvc_cs_count - Number of concurrent WAD-cache-service object-cache processes. type: int + more... + +
                • +
              • wad_csvc_db_count - Number of concurrent WAD-cache-service byte-cache processes. type: int + more... + +
                • +
              • wad_memory_change_granularity - Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection. type: int + more... + +
                • +
              • wad_source_affinity - Enable/disable dispatching traffic to WAD workers based on source affinity. type: str choices: disable, enable + more... + +
                • +
              • wad_worker_count - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. type: int + more... + +
                • +
              • wifi_ca_certificate - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. type: str + more... + +
                • +
              • wifi_certificate - Certificate to use for WiFi authentication. Source certificate.local.name. type: str + more... + +
                • +
              • wimax_4g_usb - Enable/disable comparability with WiMAX 4G USB devices. type: str choices: enable, disable + more... + +
                • +
              • wireless_controller - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. type: str choices: enable, disable + more... + +
                • +
              • wireless_controller_port - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global attributes. + fortios_system_global: + vdom: "{{ vdom }}" + system_global: + admin_concurrent: "enable" + admin_console_timeout: "4" + admin_forticloud_sso_login: "enable" + admin_hsts_max_age: "6" + admin_https_pki_required: "enable" + admin_https_redirect: "enable" + admin_https_ssl_banned_ciphers: "RSA" + admin_https_ssl_ciphersuites: "TLS-AES-128-GCM-SHA256" + admin_https_ssl_versions: "tlsv1-1" + admin_lockout_duration: "12" + admin_lockout_threshold: "13" + admin_login_max: "14" + admin_maintainer: "enable" + admin_port: "16" + admin_restrict_local: "enable" + admin_scp: "enable" + admin_server_cert: " (source certificate.local.name)" + admin_sport: "20" + admin_ssh_grace_time: "21" + admin_ssh_password: "enable" + admin_ssh_port: "23" + admin_ssh_v1: "enable" + admin_telnet: "enable" + admin_telnet_port: "26" + admintimeout: "27" + alias: "" + allow_traffic_redirect: "enable" + anti_replay: "disable" + arp_max_entry: "31" + asymroute: "enable" + auth_cert: " (source certificate.local.name)" + auth_http_port: "34" + auth_https_port: "35" + auth_keepalive: "enable" + auth_session_limit: "block-new" + auto_auth_extension_device: "enable" + autorun_log_fsck: "enable" + av_affinity: "" + av_failopen: "pass" + av_failopen_session: "enable" + batch_cmdb: "enable" + block_session_timer: "44" + br_fdb_max_entry: "45" + cert_chain_max: "46" + cfg_revert_timeout: "47" + cfg_save: "automatic" + check_protocol_header: "loose" + check_reset_range: "strict" + cli_audit_log: "enable" + cloud_communication: "enable" + clt_cert_req: "enable" + cmdbsvr_affinity: "" + compliance_check: "enable" + compliance_check_time: "" + cpu_use_threshold: "57" + csr_ca_attribute: "enable" + daily_restart: "enable" + default_service_source_port: "" + device_identification_active_scan_delay: "61" + device_idle_timeout: "62" + dh_params: "1024" + dnsproxy_worker_count: "64" + dst: "enable" + edit_vdom_prompt: "enable" + endpoint_control_fds_access: "enable" + endpoint_control_portal_port: "68" + extender_controller_reserved_network: "" + failtime: "70" + faz_disk_buffer_size: "71" + fds_statistics: "enable" + fds_statistics_period: "73" + fec_port: "74" + fgd_alert_subscription: "advisory" + forticarrier_bypass: "enable" + fortiextender: "disable" + fortiextender_data_port: "78" + fortiextender_discovery_lockdown: "disable" + fortiextender_vlan_mode: "enable" + fortiipam_integration: "enable" + fortiservice_port: "82" + fortitoken_cloud: "enable" + gui_allow_default_hostname: "enable" + gui_cdn_usage: "enable" + gui_certificates: "enable" + gui_custom_language: "enable" + gui_date_format: "yyyy/MM/dd" + gui_date_time_source: "system" + gui_device_latitude: "" + gui_device_longitude: "" + gui_display_hostname: "enable" + gui_firmware_upgrade_warning: "enable" + gui_forticare_registration_setup_warning: "enable" + gui_fortigate_cloud_sandbox: "enable" + gui_fortisandbox_cloud: "enable" + gui_ipv6: "enable" + gui_lines_per_page: "98" + gui_local_out: "enable" + gui_replacement_message_groups: "enable" + gui_rest_api_cache: "enable" + gui_theme: "jade" + gui_wireless_opensecurity: "enable" + ha_affinity: "" + honor_df: "enable" + hostname: "myhostname" + igmp_state_limit: "107" + internet_service_database: "mini" + interval: "109" + ip_src_port_range: "" + ips_affinity: "" + ipsec_asic_offload: "enable" + ipsec_ha_seqjump_rate: "113" + ipsec_hmac_offload: "enable" + ipsec_soft_dec_async: "enable" + ipv6_accept_dad: "116" + ipv6_allow_anycast_probe: "enable" + ipv6_allow_traffic_redirect: "enable" + irq_time_accounting: "auto" + language: "english" + ldapconntimeout: "121" + lldp_reception: "enable" + lldp_transmission: "enable" + log_ssl_connection: "enable" + log_uuid: "disable" + log_uuid_address: "enable" + log_uuid_policy: "enable" + login_timestamp: "enable" + long_vdom_name: "enable" + management_ip: "" + management_port: "131" + management_port_use_admin_sport: "enable" + management_vdom: " (source system.vdom.name)" + max_dlpstat_memory: "134" + max_route_cache_size: "135" + mc_ttl_notchange: "enable" + memory_use_threshold_extreme: "137" + memory_use_threshold_green: "138" + memory_use_threshold_red: "139" + miglog_affinity: "" + miglogd_children: "141" + multi_factor_authentication: "optional" + multicast_forward: "enable" + ndp_max_entry: "144" + per_user_bal: "enable" + per_user_bwl: "enable" + pmtu_discovery: "enable" + policy_auth_concurrent: "148" + post_login_banner: "disable" + pre_login_banner: "enable" + private_data_encryption: "disable" + proxy_auth_lifetime: "enable" + proxy_auth_lifetime_timeout: "153" + proxy_auth_timeout: "154" + proxy_cert_use_mgmt_vdom: "enable" + proxy_cipher_hardware_acceleration: "disable" + proxy_hardware_acceleration: "disable" + proxy_kxp_hardware_acceleration: "disable" + proxy_re_authentication_mode: "session" + proxy_resource_mode: "enable" + proxy_worker_count: "161" + radius_port: "162" + reboot_upon_config_restore: "enable" + refresh: "164" + remoteauthtimeout: "165" + reset_sessionless_tcp: "enable" + restart_time: "" + revision_backup_on_logout: "enable" + revision_image_auto_backup: "enable" + scanunit_count: "170" + security_rating_result_submission: "enable" + security_rating_run_on_schedule: "enable" + send_pmtu_icmp: "enable" + snat_route_change: "enable" + special_file_23_support: "disable" + speedtest_server: "enable" + split_port: "" + ssd_trim_date: "178" + ssd_trim_freq: "never" + ssd_trim_hour: "180" + ssd_trim_min: "181" + ssd_trim_weekday: "sunday" + ssh_cbc_cipher: "enable" + ssh_enc_algo: "chacha20-poly1305@openssh.com" + ssh_hmac_md5: "enable" + ssh_kex_algo: "diffie-hellman-group1-sha1" + ssh_kex_sha1: "enable" + ssh_mac_algo: "hmac-md5" + ssh_mac_weak: "enable" + ssl_min_proto_version: "SSLv3" + ssl_static_key_ciphers: "enable" + sslvpn_cipher_hardware_acceleration: "enable" + sslvpn_ems_sn_check: "enable" + sslvpn_kxp_hardware_acceleration: "enable" + sslvpn_max_worker_count: "195" + sslvpn_plugin_version_check: "enable" + strict_dirty_session_check: "enable" + strong_crypto: "enable" + switch_controller: "disable" + switch_controller_reserved_network: "" + sys_perf_log_interval: "201" + tcp_halfclose_timer: "202" + tcp_halfopen_timer: "203" + tcp_option: "enable" + tcp_rst_timer: "205" + tcp_timewait_timer: "206" + tftp: "enable" + timezone: "01" + tp_mc_skip_policy: "enable" + traffic_priority: "tos" + traffic_priority_level: "low" + two_factor_email_expiry: "212" + two_factor_fac_expiry: "213" + two_factor_ftk_expiry: "214" + two_factor_ftm_expiry: "215" + two_factor_sms_expiry: "216" + udp_idle_timer: "217" + url_filter_affinity: "" + url_filter_count: "219" + user_device_store_max_devices: "220" + user_device_store_max_unified_mem: "221" + user_device_store_max_users: "222" + user_server_cert: " (source certificate.local.name)" + vdom_admin: "enable" + vdom_mode: "no-vdom" + vip_arp_range: "unlimited" + virtual_server_count: "227" + virtual_server_hardware_acceleration: "disable" + wad_affinity: "" + wad_csvc_cs_count: "230" + wad_csvc_db_count: "231" + wad_memory_change_granularity: "232" + wad_source_affinity: "disable" + wad_worker_count: "234" + wifi_ca_certificate: " (source certificate.ca.name)" + wifi_certificate: " (source certificate.local.name)" + wimax_4g_usb: "enable" + wireless_controller: "enable" + wireless_controller_port: "239" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_gre_tunnel.rst b/gen/fortios_system_gre_tunnel.rst new file mode 100644 index 00000000..523b895e --- /dev/null +++ b/gen/fortios_system_gre_tunnel.rst @@ -0,0 +1,1310 @@ +:source: fortios_system_gre_tunnel.py + +:orphan: + +.. fortios_system_gre_tunnel: + +fortios_system_gre_tunnel -- Configure GRE tunnel in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and gre_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_gre_tunnelyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_gre_tunnel - Configure GRE tunnel. type: dict + more... + +
              • +
                +
              • checksum_reception - Enable/disable validating checksums in received GRE packets. type: str choices: disable, enable + more... + +
                • +
              • checksum_transmission - Enable/disable including checksums in transmitted GRE packets. type: str choices: disable, enable + more... + +
                • +
              • diffservcode - DiffServ setting to be applied to GRE tunnel outer IP header. type: str + more... + +
                • +
              • dscp_copying - Enable/disable DSCP copying. type: str choices: disable, enable + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • ip_version - IP version to use for VPN interface. type: str choices: 4, 6 + more... + +
                • +
              • keepalive_failtimes - Number of consecutive unreturned keepalive messages before a GRE connection is considered down (1 - 255). type: int + more... + +
                • +
              • keepalive_interval - Keepalive message interval (0 - 32767, 0 = disabled). type: int + more... + +
                • +
              • key_inbound - Require received GRE packets contain this key (0 - 4294967295). type: int + more... + +
                • +
              • key_outbound - Include this key in transmitted GRE packets (0 - 4294967295). type: int + more... + +
                • +
              • local_gw - IP address of the local gateway. type: str + more... + +
                • +
              • local_gw6 - IPv6 address of the local gateway. type: str + more... + +
                • +
              • name - Tunnel name. type: str required: true + more... + +
                • +
              • remote_gw - IP address of the remote gateway. type: str + more... + +
                • +
              • remote_gw6 - IPv6 address of the remote gateway. type: str + more... + +
                • +
              • sequence_number_reception - Enable/disable validating sequence numbers in received GRE packets. type: str choices: disable, enable + more... + +
                • +
              • sequence_number_transmission - Enable/disable including of sequence numbers in transmitted GRE packets. type: str choices: disable, enable + more... + +
                • +
              • use_sdwan - Enable/disable use of SD-WAN to reach remote gateway. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure GRE tunnel. + fortios_system_gre_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_gre_tunnel: + checksum_reception: "disable" + checksum_transmission: "disable" + diffservcode: "" + dscp_copying: "disable" + interface: " (source system.interface.name)" + ip_version: "4" + keepalive_failtimes: "9" + keepalive_interval: "10" + key_inbound: "11" + key_outbound: "12" + local_gw: "" + local_gw6: "" + name: "default_name_15" + remote_gw: "" + remote_gw6: "" + sequence_number_reception: "disable" + sequence_number_transmission: "disable" + use_sdwan: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ha.rst b/gen/fortios_system_ha.rst new file mode 100644 index 00000000..5e20fdae --- /dev/null +++ b/gen/fortios_system_ha.rst @@ -0,0 +1,5754 @@ +:source: fortios_system_ha.py + +:orphan: + +.. fortios_system_ha: + +fortios_system_ha -- Configure HA in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ha category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_hayesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ha - Configure HA. type: dict + more... + +
              • +
                +
              • arps - Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time. type: int + more... + +
                • +
              • arps_interval - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic. type: int + more... + +
                • +
              • authentication - Enable/disable heartbeat message authentication. type: str choices: enable, disable + more... + +
                • +
              • cpu_threshold - Dynamic weighted load balancing CPU usage weight and high and low thresholds. type: str + more... + +
                • +
              • encryption - Enable/disable heartbeat message encryption. type: str choices: enable, disable + more... + +
                • +
              • failover_hold_time - Time to wait before failover (0 - 300 sec), to avoid flip. type: int + more... + +
                • +
              • ftp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. type: str + more... + +
                • +
              • gratuitous_arps - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. type: str choices: enable, disable + more... + +
                • +
              • group_id - HA group ID (0 - 1023). Must be the same for all members. type: int + more... + +
                • +
              • group_name - Cluster group name. Must be the same for all members. type: str + more... + +
                • +
              • ha_direct - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. type: str choices: enable, disable + more... + +
                • +
              • ha_eth_type - HA heartbeat packet Ethertype (4-digit hex). type: str + more... + +
                • +
              • ha_mgmt_interfaces - Reserve interfaces to manage individual cluster units. type: list member_path: ha_mgmt_interfaces:id + more... + +
                • +
                  +
                • dst - Default route destination for reserved HA management interface. type: str + more... + +
                  • +
                • gateway - Default route gateway for reserved HA management interface. type: str + more... + +
                  • +
                • gateway6 - Default IPv6 gateway for reserved HA management interface. type: str + more... + +
                  • +
                • id - Table ID. type: int required: true + more... + +
                  • +
                • interface - Interface to reserve for HA management. Source system.interface.name. type: str + more... + +
                  • +
                +
              • ha_mgmt_status - Enable to reserve interfaces to manage individual cluster units. type: str choices: enable, disable + more... + +
                • +
              • ha_uptime_diff_margin - Normally you would only reduce this value for failover testing. type: int + more... + +
                • +
              • hb_interval - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives. type: int + more... + +
                • +
              • hb_interval_in_milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. type: str choices: 100ms, 10ms + more... + +
                • +
              • hb_lost_threshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives. type: int + more... + +
                • +
              • hbdev - Heartbeat interfaces. Must be the same for all members. type: list
                • +
              • hc_eth_type - Transparent mode HA heartbeat packet Ethertype (4-digit hex). type: str + more... + +
                • +
              • hello_holddown - Time to wait before changing from hello to work state (5 - 300 sec). type: int + more... + +
                • +
              • http_proxy_threshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. type: str + more... + +
                • +
              • imap_proxy_threshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. type: str + more... + +
                • +
              • inter_cluster_session_sync - Enable/disable synchronization of sessions among HA clusters. type: str choices: enable, disable + more... + +
                • +
              • key - Key. type: str + more... + +
                • +
              • l2ep_eth_type - Telnet session HA heartbeat packet Ethertype (4-digit hex). type: str + more... + +
                • +
              • link_failed_signal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. type: str choices: enable, disable + more... + +
                • +
              • load_balance_all - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. type: str choices: enable, disable + more... + +
                • +
              • logical_sn - Enable/disable usage of the logical serial number. type: str choices: enable, disable + more... + +
                • +
              • memory_based_failover - Enable/disable memory based failover. type: str choices: enable, disable + more... + +
                • +
              • memory_compatible_mode - Enable/disable memory compatible mode. type: str choices: enable, disable + more... + +
                • +
              • memory_failover_flip_timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647). type: int + more... + +
                • +
              • memory_failover_monitor_period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300). type: int + more... + +
                • +
              • memory_failover_sample_rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60). type: int + more... + +
                • +
              • memory_failover_threshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global). type: int + more... + +
                • +
              • memory_threshold - Dynamic weighted load balancing memory usage weight and high and low thresholds. type: str + more... + +
                • +
              • mode - HA mode. Must be the same for all members. FGSP requires standalone. type: str choices: standalone, a-a, a-p + more... + +
                • +
              • monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: list
                • +
              • multicast_ttl - HA multicast TTL on primary (5 - 3600 sec). type: int + more... + +
                • +
              • nntp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. type: str + more... + +
                • +
              • override - Enable and increase the priority of the unit that should always be primary. type: str choices: enable, disable + more... + +
                • +
              • override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int + more... + +
                • +
              • password - Cluster password. Must be the same for all members. type: str + more... + +
                • +
              • pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int + more... + +
                • +
              • pingserver_flip_timeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover. type: int + more... + +
                • +
              • pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: list
                • +
              • pingserver_secondary_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable + more... + +
                • +
              • pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable + more... + +
                • +
              • pop3_proxy_threshold - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. type: str + more... + +
                • +
              • priority - Increase the priority to select the primary unit (0 - 255). type: int + more... + +
                • +
              • route_hold - Time to wait between routing table updates to the cluster (0 - 3600 sec). type: int + more... + +
                • +
              • route_ttl - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover. type: int + more... + +
                • +
              • route_wait - Time to wait before sending new routes to the cluster (0 - 3600 sec). type: int + more... + +
                • +
              • schedule - Type of A-A load balancing. Use none if you have external load balancers. type: str choices: none, hub, leastconnection, round-robin, weight-round-robin, random, ip, ipport + more... + +
                • +
              • secondary_vcluster - Configure virtual cluster 2. type: dict + more... + +
                • +
                  +
                • monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: str + more... + +
                  • +
                • override - Enable and increase the priority of the unit that should always be primary. type: str choices: enable, disable + more... + +
                  • +
                • override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int + more... + +
                  • +
                • pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int + more... + +
                  • +
                • pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: str + more... + +
                  • +
                • pingserver_secondary_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable + more... + +
                  • +
                • pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable + more... + +
                  • +
                • priority - Increase the priority to select the primary unit (0 - 255). type: int + more... + +
                  • +
                • vcluster_id - Cluster ID. type: int + more... + +
                  • +
                • vdom - VDOMs in virtual cluster 2. type: str + more... + +
                  • +
                +
              • session_pickup - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. type: str choices: enable, disable + more... + +
                • +
              • session_pickup_connectionless - Enable/disable UDP and ICMP session sync. type: str choices: enable, disable + more... + +
                • +
              • session_pickup_delay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. type: str choices: enable, disable + more... + +
                • +
              • session_pickup_expectation - Enable/disable session helper expectation session sync for FGSP. type: str choices: enable, disable + more... + +
                • +
              • session_pickup_nat - Enable/disable NAT session sync for FGSP. type: str choices: enable, disable + more... + +
                • +
              • session_sync_dev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly. Source system.interface.name. type: list
                • +
              • smtp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions. type: str + more... + +
                • +
              • ssd_failover - Enable/disable automatic HA failover on SSD disk failure. type: str choices: enable, disable + more... + +
                • +
              • standalone_config_sync - Enable/disable FGSP configuration synchronization. type: str choices: enable, disable + more... + +
                • +
              • standalone_mgmt_vdom - Enable/disable standalone management VDOM. type: str choices: enable, disable + more... + +
                • +
              • sync_config - Enable/disable configuration synchronization. type: str choices: enable, disable + more... + +
                • +
              • sync_packet_balance - Enable/disable HA packet distribution to multiple CPUs. type: str choices: enable, disable + more... + +
                • +
              • unicast_gateway - Default route gateway for unicast interface. type: str + more... + +
                • +
              • unicast_hb - Enable/disable unicast heartbeat. type: str choices: enable, disable + more... + +
                • +
              • unicast_hb_netmask - Unicast heartbeat netmask. type: str + more... + +
                • +
              • unicast_hb_peerip - Unicast heartbeat peer IP. type: str + more... + +
                • +
              • unicast_peers - Number of unicast peers. type: list member_path: unicast_peers:id + more... + +
                • +
                  +
                • id - Table ID. type: int required: true + more... + +
                  • +
                • peer_ip - Unicast peer IP. type: str + more... + +
                  • +
                +
              • unicast_status - Enable/disable unicast connection. type: str choices: enable, disable + more... + +
                • +
              • uninterruptible_primary_wait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (1 - 300). type: int + more... + +
                • +
              • uninterruptible_upgrade - Enable to upgrade a cluster without blocking network traffic. type: str choices: enable, disable + more... + +
                • +
              • vcluster_id - Cluster ID. type: int + more... + +
                • +
              • vcluster2 - Enable/disable virtual cluster 2 for virtual clustering. type: str choices: enable, disable + more... + +
                • +
              • vdom - VDOMs in virtual cluster 1. type: str + more... + +
                • +
              • weight - Weighted round robin weight for each cluster unit. Syntax . type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure HA. + fortios_system_ha: + vdom: "{{ vdom }}" + system_ha: + arps: "3" + arps_interval: "4" + authentication: "enable" + cpu_threshold: "" + encryption: "enable" + failover_hold_time: "8" + ftp_proxy_threshold: "" + gratuitous_arps: "enable" + group_id: "11" + group_name: "" + ha_direct: "enable" + ha_eth_type: "" + ha_mgmt_interfaces: + - + dst: "" + gateway: "" + gateway6: "" + id: "19" + interface: " (source system.interface.name)" + ha_mgmt_status: "enable" + ha_uptime_diff_margin: "22" + hb_interval: "23" + hb_interval_in_milliseconds: "100ms" + hb_lost_threshold: "25" + hbdev: "" + hc_eth_type: "" + hello_holddown: "28" + http_proxy_threshold: "" + imap_proxy_threshold: "" + inter_cluster_session_sync: "enable" + key: "" + l2ep_eth_type: "" + link_failed_signal: "enable" + load_balance_all: "enable" + logical_sn: "enable" + memory_based_failover: "enable" + memory_compatible_mode: "enable" + memory_failover_flip_timeout: "39" + memory_failover_monitor_period: "40" + memory_failover_sample_rate: "41" + memory_failover_threshold: "42" + memory_threshold: "" + mode: "standalone" + monitor: " (source system.interface.name)" + multicast_ttl: "46" + nntp_proxy_threshold: "" + override: "enable" + override_wait_time: "49" + password: "" + pingserver_failover_threshold: "51" + pingserver_flip_timeout: "52" + pingserver_monitor_interface: " (source system.interface.name)" + pingserver_secondary_force_reset: "enable" + pingserver_slave_force_reset: "enable" + pop3_proxy_threshold: "" + priority: "57" + route_hold: "58" + route_ttl: "59" + route_wait: "60" + schedule: "none" + secondary_vcluster: + monitor: " (source system.interface.name)" + override: "enable" + override_wait_time: "65" + pingserver_failover_threshold: "66" + pingserver_monitor_interface: " (source system.interface.name)" + pingserver_secondary_force_reset: "enable" + pingserver_slave_force_reset: "enable" + priority: "70" + vcluster_id: "71" + vdom: "" + session_pickup: "enable" + session_pickup_connectionless: "enable" + session_pickup_delay: "enable" + session_pickup_expectation: "enable" + session_pickup_nat: "enable" + session_sync_dev: " (source system.interface.name)" + smtp_proxy_threshold: "" + ssd_failover: "enable" + standalone_config_sync: "enable" + standalone_mgmt_vdom: "enable" + sync_config: "enable" + sync_packet_balance: "enable" + unicast_gateway: "" + unicast_hb: "enable" + unicast_hb_netmask: "" + unicast_hb_peerip: "" + unicast_peers: + - + id: "90" + peer_ip: "" + unicast_status: "enable" + uninterruptible_primary_wait: "93" + uninterruptible_upgrade: "enable" + vcluster_id: "95" + vcluster2: "enable" + vdom: "" + weight: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ha_monitor.rst b/gen/fortios_system_ha_monitor.rst new file mode 100644 index 00000000..1c6f418e --- /dev/null +++ b/gen/fortios_system_ha_monitor.rst @@ -0,0 +1,389 @@ +:source: fortios_system_ha_monitor.py + +:orphan: + +.. fortios_system_ha_monitor: + +fortios_system_ha_monitor -- Configure HA monitor in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ha_monitor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ha_monitoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ha_monitor - Configure HA monitor. type: dict + more... + +
              • +
                +
              • monitor_vlan - Enable/disable monitor VLAN interfaces. type: str choices: enable, disable + more... + +
                • +
              • vlan_hb_interval - Configure heartbeat interval (seconds). type: int + more... + +
                • +
              • vlan_hb_lost_threshold - VLAN lost heartbeat threshold (1 - 60). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure HA monitor. + fortios_system_ha_monitor: + vdom: "{{ vdom }}" + system_ha_monitor: + monitor_vlan: "enable" + vlan_hb_interval: "4" + vlan_hb_lost_threshold: "5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ike.rst b/gen/fortios_system_ike.rst new file mode 100644 index 00000000..2e7ffd61 --- /dev/null +++ b/gen/fortios_system_ike.rst @@ -0,0 +1,2994 @@ +:source: fortios_system_ike.py + +:orphan: + +.. fortios_system_ike: + +fortios_system_ike -- Configure IKE global attributes in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ike category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ikeyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ike - Configure IKE global attributes. type: dict + more... + +
              • +
                +
              • dh_group_1 - Diffie-Hellman group 1 (MODP-768). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_14 - Diffie-Hellman group 14 (MODP-2048). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_15 - Diffie-Hellman group 15 (MODP-3072). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_16 - Diffie-Hellman group 16 (MODP-4096). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_17 - Diffie-Hellman group 17 (MODP-6144). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_18 - Diffie-Hellman group 18 (MODP-8192). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_19 - Diffie-Hellman group 19 (EC-P256). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_2 - Diffie-Hellman group 2 (MODP-1024). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_20 - Diffie-Hellman group 20 (EC-P384). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_21 - Diffie-Hellman group 21 (EC-P521). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_27 - Diffie-Hellman group 27 (EC-P224BP). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_28 - Diffie-Hellman group 28 (EC-P256BP). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_29 - Diffie-Hellman group 29 (EC-P384BP). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_30 - Diffie-Hellman group 30 (EC-P512BP). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_31 - Diffie-Hellman group 31 (EC-X25519). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_32 - Diffie-Hellman group 32 (EC-X448). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_group_5 - Diffie-Hellman group 5 (MODP-1536). type: dict + more... + +
                • +
                  +
                • keypair_cache - Configure custom key pair cache size for this Diffie-Hellman group. type: str choices: global, custom + more... + +
                  • +
                • keypair_count - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). type: int + more... + +
                  • +
                • mode - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. type: str choices: software, hardware, global + more... + +
                  • +
                +
              • dh_keypair_cache - Enable/disable Diffie-Hellman key pair cache. type: str choices: enable, disable + more... + +
                • +
              • dh_keypair_count - Number of key pairs to pre-generate for each Diffie-Hellman group (per-worker). type: int + more... + +
                • +
              • dh_keypair_throttle - Enable/disable Diffie-Hellman key pair cache CPU throttling. type: str choices: enable, disable + more... + +
                • +
              • dh_mode - Use software (CPU) or hardware (CPX) to perform Diffie-Hellman calculations. type: str choices: software, hardware + more... + +
                • +
              • dh_multiprocess - Enable/disable multiprocess Diffie-Hellman daemon for IKE. type: str choices: enable, disable + more... + +
                • +
              • dh_worker_count - Number of Diffie-Hellman workers to start. type: int + more... + +
                • +
              • embryonic_limit - Maximum number of IPsec tunnels to negotiate simultaneously. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IKE global attributes. + fortios_system_ike: + vdom: "{{ vdom }}" + system_ike: + dh_group_1: + keypair_cache: "global" + keypair_count: "5" + mode: "software" + dh_group_14: + keypair_cache: "global" + keypair_count: "9" + mode: "software" + dh_group_15: + keypair_cache: "global" + keypair_count: "13" + mode: "software" + dh_group_16: + keypair_cache: "global" + keypair_count: "17" + mode: "software" + dh_group_17: + keypair_cache: "global" + keypair_count: "21" + mode: "software" + dh_group_18: + keypair_cache: "global" + keypair_count: "25" + mode: "software" + dh_group_19: + keypair_cache: "global" + keypair_count: "29" + mode: "software" + dh_group_2: + keypair_cache: "global" + keypair_count: "33" + mode: "software" + dh_group_20: + keypair_cache: "global" + keypair_count: "37" + mode: "software" + dh_group_21: + keypair_cache: "global" + keypair_count: "41" + mode: "software" + dh_group_27: + keypair_cache: "global" + keypair_count: "45" + mode: "software" + dh_group_28: + keypair_cache: "global" + keypair_count: "49" + mode: "software" + dh_group_29: + keypair_cache: "global" + keypair_count: "53" + mode: "software" + dh_group_30: + keypair_cache: "global" + keypair_count: "57" + mode: "software" + dh_group_31: + keypair_cache: "global" + keypair_count: "61" + mode: "software" + dh_group_32: + keypair_cache: "global" + keypair_count: "65" + mode: "software" + dh_group_5: + keypair_cache: "global" + keypair_count: "69" + mode: "software" + dh_keypair_cache: "enable" + dh_keypair_count: "72" + dh_keypair_throttle: "enable" + dh_mode: "software" + dh_multiprocess: "enable" + dh_worker_count: "76" + embryonic_limit: "77" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_interface.rst b/gen/fortios_system_interface.rst new file mode 100644 index 00000000..98462665 --- /dev/null +++ b/gen/fortios_system_interface.rst @@ -0,0 +1,21995 @@ +:source: fortios_system_interface.py + +:orphan: + +.. fortios_system_interface: + +fortios_system_interface -- Configure interfaces in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_interfaceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_interface - Configure interfaces. type: dict + more... + +
              • +
                +
              • ac_name - PPPoE server name. type: str + more... + +
                • +
              • aggregate - Aggregate interface. type: str + more... + +
                • +
              • algorithm - Frame distribution algorithm. type: str choices: L2, L3, L4 + more... + +
                • +
              • alias - Alias will be displayed with the interface name to make it easier to distinguish. type: str + more... + +
                • +
              • allowaccess - Permitted types of management access to this interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, fabric, ftm, speed-test, capwap + more... + +
                • +
              • ap_discover - Enable/disable automatic registration of unknown FortiAP devices. type: str choices: enable, disable + more... + +
                • +
              • arpforward - Enable/disable ARP forwarding. type: str choices: enable, disable + more... + +
                • +
              • auth_cert - HTTPS server certificate. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • auth_portal_addr - Address of captive portal. type: str + more... + +
                • +
              • auth_type - PPP authentication type to use. type: str choices: auto, pap, chap, mschapv1, mschapv2 + more... + +
                • +
              • auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. type: str choices: enable, disable + more... + +
                • +
              • bandwidth_measure_time - Bandwidth measure time. type: int + more... + +
                • +
              • bfd - Bidirectional Forwarding Detection (BFD) settings. type: str choices: global, enable, disable + more... + +
                • +
              • bfd_desired_min_tx - BFD desired minimal transmit interval. type: int + more... + +
                • +
              • bfd_detect_mult - BFD detection multiplier. type: int + more... + +
                • +
              • bfd_required_min_rx - BFD required minimal receive interval. type: int + more... + +
                • +
              • broadcast_forticlient_discovery - Enable/disable broadcasting FortiClient discovery messages. type: str choices: enable, disable + more... + +
                • +
              • broadcast_forward - Enable/disable broadcast forwarding. type: str choices: enable, disable + more... + +
                • +
              • captive_portal - Enable/disable captive portal. type: int + more... + +
                • +
              • cli_conn_status - CLI connection status. type: int + more... + +
                • +
              • client_options - DHCP client options. type: list member_path: client_options:id + more... + +
                • +
                  +
                • code - DHCP client option code. type: int + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ip - DHCP option IPs. type: str + more... + +
                  • +
                • type - DHCP client option type. type: str choices: hex, string, ip, fqdn + more... + +
                  • +
                • value - DHCP client option value. type: str + more... + +
                  • +
                +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • dedicated_to - Configure interface for single purpose. type: str choices: none, management + more... + +
                • +
              • defaultgw - Enable to get the gateway IP from the DHCP or PPPoE server. type: str choices: enable, disable + more... + +
                • +
              • description - Description. type: str + more... + +
                • +
              • detected_peer_mtu - MTU of detected peer (0 - 4294967295). type: int + more... + +
                • +
              • detectprotocol - Protocols used to detect the server. type: list choices: ping, tcp-echo, udp-echo + more... + +
                • +
              • detectserver - Gateway"s ping server for this IP. type: str + more... + +
                • +
              • device_access_list - Device access list. type: str + more... + +
                • +
              • device_identification - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. type: str choices: enable, disable + more... + +
                • +
              • device_identification_active_scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. type: str choices: enable, disable + more... + +
                • +
              • device_netscan - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. type: str choices: disable, enable + more... + +
                • +
              • device_user_identification - Enable/disable passive gathering of user identity information about users on this interface. type: str choices: enable, disable + more... + +
                • +
              • devindex - Device Index. type: int + more... + +
                • +
              • dhcp_classless_route_addition - Enable/disable addition of classless static routes retrieved from DHCP server. type: str choices: enable, disable + more... + +
                • +
              • dhcp_client_identifier - DHCP client identifier. type: str + more... + +
                • +
              • dhcp_relay_agent_option - Enable/disable DHCP relay agent option. type: str choices: enable, disable + more... + +
                • +
              • dhcp_relay_interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • dhcp_relay_interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • dhcp_relay_ip - DHCP relay IP address. type: list
                • +
              • dhcp_relay_link_selection - DHCP relay link selection. type: str + more... + +
                • +
              • dhcp_relay_request_all_server - Enable/disable sending of DHCP requests to all servers. type: str choices: disable, enable + more... + +
                • +
              • dhcp_relay_service - Enable/disable allowing this interface to act as a DHCP relay. type: str choices: disable, enable + more... + +
                • +
              • dhcp_relay_type - DHCP relay type (regular or IPsec). type: str choices: regular, ipsec + more... + +
                • +
              • dhcp_renew_time - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. type: int + more... + +
                • +
              • dhcp_snooping_server_list - Configure DHCP server access list. type: list member_path: dhcp_snooping_server_list:name + more... + +
                • +
                  +
                • name - DHCP server name. type: str required: true + more... + +
                  • +
                • server_ip - IP address for DHCP server. type: str + more... + +
                  • +
                +
              • disc_retry_timeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. type: int + more... + +
                • +
              • disconnect_threshold - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. type: int + more... + +
                • +
              • distance - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. type: int + more... + +
                • +
              • dns_server_override - Enable/disable use DNS acquired by DHCP or PPPoE. type: str choices: enable, disable + more... + +
                • +
              • dns_server_protocol - DNS transport protocols. type: list choices: cleartext, dot, doh + more... + +
                • +
              • drop_fragment - Enable/disable drop fragment packets. type: str choices: enable, disable + more... + +
                • +
              • drop_overlapped_fragment - Enable/disable drop overlapped fragment packets. type: str choices: enable, disable + more... + +
                • +
              • egress_cos - Override outgoing CoS in user VLAN tag. type: str choices: disable, cos0, cos1, cos2, cos3, cos4, cos5, cos6, cos7 + more... + +
                • +
              • egress_queues - Configure queues of NP port on egress path. type: dict + more... + +
                • +
                  +
                • cos0 - CoS profile name for CoS 0. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos1 - CoS profile name for CoS 1. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos2 - CoS profile name for CoS 2. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos3 - CoS profile name for CoS 3. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos4 - CoS profile name for CoS 4. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos5 - CoS profile name for CoS 5. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos6 - CoS profile name for CoS 6. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos7 - CoS profile name for CoS 7. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                +
              • egress_shaping_profile - Outgoing traffic shaping profile. Source firewall.shaping-profile.profile-name. type: str + more... + +
                • +
              • endpoint_compliance - Enable/disable endpoint compliance enforcement. type: str choices: enable, disable + more... + +
                • +
              • estimated_downstream_bandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. type: int + more... + +
                • +
              • estimated_upstream_bandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. type: int + more... + +
                • +
              • explicit_ftp_proxy - Enable/disable the explicit FTP proxy on this interface. type: str choices: enable, disable + more... + +
                • +
              • explicit_web_proxy - Enable/disable the explicit web proxy on this interface. type: str choices: enable, disable + more... + +
                • +
              • external - Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet). type: str choices: enable, disable + more... + +
                • +
              • fail_action_on_extender - Action on FortiExtender when interface fail. type: str choices: soft-restart, hard-restart, reboot + more... + +
                • +
              • fail_alert_interfaces - Names of the FortiGate interfaces to which the link failure alert is sent. type: list member_path: fail_alert_interfaces:name + more... + +
                • +
                  +
                • name - Names of the non-virtual interface. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • fail_alert_method - Select link-failed-signal or link-down method to alert about a failed link. type: str choices: link-failed-signal, link-down + more... + +
                • +
              • fail_detect - Enable/disable fail detection features for this interface. type: str choices: enable, disable + more... + +
                • +
              • fail_detect_option - Options for detecting that this interface has failed. type: list choices: detectserver, link-down + more... + +
                • +
              • fortiheartbeat - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). type: str choices: enable, disable + more... + +
                • +
              • fortilink - Enable FortiLink to dedicate this interface to manage other Fortinet devices. type: str choices: enable, disable + more... + +
                • +
              • fortilink_backup_link - FortiLink split interface backup link. type: int + more... + +
                • +
              • fortilink_neighbor_detect - Protocol for FortiGate neighbor discovery. type: str choices: lldp, fortilink + more... + +
                • +
              • fortilink_split_interface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. type: str choices: enable, disable + more... + +
                • +
              • fortilink_stacking - Enable/disable FortiLink switch-stacking on this interface. type: str choices: enable, disable + more... + +
                • +
              • forward_domain - Transparent mode forward domain. type: int + more... + +
                • +
              • gi_gk - Enable/disable Gi Gatekeeper. type: str choices: enable, disable + more... + +
                • +
              • gwdetect - Enable/disable detect gateway alive for first. type: str choices: enable, disable + more... + +
                • +
              • ha_priority - HA election priority for the PING server. type: int + more... + +
                • +
              • icmp_accept_redirect - Enable/disable ICMP accept redirect. type: str choices: enable, disable + more... + +
                • +
              • icmp_send_redirect - Enable/disable sending of ICMP redirects. type: str choices: enable, disable + more... + +
                • +
              • ident_accept - Enable/disable authentication for this interface. type: str choices: enable, disable + more... + +
                • +
              • idle_timeout - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. type: int + more... + +
                • +
              • inbandwidth - Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. type: int + more... + +
                • +
              • ingress_cos - Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. type: str choices: disable, cos0, cos1, cos2, cos3, cos4, cos5, cos6, cos7 + more... + +
                • +
              • ingress_shaping_profile - Incoming traffic shaping profile. Source firewall.shaping-profile.profile-name. type: str + more... + +
                • +
              • ingress_spillover_threshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • internal - Implicitly created. type: int + more... + +
                • +
              • ip - Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. type: str + more... + +
                • +
              • ip_managed_by_fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM. type: str choices: enable, disable + more... + +
                • +
              • ipmac - Enable/disable IP/MAC binding. type: str choices: enable, disable + more... + +
                • +
              • ips_sniffer_mode - Enable/disable the use of this interface as a one-armed sniffer. type: str choices: enable, disable + more... + +
                • +
              • ipunnumbered - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. type: str + more... + +
                • +
              • ipv6 - IPv6 of interface. type: dict + more... + +
                • +
                  +
                • autoconf - Enable/disable address auto config. type: str choices: enable, disable + more... + +
                  • +
                • cli_conn6_status - CLI IPv6 connection status. type: int + more... + +
                  • +
                • dhcp6_client_options - DHCPv6 client options. type: list choices: rapid, iapd, iana + more... + +
                  • +
                • dhcp6_iapd_list - DHCPv6 IA-PD list. type: list member_path: ipv6/dhcp6_iapd_list:iaid + more... + +
                  • +
                    +
                  • iaid - Identity association identifier. type: int required: true + more... + +
                    • +
                  • prefix_hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str + more... + +
                    • +
                  • prefix_hint_plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int + more... + +
                    • +
                  • prefix_hint_vlt - DHCPv6 prefix hint valid life time (sec). type: int + more... + +
                    • +
                  +
                • dhcp6_information_request - Enable/disable DHCPv6 information request. type: str choices: enable, disable + more... + +
                  • +
                • dhcp6_prefix_delegation - Enable/disable DHCPv6 prefix delegation. type: str choices: enable, disable + more... + +
                  • +
                • dhcp6_prefix_hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str + more... + +
                  • +
                • dhcp6_prefix_hint_plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int + more... + +
                  • +
                • dhcp6_prefix_hint_vlt - DHCPv6 prefix hint valid life time (sec). type: int + more... + +
                  • +
                • dhcp6_relay_ip - DHCPv6 relay IP address. type: list
                  • +
                • dhcp6_relay_service - Enable/disable DHCPv6 relay. type: str choices: disable, enable + more... + +
                  • +
                • dhcp6_relay_type - DHCPv6 relay type. type: str choices: regular + more... + +
                  • +
                • icmp6_send_redirect - Enable/disable sending of ICMPv6 redirects. type: str choices: enable, disable + more... + +
                  • +
                • interface_identifier - IPv6 interface identifier. type: str + more... + +
                  • +
                • ip6_address - Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx. type: str + more... + +
                  • +
                • ip6_allowaccess - Allow management access to the interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, fabric, capwap + more... + +
                  • +
                • ip6_default_life - Default life (sec). type: int + more... + +
                  • +
                • ip6_delegated_prefix_iaid - IAID of obtained delegated-prefix from the upstream interface. type: int + more... + +
                  • +
                • ip6_delegated_prefix_list - Advertised IPv6 delegated prefix list. type: list + more... + +
                  • +
                    +
                  • autonomous_flag - Enable/disable the autonomous flag. type: str choices: enable, disable + more... + +
                    • +
                  • delegated_prefix_iaid - IAID of obtained delegated-prefix from the upstream interface. type: int + more... + +
                    • +
                  • onlink_flag - Enable/disable the onlink flag. type: str choices: enable, disable + more... + +
                    • +
                  • prefix_id - Prefix ID. type: int + more... + +
                    • +
                  • rdnss - Recursive DNS server option. type: str + more... + +
                    • +
                  • rdnss_service - Recursive DNS service option. type: str choices: delegated, default, specify + more... + +
                    • +
                  • subnet - Add subnet ID to routing prefix. type: str + more... + +
                    • +
                  • upstream_interface - Name of the interface that provides delegated information. Source system.interface.name. type: str + more... + +
                    • +
                  +
                • ip6_dns_server_override - Enable/disable using the DNS server acquired by DHCP. type: str choices: enable, disable + more... + +
                  • +
                • ip6_extra_addr - Extra IPv6 address prefixes of interface. type: list member_path: ipv6/ip6_extra_addr:prefix + more... + +
                  • +
                    +
                  • prefix - IPv6 address prefix. type: str required: true + more... + +
                    • +
                  +
                • ip6_hop_limit - Hop limit (0 means unspecified). type: int + more... + +
                  • +
                • ip6_link_mtu - IPv6 link MTU. type: int + more... + +
                  • +
                • ip6_manage_flag - Enable/disable the managed flag. type: str choices: enable, disable + more... + +
                  • +
                • ip6_max_interval - IPv6 maximum interval (4 to 1800 sec). type: int + more... + +
                  • +
                • ip6_min_interval - IPv6 minimum interval (3 to 1350 sec). type: int + more... + +
                  • +
                • ip6_mode - Addressing mode (static, DHCP, delegated). type: str choices: static, dhcp, pppoe, delegated + more... + +
                  • +
                • ip6_other_flag - Enable/disable the other IPv6 flag. type: str choices: enable, disable + more... + +
                  • +
                • ip6_prefix_list - Advertised prefix list. type: list member_path: ipv6/ip6_prefix_list:prefix + more... + +
                  • +
                    +
                  • autonomous_flag - Enable/disable the autonomous flag. type: str choices: enable, disable + more... + +
                    • +
                  • dnssl - DNS search list option. type: list member_path: ipv6/ip6_prefix_list:prefix/dnssl:domain + more... + +
                    • +
                      +
                    • domain - Domain name. type: str required: true + more... + +
                      • +
                    +
                  • onlink_flag - Enable/disable the onlink flag. type: str choices: enable, disable + more... + +
                    • +
                  • preferred_life_time - Preferred life time (sec). type: int + more... + +
                    • +
                  • prefix - IPv6 prefix. type: str required: true + more... + +
                    • +
                  • rdnss - Recursive DNS server option. type: str + more... + +
                    • +
                  • valid_life_time - Valid life time (sec). type: int + more... + +
                    • +
                  +
                • ip6_prefix_mode - Assigning a prefix from DHCP or RA. type: str choices: dhcp6, ra + more... + +
                  • +
                • ip6_reachable_time - IPv6 reachable time (milliseconds; 0 means unspecified). type: int + more... + +
                  • +
                • ip6_retrans_time - IPv6 retransmit time (milliseconds; 0 means unspecified). type: int + more... + +
                  • +
                • ip6_send_adv - Enable/disable sending advertisements about the interface. type: str choices: enable, disable + more... + +
                  • +
                • ip6_subnet - Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx. type: str + more... + +
                  • +
                • ip6_upstream_interface - Interface name providing delegated information. Source system.interface.name. type: str + more... + +
                  • +
                • nd_cert - Neighbor discovery certificate. Source certificate.local.name. type: str + more... + +
                  • +
                • nd_cga_modifier - Neighbor discovery CGA modifier. type: str + more... + +
                  • +
                • nd_mode - Neighbor discovery mode. type: str choices: basic, SEND-compatible + more... + +
                  • +
                • nd_security_level - Neighbor discovery security level (0 - 7; 0 = least secure). type: int + more... + +
                  • +
                • nd_timestamp_delta - Neighbor discovery timestamp delta value (1 - 3600 sec; ). type: int + more... + +
                  • +
                • nd_timestamp_fuzz - Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). type: int + more... + +
                  • +
                • ra_send_mtu - Enable/disable sending link MTU in RA packet. type: str choices: enable, disable + more... + +
                  • +
                • unique_autoconf_addr - Enable/disable unique auto config address. type: str choices: enable, disable + more... + +
                  • +
                • vrip6_link_local - Link-local IPv6 address of virtual router. type: str + more... + +
                  • +
                • vrrp_virtual_mac6 - Enable/disable virtual MAC for VRRP. type: str choices: enable, disable + more... + +
                  • +
                • vrrp6 - IPv6 VRRP configuration. type: list member_path: ipv6/vrrp6:vrid + more... + +
                  • +
                    +
                  • accept_mode - Enable/disable accept mode. type: str choices: enable, disable + more... + +
                    • +
                  • adv_interval - Advertisement interval (1 - 255 seconds). type: int + more... + +
                    • +
                  • preempt - Enable/disable preempt mode. type: str choices: enable, disable + more... + +
                    • +
                  • priority - Priority of the virtual router (1 - 255). type: int + more... + +
                    • +
                  • start_time - Startup time (1 - 255 seconds). type: int + more... + +
                    • +
                  • status - Enable/disable VRRP. type: str choices: enable, disable + more... + +
                    • +
                  • vrdst6 - Monitor the route to this destination. type: list
                    • +
                  • vrgrp - VRRP group ID (1 - 65535). type: int + more... + +
                    • +
                  • vrid - Virtual router identifier (1 - 255). type: int required: true + more... + +
                    • +
                  • vrip6 - IPv6 address of the virtual router. type: str + more... + +
                    • +
                  +
                +
              • l2forward - Enable/disable l2 forwarding. type: str choices: enable, disable + more... + +
                • +
              • lacp_ha_slave - LACP HA slave. type: str choices: enable, disable + more... + +
                • +
              • lacp_mode - LACP mode. type: str choices: static, passive, active + more... + +
                • +
              • lacp_speed - How often the interface sends LACP messages. type: str choices: slow, fast + more... + +
                • +
              • lcp_echo_interval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. type: int + more... + +
                • +
              • lcp_max_echo_fails - Maximum missed LCP echo messages before disconnect. type: int + more... + +
                • +
              • link_up_delay - Number of milliseconds to wait before considering a link is up. type: int + more... + +
                • +
              • lldp_network_policy - LLDP-MED network policy profile. Source system.lldp.network-policy.name. type: str + more... + +
                • +
              • lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: enable, disable, vdom + more... + +
                • +
              • lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable, vdom + more... + +
                • +
              • macaddr - Change the interface"s MAC address. type: str + more... + +
                • +
              • managed_device - Available when FortiLink is enabled, used for managed devices through FortiLink interface. type: list member_path: managed_device:name + more... + +
                • +
                  +
                • name - Managed dev identifier. type: str required: true + more... + +
                  • +
                +
              • managed_subnetwork_size - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit"s DHCP server settings. type: str choices: 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536 + more... + +
                • +
              • management_ip - High Availability in-band management IP address of this interface. type: str + more... + +
                • +
              • measured_downstream_bandwidth - Measured downstream bandwidth (kbps). type: int + more... + +
                • +
              • measured_upstream_bandwidth - Measured upstream bandwidth (kbps). type: int + more... + +
                • +
              • mediatype - Select SFP media interface type type: str choices: cfp2-sr10, cfp2-lr4 + more... + +
                • +
              • member - Physical interfaces that belong to the aggregate or redundant interface. type: list + more... + +
                • +
                  +
                • interface_name - Physical interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • min_links - Minimum number of aggregated ports that must be up. type: int + more... + +
                • +
              • min_links_down - Action to take when less than the configured minimum number of links are active. type: str choices: operational, administrative + more... + +
                • +
              • mode - Addressing mode (static, DHCP, PPPoE). type: str choices: static, dhcp, pppoe + more... + +
                • +
              • monitor_bandwidth - Enable monitoring bandwidth on this interface. type: str choices: enable, disable + more... + +
                • +
              • mtu - MTU value for this interface. type: int + more... + +
                • +
              • mtu_override - Enable to set a custom MTU for this interface. type: str choices: enable, disable + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • ndiscforward - Enable/disable NDISC forwarding. type: str choices: enable, disable + more... + +
                • +
              • netbios_forward - Enable/disable NETBIOS forwarding. type: str choices: disable, enable + more... + +
                • +
              • netflow_sampler - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). type: str choices: disable, tx, rx, both + more... + +
                • +
              • outbandwidth - Bandwidth limit for outgoing traffic (0 - 16776000 kbps), 0 means unlimited. type: int + more... + +
                • +
              • padt_retry_timeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. type: int + more... + +
                • +
              • password - PPPoE account"s password. type: str + more... + +
                • +
              • ping_serv_status - PING server status. type: int + more... + +
                • +
              • polling_interval - sFlow polling interval in seconds (1 - 255). type: int + more... + +
                • +
              • pppoe_unnumbered_negotiate - Enable/disable PPPoE unnumbered negotiation. type: str choices: enable, disable + more... + +
                • +
              • pptp_auth_type - PPTP authentication type. type: str choices: auto, pap, chap, mschapv1, mschapv2 + more... + +
                • +
              • pptp_client - Enable/disable PPTP client. type: str choices: enable, disable + more... + +
                • +
              • pptp_password - PPTP password. type: str + more... + +
                • +
              • pptp_server_ip - PPTP server IP address. type: str + more... + +
                • +
              • pptp_timeout - Idle timer in minutes (0 for disabled). type: int + more... + +
                • +
              • pptp_user - PPTP user name. type: str + more... + +
                • +
              • preserve_session_route - Enable/disable preservation of session route when dirty. type: str choices: enable, disable + more... + +
                • +
              • priority - Priority of learned routes. type: int + more... + +
                • +
              • priority_override - Enable/disable fail back to higher priority port once recovered. type: str choices: enable, disable + more... + +
                • +
              • proxy_captive_portal - Enable/disable proxy captive portal on this interface. type: str choices: enable, disable + more... + +
                • +
              • reachable_time - IPv4 reachable time in milliseconds (30000 - 3600000). type: int + more... + +
                • +
              • redundant_interface - Redundant interface. type: str + more... + +
                • +
              • remote_ip - Remote IP address of tunnel. type: str + more... + +
                • +
              • replacemsg_override_group - Replacement message override group. type: str + more... + +
                • +
              • ring_rx - RX ring size. type: int + more... + +
                • +
              • ring_tx - TX ring size. type: int + more... + +
                • +
              • role - Interface role. type: str choices: lan, wan, dmz, undefined + more... + +
                • +
              • sample_direction - Data that NetFlow collects (rx, tx, or both). type: str choices: tx, rx, both + more... + +
                • +
              • sample_rate - sFlow sample rate (10 - 99999). type: int + more... + +
                • +
              • scan_botnet_connections - Enable monitoring or blocking connections to Botnet servers through this interface. type: str choices: disable, block, monitor + more... + +
                • +
              • secondary_IP - Enable/disable adding a secondary IP to this interface. type: str choices: enable, disable + more... + +
                • +
              • secondaryip - Second IP address of interface. type: list member_path: secondaryip:id + more... + +
                • +
                  +
                • allowaccess - Management access settings for the secondary IP address. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, fabric, ftm, speed-test, capwap + more... + +
                  • +
                • detectprotocol - Protocols used to detect the server. type: list choices: ping, tcp-echo, udp-echo + more... + +
                  • +
                • detectserver - Gateway"s ping server for this IP. type: str + more... + +
                  • +
                • gwdetect - Enable/disable detect gateway alive for first. type: str choices: enable, disable + more... + +
                  • +
                • ha_priority - HA election priority for the PING server. type: int + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ip - Secondary IP address of the interface. type: str + more... + +
                  • +
                • ping_serv_status - PING server status. type: int + more... + +
                  • +
                +
              • security_exempt_list - Name of security-exempt-list. type: str + more... + +
                • +
              • security_external_logout - URL of external authentication logout server. type: str + more... + +
                • +
              • security_external_web - URL of external authentication web server. type: str + more... + +
                • +
              • security_groups - User groups that can authenticate with the captive portal. type: list member_path: security_groups:name + more... + +
                • +
                  +
                • name - Names of user groups that can authenticate with the captive portal. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • security_mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: mac-auth-only, enable, disable + more... + +
                • +
              • security_mode - Turn on captive portal authentication for this interface. type: str choices: none, captive-portal, 802.1X + more... + +
                • +
              • security_redirect_url - URL redirection after disclaimer/authentication. type: str + more... + +
                • +
              • service_name - PPPoE service name. type: str + more... + +
                • +
              • sflow_sampler - Enable/disable sFlow on this interface. type: str choices: enable, disable + more... + +
                • +
              • snmp_index - Permanent SNMP Index of the interface. type: int + more... + +
                • +
              • speed - Interface speed. The default setting and the options available depend on the interface hardware. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000auto, 10000full, 10000auto, 40000full, 100Gfull, 1000half + more... + +
                • +
              • spillover_threshold - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int + more... + +
                • +
              • src_check - Enable/disable source IP check. type: str choices: enable, disable + more... + +
                • +
              • status - Bring the interface up or shut the interface down. type: str choices: up, down + more... + +
                • +
              • stp - Enable/disable STP. type: str choices: disable, enable + more... + +
                • +
              • stp_ha_secondary - Control STP behaviour on HA secondary. type: str choices: disable, enable, priority-adjust + more... + +
                • +
              • stp_ha_slave - Control STP behaviour on HA slave. type: str choices: disable, enable, priority-adjust + more... + +
                • +
              • stpforward - Enable/disable STP forwarding. type: str choices: enable, disable + more... + +
                • +
              • stpforward_mode - Configure STP forwarding mode. type: str choices: rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing + more... + +
                • +
              • subst - Enable to always send packets from this interface to a destination MAC address. type: str choices: enable, disable + more... + +
                • +
              • substitute_dst_mac - Destination MAC address that all packets are sent to from this interface. type: str + more... + +
                • +
              • swc_first_create - Initial create for switch-controller VLANs. type: int + more... + +
                • +
              • swc_vlan - Creation status for switch-controller VLANs. type: int + more... + +
                • +
              • switch - Contained in switch. type: str + more... + +
                • +
              • switch_controller_access_vlan - Block FortiSwitch port-to-port traffic. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_arp_inspection - Enable/disable FortiSwitch ARP inspection. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_dhcp_snooping - Switch controller DHCP snooping. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_dhcp_snooping_option82 - Switch controller DHCP snooping option82. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_dhcp_snooping_verify_mac - Switch controller DHCP snooping verify MAC. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_dynamic - Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. type: str + more... + +
                • +
              • switch_controller_feature - Interface"s purpose when assigning traffic (read only). type: str choices: none, default-vlan, quarantine, rspan, voice, video, nac, nac-segment + more... + +
                • +
              • switch_controller_igmp_snooping - Switch controller IGMP snooping. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_igmp_snooping_fast_leave - Switch controller IGMP snooping fast-leave. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_igmp_snooping_proxy - Switch controller IGMP snooping proxy. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_iot_scanning - Enable/disable managed FortiSwitch IoT scanning. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_learning_limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). type: int + more... + +
                • +
              • switch_controller_mgmt_vlan - VLAN to use for FortiLink management purposes. type: int + more... + +
                • +
              • switch_controller_nac - Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. type: str + more... + +
                • +
              • switch_controller_rspan_mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. type: str choices: disable, enable + more... + +
                • +
              • switch_controller_source_ip - Source IP address used in FortiLink over L3 connections. type: str choices: outbound, fixed + more... + +
                • +
              • switch_controller_traffic_policy - Switch controller traffic policy for the VLAN. Source switch-controller.traffic-policy.name. type: str + more... + +
                • +
              • system_id - Define a system ID for the aggregate interface. type: str + more... + +
                • +
              • system_id_type - Method in which system ID is generated. type: str choices: auto, user + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • tcp_mss - TCP maximum segment size. 0 means do not change segment size. type: int + more... + +
                • +
              • trust_ip_1 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str + more... + +
                • +
              • trust_ip_2 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str + more... + +
                • +
              • trust_ip_3 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str + more... + +
                • +
              • trust_ip6_1 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str + more... + +
                • +
              • trust_ip6_2 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str + more... + +
                • +
              • trust_ip6_3 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str + more... + +
                • +
              • type - Interface type. type: str choices: physical, vlan, aggregate, redundant, tunnel, vdom-link, loopback, switch, hard-switch, vap-switch, wl-mesh, fext-wan, vxlan, geneve, hdlc, switch-vlan, emac-vlan, ssl, lan-extension + more... + +
                • +
              • username - Username of the PPPoE account, provided by your ISP. type: str + more... + +
                • +
              • vdom - Interface is in this virtual domain (VDOM). Source system.vdom.name. type: str + more... + +
                • +
              • vindex - Switch control interface VLAN ID. type: int + more... + +
                • +
              • vlan_protocol - Ethernet protocol of VLAN. type: str choices: 8021q, 8021ad + more... + +
                • +
              • vlanforward - Enable/disable traffic forwarding between VLANs on this interface. type: str choices: enable, disable + more... + +
                • +
              • vlanid - VLAN ID (1 - 4094). type: int + more... + +
                • +
              • vrf - Virtual Routing Forwarding ID. type: int + more... + +
                • +
              • vrrp - VRRP configuration. type: list member_path: vrrp:vrid + more... + +
                • +
                  +
                • accept_mode - Enable/disable accept mode. type: str choices: enable, disable + more... + +
                  • +
                • adv_interval - Advertisement interval (1 - 255 seconds). type: int + more... + +
                  • +
                • ignore_default_route - Enable/disable ignoring of default route when checking destination. type: str choices: enable, disable + more... + +
                  • +
                • preempt - Enable/disable preempt mode. type: str choices: enable, disable + more... + +
                  • +
                • priority - Priority of the virtual router (1 - 255). type: int + more... + +
                  • +
                • proxy_arp - VRRP Proxy ARP configuration. type: list member_path: vrrp:vrid/proxy_arp:id + more... + +
                  • +
                    +
                  • id - ID. type: int required: true + more... + +
                    • +
                  • ip - Set IP addresses of proxy ARP. type: str + more... + +
                    • +
                  +
                • start_time - Startup time (1 - 255 seconds). type: int + more... + +
                  • +
                • status - Enable/disable this VRRP configuration. type: str choices: enable, disable + more... + +
                  • +
                • version - VRRP version. type: str choices: 2, 3 + more... + +
                  • +
                • vrdst - Monitor the route to this destination. type: list
                  • +
                • vrdst_priority - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). type: int + more... + +
                  • +
                • vrgrp - VRRP group ID (1 - 65535). type: int + more... + +
                  • +
                • vrid - Virtual router identifier (1 - 255). type: int required: true + more... + +
                  • +
                • vrip - IP address of the virtual router. type: str + more... + +
                  • +
                +
              • vrrp_virtual_mac - Enable/disable use of virtual MAC for VRRP. type: str choices: enable, disable + more... + +
                • +
              • wccp - Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. type: str choices: enable, disable + more... + +
                • +
              • weight - Default weight for static routes (if route has no weight configured). type: int + more... + +
                • +
              • wins_ip - WINS server IP. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure interfaces. + fortios_system_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_interface: + ac_name: "" + aggregate: "" + algorithm: "L2" + alias: "" + allowaccess: "ping" + ap_discover: "enable" + arpforward: "enable" + auth_cert: " (source vpn.certificate.local.name)" + auth_portal_addr: "" + auth_type: "auto" + auto_auth_extension_device: "enable" + bandwidth_measure_time: "14" + bfd: "global" + bfd_desired_min_tx: "16" + bfd_detect_mult: "17" + bfd_required_min_rx: "18" + broadcast_forticlient_discovery: "enable" + broadcast_forward: "enable" + captive_portal: "21" + cli_conn_status: "22" + client_options: + - + code: "24" + id: "25" + ip: "" + type: "hex" + value: "" + color: "29" + dedicated_to: "none" + defaultgw: "enable" + description: "" + detected_peer_mtu: "33" + detectprotocol: "ping" + detectserver: "" + device_access_list: "" + device_identification: "enable" + device_identification_active_scan: "enable" + device_netscan: "disable" + device_user_identification: "enable" + devindex: "41" + dhcp_classless_route_addition: "enable" + dhcp_client_identifier: "myId_43" + dhcp_relay_agent_option: "enable" + dhcp_relay_interface: " (source system.interface.name)" + dhcp_relay_interface_select_method: "auto" + dhcp_relay_ip: "" + dhcp_relay_link_selection: "" + dhcp_relay_request_all_server: "disable" + dhcp_relay_service: "disable" + dhcp_relay_type: "regular" + dhcp_renew_time: "52" + dhcp_snooping_server_list: + - + name: "default_name_54" + server_ip: "" + disc_retry_timeout: "56" + disconnect_threshold: "57" + distance: "58" + dns_server_override: "enable" + dns_server_protocol: "cleartext" + drop_fragment: "enable" + drop_overlapped_fragment: "enable" + egress_cos: "disable" + egress_queues: + cos0: " (source system.isf-queue-profile.name)" + cos1: " (source system.isf-queue-profile.name)" + cos2: " (source system.isf-queue-profile.name)" + cos3: " (source system.isf-queue-profile.name)" + cos4: " (source system.isf-queue-profile.name)" + cos5: " (source system.isf-queue-profile.name)" + cos6: " (source system.isf-queue-profile.name)" + cos7: " (source system.isf-queue-profile.name)" + egress_shaping_profile: " (source firewall.shaping-profile.profile-name)" + endpoint_compliance: "enable" + estimated_downstream_bandwidth: "75" + estimated_upstream_bandwidth: "76" + explicit_ftp_proxy: "enable" + explicit_web_proxy: "enable" + external: "enable" + fail_action_on_extender: "soft-restart" + fail_alert_interfaces: + - + name: "default_name_82 (source system.interface.name)" + fail_alert_method: "link-failed-signal" + fail_detect: "enable" + fail_detect_option: "detectserver" + fortiheartbeat: "enable" + fortilink: "enable" + fortilink_backup_link: "88" + fortilink_neighbor_detect: "lldp" + fortilink_split_interface: "enable" + fortilink_stacking: "enable" + forward_domain: "92" + gi_gk: "enable" + gwdetect: "enable" + ha_priority: "95" + icmp_accept_redirect: "enable" + icmp_send_redirect: "enable" + ident_accept: "enable" + idle_timeout: "99" + inbandwidth: "100" + ingress_cos: "disable" + ingress_shaping_profile: " (source firewall.shaping-profile.profile-name)" + ingress_spillover_threshold: "103" + interface: " (source system.interface.name)" + internal: "105" + ip: "" + ip_managed_by_fortiipam: "enable" + ipmac: "enable" + ips_sniffer_mode: "enable" + ipunnumbered: "" + ipv6: + autoconf: "enable" + cli_conn6_status: "113" + dhcp6_client_options: "rapid" + dhcp6_iapd_list: + - + iaid: "116" + prefix_hint: "" + prefix_hint_plt: "118" + prefix_hint_vlt: "119" + dhcp6_information_request: "enable" + dhcp6_prefix_delegation: "enable" + dhcp6_prefix_hint: "" + dhcp6_prefix_hint_plt: "123" + dhcp6_prefix_hint_vlt: "124" + dhcp6_relay_ip: "" + dhcp6_relay_service: "disable" + dhcp6_relay_type: "regular" + icmp6_send_redirect: "enable" + interface_identifier: "" + ip6_address: "" + ip6_allowaccess: "ping" + ip6_default_life: "132" + ip6_delegated_prefix_iaid: "133" + ip6_delegated_prefix_list: + - + autonomous_flag: "enable" + delegated_prefix_iaid: "136" + onlink_flag: "enable" + prefix_id: "138" + rdnss: "" + rdnss_service: "delegated" + subnet: "" + upstream_interface: " (source system.interface.name)" + ip6_dns_server_override: "enable" + ip6_extra_addr: + - + prefix: "" + ip6_hop_limit: "146" + ip6_link_mtu: "147" + ip6_manage_flag: "enable" + ip6_max_interval: "149" + ip6_min_interval: "150" + ip6_mode: "static" + ip6_other_flag: "enable" + ip6_prefix_list: + - + autonomous_flag: "enable" + dnssl: + - + domain: "" + onlink_flag: "enable" + preferred_life_time: "158" + prefix: "" + rdnss: "" + valid_life_time: "161" + ip6_prefix_mode: "dhcp6" + ip6_reachable_time: "163" + ip6_retrans_time: "164" + ip6_send_adv: "enable" + ip6_subnet: "" + ip6_upstream_interface: " (source system.interface.name)" + nd_cert: " (source certificate.local.name)" + nd_cga_modifier: "" + nd_mode: "basic" + nd_security_level: "171" + nd_timestamp_delta: "172" + nd_timestamp_fuzz: "173" + ra_send_mtu: "enable" + unique_autoconf_addr: "enable" + vrip6_link_local: "" + vrrp_virtual_mac6: "enable" + vrrp6: + - + accept_mode: "enable" + adv_interval: "180" + preempt: "enable" + priority: "182" + start_time: "183" + status: "enable" + vrdst6: "" + vrgrp: "186" + vrid: "187" + vrip6: "" + l2forward: "enable" + lacp_ha_slave: "enable" + lacp_mode: "static" + lacp_speed: "slow" + lcp_echo_interval: "193" + lcp_max_echo_fails: "194" + link_up_delay: "195" + lldp_network_policy: " (source system.lldp.network-policy.name)" + lldp_reception: "enable" + lldp_transmission: "enable" + macaddr: "" + managed_device: + - + name: "default_name_201" + managed_subnetwork_size: "32" + management_ip: "" + measured_downstream_bandwidth: "204" + measured_upstream_bandwidth: "205" + mediatype: "cfp2-sr10" + member: + - + interface_name: " (source system.interface.name)" + min_links: "209" + min_links_down: "operational" + mode: "static" + monitor_bandwidth: "enable" + mtu: "213" + mtu_override: "enable" + name: "default_name_215" + ndiscforward: "enable" + netbios_forward: "disable" + netflow_sampler: "disable" + outbandwidth: "219" + padt_retry_timeout: "220" + password: "" + ping_serv_status: "222" + polling_interval: "223" + pppoe_unnumbered_negotiate: "enable" + pptp_auth_type: "auto" + pptp_client: "enable" + pptp_password: "" + pptp_server_ip: "" + pptp_timeout: "229" + pptp_user: "" + preserve_session_route: "enable" + priority: "232" + priority_override: "enable" + proxy_captive_portal: "enable" + reachable_time: "235" + redundant_interface: "" + remote_ip: "" + replacemsg_override_group: "" + ring_rx: "239" + ring_tx: "240" + role: "lan" + sample_direction: "tx" + sample_rate: "243" + scan_botnet_connections: "disable" + secondary_IP: "enable" + secondaryip: + - + allowaccess: "ping" + detectprotocol: "ping" + detectserver: "" + gwdetect: "enable" + ha_priority: "251" + id: "252" + ip: "" + ping_serv_status: "254" + security_exempt_list: "" + security_external_logout: "" + security_external_web: "" + security_groups: + - + name: "default_name_259 (source user.group.name)" + security_mac_auth_bypass: "mac-auth-only" + security_mode: "none" + security_redirect_url: "" + service_name: "" + sflow_sampler: "enable" + snmp_index: "265" + speed: "auto" + spillover_threshold: "267" + src_check: "enable" + status: "up" + stp: "disable" + stp_ha_secondary: "disable" + stp_ha_slave: "disable" + stpforward: "enable" + stpforward_mode: "rpl-all-ext-id" + subst: "enable" + substitute_dst_mac: "" + swc_first_create: "277" + swc_vlan: "278" + switch: "" + switch_controller_access_vlan: "enable" + switch_controller_arp_inspection: "enable" + switch_controller_dhcp_snooping: "enable" + switch_controller_dhcp_snooping_option82: "enable" + switch_controller_dhcp_snooping_verify_mac: "enable" + switch_controller_dynamic: " (source switch-controller.fortilink-settings.name)" + switch_controller_feature: "none" + switch_controller_igmp_snooping: "enable" + switch_controller_igmp_snooping_fast_leave: "enable" + switch_controller_igmp_snooping_proxy: "enable" + switch_controller_iot_scanning: "enable" + switch_controller_learning_limit: "291" + switch_controller_mgmt_vlan: "292" + switch_controller_nac: " (source switch-controller.fortilink-settings.name)" + switch_controller_rspan_mode: "disable" + switch_controller_source_ip: "outbound" + switch_controller_traffic_policy: " (source switch-controller.traffic-policy.name)" + system_id: "" + system_id_type: "auto" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_301" + tags: + - + name: "default_name_303 (source system.object-tagging.tags.name)" + tcp_mss: "304" + trust_ip_1: "" + trust_ip_2: "" + trust_ip_3: "" + trust_ip6_1: "" + trust_ip6_2: "" + trust_ip6_3: "" + type: "physical" + username: "" + vdom: " (source system.vdom.name)" + vindex: "314" + vlan_protocol: "8021q" + vlanforward: "enable" + vlanid: "317" + vrf: "318" + vrrp: + - + accept_mode: "enable" + adv_interval: "321" + ignore_default_route: "enable" + preempt: "enable" + priority: "324" + proxy_arp: + - + id: "326" + ip: "" + start_time: "328" + status: "enable" + version: "2" + vrdst: "" + vrdst_priority: "332" + vrgrp: "333" + vrid: "334" + vrip: "" + vrrp_virtual_mac: "enable" + wccp: "enable" + weight: "338" + wins_ip: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ipam.rst b/gen/fortios_system_ipam.rst new file mode 100644 index 00000000..39b1cf7b --- /dev/null +++ b/gen/fortios_system_ipam.rst @@ -0,0 +1,259 @@ +:source: fortios_system_ipam.py + +:orphan: + +.. fortios_system_ipam: + +fortios_system_ipam -- Configure IP address management services in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipam category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ipamyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ipam - Configure IP address management services. type: dict + more... + +
              • +
                +
              • pool_subnet - Configure IPAM pool subnet, Class A - Class B subnet. type: str + more... + +
                • +
              • server_type - Configure the type of IPAM server to use. type: str choices: cloud, fabric-root + more... + +
                • +
              • status - Enable/disable IP address management services. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP address management services. + fortios_system_ipam: + vdom: "{{ vdom }}" + system_ipam: + pool_subnet: "" + server_type: "cloud" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ipip_tunnel.rst b/gen/fortios_system_ipip_tunnel.rst new file mode 100644 index 00000000..8a4a4f20 --- /dev/null +++ b/gen/fortios_system_ipip_tunnel.rst @@ -0,0 +1,568 @@ +:source: fortios_system_ipip_tunnel.py + +:orphan: + +.. fortios_system_ipip_tunnel: + +fortios_system_ipip_tunnel -- Configure IP in IP Tunneling in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipip_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ipip_tunnelyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ipip_tunnel - Configure IP in IP Tunneling. type: dict + more... + +
              • +
                +
              • auto_asic_offload - Enable/disable tunnel ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • interface - Interface name that is associated with the incoming traffic from available options. Source system.interface.name. type: str + more... + +
                • +
              • local_gw - IPv4 address for the local gateway. type: str + more... + +
                • +
              • name - IPIP Tunnel name. type: str required: true + more... + +
                • +
              • remote_gw - IPv4 address for the remote gateway. type: str + more... + +
                • +
              • use_sdwan - Enable/disable use of SD-WAN to reach remote gateway. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP in IP Tunneling. + fortios_system_ipip_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipip_tunnel: + auto_asic_offload: "enable" + interface: " (source system.interface.name)" + local_gw: "" + name: "default_name_6" + remote_gw: "" + use_sdwan: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ips.rst b/gen/fortios_system_ips.rst new file mode 100644 index 00000000..8e30dd47 --- /dev/null +++ b/gen/fortios_system_ips.rst @@ -0,0 +1,263 @@ +:source: fortios_system_ips.py + +:orphan: + +.. fortios_system_ips: + +fortios_system_ips -- Configure IPS system settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ips category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ipsyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ips - Configure IPS system settings. type: dict + more... + +
              • +
                +
              • override_signature_hold_by_id - Enable/disable override of hold of triggering signatures that are specified by IDs regardless of hold. type: str choices: enable, disable + more... + +
                • +
              • signature_hold_time - Time to hold and monitor IPS signatures. Format <#d##h> (day range: 0 - 7, hour range: 0 - 23, max hold time: 7d0h). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS system settings. + fortios_system_ips: + vdom: "{{ vdom }}" + system_ips: + override_signature_hold_by_id: "enable" + signature_hold_time: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ips_urlfilter_dns.rst b/gen/fortios_system_ips_urlfilter_dns.rst new file mode 100644 index 00000000..6a594604 --- /dev/null +++ b/gen/fortios_system_ips_urlfilter_dns.rst @@ -0,0 +1,430 @@ +:source: fortios_system_ips_urlfilter_dns.py + +:orphan: + +.. fortios_system_ips_urlfilter_dns: + +fortios_system_ips_urlfilter_dns -- Configure IPS URL filter DNS servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ips_urlfilter_dns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ips_urlfilter_dnsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ips_urlfilter_dns - Configure IPS URL filter DNS servers. type: dict + more... + +
              • +
                +
              • address - DNS server IP address. type: str required: true + more... + +
                • +
              • ipv6_capability - Enable/disable this server for IPv6 queries. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable using this DNS server for IPS URL filter DNS queries. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter DNS servers. + fortios_system_ips_urlfilter_dns: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ips_urlfilter_dns: + address: "" + ipv6_capability: "enable" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ips_urlfilter_dns6.rst b/gen/fortios_system_ips_urlfilter_dns6.rst new file mode 100644 index 00000000..1c01e8f8 --- /dev/null +++ b/gen/fortios_system_ips_urlfilter_dns6.rst @@ -0,0 +1,346 @@ +:source: fortios_system_ips_urlfilter_dns6.py + +:orphan: + +.. fortios_system_ips_urlfilter_dns6: + +fortios_system_ips_urlfilter_dns6 -- Configure IPS URL filter IPv6 DNS servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ips_urlfilter_dns6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ips_urlfilter_dns6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ips_urlfilter_dns6 - Configure IPS URL filter IPv6 DNS servers. type: dict + more... + +
              • +
                +
              • address6 - IPv6 address of DNS server. type: str required: true + more... + +
                • +
              • status - Enable/disable this server for IPv6 DNS queries. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter IPv6 DNS servers. + fortios_system_ips_urlfilter_dns6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ips_urlfilter_dns6: + address6: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ipsec_aggregate.rst b/gen/fortios_system_ipsec_aggregate.rst new file mode 100644 index 00000000..2d9fc73f --- /dev/null +++ b/gen/fortios_system_ipsec_aggregate.rst @@ -0,0 +1,447 @@ +:source: fortios_system_ipsec_aggregate.py + +:orphan: + +.. fortios_system_ipsec_aggregate: + +fortios_system_ipsec_aggregate -- Configure an aggregate of IPsec tunnels in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipsec_aggregate category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ipsec_aggregateyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ipsec_aggregate - Configure an aggregate of IPsec tunnels. type: dict + more... + +
              • +
                +
              • algorithm - Frame distribution algorithm. type: str choices: L3, L4, round-robin, redundant, weighted-round-robin + more... + +
                • +
              • member - Member tunnels of the aggregate. type: list + more... + +
                • +
                  +
                • tunnel_name - Tunnel name. Source vpn.ipsec.phase1-interface.name. type: str + more... + +
                  • +
                +
              • name - IPsec aggregate name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure an aggregate of IPsec tunnels. + fortios_system_ipsec_aggregate: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipsec_aggregate: + algorithm: "L3" + member: + - + tunnel_name: " (source vpn.ipsec.phase1-interface.name)" + name: "default_name_6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ipv6_neighbor_cache.rst b/gen/fortios_system_ipv6_neighbor_cache.rst new file mode 100644 index 00000000..97bb3010 --- /dev/null +++ b/gen/fortios_system_ipv6_neighbor_cache.rst @@ -0,0 +1,400 @@ +:source: fortios_system_ipv6_neighbor_cache.py + +:orphan: + +.. fortios_system_ipv6_neighbor_cache: + +fortios_system_ipv6_neighbor_cache -- Configure IPv6 neighbor cache table in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipv6_neighbor_cache category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ipv6_neighbor_cacheyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ipv6_neighbor_cache - Configure IPv6 neighbor cache table. type: dict + more... + +
              • +
                +
              • id - Unique integer ID of the entry. type: int required: true + more... + +
                • +
              • interface - Select the associated interface name from available options. Source system.interface.name. type: str + more... + +
                • +
              • ipv6 - IPv6 address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str + more... + +
                • +
              • mac - MAC address (format: xx:xx:xx:xx:xx:xx). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 neighbor cache table. + fortios_system_ipv6_neighbor_cache: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipv6_neighbor_cache: + id: "3" + interface: " (source system.interface.name)" + ipv6: "" + mac: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ipv6_tunnel.rst b/gen/fortios_system_ipv6_tunnel.rst new file mode 100644 index 00000000..bcfba62d --- /dev/null +++ b/gen/fortios_system_ipv6_tunnel.rst @@ -0,0 +1,568 @@ +:source: fortios_system_ipv6_tunnel.py + +:orphan: + +.. fortios_system_ipv6_tunnel: + +fortios_system_ipv6_tunnel -- Configure IPv6/IPv4 in IPv6 tunnel in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipv6_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ipv6_tunnelyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_ipv6_tunnel - Configure IPv6/IPv4 in IPv6 tunnel. type: dict + more... + +
              • +
                +
              • auto_asic_offload - Enable/disable tunnel ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • destination - Remote IPv6 address of the tunnel. type: str + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • name - IPv6 tunnel name. type: str required: true + more... + +
                • +
              • source - Local IPv6 address of the tunnel. type: str + more... + +
                • +
              • use_sdwan - Enable/disable use of SD-WAN to reach remote gateway. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6/IPv4 in IPv6 tunnel. + fortios_system_ipv6_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipv6_tunnel: + auto_asic_offload: "enable" + destination: "" + interface: " (source system.interface.name)" + name: "default_name_6" + source: "" + use_sdwan: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_isf_queue_profile.rst b/gen/fortios_system_isf_queue_profile.rst new file mode 100644 index 00000000..e70cd7c2 --- /dev/null +++ b/gen/fortios_system_isf_queue_profile.rst @@ -0,0 +1,252 @@ +:source: fortios_system_isf_queue_profile.py + +:orphan: + +.. fortios_system_isf_queue_profile: + +fortios_system_isf_queue_profile -- Create a queue profile of switch in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and isf_queue_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + +
            v6.4.0
            fortios_system_isf_queue_profileyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_isf_queue_profile - Create a queue profile of switch. type: dict + more... + +
              • +
                +
              • bandwidth_unit - Unit of measurement for guaranteed and maximum bandwidth. type: str choices: kbps, pps + more... + +
                • +
              • burst_control - Burst control. type: str choices: disable, enable + more... + +
                • +
              • guaranteed_bandwidth - Guaranteed bandwidth. type: int + more... + +
                • +
              • maximum_bandwidth - Upper bandwidth limit enforced. type: int + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Create a queue profile of switch. + fortios_system_isf_queue_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_isf_queue_profile: + bandwidth_unit: "kbps" + burst_control: "disable" + guaranteed_bandwidth: "5" + maximum_bandwidth: "6" + name: "default_name_7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_link_monitor.rst b/gen/fortios_system_link_monitor.rst new file mode 100644 index 00000000..f0a0f871 --- /dev/null +++ b/gen/fortios_system_link_monitor.rst @@ -0,0 +1,2393 @@ +:source: fortios_system_link_monitor.py + +:orphan: + +.. fortios_system_link_monitor: + +fortios_system_link_monitor -- Configure Link Health Monitor in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and link_monitor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_link_monitoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_link_monitor - Configure Link Health Monitor. type: dict + more... + +
              • +
                +
              • addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                • +
              • class_id - Traffic class ID. Source firewall.traffic-class.class-id. type: int + more... + +
                • +
              • diffservcode - Differentiated services code point (DSCP) in the IP header of the probe packet. type: str + more... + +
                • +
              • fail_weight - Threshold weight to trigger link failure alert. type: int + more... + +
                • +
              • failtime - Number of retry attempts before the server is considered down (1 - 10). type: int + more... + +
                • +
              • gateway_ip - Gateway IP address used to probe the server. type: str + more... + +
                • +
              • gateway_ip6 - Gateway IPv6 address used to probe the server. type: str + more... + +
                • +
              • ha_priority - HA election priority (1 - 50). type: int + more... + +
                • +
              • http_agent - String in the http-agent field in the HTTP header. type: str + more... + +
                • +
              • http_get - If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. type: str + more... + +
                • +
              • http_match - String that you expect to see in the HTTP-GET requests of the traffic to be monitored. type: str + more... + +
                • +
              • interval - Detection interval in milliseconds (500 - 3600 * 1000 msec). type: int + more... + +
                • +
              • name - Link monitor name. type: str required: true + more... + +
                • +
              • packet_size - Packet size of a TWAMP test session. type: int + more... + +
                • +
              • password - TWAMP controller password in authentication mode. type: str + more... + +
                • +
              • port - Port number of the traffic to be used to monitor the server. type: int + more... + +
                • +
              • probe_count - Number of most recent probes that should be used to calculate latency and jitter (5 - 30). type: int + more... + +
                • +
              • probe_timeout - Time to wait before a probe packet is considered lost (500 - 5000 msec). type: int + more... + +
                • +
              • protocol - Protocols used to monitor the server. type: list choices: ping, tcp-echo, udp-echo, http, twamp, ping6 + more... + +
                • +
              • recoverytime - Number of successful responses received before server is considered recovered (1 - 10). type: int + more... + +
                • +
              • route - Subnet to monitor. type: list member_path: route:subnet + more... + +
                • +
                  +
                • subnet - IP and netmask (x.x.x.x/y). type: str required: true + more... + +
                  • +
                +
              • security_mode - Twamp controller security mode. type: str choices: none, authentication + more... + +
                • +
              • server - IP address of the server(s) to be monitored. type: list member_path: server:address + more... + +
                • +
                  +
                • address - Server address. type: str required: true + more... + +
                  • +
                +
              • server_config - Mode of server configuration. type: str choices: default, individual + more... + +
                • +
              • server_list - Servers for link-monitor to monitor. type: list member_path: server_list:id + more... + +
                • +
                  +
                • dst - IP address of the server to be monitored. type: str + more... + +
                  • +
                • id - Server ID. type: int required: true + more... + +
                  • +
                • port - Port number of the traffic to be used to monitor the server. type: int + more... + +
                  • +
                • protocol - Protocols used to monitor the server. type: str choices: ping, tcp-echo, udp-echo, http, twamp + more... + +
                  • +
                • weight - Weight of the monitor to this dst (0 - 255). type: int + more... + +
                  • +
                +
              • service_detection - Only use monitor to read quality values. If enabled, static routes and cascade interfaces will not be updated. type: str choices: enable, disable + more... + +
                • +
              • source_ip - Source IP address used in packet to the server. type: str + more... + +
                • +
              • source_ip6 - Source IPv6 address used in packet to the server. type: str + more... + +
                • +
              • srcintf - Interface that receives the traffic to be monitored. Source system.interface.name. type: str + more... + +
                • +
              • status - Enable/disable this link monitor. type: str choices: enable, disable + more... + +
                • +
              • update_cascade_interface - Enable/disable update cascade interface. type: str choices: enable, disable + more... + +
                • +
              • update_policy_route - Enable/disable updating the policy route. type: str choices: enable, disable + more... + +
                • +
              • update_static_route - Enable/disable updating the static route. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Link Health Monitor. + fortios_system_link_monitor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_link_monitor: + addr_mode: "ipv4" + class_id: "4 (source firewall.traffic-class.class-id)" + diffservcode: "" + fail_weight: "6" + failtime: "7" + gateway_ip: "" + gateway_ip6: "" + ha_priority: "10" + http_agent: "" + http_get: "" + http_match: "" + interval: "14" + name: "default_name_15" + packet_size: "16" + password: "" + port: "18" + probe_count: "19" + probe_timeout: "20" + protocol: "ping" + recoverytime: "22" + route: + - + subnet: "" + security_mode: "none" + server: + - + address: "" + server_config: "default" + server_list: + - + dst: "" + id: "31" + port: "32" + protocol: "ping" + weight: "34" + service_detection: "enable" + source_ip: "84.230.14.43" + source_ip6: "" + srcintf: " (source system.interface.name)" + status: "enable" + update_cascade_interface: "enable" + update_policy_route: "enable" + update_static_route: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_lldp_network_policy.rst b/gen/fortios_system_lldp_network_policy.rst new file mode 100644 index 00000000..6607f874 --- /dev/null +++ b/gen/fortios_system_lldp_network_policy.rst @@ -0,0 +1,2860 @@ +:source: fortios_system_lldp_network_policy.py + +:orphan: + +.. fortios_system_lldp_network_policy: + +fortios_system_lldp_network_policy -- Configure LLDP network policy in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_lldp feature and network_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_lldp_network_policyyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_lldp_network_policy - Configure LLDP network policy. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • guest - Guest. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • guest_voice_signaling - Guest Voice Signaling. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • name - LLDP network policy name. type: str required: true + more... + +
                • +
              • softphone - Softphone. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • streaming_video - Streaming Video. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • video_conferencing - Video Conferencing. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • video_signaling - Video Signaling. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • voice - Voice. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              • voice_signaling - Voice signaling. type: dict + more... + +
                • +
                  +
                • dscp - Differentiated Services Code Point (DSCP) value to advertise. type: int + more... + +
                  • +
                • priority - 802.1P CoS/PCP to advertise (0 - 7; from lowest to highest priority). type: int + more... + +
                  • +
                • status - Enable/disable advertising this policy. type: str choices: disable, enable + more... + +
                  • +
                • tag - Advertise tagged or untagged traffic. type: str choices: none, dot1q, dot1p + more... + +
                  • +
                • vlan - 802.1Q VLAN ID to advertise (1 - 4094). type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure LLDP network policy. + fortios_system_lldp_network_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_lldp_network_policy: + comment: "Comment." + guest: + dscp: "5" + priority: "6" + status: "disable" + tag: "none" + vlan: "9" + guest_voice_signaling: + dscp: "11" + priority: "12" + status: "disable" + tag: "none" + vlan: "15" + name: "default_name_16" + softphone: + dscp: "18" + priority: "19" + status: "disable" + tag: "none" + vlan: "22" + streaming_video: + dscp: "24" + priority: "25" + status: "disable" + tag: "none" + vlan: "28" + video_conferencing: + dscp: "30" + priority: "31" + status: "disable" + tag: "none" + vlan: "34" + video_signaling: + dscp: "36" + priority: "37" + status: "disable" + tag: "none" + vlan: "40" + voice: + dscp: "42" + priority: "43" + status: "disable" + tag: "none" + vlan: "46" + voice_signaling: + dscp: "48" + priority: "49" + status: "disable" + tag: "none" + vlan: "52" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_lte_modem.rst b/gen/fortios_system_lte_modem.rst new file mode 100644 index 00000000..1ba90112 --- /dev/null +++ b/gen/fortios_system_lte_modem.rst @@ -0,0 +1,806 @@ +:source: fortios_system_lte_modem.py + +:orphan: + +.. fortios_system_lte_modem: + +fortios_system_lte_modem -- Configure USB LTE/WIMAX devices in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and lte_modem category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_lte_modemyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_lte_modem - Configure USB LTE/WIMAX devices. type: dict + more... + +
              • +
                +
              • apn - Login APN string for PDP-IP packet data calls. type: str + more... + +
                • +
              • authtype - Authentication type for PDP-IP packet data calls. type: str choices: none, pap, chap + more... + +
                • +
              • extra_init - Extra initialization string for USB LTE/WIMAX devices. type: str + more... + +
                • +
              • holddown_timer - Hold down timer (10 - 60 sec). type: int + more... + +
                • +
              • interface - The interface that the modem is acting as a redundant interface for. Source system.interface.name. type: str + more... + +
                • +
              • mode - Modem operation mode. type: str choices: standalone, redundant + more... + +
                • +
              • modem_port - Modem port index (0 - 20). type: int + more... + +
                • +
              • passwd - Authentication password for PDP-IP packet data calls. type: str + more... + +
                • +
              • status - Enable/disable USB LTE/WIMAX device. type: str choices: enable, disable + more... + +
                • +
              • username - Authentication username for PDP-IP packet data calls. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure USB LTE/WIMAX devices. + fortios_system_lte_modem: + vdom: "{{ vdom }}" + system_lte_modem: + apn: "" + authtype: "none" + extra_init: "" + holddown_timer: "6" + interface: " (source system.interface.name)" + mode: "standalone" + modem_port: "9" + passwd: "" + status: "enable" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_mac_address_table.rst b/gen/fortios_system_mac_address_table.rst new file mode 100644 index 00000000..53702d62 --- /dev/null +++ b/gen/fortios_system_mac_address_table.rst @@ -0,0 +1,354 @@ +:source: fortios_system_mac_address_table.py + +:orphan: + +.. fortios_system_mac_address_table: + +fortios_system_mac_address_table -- Configure MAC address tables in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and mac_address_table category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_mac_address_tableyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_mac_address_table - Configure MAC address tables. type: dict + more... + +
              • +
                +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • mac - MAC address. type: str required: true + more... + +
                • +
              • reply_substitute - New MAC for reply traffic. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MAC address tables. + fortios_system_mac_address_table: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_mac_address_table: + interface: " (source system.interface.name)" + mac: "" + reply_substitute: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_management_tunnel.rst b/gen/fortios_system_management_tunnel.rst new file mode 100644 index 00000000..5847c63f --- /dev/null +++ b/gen/fortios_system_management_tunnel.rst @@ -0,0 +1,763 @@ +:source: fortios_system_management_tunnel.py + +:orphan: + +.. fortios_system_management_tunnel: + +fortios_system_management_tunnel -- Management tunnel configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and management_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_management_tunnelyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_management_tunnel - Management tunnel configuration. type: dict + more... + +
              • +
                +
              • allow_collect_statistics - Enable/disable collection of run time statistics. type: str choices: enable, disable + more... + +
                • +
              • allow_config_restore - Enable/disable allow config restore. type: str choices: enable, disable + more... + +
                • +
              • allow_push_configuration - Enable/disable push configuration. type: str choices: enable, disable + more... + +
                • +
              • allow_push_firmware - Enable/disable push firmware. type: str choices: enable, disable + more... + +
                • +
              • authorized_manager_only - Enable/disable restriction of authorized manager only. type: str choices: enable, disable + more... + +
                • +
              • serial_number - Serial number. type: str + more... + +
                • +
              • status - Enable/disable FGFM tunnel. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Management tunnel configuration. + fortios_system_management_tunnel: + vdom: "{{ vdom }}" + system_management_tunnel: + allow_collect_statistics: "enable" + allow_config_restore: "enable" + allow_push_configuration: "enable" + allow_push_firmware: "enable" + authorized_manager_only: "enable" + serial_number: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_mem_mgr.rst b/gen/fortios_system_mem_mgr.rst new file mode 100644 index 00000000..32ca866f --- /dev/null +++ b/gen/fortios_system_mem_mgr.rst @@ -0,0 +1,205 @@ +:source: fortios_system_mem_mgr.py + +:orphan: + +.. fortios_system_mem_mgr: + +fortios_system_mem_mgr -- Configure memory manager in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and mem_mgr category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_mem_mgryesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_mem_mgr - Configure memory manager. type: dict + more... + +
              • +
                +
              • mass_mmsd - memory limit for Mass MMS Daemon (% of free memory) type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure memory manager. + fortios_system_mem_mgr: + vdom: "{{ vdom }}" + system_mem_mgr: + mass_mmsd: "3" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_mobile_tunnel.rst b/gen/fortios_system_mobile_tunnel.rst new file mode 100644 index 00000000..7993d2a7 --- /dev/null +++ b/gen/fortios_system_mobile_tunnel.rst @@ -0,0 +1,1161 @@ +:source: fortios_system_mobile_tunnel.py + +:orphan: + +.. fortios_system_mobile_tunnel: + +fortios_system_mobile_tunnel -- Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177 in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and mobile_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_mobile_tunnelyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_mobile_tunnel - Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. type: dict + more... + +
              • +
                +
              • hash_algorithm - Hash Algorithm (Keyed MD5). type: str choices: hmac-md5 + more... + +
                • +
              • home_address - Home IP address (Format: xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • home_agent - IPv4 address of the NEMO HA (Format: xxx.xxx.xxx.xxx). type: str + more... + +
                • +
              • lifetime - NMMO HA registration request lifetime (180 - 65535 sec). type: int + more... + +
                • +
              • n_mhae_key - NEMO authentication key. type: str + more... + +
                • +
              • n_mhae_key_type - NEMO authentication key type (ASCII or base64). type: str choices: ascii, base64 + more... + +
                • +
              • n_mhae_spi - NEMO authentication SPI . type: int + more... + +
                • +
              • name - Tunnel name. type: str required: true + more... + +
                • +
              • network - NEMO network configuration. type: list member_path: network:id + more... + +
                • +
                  +
                • id - Network entry ID. type: int required: true + more... + +
                  • +
                • interface - Select the associated interface name from available options. Source system.interface.name. type: str + more... + +
                  • +
                • prefix - Class IP and Netmask with correction (Format:xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/x). type: str + more... + +
                  • +
                +
              • reg_interval - NMMO HA registration interval (5 - 300). type: int + more... + +
                • +
              • reg_retry - Maximum number of NMMO HA registration retries (1 to 30). type: int + more... + +
                • +
              • renew_interval - Time before lifetime expiration to send NMMO HA re-registration (5 - 60). type: int + more... + +
                • +
              • roaming_interface - Select the associated interface name from available options. Source system.interface.name. type: str + more... + +
                • +
              • status - Enable/disable this mobile tunnel. type: str choices: disable, enable + more... + +
                • +
              • tunnel_mode - NEMO tunnel mode (GRE tunnel). type: str choices: gre + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. + fortios_system_mobile_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_mobile_tunnel: + hash_algorithm: "hmac-md5" + home_address: "" + home_agent: "" + lifetime: "6" + n_mhae_key: "" + n_mhae_key_type: "ascii" + n_mhae_spi: "9" + name: "default_name_10" + network: + - + id: "12" + interface: " (source system.interface.name)" + prefix: "" + reg_interval: "15" + reg_retry: "16" + renew_interval: "17" + roaming_interface: " (source system.interface.name)" + status: "disable" + tunnel_mode: "gre" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_modem.rst b/gen/fortios_system_modem.rst new file mode 100644 index 00000000..264681c3 --- /dev/null +++ b/gen/fortios_system_modem.rst @@ -0,0 +1,3450 @@ +:source: fortios_system_modem.py + +:orphan: + +.. fortios_system_modem: + +fortios_system_modem -- Configure MODEM in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and modem category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_modemyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_modem - Configure MODEM. type: dict + more... + +
              • +
                +
              • action - Dial up/stop MODEM. type: str choices: dial, stop, none + more... + +
                • +
              • altmode - Enable/disable altmode for installations using PPP in China. type: str choices: enable, disable + more... + +
                • +
              • authtype1 - Allowed authentication types for ISP 1. type: list choices: pap, chap, mschap, mschapv2 + more... + +
                • +
              • authtype2 - Allowed authentication types for ISP 2. type: list choices: pap, chap, mschap, mschapv2 + more... + +
                • +
              • authtype3 - Allowed authentication types for ISP 3. type: list choices: pap, chap, mschap, mschapv2 + more... + +
                • +
              • auto_dial - Enable/disable auto-dial after a reboot or disconnection. type: str choices: enable, disable + more... + +
                • +
              • connect_timeout - Connection completion timeout (30 - 255 sec). type: int + more... + +
                • +
              • dial_cmd1 - Dial command (this is often an ATD or ATDT command). type: str + more... + +
                • +
              • dial_cmd2 - Dial command (this is often an ATD or ATDT command). type: str + more... + +
                • +
              • dial_cmd3 - Dial command (this is often an ATD or ATDT command). type: str + more... + +
                • +
              • dial_on_demand - Enable/disable to dial the modem when packets are routed to the modem interface. type: str choices: enable, disable + more... + +
                • +
              • distance - Distance of learned routes (1 - 255). type: int + more... + +
                • +
              • dont_send_CR1 - Do not send CR when connected (ISP1). type: str choices: enable, disable + more... + +
                • +
              • dont_send_CR2 - Do not send CR when connected (ISP2). type: str choices: enable, disable + more... + +
                • +
              • dont_send_CR3 - Do not send CR when connected (ISP3). type: str choices: enable, disable + more... + +
                • +
              • extra_init1 - Extra initialization string to ISP 1. type: str + more... + +
                • +
              • extra_init2 - Extra initialization string to ISP 2. type: str + more... + +
                • +
              • extra_init3 - Extra initialization string to ISP 3. type: str + more... + +
                • +
              • holddown_timer - Hold down timer in seconds (1 - 60 sec). type: int + more... + +
                • +
              • idle_timer - MODEM connection idle time (1 - 9999 min). type: int + more... + +
                • +
              • interface - Name of redundant interface. Source system.interface.name. type: str + more... + +
                • +
              • lockdown_lac - Allow connection only to the specified Location Area Code (LAC). type: str + more... + +
                • +
              • mode - Set MODEM operation mode to redundant or standalone. type: str choices: standalone, redundant + more... + +
                • +
              • network_init - AT command to set the Network name/type (AT+COPS=,[,[,]]). type: str + more... + +
                • +
              • passwd1 - Password to access the specified dialup account. type: str + more... + +
                • +
              • passwd2 - Password to access the specified dialup account. type: str + more... + +
                • +
              • passwd3 - Password to access the specified dialup account. type: str + more... + +
                • +
              • peer_modem1 - Specify peer MODEM type for phone1. type: str choices: generic, actiontec, ascend_TNT + more... + +
                • +
              • peer_modem2 - Specify peer MODEM type for phone2. type: str choices: generic, actiontec, ascend_TNT + more... + +
                • +
              • peer_modem3 - Specify peer MODEM type for phone3. type: str choices: generic, actiontec, ascend_TNT + more... + +
                • +
              • phone1 - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). type: str + more... + +
                • +
              • phone2 - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). type: str + more... + +
                • +
              • phone3 - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). type: str + more... + +
                • +
              • pin_init - AT command to set the PIN (AT+PIN=). type: str + more... + +
                • +
              • ppp_echo_request1 - Enable/disable PPP echo-request to ISP 1. type: str choices: enable, disable + more... + +
                • +
              • ppp_echo_request2 - Enable/disable PPP echo-request to ISP 2. type: str choices: enable, disable + more... + +
                • +
              • ppp_echo_request3 - Enable/disable PPP echo-request to ISP 3. type: str choices: enable, disable + more... + +
                • +
              • priority - Priority of learned routes (0 - 4294967295). type: int + more... + +
                • +
              • redial - Redial limit (1 - 10 attempts, none = redial forever). type: str choices: none, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 + more... + +
                • +
              • reset - Number of dial attempts before resetting modem (0 = never reset). type: int + more... + +
                • +
              • status - Enable/disable Modem support (equivalent to bringing an interface up or down). type: str choices: enable, disable + more... + +
                • +
              • traffic_check - Enable/disable traffic-check. type: str choices: enable, disable + more... + +
                • +
              • username1 - User name to access the specified dialup account. type: str + more... + +
                • +
              • username2 - User name to access the specified dialup account. type: str + more... + +
                • +
              • username3 - User name to access the specified dialup account. type: str + more... + +
                • +
              • wireless_port - Enter wireless port number, 0 for default, 1 for first port, ... (0 - 4294967295) type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MODEM. + fortios_system_modem: + vdom: "{{ vdom }}" + system_modem: + action: "dial" + altmode: "enable" + authtype1: "pap" + authtype2: "pap" + authtype3: "pap" + auto_dial: "enable" + connect_timeout: "9" + dial_cmd1: "" + dial_cmd2: "" + dial_cmd3: "" + dial_on_demand: "enable" + distance: "14" + dont_send_CR1: "enable" + dont_send_CR2: "enable" + dont_send_CR3: "enable" + extra_init1: "" + extra_init2: "" + extra_init3: "" + holddown_timer: "21" + idle_timer: "22" + interface: " (source system.interface.name)" + lockdown_lac: "" + mode: "standalone" + network_init: "" + passwd1: "" + passwd2: "" + passwd3: "" + peer_modem1: "generic" + peer_modem2: "generic" + peer_modem3: "generic" + phone1: "" + phone2: "" + phone3: "" + pin_init: "" + ppp_echo_request1: "enable" + ppp_echo_request2: "enable" + ppp_echo_request3: "enable" + priority: "40" + redial: "none" + reset: "42" + status: "enable" + traffic_check: "enable" + username1: "" + username2: "" + username3: "" + wireless_port: "48" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_nat64.rst b/gen/fortios_system_nat64.rst new file mode 100644 index 00000000..b62eddd0 --- /dev/null +++ b/gen/fortios_system_nat64.rst @@ -0,0 +1,660 @@ +:source: fortios_system_nat64.py + +:orphan: + +.. fortios_system_nat64: + +fortios_system_nat64 -- Configure NAT64 in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and nat64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0
            fortios_system_nat64yesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_nat64 - Configure NAT64. type: dict + more... + +
              • +
                +
              • always_synthesize_aaaa_record - Enable/disable AAAA record synthesis . type: str choices: enable, disable + more... + +
                • +
              • generate_ipv6_fragment_header - Enable/disable IPv6 fragment header generation. type: str choices: enable, disable + more... + +
                • +
              • nat46_force_ipv4_packet_forwarding - Enable/disable mandatory IPv4 packet forwarding in nat46. type: str choices: enable, disable + more... + +
                • +
              • nat64_prefix - NAT64 prefix must be ::/96 . type: str + more... + +
                • +
              • secondary_prefix - Secondary NAT64 prefix. type: list member_path: secondary_prefix:name + more... + +
                • +
                  +
                • name - NAT64 prefix name. type: str required: true + more... + +
                  • +
                • nat64_prefix - NAT64 prefix. type: str + more... + +
                  • +
                +
              • secondary_prefix_status - Enable/disable secondary NAT64 prefix. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable NAT64 . type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NAT64. + fortios_system_nat64: + vdom: "{{ vdom }}" + system_nat64: + always_synthesize_aaaa_record: "enable" + generate_ipv6_fragment_header: "enable" + nat46_force_ipv4_packet_forwarding: "enable" + nat64_prefix: "" + secondary_prefix: + - + name: "default_name_8" + nat64_prefix: "" + secondary_prefix_status: "enable" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_nd_proxy.rst b/gen/fortios_system_nd_proxy.rst new file mode 100644 index 00000000..5f0bd159 --- /dev/null +++ b/gen/fortios_system_nd_proxy.rst @@ -0,0 +1,392 @@ +:source: fortios_system_nd_proxy.py + +:orphan: + +.. fortios_system_nd_proxy: + +fortios_system_nd_proxy -- Configure IPv6 neighbor discovery proxy (RFC4389) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and nd_proxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_nd_proxyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_nd_proxy - Configure IPv6 neighbor discovery proxy (RFC4389). type: dict + more... + +
              • +
                +
              • member - Interfaces using the neighbor discovery proxy. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • status - Enable/disable neighbor discovery proxy. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 neighbor discovery proxy (RFC4389). + fortios_system_nd_proxy: + vdom: "{{ vdom }}" + system_nd_proxy: + member: + - + interface_name: " (source system.interface.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_netflow.rst b/gen/fortios_system_netflow.rst new file mode 100644 index 00000000..aa3cb417 --- /dev/null +++ b/gen/fortios_system_netflow.rst @@ -0,0 +1,684 @@ +:source: fortios_system_netflow.py + +:orphan: + +.. fortios_system_netflow: + +fortios_system_netflow -- Configure NetFlow in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and netflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_netflowyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_netflow - Configure NetFlow. type: dict + more... + +
              • +
                +
              • active_flow_timeout - Timeout to report active flows (60 - 3600 sec). type: int + more... + +
                • +
              • collector_ip - Collector IP. type: str + more... + +
                • +
              • collector_port - NetFlow collector port number. type: int + more... + +
                • +
              • inactive_flow_timeout - Timeout for periodic report of finished flows (10 - 600 sec). type: int + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • source_ip - Source IP address for communication with the NetFlow agent. type: str + more... + +
                • +
              • template_tx_counter - Counter of flowset records before resending a template flowset record. type: int + more... + +
                • +
              • template_tx_timeout - Timeout for periodic template flowset transmission (60 - 86400 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NetFlow. + fortios_system_netflow: + vdom: "{{ vdom }}" + system_netflow: + active_flow_timeout: "3" + collector_ip: "" + collector_port: "5" + inactive_flow_timeout: "6" + interface: " (source system.interface.name)" + interface_select_method: "auto" + source_ip: "84.230.14.43" + template_tx_counter: "10" + template_tx_timeout: "11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_network_visibility.rst b/gen/fortios_system_network_visibility.rst new file mode 100644 index 00000000..ce312e4f --- /dev/null +++ b/gen/fortios_system_network_visibility.rst @@ -0,0 +1,641 @@ +:source: fortios_system_network_visibility.py + +:orphan: + +.. fortios_system_network_visibility: + +fortios_system_network_visibility -- Configure network visibility settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and network_visibility category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_network_visibilityyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_network_visibility - Configure network visibility settings. type: dict + more... + +
              • +
                +
              • destination_hostname_visibility - Enable/disable logging of destination hostname visibility. type: str choices: disable, enable + more... + +
                • +
              • destination_location - Enable/disable logging of destination geographical location visibility. type: str choices: disable, enable + more... + +
                • +
              • destination_visibility - Enable/disable logging of destination visibility. type: str choices: disable, enable + more... + +
                • +
              • hostname_limit - Limit of the number of hostname table entries (0 - 50000). type: int + more... + +
                • +
              • hostname_ttl - TTL of hostname table entries (60 - 86400). type: int + more... + +
                • +
              • source_location - Enable/disable logging of source geographical location visibility. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network visibility settings. + fortios_system_network_visibility: + vdom: "{{ vdom }}" + system_network_visibility: + destination_hostname_visibility: "disable" + destination_location: "disable" + destination_visibility: "disable" + hostname_limit: "6" + hostname_ttl: "7" + source_location: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_np6.rst b/gen/fortios_system_np6.rst new file mode 100644 index 00000000..45cda78e --- /dev/null +++ b/gen/fortios_system_np6.rst @@ -0,0 +1,4644 @@ +:source: fortios_system_np6.py + +:orphan: + +.. fortios_system_np6: + +fortios_system_np6 -- Configure NP6 attributes in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and np6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_np6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_np6 - Configure NP6 attributes. type: dict + more... + +
              • +
                +
              • fastpath - Enable/disable NP4 or NP6 offloading (also called fast path). type: str choices: disable, enable + more... + +
                • +
              • fp_anomaly - NP6 IPv4 anomaly protection. trap-to-host forwards anomaly sessions to the CPU. type: dict + more... + +
                • +
                  +
                • icmp_csum_err - Invalid IPv4 ICMP checksum anomalies. type: str choices: drop, trap-to-host + more... + +
                  • +
                • icmp_frag - Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • icmp_land - ICMP land anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_csum_err - Invalid IPv4 IP checksum anomalies. type: str choices: drop, trap-to-host + more... + +
                  • +
                • ipv4_land - Land anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_optlsrr - Loose source record route option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_optrr - Record route option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_optsecurity - Security option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_optssrr - Strict source record route option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_optstream - Stream option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_opttimestamp - Timestamp option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_proto_err - Invalid layer 4 protocol anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv4_unknopt - Unknown option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_daddr_err - Destination address as unspecified or loopback address anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_land - Land anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_optendpid - End point identification anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_opthomeaddr - Home address option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_optinvld - Invalid option anomalies.Invalid option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_optjumbo - Jumbo options anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_optnsap - Network service access point address option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_optralert - Router alert option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_opttunnel - Tunnel encapsulation limit option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_proto_err - Layer 4 invalid protocol anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_saddr_err - Source address as multicast anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • ipv6_unknopt - Unknown option anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_csum_err - Invalid IPv4 TCP checksum anomalies. type: str choices: drop, trap-to-host + more... + +
                  • +
                • tcp_fin_noack - TCP SYN flood with FIN flag set without ACK setting anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_fin_only - TCP SYN flood with only FIN flag set anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_land - TCP land anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_no_flag - TCP SYN flood with no flag set anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_syn_data - TCP SYN flood packets with data anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_syn_fin - TCP SYN flood SYN/FIN flag set anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • tcp_winnuke - TCP WinNuke anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                • udp_csum_err - Invalid IPv4 UDP checksum anomalies. type: str choices: drop, trap-to-host + more... + +
                  • +
                • udp_land - UDP land anomalies. type: str choices: allow, drop, trap-to-host + more... + +
                  • +
                +
              • garbage_session_collector - Enable/disable garbage session collector. type: str choices: disable, enable + more... + +
                • +
              • hpe - HPE configuration. type: str + more... + +
                • +
              • ipsec_ob_hash_function - Set hash function for IPSec outbound. type: str choices: global-hash, round-robin-global + more... + +
                • +
              • ipsec_outbound_hash - Enable/disable hash function for IPsec outbound traffic. type: str choices: disable, enable + more... + +
                • +
              • low_latency_mode - Enable/disable low latency mode. type: str choices: disable, enable + more... + +
                • +
              • name - Device Name. type: str required: true + more... + +
                • +
              • per_session_accounting - Enable/disable per-session accounting. type: str choices: disable, traffic-log-only, enable + more... + +
                • +
              • session_collector_interval - Set garbage session collection cleanup interval (1 - 100 sec). type: int + more... + +
                • +
              • session_timeout_fixed - {disable | enable} Toggle between using fixed or random timeouts for refreshing NP6 sessions. type: str choices: disable, enable + more... + +
                • +
              • session_timeout_interval - Set the fixed timeout for refreshing NP6 sessions (0 - 1000 sec). type: int + more... + +
                • +
              • session_timeout_random_range - Set the random timeout range for refreshing NP6 sessions (0 - 1000 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NP6 attributes. + fortios_system_np6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_np6: + fastpath: "disable" + fp_anomaly: + icmp_csum_err: "drop" + icmp_frag: "allow" + icmp_land: "allow" + ipv4_csum_err: "drop" + ipv4_land: "allow" + ipv4_optlsrr: "allow" + ipv4_optrr: "allow" + ipv4_optsecurity: "allow" + ipv4_optssrr: "allow" + ipv4_optstream: "allow" + ipv4_opttimestamp: "allow" + ipv4_proto_err: "allow" + ipv4_unknopt: "allow" + ipv6_daddr_err: "allow" + ipv6_land: "allow" + ipv6_optendpid: "allow" + ipv6_opthomeaddr: "allow" + ipv6_optinvld: "allow" + ipv6_optjumbo: "allow" + ipv6_optnsap: "allow" + ipv6_optralert: "allow" + ipv6_opttunnel: "allow" + ipv6_proto_err: "allow" + ipv6_saddr_err: "allow" + ipv6_unknopt: "allow" + tcp_csum_err: "drop" + tcp_fin_noack: "allow" + tcp_fin_only: "allow" + tcp_land: "allow" + tcp_no_flag: "allow" + tcp_syn_data: "allow" + tcp_syn_fin: "allow" + tcp_winnuke: "allow" + udp_csum_err: "drop" + udp_land: "allow" + garbage_session_collector: "disable" + hpe: + arp_max: "42" + enable_shaper: "disable" + esp_max: "44" + icmp_max: "45" + ip_frag_max: "46" + ip_others_max: "47" + l2_others_max: "48" + pri_type_max: "49" + sctp_max: "50" + tcp_max: "51" + tcpfin_rst_max: "52" + tcpsyn_ack_max: "53" + tcpsyn_max: "54" + udp_max: "55" + ipsec_ob_hash_function: "global-hash" + ipsec_outbound_hash: "disable" + low_latency_mode: "disable" + name: "default_name_59" + per_session_accounting: "disable" + session_collector_interval: "61" + session_timeout_fixed: "disable" + session_timeout_interval: "63" + session_timeout_random_range: "64" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_npu.rst b/gen/fortios_system_npu.rst new file mode 100644 index 00000000..d00eaf2e --- /dev/null +++ b/gen/fortios_system_npu.rst @@ -0,0 +1,2432 @@ +:source: fortios_system_npu.py + +:orphan: + +.. fortios_system_npu: + +fortios_system_npu -- Configure NPU attributes in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_npuyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_npu - Configure NPU attributes. type: dict + more... + +
              • +
                +
              • capwap_offload - Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. type: str choices: enable, disable + more... + +
                • +
              • dedicated_management_affinity - Affinity setting for management deamons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str + more... + +
                • +
              • dedicated_management_cpu - Enable to dedicate one CPU for GUI and CLI connections when NPs are busy. type: str choices: enable, disable + more... + +
                • +
              • fastpath - Enable/disable NP6 offloading (also called fast path). type: str choices: disable, enable + more... + +
                • +
              • gtp_enhanced_cpu_range - GTP enhanced CPU range option. type: str choices: 0, 1, 2 + more... + +
                • +
              • gtp_enhanced_mode - Enable/disable GTP enhanced mode. type: str choices: enable, disable + more... + +
                • +
              • intf_shaping_offload - Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile. type: str choices: enable, disable + more... + +
                • +
              • ipsec_dec_subengine_mask - IPsec decryption subengine mask (0x1 - 0xff). type: str + more... + +
                • +
              • ipsec_enc_subengine_mask - IPsec encryption subengine mask (0x1 - 0xff). type: str + more... + +
                • +
              • ipsec_inbound_cache - Enable/disable IPsec inbound cache for anti-replay. type: str choices: enable, disable + more... + +
                • +
              • ipsec_mtu_override - Enable/disable NP6 IPsec MTU override. type: str choices: disable, enable + more... + +
                • +
              • ipsec_over_vlink - Enable/disable IPSEC over vlink. type: str choices: enable, disable + more... + +
                • +
              • isf_np_queues - Configure queues of switch port connected to NP6 XAUI on ingress path. type: dict + more... + +
                • +
                  +
                • cos0 - CoS profile name for CoS 0. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos1 - CoS profile name for CoS 1. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos2 - CoS profile name for CoS 2. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos3 - CoS profile name for CoS 3. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos4 - CoS profile name for CoS 4. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos5 - CoS profile name for CoS 5. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos6 - CoS profile name for CoS 6. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                • cos7 - CoS profile name for CoS 7. Source system.isf-queue-profile.name. type: str + more... + +
                  • +
                +
              • lag_out_port_select - Enable/disable LAG outgoing port selection based on incoming traffic port. type: str choices: disable, enable + more... + +
                • +
              • mcast_session_accounting - Enable/disable traffic accounting for each multicast session through TAE counter. type: str choices: tpe-based, session-based, disable + more... + +
                • +
              • port_cpu_map - Configure NPU interface to CPU core mapping. type: list member_path: port_cpu_map:interface + more... + +
                • +
                  +
                • cpu_core - The CPU core to map to an interface. type: str + more... + +
                  • +
                • interface - The interface to map to a CPU core. type: str required: true + more... + +
                  • +
                +
              • port_npu_map - Configure port to NPU group mapping. type: list member_path: port_npu_map:interface + more... + +
                • +
                  +
                • interface - Set npu interface port to NPU group map. type: str required: true + more... + +
                  • +
                • npu_group_index - Mapping NPU group index. type: int + more... + +
                  • +
                +
              • priority_protocol - Configure NPU priority protocol. type: str + more... + +
                • +
              • qos_mode - QoS mode on switch and NP. type: str choices: disable, priority, round-robin + more... + +
                • +
              • rdp_offload - Enable/disable rdp offload. type: str choices: enable, disable + more... + +
                • +
              • session_denied_offload - Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set. type: str choices: disable, enable + more... + +
                • +
              • sse_backpressure - Enable/disable sse backpressure. type: str choices: enable, disable + more... + +
                • +
              • strip_clear_text_padding - Enable/disable stripping clear text padding. type: str choices: enable, disable + more... + +
                • +
              • strip_esp_padding - Enable/disable stripping ESP padding. type: str choices: enable, disable + more... + +
                • +
              • sw_np_bandwidth - Bandwidth from switch to NP. type: str choices: 0G, 2G, 4G, 5G, 6G + more... + +
                • +
              • uesp_offload - Enable/disable UDP-encapsulated ESP offload . type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NPU attributes. + fortios_system_npu: + vdom: "{{ vdom }}" + system_npu: + capwap_offload: "enable" + dedicated_management_affinity: "" + dedicated_management_cpu: "enable" + fastpath: "disable" + gtp_enhanced_cpu_range: "0" + gtp_enhanced_mode: "enable" + intf_shaping_offload: "enable" + ipsec_dec_subengine_mask: "" + ipsec_enc_subengine_mask: "" + ipsec_inbound_cache: "enable" + ipsec_mtu_override: "disable" + ipsec_over_vlink: "enable" + isf_np_queues: + cos0: " (source system.isf-queue-profile.name)" + cos1: " (source system.isf-queue-profile.name)" + cos2: " (source system.isf-queue-profile.name)" + cos3: " (source system.isf-queue-profile.name)" + cos4: " (source system.isf-queue-profile.name)" + cos5: " (source system.isf-queue-profile.name)" + cos6: " (source system.isf-queue-profile.name)" + cos7: " (source system.isf-queue-profile.name)" + lag_out_port_select: "disable" + mcast_session_accounting: "tpe-based" + port_cpu_map: + - + cpu_core: "" + interface: "" + port_npu_map: + - + interface: "" + npu_group_index: "31" + priority_protocol: + bfd: "enable" + bgp: "enable" + slbc: "enable" + qos_mode: "disable" + rdp_offload: "enable" + session_denied_offload: "disable" + sse_backpressure: "enable" + strip_clear_text_padding: "enable" + strip_esp_padding: "enable" + sw_np_bandwidth: "0G" + uesp_offload: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ntp.rst b/gen/fortios_system_ntp.rst new file mode 100644 index 00000000..ba1aeefe --- /dev/null +++ b/gen/fortios_system_ntp.rst @@ -0,0 +1,1508 @@ +:source: fortios_system_ntp.py + +:orphan: + +.. fortios_system_ntp: + +fortios_system_ntp -- Configure system NTP information in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ntp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ntpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ntp - Configure system NTP information. type: dict + more... + +
              • +
                +
              • authentication - Enable/disable authentication. type: str choices: enable, disable + more... + +
                • +
              • interface - FortiGate interface(s) with NTP server mode enabled. Devices on your network can contact these interfaces for NTP services. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • key - Key for authentication. type: str + more... + +
                • +
              • key_id - Key ID for authentication. type: int + more... + +
                • +
              • key_type - Key type for authentication (MD5, SHA1). type: str choices: MD5, SHA1 + more... + +
                • +
              • ntpserver - Configure the FortiGate to connect to any available third-party NTP server. type: list member_path: ntpserver:id + more... + +
                • +
                  +
                • authentication - Enable/disable MD5(NTPv3)/SHA1(NTPv4) authentication. type: str choices: enable, disable + more... + +
                  • +
                • id - NTP server ID. type: int required: true + more... + +
                  • +
                • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                  • +
                • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                  • +
                • key - Key for MD5(NTPv3)/SHA1(NTPv4) authentication. type: str + more... + +
                  • +
                • key_id - Key ID for authentication. type: int + more... + +
                  • +
                • ntpv3 - Enable to use NTPv3 instead of NTPv4. type: str choices: enable, disable + more... + +
                  • +
                • server - IP address or hostname of the NTP Server. type: str + more... + +
                  • +
                +
              • ntpsync - Enable/disable setting the FortiGate system time by synchronizing with an NTP Server. type: str choices: enable, disable + more... + +
                • +
              • server_mode - Enable/disable FortiGate NTP Server Mode. Your FortiGate becomes an NTP server for other devices on your network. The FortiGate relays NTP requests to its configured NTP server. type: str choices: enable, disable + more... + +
                • +
              • source_ip - Source IP address for communication to the NTP server. type: str + more... + +
                • +
              • source_ip6 - Source IPv6 address for communication to the NTP server. type: str + more... + +
                • +
              • syncinterval - NTP synchronization interval (1 - 1440 min). type: int + more... + +
                • +
              • type - Use the FortiGuard NTP server or any other available NTP Server. type: str choices: fortiguard, custom + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system NTP information. + fortios_system_ntp: + vdom: "{{ vdom }}" + system_ntp: + authentication: "enable" + interface: + - + interface_name: " (source system.interface.name)" + key: "" + key_id: "7" + key_type: "MD5" + ntpserver: + - + authentication: "enable" + id: "11" + interface: " (source system.interface.name)" + interface_select_method: "auto" + key: "" + key_id: "15" + ntpv3: "enable" + server: "192.168.100.40" + ntpsync: "enable" + server_mode: "enable" + source_ip: "84.230.14.43" + source_ip6: "" + syncinterval: "22" + type: "fortiguard" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_object_tagging.rst b/gen/fortios_system_object_tagging.rst new file mode 100644 index 00000000..2afffee2 --- /dev/null +++ b/gen/fortios_system_object_tagging.rst @@ -0,0 +1,796 @@ +:source: fortios_system_object_tagging.py + +:orphan: + +.. fortios_system_object_tagging: + +fortios_system_object_tagging -- Configure object tagging in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and object_tagging category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_object_taggingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_object_tagging - Configure object tagging. type: dict + more... + +
              • +
                +
              • address - Address. type: str choices: disable, mandatory, optional + more... + +
                • +
              • category - Tag Category. type: str required: true + more... + +
                • +
              • color - Color of icon on the GUI. type: int + more... + +
                • +
              • device - Device. type: str choices: disable, mandatory, optional + more... + +
                • +
              • interface - Interface. type: str choices: disable, mandatory, optional + more... + +
                • +
              • multiple - Allow multiple tag selection. type: str choices: enable, disable + more... + +
                • +
              • tags - Tags. type: list member_path: tags:name + more... + +
                • +
                  +
                • name - Tag name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure object tagging. + fortios_system_object_tagging: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_object_tagging: + address: "disable" + category: "" + color: "5" + device: "disable" + interface: "disable" + multiple: "enable" + tags: + - + name: "default_name_10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_password_policy.rst b/gen/fortios_system_password_policy.rst new file mode 100644 index 00000000..c6e5af54 --- /dev/null +++ b/gen/fortios_system_password_policy.rst @@ -0,0 +1,931 @@ +:source: fortios_system_password_policy.py + +:orphan: + +.. fortios_system_password_policy: + +fortios_system_password_policy -- Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and password_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_password_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_password_policy - Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. type: dict + more... + +
              • +
                +
              • apply_to - Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space. type: list choices: admin-password, ipsec-preshared-key + more... + +
                • +
              • change_4_characters - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). type: str choices: enable, disable + more... + +
                • +
              • expire_day - Number of days after which passwords expire (1 - 999 days). type: int + more... + +
                • +
              • expire_status - Enable/disable password expiration. type: str choices: enable, disable + more... + +
                • +
              • min_change_characters - Minimum number of unique characters in new password which do not exist in old password (0 - 128). type: int + more... + +
                • +
              • min_lower_case_letter - Minimum number of lowercase characters in password (0 - 128). type: int + more... + +
                • +
              • min_non_alphanumeric - Minimum number of non-alphanumeric characters in password (0 - 128). type: int + more... + +
                • +
              • min_number - Minimum number of numeric characters in password (0 - 128). type: int + more... + +
                • +
              • min_upper_case_letter - Minimum number of uppercase characters in password (0 - 128). type: int + more... + +
                • +
              • minimum_length - Minimum password length (8 - 128). type: int + more... + +
                • +
              • reuse_password - Enable/disable reuse of password. If both reuse-password and min-change-characters are enabled, min-change-characters overrides. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. + fortios_system_password_policy: + vdom: "{{ vdom }}" + system_password_policy: + apply_to: "admin-password" + change_4_characters: "enable" + expire_day: "5" + expire_status: "enable" + min_change_characters: "7" + min_lower_case_letter: "8" + min_non_alphanumeric: "9" + min_number: "10" + min_upper_case_letter: "11" + minimum_length: "12" + reuse_password: "enable" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_password_policy_guest_admin.rst b/gen/fortios_system_password_policy_guest_admin.rst new file mode 100644 index 00000000..55218031 --- /dev/null +++ b/gen/fortios_system_password_policy_guest_admin.rst @@ -0,0 +1,912 @@ +:source: fortios_system_password_policy_guest_admin.py + +:orphan: + +.. fortios_system_password_policy_guest_admin: + +fortios_system_password_policy_guest_admin -- Configure the password policy for guest administrators in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and password_policy_guest_admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_password_policy_guest_adminyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_password_policy_guest_admin - Configure the password policy for guest administrators. type: dict + more... + +
              • +
                +
              • apply_to - Guest administrator to which this password policy applies. type: list choices: guest-admin-password + more... + +
                • +
              • change_4_characters - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). type: str choices: enable, disable + more... + +
                • +
              • expire_day - Number of days after which passwords expire (1 - 999 days). type: int + more... + +
                • +
              • expire_status - Enable/disable password expiration. type: str choices: enable, disable + more... + +
                • +
              • min_change_characters - Minimum number of unique characters in new password which do not exist in old password (0 - 128). type: int + more... + +
                • +
              • min_lower_case_letter - Minimum number of lowercase characters in password (0 - 128). type: int + more... + +
                • +
              • min_non_alphanumeric - Minimum number of non-alphanumeric characters in password (0 - 128). type: int + more... + +
                • +
              • min_number - Minimum number of numeric characters in password (0 - 128). type: int + more... + +
                • +
              • min_upper_case_letter - Minimum number of uppercase characters in password (0 - 128). type: int + more... + +
                • +
              • minimum_length - Minimum password length (8 - 128). type: int + more... + +
                • +
              • reuse_password - Enable/disable reuse of password. If both reuse-password and min-change-characters are enabled, min-change-characters overrides. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the password policy for guest administrators. + fortios_system_password_policy_guest_admin: + vdom: "{{ vdom }}" + system_password_policy_guest_admin: + apply_to: "guest-admin-password" + change_4_characters: "enable" + expire_day: "5" + expire_status: "enable" + min_change_characters: "7" + min_lower_case_letter: "8" + min_non_alphanumeric: "9" + min_number: "10" + min_upper_case_letter: "11" + minimum_length: "12" + reuse_password: "enable" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_performance_top.rst b/gen/fortios_system_performance_top.rst new file mode 100644 index 00000000..d9ae7598 --- /dev/null +++ b/gen/fortios_system_performance_top.rst @@ -0,0 +1,235 @@ +:source: fortios_system_performance_top.py + +:orphan: + +.. fortios_system_performance_top: + +fortios_system_performance_top -- Display information about the top CPU processes in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_performance feature and top category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_performance_topyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_performance_top - Display information about the top CPU processes. type: dict + more... + +
              • +
                +
              • - Delay in seconds . type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display information about the top CPU processes. + fortios_system_performance_top: + vdom: "{{ vdom }}" + system_performance_top: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_physical_switch.rst b/gen/fortios_system_physical_switch.rst new file mode 100644 index 00000000..f00a1307 --- /dev/null +++ b/gen/fortios_system_physical_switch.rst @@ -0,0 +1,571 @@ +:source: fortios_system_physical_switch.py + +:orphan: + +.. fortios_system_physical_switch: + +fortios_system_physical_switch -- Configure physical switches in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and physical_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_physical_switchyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_physical_switch - Configure physical switches. type: dict + more... + +
              • +
                +
              • age_enable - Enable/disable layer 2 age timer. type: str choices: enable, disable + more... + +
                • +
              • age_val - Layer 2 table age timer value. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • port - Configure member ports. type: list member_path: port:name + more... + +
                • +
                  +
                • name - Physical port name. type: str required: true + more... + +
                  • +
                • speed - Speed. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 1000auto, 10000full, 10000auto, 40000full, 100Gfull + more... + +
                  • +
                • status - Interface status. type: str choices: up, down + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure physical switches. + fortios_system_physical_switch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_physical_switch: + age_enable: "enable" + age_val: "4" + name: "default_name_5" + port: + - + name: "default_name_7" + speed: "auto" + status: "up" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_pppoe_interface.rst b/gen/fortios_system_pppoe_interface.rst new file mode 100644 index 00000000..edbf4f54 --- /dev/null +++ b/gen/fortios_system_pppoe_interface.rst @@ -0,0 +1,1161 @@ +:source: fortios_system_pppoe_interface.py + +:orphan: + +.. fortios_system_pppoe_interface: + +fortios_system_pppoe_interface -- Configure the PPPoE interfaces in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and pppoe_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_pppoe_interfaceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_pppoe_interface - Configure the PPPoE interfaces. type: dict + more... + +
              • +
                +
              • ac_name - PPPoE AC name. type: str + more... + +
                • +
              • auth_type - PPP authentication type to use. type: str choices: auto, pap, chap, mschapv1, mschapv2 + more... + +
                • +
              • device - Name for the physical interface. Source system.interface.name. type: str + more... + +
                • +
              • dial_on_demand - Enable/disable dial on demand to dial the PPPoE interface when packets are routed to the PPPoE interface. type: str choices: enable, disable + more... + +
                • +
              • disc_retry_timeout - PPPoE discovery init timeout value in (0-4294967295 sec). type: int + more... + +
                • +
              • idle_timeout - PPPoE auto disconnect after idle timeout (0-4294967295 sec). type: int + more... + +
                • +
              • ipunnumbered - PPPoE unnumbered IP. type: str + more... + +
                • +
              • ipv6 - Enable/disable IPv6 Control Protocol (IPv6CP). type: str choices: enable, disable + more... + +
                • +
              • lcp_echo_interval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. type: int + more... + +
                • +
              • lcp_max_echo_fails - Maximum missed LCP echo messages before disconnect. type: int + more... + +
                • +
              • name - Name of the PPPoE interface. type: str required: true + more... + +
                • +
              • padt_retry_timeout - PPPoE terminate timeout value in (0-4294967295 sec). type: int + more... + +
                • +
              • password - Enter the password. type: str + more... + +
                • +
              • pppoe_unnumbered_negotiate - Enable/disable PPPoE unnumbered negotiation. type: str choices: enable, disable + more... + +
                • +
              • service_name - PPPoE service name. type: str + more... + +
                • +
              • username - User name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the PPPoE interfaces. + fortios_system_pppoe_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_pppoe_interface: + ac_name: "" + auth_type: "auto" + device: " (source system.interface.name)" + dial_on_demand: "enable" + disc_retry_timeout: "7" + idle_timeout: "8" + ipunnumbered: "" + ipv6: "enable" + lcp_echo_interval: "11" + lcp_max_echo_fails: "12" + name: "default_name_13" + padt_retry_timeout: "14" + password: "" + pppoe_unnumbered_negotiate: "enable" + service_name: "" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_probe_response.rst b/gen/fortios_system_probe_response.rst new file mode 100644 index 00000000..0593ba2c --- /dev/null +++ b/gen/fortios_system_probe_response.rst @@ -0,0 +1,687 @@ +:source: fortios_system_probe_response.py + +:orphan: + +.. fortios_system_probe_response: + +fortios_system_probe_response -- Configure system probe response in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and probe_response category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_probe_responseyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_probe_response - Configure system probe response. type: dict + more... + +
              • +
                +
              • http_probe_value - Value to respond to the monitoring server. type: str + more... + +
                • +
              • mode - SLA response mode. type: str choices: none, http-probe, twamp + more... + +
                • +
              • password - TWAMP responder password in authentication mode. type: str + more... + +
                • +
              • port - Port number to response. type: int + more... + +
                • +
              • security_mode - TWAMP responder security mode. type: str choices: none, authentication + more... + +
                • +
              • timeout - An inactivity timer for a twamp test session. type: int + more... + +
                • +
              • ttl_mode - Mode for TWAMP packet TTL modification. type: str choices: reinit, decrease, retain + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system probe response. + fortios_system_probe_response: + vdom: "{{ vdom }}" + system_probe_response: + http_probe_value: "" + mode: "none" + password: "" + port: "6" + security_mode: "none" + timeout: "8" + ttl_mode: "reinit" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_proxy_arp.rst b/gen/fortios_system_proxy_arp.rst new file mode 100644 index 00000000..7b59d284 --- /dev/null +++ b/gen/fortios_system_proxy_arp.rst @@ -0,0 +1,400 @@ +:source: fortios_system_proxy_arp.py + +:orphan: + +.. fortios_system_proxy_arp: + +fortios_system_proxy_arp -- Configure proxy-ARP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and proxy_arp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_proxy_arpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_proxy_arp - Configure proxy-ARP. type: dict + more... + +
              • +
                +
              • end_ip - End IP of IP range to be proxied. type: str + more... + +
                • +
              • id - Unique integer ID of the entry. type: int required: true + more... + +
                • +
              • interface - Interface acting proxy-ARP. Source system.interface.name. type: str + more... + +
                • +
              • ip - IP address or start IP to be proxied. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure proxy-ARP. + fortios_system_proxy_arp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_proxy_arp: + end_ip: "" + id: "4" + interface: " (source system.interface.name)" + ip: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_ptp.rst b/gen/fortios_system_ptp.rst new file mode 100644 index 00000000..4ad8b429 --- /dev/null +++ b/gen/fortios_system_ptp.rst @@ -0,0 +1,700 @@ +:source: fortios_system_ptp.py + +:orphan: + +.. fortios_system_ptp: + +fortios_system_ptp -- Configure system PTP information in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ptp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_ptpyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_ptp - Configure system PTP information. type: dict + more... + +
              • +
                +
              • delay_mechanism - End to end delay detection or peer to peer delay detection. type: str choices: E2E, P2P + more... + +
                • +
              • interface - PTP client will reply through this interface. Source system.interface.name. type: str + more... + +
                • +
              • mode - Multicast transmission or hybrid transmission. type: str choices: multicast, hybrid + more... + +
                • +
              • request_interval - The delay request value is the logarithmic mean interval in seconds between the delay request messages sent by the slave to the master. type: int + more... + +
                • +
              • server_interface - FortiGate interface(s) with PTP server mode enabled. Devices on your network can contact these interfaces for PTP services. type: list member_path: server_interface:id + more... + +
                • +
                  +
                • delay_mechanism - End to end delay detection or peer to peer delay detection. type: str choices: E2E, P2P + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • server_interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • server_mode - Enable/disable FortiGate PTP server mode. Your FortiGate becomes an PTP server for other devices on your network. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable setting the FortiGate system time by synchronizing with an PTP Server. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system PTP information. + fortios_system_ptp: + vdom: "{{ vdom }}" + system_ptp: + delay_mechanism: "E2E" + interface: " (source system.interface.name)" + mode: "multicast" + request_interval: "6" + server_interface: + - + delay_mechanism: "E2E" + id: "9" + server_interface_name: " (source system.interface.name)" + server_mode: "enable" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_admin.rst b/gen/fortios_system_replacemsg_admin.rst new file mode 100644 index 00000000..b361fd65 --- /dev/null +++ b/gen/fortios_system_replacemsg_admin.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_admin.py + +:orphan: + +.. fortios_system_replacemsg_admin: + +fortios_system_replacemsg_admin -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_adminyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_admin - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_admin: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_admin: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_alertmail.rst b/gen/fortios_system_replacemsg_alertmail.rst new file mode 100644 index 00000000..0d4bcd7b --- /dev/null +++ b/gen/fortios_system_replacemsg_alertmail.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_alertmail.py + +:orphan: + +.. fortios_system_replacemsg_alertmail: + +fortios_system_replacemsg_alertmail -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and alertmail category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_alertmailyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_alertmail - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_alertmail: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_alertmail: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_auth.rst b/gen/fortios_system_replacemsg_auth.rst new file mode 100644 index 00000000..2d392df1 --- /dev/null +++ b/gen/fortios_system_replacemsg_auth.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_auth.py + +:orphan: + +.. fortios_system_replacemsg_auth: + +fortios_system_replacemsg_auth -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and auth category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_authyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_auth - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_auth: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_auth: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_automation.rst b/gen/fortios_system_replacemsg_automation.rst new file mode 100644 index 00000000..e065e59d --- /dev/null +++ b/gen/fortios_system_replacemsg_automation.rst @@ -0,0 +1,334 @@ +:source: fortios_system_replacemsg_automation.py + +:orphan: + +.. fortios_system_replacemsg_automation: + +fortios_system_replacemsg_automation -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and automation category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_automationyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_automation - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_automation: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_automation: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_device_detection_portal.rst b/gen/fortios_system_replacemsg_device_detection_portal.rst new file mode 100644 index 00000000..cdb68a92 --- /dev/null +++ b/gen/fortios_system_replacemsg_device_detection_portal.rst @@ -0,0 +1,381 @@ +:source: fortios_system_replacemsg_device_detection_portal.py + +:orphan: + +.. fortios_system_replacemsg_device_detection_portal: + +fortios_system_replacemsg_device_detection_portal -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and device_detection_portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1
            fortios_system_replacemsg_device_detection_portalyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_device_detection_portal - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_device_detection_portal: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_device_detection_portal: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_ec.rst b/gen/fortios_system_replacemsg_ec.rst new file mode 100644 index 00000000..eb93e89a --- /dev/null +++ b/gen/fortios_system_replacemsg_ec.rst @@ -0,0 +1,286 @@ +:source: fortios_system_replacemsg_ec.py + +:orphan: + +.. fortios_system_replacemsg_ec: + +fortios_system_replacemsg_ec -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and ec category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_system_replacemsg_ecyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_ec - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_ec: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_ec: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_fortiguard_wf.rst b/gen/fortios_system_replacemsg_fortiguard_wf.rst new file mode 100644 index 00000000..10ac2e10 --- /dev/null +++ b/gen/fortios_system_replacemsg_fortiguard_wf.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_fortiguard_wf.py + +:orphan: + +.. fortios_system_replacemsg_fortiguard_wf: + +fortios_system_replacemsg_fortiguard_wf -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and fortiguard_wf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_fortiguard_wfyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_fortiguard_wf - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_fortiguard_wf: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_fortiguard_wf: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_ftp.rst b/gen/fortios_system_replacemsg_ftp.rst new file mode 100644 index 00000000..214ee8e4 --- /dev/null +++ b/gen/fortios_system_replacemsg_ftp.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_ftp.py + +:orphan: + +.. fortios_system_replacemsg_ftp: + +fortios_system_replacemsg_ftp -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and ftp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_ftpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_ftp - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_ftp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_ftp: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_group.rst b/gen/fortios_system_replacemsg_group.rst new file mode 100644 index 00000000..f869aa31 --- /dev/null +++ b/gen/fortios_system_replacemsg_group.rst @@ -0,0 +1,10141 @@ +:source: fortios_system_replacemsg_group.py + +:orphan: + +.. fortios_system_replacemsg_group: + +fortios_system_replacemsg_group -- Configure replacement message groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and replacemsg_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_group - Configure replacement message groups. type: dict + more... + +
              • +
                +
              • admin - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • alertmail - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • auth - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • automation - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • custom_message - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • device_detection_portal - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • ec - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • fortiguard_wf - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • ftp - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • group_type - Group type. type: str choices: default, utm, auth, ec + more... + +
                • +
              • http - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • icap - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • mail - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • mm1 - Replacement message table entries. type: list + more... + +
                • +
                  +
                • add_smil - add message encapsulation type: str choices: enable, disable + more... + +
                  • +
                • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                  • +
                • class - message class type: str choices: not-included, personal, advertisement, information, automatic + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • from - from address type: str + more... + +
                  • +
                • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                  • +
                • message - message text type: str + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                  • +
                • rsp_status - response status code type: str choices: ok, err-unspecified, err-srv-denied, err-msg-fmt-corrupt, err-snd-addr-unresolv, err-msg-not-found, err-net-prob, err-content-not-accept, err-unsupp-msg + more... + +
                  • +
                • rsp_text - response text type: str + more... + +
                  • +
                • sender_visibility - sender visibility type: str choices: not-specified, show, hide + more... + +
                  • +
                • smil_part - message encapsulation text type: str + more... + +
                  • +
                • subject - subject text string type: str + more... + +
                  • +
                +
              • mm3 - Replacement message table entries. type: list + more... + +
                • +
                  +
                • add_html - add message encapsulation type: str choices: enable, disable + more... + +
                  • +
                • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • from - from address type: str + more... + +
                  • +
                • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • html_part - message encapsulation text type: str + more... + +
                  • +
                • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                  • +
                • message - message text type: str + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                  • +
                • subject - subject text string type: str + more... + +
                  • +
                +
              • mm4 - Replacement message table entries. type: list + more... + +
                • +
                  +
                • add_smil - add message encapsulation type: str choices: enable, disable + more... + +
                  • +
                • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                  • +
                • class - message class type: str choices: not-included, personal, informational, advertisement, auto + more... + +
                  • +
                • domain - from address domain type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • from - from address type: str + more... + +
                  • +
                • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                  • +
                • message - message text type: str + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                  • +
                • rsp_status - response status type: str choices: ok, err-unspecified, err-srv-denied, err-msg-fmt-corrupt, err-snd-addr-unresolv, err-net-prob, err-content-not-accept, err-unsupp-msg + more... + +
                  • +
                • smil_part - message encapsulation text type: str + more... + +
                  • +
                • subject - subject text string type: str + more... + +
                  • +
                +
              • mm7 - Replacement message table entries. type: list + more... + +
                • +
                  +
                • add_smil - add message encapsulation type: str choices: enable, disable + more... + +
                  • +
                • addr_type - from address type type: str choices: rfc2822-addr, number, short-code + more... + +
                  • +
                • allow_content_adaptation - allow content adaptations type: str choices: enable, disable + more... + +
                  • +
                • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                  • +
                • class - message class type: str choices: not-included, personal, informational, advertisement, auto + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • from - from address type: str + more... + +
                  • +
                • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                  • +
                • message - message text type: str + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                  • +
                • rsp_status - response status type: str choices: success, partial-success, client-err, oper-restrict, addr-err, addr-not-found, content-refused, msg-id-not-found, link-id-not-found, msg-fmt-corrupt, app-id-not-found, repl-app-id-not-found, srv-err, not-possible, msg-rejected, multiple-addr-not-supp, app-addr-not-supp, gen-service-err, improper-ident, unsupp-ver, unsupp-oper, validation-err, service-err, service-unavail, service-denied, app-denied + more... + +
                  • +
                • smil_part - message encapsulation text type: str + more... + +
                  • +
                • subject - subject text string type: str + more... + +
                  • +
                +
              • mms - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • nac_quar - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • name - Group name. type: str required: true + more... + +
                • +
              • nntp - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • spam - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • sslvpn - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • traffic_quota - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • utm - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              • webproxy - Replacement message table entries. type: list + more... + +
                • +
                  +
                • buffer - Message string. type: str + more... + +
                  • +
                • format - Format flag. type: str choices: none, text, html, wml + more... + +
                  • +
                • header - Header flag. type: str choices: none, http, 8bit + more... + +
                  • +
                • msg_type - Message type. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure replacement message groups. + fortios_system_replacemsg_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_group: + admin: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + alertmail: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + auth: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + automation: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + comment: "Comment." + custom_message: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + device_detection_portal: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + ec: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + fortiguard_wf: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + ftp: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + group_type: "default" + http: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + icap: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + mail: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + mm1: + - + add_smil: "enable" + charset: "utf-8" + class: "not-included" + format: "none" + from: "" + from_sender: "enable" + header: "none" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + rsp_status: "ok" + rsp_text: "" + sender_visibility: "not-specified" + smil_part: "" + subject: "" + mm3: + - + add_html: "enable" + charset: "utf-8" + format: "none" + from: "" + from_sender: "enable" + header: "none" + html_part: "" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + subject: "" + mm4: + - + add_smil: "enable" + charset: "utf-8" + class: "not-included" + domain: "" + format: "none" + from: "" + from_sender: "enable" + header: "none" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + rsp_status: "ok" + smil_part: "" + subject: "" + mm7: + - + add_smil: "enable" + addr_type: "rfc2822-addr" + allow_content_adaptation: "enable" + charset: "utf-8" + class: "not-included" + format: "none" + from: "" + from_sender: "enable" + header: "none" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + rsp_status: "success" + smil_part: "" + subject: "" + mms: + - + buffer: "" + charset: "utf-8" + format: "none" + header: "none" + image: " (source system.replacemsg-image.name)" + msg_type: "" + nac_quar: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + name: "default_name_140" + nntp: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + spam: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + sslvpn: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + traffic_quota: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + utm: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + webproxy: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_http.rst b/gen/fortios_system_replacemsg_http.rst new file mode 100644 index 00000000..bf42cda8 --- /dev/null +++ b/gen/fortios_system_replacemsg_http.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_http.py + +:orphan: + +.. fortios_system_replacemsg_http: + +fortios_system_replacemsg_http -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and http category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_httpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_http - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_http: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_http: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_icap.rst b/gen/fortios_system_replacemsg_icap.rst new file mode 100644 index 00000000..32414ec2 --- /dev/null +++ b/gen/fortios_system_replacemsg_icap.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_icap.py + +:orphan: + +.. fortios_system_replacemsg_icap: + +fortios_system_replacemsg_icap -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and icap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_icapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_icap - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_icap: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_icap: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_image.rst b/gen/fortios_system_replacemsg_image.rst new file mode 100644 index 00000000..245c3b55 --- /dev/null +++ b/gen/fortios_system_replacemsg_image.rst @@ -0,0 +1,430 @@ +:source: fortios_system_replacemsg_image.py + +:orphan: + +.. fortios_system_replacemsg_image: + +fortios_system_replacemsg_image -- Configure replacement message images in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and replacemsg_image category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_imageyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_image - Configure replacement message images. type: dict + more... + +
              • +
                +
              • image_base64 - Image data. type: str + more... + +
                • +
              • image_type - Image type. type: str choices: gif, jpg, tiff, png + more... + +
                • +
              • name - Image name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure replacement message images. + fortios_system_replacemsg_image: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_image: + image_base64: "" + image_type: "gif" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_mail.rst b/gen/fortios_system_replacemsg_mail.rst new file mode 100644 index 00000000..3f17e1b4 --- /dev/null +++ b/gen/fortios_system_replacemsg_mail.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_mail.py + +:orphan: + +.. fortios_system_replacemsg_mail: + +fortios_system_replacemsg_mail -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mail category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_mailyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_mail - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mail: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mail: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_mm1.rst b/gen/fortios_system_replacemsg_mm1.rst new file mode 100644 index 00000000..3ef8775d --- /dev/null +++ b/gen/fortios_system_replacemsg_mm1.rst @@ -0,0 +1,968 @@ +:source: fortios_system_replacemsg_mm1.py + +:orphan: + +.. fortios_system_replacemsg_mm1: + +fortios_system_replacemsg_mm1 -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mm1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_replacemsg_mm1yesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_mm1 - Replacement messages. type: dict + more... + +
              • +
                +
              • add_smil - add message encapsulation type: str choices: enable, disable + more... + +
                • +
              • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                • +
              • class - message class type: str choices: not-included, personal, advertisement, information, automatic + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • from - from address type: str + more... + +
                • +
              • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                • +
              • message - message text type: str + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                • +
              • rsp_status - response status code type: str choices: ok, err-unspecified, err-srv-denied, err-msg-fmt-corrupt, err-snd-addr-unresolv, err-msg-not-found, err-net-prob, err-content-not-accept, err-unsupp-msg + more... + +
                • +
              • rsp_text - response text type: str + more... + +
                • +
              • sender_visibility - sender visibility type: str choices: not-specified, show, hide + more... + +
                • +
              • smil_part - message encapsulation text type: str + more... + +
                • +
              • subject - subject text string type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mm1: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mm1: + add_smil: "enable" + charset: "utf-8" + class: "not-included" + format: "none" + from: "" + from_sender: "enable" + header: "none" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + rsp_status: "ok" + rsp_text: "" + sender_visibility: "not-specified" + smil_part: "" + subject: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_mm3.rst b/gen/fortios_system_replacemsg_mm3.rst new file mode 100644 index 00000000..770914df --- /dev/null +++ b/gen/fortios_system_replacemsg_mm3.rst @@ -0,0 +1,686 @@ +:source: fortios_system_replacemsg_mm3.py + +:orphan: + +.. fortios_system_replacemsg_mm3: + +fortios_system_replacemsg_mm3 -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mm3 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_replacemsg_mm3yesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_mm3 - Replacement messages. type: dict + more... + +
              • +
                +
              • add_html - add message encapsulation type: str choices: enable, disable + more... + +
                • +
              • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • from - from address type: str + more... + +
                • +
              • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • html_part - message encapsulation text type: str + more... + +
                • +
              • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                • +
              • message - message text type: str + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                • +
              • subject - subject text string type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mm3: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mm3: + add_html: "enable" + charset: "utf-8" + format: "none" + from: "" + from_sender: "enable" + header: "none" + html_part: "" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + subject: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_mm4.rst b/gen/fortios_system_replacemsg_mm4.rst new file mode 100644 index 00000000..1df6331c --- /dev/null +++ b/gen/fortios_system_replacemsg_mm4.rst @@ -0,0 +1,900 @@ +:source: fortios_system_replacemsg_mm4.py + +:orphan: + +.. fortios_system_replacemsg_mm4: + +fortios_system_replacemsg_mm4 -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mm4 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_replacemsg_mm4yesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_mm4 - Replacement messages. type: dict + more... + +
              • +
                +
              • add_smil - add message encapsulation type: str choices: enable, disable + more... + +
                • +
              • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                • +
              • class - message class type: str choices: not-included, personal, informational, advertisement, auto + more... + +
                • +
              • domain - from address domain type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • from - from address type: str + more... + +
                • +
              • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                • +
              • message - message text type: str + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                • +
              • rsp_status - response status type: str choices: ok, err-unspecified, err-srv-denied, err-msg-fmt-corrupt, err-snd-addr-unresolv, err-net-prob, err-content-not-accept, err-unsupp-msg + more... + +
                • +
              • smil_part - message encapsulation text type: str + more... + +
                • +
              • subject - subject text string type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mm4: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mm4: + add_smil: "enable" + charset: "utf-8" + class: "not-included" + domain: "" + format: "none" + from: "" + from_sender: "enable" + header: "none" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + rsp_status: "ok" + smil_part: "" + subject: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_mm7.rst b/gen/fortios_system_replacemsg_mm7.rst new file mode 100644 index 00000000..cf1c6d4b --- /dev/null +++ b/gen/fortios_system_replacemsg_mm7.rst @@ -0,0 +1,1158 @@ +:source: fortios_system_replacemsg_mm7.py + +:orphan: + +.. fortios_system_replacemsg_mm7: + +fortios_system_replacemsg_mm7 -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mm7 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_replacemsg_mm7yesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_mm7 - Replacement messages. type: dict + more... + +
              • +
                +
              • add_smil - add message encapsulation type: str choices: enable, disable + more... + +
                • +
              • addr_type - from address type type: str choices: rfc2822-addr, number, short-code + more... + +
                • +
              • allow_content_adaptation - allow content adaptations type: str choices: enable, disable + more... + +
                • +
              • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                • +
              • class - message class type: str choices: not-included, personal, informational, advertisement, auto + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • from - from address type: str + more... + +
                • +
              • from_sender - notification message sent from recipient type: str choices: enable, disable + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                • +
              • message - message text type: str + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              • priority - message priority type: str choices: not-included, low, normal, high + more... + +
                • +
              • rsp_status - response status type: str choices: success, partial-success, client-err, oper-restrict, addr-err, addr-not-found, content-refused, msg-id-not-found, link-id-not-found, msg-fmt-corrupt, app-id-not-found, repl-app-id-not-found, srv-err, not-possible, msg-rejected, multiple-addr-not-supp, app-addr-not-supp, gen-service-err, improper-ident, unsupp-ver, unsupp-oper, validation-err, service-err, service-unavail, service-denied, app-denied + more... + +
                • +
              • smil_part - message encapsulation text type: str + more... + +
                • +
              • subject - subject text string type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mm7: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mm7: + add_smil: "enable" + addr_type: "rfc2822-addr" + allow_content_adaptation: "enable" + charset: "utf-8" + class: "not-included" + format: "none" + from: "" + from_sender: "enable" + header: "none" + image: " (source system.replacemsg-image.name)" + message: "" + msg_type: "" + priority: "not-included" + rsp_status: "success" + smil_part: "" + subject: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_mms.rst b/gen/fortios_system_replacemsg_mms.rst new file mode 100644 index 00000000..6a4335de --- /dev/null +++ b/gen/fortios_system_replacemsg_mms.rst @@ -0,0 +1,438 @@ +:source: fortios_system_replacemsg_mms.py + +:orphan: + +.. fortios_system_replacemsg_mms: + +fortios_system_replacemsg_mms -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mms category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_replacemsg_mmsyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_mms - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • charset - character encoding used for replacement message type: str choices: utf-8, us-ascii + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • image - Message string. Source system.replacemsg-image.name. type: str + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mms: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mms: + buffer: "" + charset: "utf-8" + format: "none" + header: "none" + image: " (source system.replacemsg-image.name)" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_nac_quar.rst b/gen/fortios_system_replacemsg_nac_quar.rst new file mode 100644 index 00000000..e041ec51 --- /dev/null +++ b/gen/fortios_system_replacemsg_nac_quar.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_nac_quar.py + +:orphan: + +.. fortios_system_replacemsg_nac_quar: + +fortios_system_replacemsg_nac_quar -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and nac_quar category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_nac_quaryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_nac_quar - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_nac_quar: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_nac_quar: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_nntp.rst b/gen/fortios_system_replacemsg_nntp.rst new file mode 100644 index 00000000..7ed29b90 --- /dev/null +++ b/gen/fortios_system_replacemsg_nntp.rst @@ -0,0 +1,381 @@ +:source: fortios_system_replacemsg_nntp.py + +:orphan: + +.. fortios_system_replacemsg_nntp: + +fortios_system_replacemsg_nntp -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and nntp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1
            fortios_system_replacemsg_nntpyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_nntp - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_nntp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_nntp: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_spam.rst b/gen/fortios_system_replacemsg_spam.rst new file mode 100644 index 00000000..8f81ec18 --- /dev/null +++ b/gen/fortios_system_replacemsg_spam.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_spam.py + +:orphan: + +.. fortios_system_replacemsg_spam: + +fortios_system_replacemsg_spam -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and spam category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_spamyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_spam - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_spam: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_spam: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_sslvpn.rst b/gen/fortios_system_replacemsg_sslvpn.rst new file mode 100644 index 00000000..622b5e3c --- /dev/null +++ b/gen/fortios_system_replacemsg_sslvpn.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_sslvpn.py + +:orphan: + +.. fortios_system_replacemsg_sslvpn: + +fortios_system_replacemsg_sslvpn -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and sslvpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_sslvpnyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_sslvpn - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_sslvpn: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_sslvpn: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_traffic_quota.rst b/gen/fortios_system_replacemsg_traffic_quota.rst new file mode 100644 index 00000000..6ddc13e9 --- /dev/null +++ b/gen/fortios_system_replacemsg_traffic_quota.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_traffic_quota.py + +:orphan: + +.. fortios_system_replacemsg_traffic_quota: + +fortios_system_replacemsg_traffic_quota -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and traffic_quota category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_traffic_quotayesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_traffic_quota - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_traffic_quota: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_traffic_quota: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_utm.rst b/gen/fortios_system_replacemsg_utm.rst new file mode 100644 index 00000000..cb5d5355 --- /dev/null +++ b/gen/fortios_system_replacemsg_utm.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_utm.py + +:orphan: + +.. fortios_system_replacemsg_utm: + +fortios_system_replacemsg_utm -- Replacement messages in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and utm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_utmyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_utm - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_utm: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_utm: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_replacemsg_webproxy.rst b/gen/fortios_system_replacemsg_webproxy.rst new file mode 100644 index 00000000..56418584 --- /dev/null +++ b/gen/fortios_system_replacemsg_webproxy.rst @@ -0,0 +1,533 @@ +:source: fortios_system_replacemsg_webproxy.py + +:orphan: + +.. fortios_system_replacemsg_webproxy: + +fortios_system_replacemsg_webproxy -- Replacement messages in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and webproxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_replacemsg_webproxyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_replacemsg_webproxy - Replacement messages. type: dict + more... + +
              • +
                +
              • buffer - Message string. type: str + more... + +
                • +
              • format - Format flag. type: str choices: none, text, html, wml + more... + +
                • +
              • header - Header flag. type: str choices: none, http, 8bit + more... + +
                • +
              • msg_type - Message type. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_webproxy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_webproxy: + buffer: "" + format: "none" + header: "none" + msg_type: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_resource_limits.rst b/gen/fortios_system_resource_limits.rst new file mode 100644 index 00000000..9083fede --- /dev/null +++ b/gen/fortios_system_resource_limits.rst @@ -0,0 +1,1041 @@ +:source: fortios_system_resource_limits.py + +:orphan: + +.. fortios_system_resource_limits: + +fortios_system_resource_limits -- Configure resource limits in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and resource_limits category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_resource_limitsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_resource_limits - Configure resource limits. type: dict + more... + +
              • +
                +
              • custom_service - Maximum number of firewall custom services. type: int + more... + +
                • +
              • dialup_tunnel - Maximum number of dial-up tunnels. type: int + more... + +
                • +
              • firewall_address - Maximum number of firewall addresses (IPv4, IPv6, multicast). type: int + more... + +
                • +
              • firewall_addrgrp - Maximum number of firewall address groups (IPv4, IPv6). type: int + more... + +
                • +
              • firewall_policy - Maximum number of firewall policies (policy, DoS-policy4, DoS-policy6, multicast). type: int + more... + +
                • +
              • ipsec_phase1 - Maximum number of VPN IPsec phase1 tunnels. type: int + more... + +
                • +
              • ipsec_phase1_interface - Maximum number of VPN IPsec phase1 interface tunnels. type: int + more... + +
                • +
              • ipsec_phase2 - Maximum number of VPN IPsec phase2 tunnels. type: int + more... + +
                • +
              • ipsec_phase2_interface - Maximum number of VPN IPsec phase2 interface tunnels. type: int + more... + +
                • +
              • log_disk_quota - Log disk quota in megabytes (MB). type: int + more... + +
                • +
              • onetime_schedule - Maximum number of firewall one-time schedules. type: int + more... + +
                • +
              • proxy - Maximum number of concurrent proxy users. type: int + more... + +
                • +
              • recurring_schedule - Maximum number of firewall recurring schedules. type: int + more... + +
                • +
              • service_group - Maximum number of firewall service groups. type: int + more... + +
                • +
              • session - Maximum number of sessions. type: int + more... + +
                • +
              • sslvpn - Maximum number of SSL-VPN. type: int + more... + +
                • +
              • user - Maximum number of local users. type: int + more... + +
                • +
              • user_group - Maximum number of user groups. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure resource limits. + fortios_system_resource_limits: + vdom: "{{ vdom }}" + system_resource_limits: + custom_service: "3" + dialup_tunnel: "4" + firewall_address: "5" + firewall_addrgrp: "6" + firewall_policy: "7" + ipsec_phase1: "8" + ipsec_phase1_interface: "9" + ipsec_phase2: "10" + ipsec_phase2_interface: "11" + log_disk_quota: "12" + onetime_schedule: "13" + proxy: "14" + recurring_schedule: "15" + service_group: "16" + session: "17" + sslvpn: "18" + user: "19" + user_group: "20" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_saml.rst b/gen/fortios_system_saml.rst new file mode 100644 index 00000000..54436542 --- /dev/null +++ b/gen/fortios_system_saml.rst @@ -0,0 +1,1767 @@ +:source: fortios_system_saml.py + +:orphan: + +.. fortios_system_saml: + +fortios_system_saml -- Global settings for SAML authentication in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and saml category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_samlyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_saml - Global settings for SAML authentication. type: dict + more... + +
              • +
                +
              • artifact_resolution_url - SP artifact resolution URL. type: str + more... + +
                • +
              • binding_protocol - IdP Binding protocol. type: str choices: post, redirect + more... + +
                • +
              • cert - Certificate to sign SAML messages. Source certificate.local.name. type: str + more... + +
                • +
              • default_login_page - Choose default login page. type: str choices: normal, sso + more... + +
                • +
              • default_profile - Default profile for new SSO admin. Source system.accprofile.name. type: str + more... + +
                • +
              • entity_id - SP entity ID. type: str + more... + +
                • +
              • idp_artifact_resolution_url - IDP artifact resolution URL. type: str + more... + +
                • +
              • idp_cert - IDP certificate name. Source certificate.remote.name. type: str + more... + +
                • +
              • idp_entity_id - IDP entity ID. type: str + more... + +
                • +
              • idp_single_logout_url - IDP single logout URL. type: str + more... + +
                • +
              • idp_single_sign_on_url - IDP single sign-on URL. type: str + more... + +
                • +
              • life - Length of the range of time when the assertion is valid (in minutes). type: int + more... + +
                • +
              • portal_url - SP portal URL. type: str + more... + +
                • +
              • role - SAML role. type: str choices: identity-provider, service-provider + more... + +
                • +
              • server_address - Server address. type: str + more... + +
                • +
              • service_providers - Authorized service providers. type: list member_path: service_providers:name + more... + +
                • +
                  +
                • assertion_attributes - Customized SAML attributes to send along with assertion. type: list member_path: service_providers:name/assertion_attributes:name + more... + +
                  • +
                    +
                  • name - Name. type: str required: true + more... + +
                    • +
                  • type - Type. type: str choices: username, email, profile-name + more... + +
                    • +
                  +
                • idp_artifact_resolution_url - IDP artifact resolution URL. type: str + more... + +
                  • +
                • idp_entity_id - IDP entity ID. type: str + more... + +
                  • +
                • idp_single_logout_url - IDP single logout URL. type: str + more... + +
                  • +
                • idp_single_sign_on_url - IDP single sign-on URL. type: str + more... + +
                  • +
                • name - Name. type: str required: true + more... + +
                  • +
                • prefix - Prefix. type: str + more... + +
                  • +
                • sp_artifact_resolution_url - SP artifact resolution URL. type: str + more... + +
                  • +
                • sp_binding_protocol - SP binding protocol. type: str choices: post, redirect + more... + +
                  • +
                • sp_cert - SP certificate name. Source certificate.remote.name. type: str + more... + +
                  • +
                • sp_entity_id - SP entity ID. type: str + more... + +
                  • +
                • sp_portal_url - SP portal URL. type: str + more... + +
                  • +
                • sp_single_logout_url - SP single logout URL. type: str + more... + +
                  • +
                • sp_single_sign_on_url - SP single sign-on URL. type: str + more... + +
                  • +
                +
              • single_logout_url - SP single logout URL. type: str + more... + +
                • +
              • single_sign_on_url - SP single sign-on URL. type: str + more... + +
                • +
              • status - Enable/disable SAML authentication . type: str choices: enable, disable + more... + +
                • +
              • tolerance - Tolerance to the range of time when the assertion is valid (in minutes). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for SAML authentication. + fortios_system_saml: + vdom: "{{ vdom }}" + system_saml: + artifact_resolution_url: "" + binding_protocol: "post" + cert: " (source certificate.local.name)" + default_login_page: "normal" + default_profile: " (source system.accprofile.name)" + entity_id: "" + idp_artifact_resolution_url: "" + idp_cert: " (source certificate.remote.name)" + idp_entity_id: "" + idp_single_logout_url: "" + idp_single_sign_on_url: "" + life: "14" + portal_url: "" + role: "identity-provider" + server_address: "" + service_providers: + - + assertion_attributes: + - + name: "default_name_20" + type: "username" + idp_artifact_resolution_url: "" + idp_entity_id: "" + idp_single_logout_url: "" + idp_single_sign_on_url: "" + name: "default_name_26" + prefix: "" + sp_artifact_resolution_url: "" + sp_binding_protocol: "post" + sp_cert: " (source certificate.remote.name)" + sp_entity_id: "" + sp_portal_url: "" + sp_single_logout_url: "" + sp_single_sign_on_url: "" + single_logout_url: "" + single_sign_on_url: "" + status: "enable" + tolerance: "38" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sdn_connector.rst b/gen/fortios_system_sdn_connector.rst new file mode 100644 index 00000000..f4013057 --- /dev/null +++ b/gen/fortios_system_sdn_connector.rst @@ -0,0 +1,4319 @@ +:source: fortios_system_sdn_connector.py + +:orphan: + +.. fortios_system_sdn_connector: + +fortios_system_sdn_connector -- Configure connection to SDN Connector in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdn_connector category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sdn_connectoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_sdn_connector - Configure connection to SDN Connector. type: dict + more... + +
              • +
                +
              • access_key - AWS / ACS access key ID. type: str + more... + +
                • +
              • api_key - IBM cloud API key or service ID API key. type: str + more... + +
                • +
              • azure_region - Azure server region. type: str choices: global, china, germany, usgov, local + more... + +
                • +
              • client_id - Azure client ID (application ID). type: str + more... + +
                • +
              • client_secret - Azure client secret (application key). type: str + more... + +
                • +
              • compartment_id - Compartment ID. type: str + more... + +
                • +
              • compute_generation - Compute generation for IBM cloud infrastructure. type: int + more... + +
                • +
              • domain - Domain name. type: str + more... + +
                • +
              • external_account_list - Configure AWS external account list. type: list + more... + +
                • +
                  +
                • region_list - AWS region name list. type: list member_path: region_list:region + more... + +
                  • +
                    +
                  • region - AWS region name. type: str required: true + more... + +
                    • +
                  +
                • role_arn - AWS role ARN to assume. type: str + more... + +
                  • +
                +
              • external_ip - Configure GCP external IP. type: list member_path: external_ip:name + more... + +
                • +
                  +
                • name - External IP name. type: str required: true + more... + +
                  • +
                +
              • forwarding_rule - Configure GCP forwarding rule. type: list + more... + +
                • +
                  +
                • rule_name - Forwarding rule name. type: str + more... + +
                  • +
                • target - Target instance name. type: str + more... + +
                  • +
                +
              • gcp_project - GCP project name. type: str + more... + +
                • +
              • gcp_project_list - Configure GCP project list. type: list member_path: gcp_project_list:id + more... + +
                • +
                  +
                • gcp_zone_list - Configure GCP zone list. type: list member_path: gcp_project_list:id/gcp_zone_list:name + more... + +
                  • +
                    +
                  • name - GCP zone name. type: str required: true + more... + +
                    • +
                  +
                • id - GCP project ID. type: str required: true + more... + +
                  • +
                +
              • group_name - Group name of computers. type: str + more... + +
                • +
              • ha_status - Enable/disable use for FortiGate HA service. type: str choices: disable, enable + more... + +
                • +
              • ibm_region - IBM cloud region name. type: str choices: dallas, washington-dc, london, frankfurt, sydney, tokyo, osaka, toronto, sao-paulo, us-south, us-east, germany, great-britain, japan, australia + more... + +
                • +
              • ibm_region_gen1 - IBM cloud compute generation 1 region name. type: str choices: us-south, us-east, germany, great-britain, japan, australia + more... + +
                • +
              • ibm_region_gen2 - IBM cloud compute generation 2 region name. type: str choices: us-south, us-east, great-britain + more... + +
                • +
              • key_passwd - Private key password. type: str + more... + +
                • +
              • login_endpoint - Azure Stack login endpoint. type: str + more... + +
                • +
              • name - SDN connector name. type: str required: true + more... + +
                • +
              • nic - Configure Azure network interface. type: list member_path: nic:name + more... + +
                • +
                  +
                • ip - Configure IP configuration. type: list member_path: nic:name/ip:name + more... + +
                  • +
                    +
                  • name - IP configuration name. type: str required: true + more... + +
                    • +
                  • public_ip - Public IP name. type: str + more... + +
                    • +
                  • resource_group - Resource group of Azure public IP. type: str + more... + +
                    • +
                  +
                • name - Network interface name. type: str required: true + more... + +
                  • +
                +
              • oci_cert - OCI certificate. Source certificate.local.name. type: str + more... + +
                • +
              • oci_fingerprint - OCI pubkey fingerprint. type: str + more... + +
                • +
              • oci_region - OCI server region. type: str choices: phoenix, ashburn, frankfurt, london + more... + +
                • +
              • oci_region_type - OCI region type. type: str choices: commercial, government + more... + +
                • +
              • password - Password of the remote SDN connector as login credentials. type: password_aes256
                • +
              • private_key - Private key of GCP service account. type: str + more... + +
                • +
              • region - AWS / ACS region name. type: str + more... + +
                • +
              • resource_group - Azure resource group. type: str + more... + +
                • +
              • resource_url - Azure Stack resource URL. type: str + more... + +
                • +
              • route - Configure GCP route. type: list member_path: route:name + more... + +
                • +
                  +
                • name - Route name. type: str required: true + more... + +
                  • +
                +
              • route_table - Configure Azure route table. type: list member_path: route_table:name + more... + +
                • +
                  +
                • name - Route table name. type: str required: true + more... + +
                  • +
                • resource_group - Resource group of Azure route table. type: str + more... + +
                  • +
                • route - Configure Azure route. type: list member_path: route_table:name/route:name + more... + +
                  • +
                    +
                  • name - Route name. type: str required: true + more... + +
                    • +
                  • next_hop - Next hop address. type: str + more... + +
                    • +
                  +
                • subscription_id - Subscription ID of Azure route table. type: str + more... + +
                  • +
                +
              • secret_key - AWS / ACS secret access key. type: str + more... + +
                • +
              • secret_token - Secret token of Kubernetes service account. type: str + more... + +
                • +
              • server - Server address of the remote SDN connector. type: str + more... + +
                • +
              • server_list - Server address list of the remote SDN connector. type: list member_path: server_list:ip + more... + +
                • +
                  +
                • ip - IPv4 address. type: str required: true + more... + +
                  • +
                +
              • server_port - Port number of the remote SDN connector. type: int + more... + +
                • +
              • service_account - GCP service account email. type: str + more... + +
                • +
              • status - Enable/disable connection to the remote SDN connector. type: str choices: disable, enable + more... + +
                • +
              • subscription_id - Azure subscription ID. type: str + more... + +
                • +
              • tenant_id - Tenant ID (directory ID). type: str + more... + +
                • +
              • type - Type of SDN connector. type: str choices: aci, alicloud, aws, azure, gcp, nsx, nuage, oci, openstack, kubernetes, vmware, sepm, aci-direct, ibm, nutanix + more... + +
                • +
              • update_interval - Dynamic object update interval (30 - 3600 sec). type: int + more... + +
                • +
              • use_metadata_iam - Enable/disable use of IAM role from metadata to call API. type: str choices: disable, enable + more... + +
                • +
              • user_id - User ID. type: str + more... + +
                • +
              • username - Username of the remote SDN connector as login credentials. type: str + more... + +
                • +
              • vcenter_password - vCenter server password for NSX quarantine. type: password_aes256
                • +
              • vcenter_server - vCenter server address for NSX quarantine. type: str + more... + +
                • +
              • vcenter_username - vCenter server username for NSX quarantine. type: str + more... + +
                • +
              • verify_certificate - Enable/disable server certificate verification. type: str choices: disable, enable + more... + +
                • +
              • vpc_id - AWS VPC ID. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure connection to SDN Connector. + fortios_system_sdn_connector: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sdn_connector: + access_key: "" + api_key: "" + azure_region: "global" + client_id: "" + client_secret: "" + compartment_id: "" + compute_generation: "9" + domain: "" + external_account_list: + - + region_list: + - + region: "" + role_arn: "" + external_ip: + - + name: "default_name_16" + forwarding_rule: + - + rule_name: "" + target: "" + gcp_project: "" + gcp_project_list: + - + gcp_zone_list: + - + name: "default_name_23" + id: "24" + group_name: "" + ha_status: "disable" + ibm_region: "dallas" + ibm_region_gen1: "us-south" + ibm_region_gen2: "us-south" + key_passwd: "" + login_endpoint: "" + name: "default_name_32" + nic: + - + ip: + - + name: "default_name_35" + public_ip: "" + resource_group: "" + name: "default_name_38" + oci_cert: " (source certificate.local.name)" + oci_fingerprint: "" + oci_region: "phoenix" + oci_region_type: "commercial" + password: "" + private_key: "" + region: "" + resource_group: "" + resource_url: "" + route: + - + name: "default_name_49" + route_table: + - + name: "default_name_51" + resource_group: "" + route: + - + name: "default_name_54" + next_hop: "" + subscription_id: "" + secret_key: "" + secret_token: "" + server: "192.168.100.40" + server_list: + - + ip: "" + server_port: "62" + service_account: "" + status: "disable" + subscription_id: "" + tenant_id: "" + type: "aci" + update_interval: "68" + use_metadata_iam: "disable" + user_id: "" + username: "" + vcenter_password: "" + vcenter_server: "" + vcenter_username: "" + verify_certificate: "disable" + vpc_id: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sdwan.rst b/gen/fortios_system_sdwan.rst new file mode 100644 index 00000000..9f5eb280 --- /dev/null +++ b/gen/fortios_system_sdwan.rst @@ -0,0 +1,7186 @@ +:source: fortios_system_sdwan.py + +:orphan: + +.. fortios_system_sdwan: + +fortios_system_sdwan -- Configure redundant Internet connections with multiple outbound links and health-check profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdwan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sdwanyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_sdwan - Configure redundant Internet connections with multiple outbound links and health-check profiles. type: dict + more... + +
              • +
                +
              • duplication - Create SD-WAN duplication rule. type: list member_path: duplication:id + more... + +
                • +
                  +
                • dstaddr - Destination address or address group names. type: list member_path: duplication:id/dstaddr:name + more... + +
                  • +
                    +
                  • name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • dstaddr6 - Destination address6 or address6 group names. type: list member_path: duplication:id/dstaddr6:name + more... + +
                  • +
                    +
                  • name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • dstintf - Outgoing (egress) interfaces or zones. type: list member_path: duplication:id/dstintf:name + more... + +
                  • +
                    +
                  • name - Interface, zone or SDWAN zone name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                    • +
                  +
                • id - Duplication rule ID (1 - 255). type: int required: true + more... + +
                  • +
                • packet_de_duplication - Enable/disable discarding of packets that have been duplicated. type: str choices: enable, disable + more... + +
                  • +
                • packet_duplication - Configure packet duplication method. type: str choices: disable, force, on-demand + more... + +
                  • +
                • service - Service and service group name. type: list member_path: duplication:id/service:name + more... + +
                  • +
                    +
                  • name - Service and service group name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                    • +
                  +
                • service_id - SD-WAN service rule ID list. type: list member_path: duplication:id/service_id:id + more... + +
                  • +
                    +
                  • id - SD-WAN service rule ID. Source system.sdwan.service.id. type: int required: true + more... + +
                    • +
                  +
                • srcaddr - Source address or address group names. type: list member_path: duplication:id/srcaddr:name + more... + +
                  • +
                    +
                  • name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • srcaddr6 - Source address6 or address6 group names. type: list member_path: duplication:id/srcaddr6:name + more... + +
                  • +
                    +
                  • name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • srcintf - Incoming (ingress) interfaces or zones. type: list member_path: duplication:id/srcintf:name + more... + +
                  • +
                    +
                  • name - Interface, zone or SDWAN zone name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str required: true + more... + +
                    • +
                  +
                +
              • duplication_max_num - Maximum number of interface members a packet is duplicated in the SD-WAN zone (2 - 4). type: int + more... + +
                • +
              • fail_alert_interfaces - Physical interfaces that will be alerted. type: list member_path: fail_alert_interfaces:name + more... + +
                • +
                  +
                • name - Physical interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • fail_detect - Enable/disable SD-WAN Internet connection status checking (failure detection). type: str choices: enable, disable + more... + +
                • +
              • health_check - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it. type: list member_path: health_check:name + more... + +
                • +
                  +
                • addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                  • +
                • detect_mode - The mode determining how to detect the server. type: str choices: active, passive, prefer-passive + more... + +
                  • +
                • diffservcode - Differentiated services code point (DSCP) in the IP header of the probe packet. type: str + more... + +
                  • +
                • dns_match_ip - Response IP expected from DNS server if the protocol is DNS. type: str + more... + +
                  • +
                • dns_request_domain - Fully qualified domain name to resolve for the DNS probe. type: str + more... + +
                  • +
                • failtime - Number of failures before server is considered lost (1 - 3600). type: int + more... + +
                  • +
                • ftp_file - Full path and file name on the FTP server to download for FTP health-check to probe. type: str + more... + +
                  • +
                • ftp_mode - FTP mode. type: str choices: passive, port + more... + +
                  • +
                • ha_priority - HA election priority (1 - 50). type: int + more... + +
                  • +
                • http_agent - String in the http-agent field in the HTTP header. type: str + more... + +
                  • +
                • http_get - URL used to communicate with the server if the protocol if the protocol is HTTP. type: str + more... + +
                  • +
                • http_match - Response string expected from the server if the protocol is HTTP. type: str + more... + +
                  • +
                • interval - Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec). type: int + more... + +
                  • +
                • members - Member sequence number list. type: list + more... + +
                  • +
                    +
                  • seq_num - Member sequence number. Source system.sdwan.members.seq-num. type: int + more... + +
                    • +
                  +
                • name - Status check or health check name. type: str required: true + more... + +
                  • +
                • packet_size - Packet size of a TWAMP test session. type: int + more... + +
                  • +
                • password - TWAMP controller password in authentication mode. type: str + more... + +
                  • +
                • port - Port number used to communicate with the server over the selected protocol (0 - 65535). type: int + more... + +
                  • +
                • probe_count - Number of most recent probes that should be used to calculate latency and jitter (5 - 30). type: int + more... + +
                  • +
                • probe_packets - Enable/disable transmission of probe packets. type: str choices: disable, enable + more... + +
                  • +
                • probe_timeout - Time to wait before a probe packet is considered lost (500 - 3600*1000 msec). type: int + more... + +
                  • +
                • protocol - Protocol used to determine if the FortiGate can communicate with the server. type: str choices: ping, tcp-echo, udp-echo, http, twamp, dns, tcp-connect, ftp, ping6 + more... + +
                  • +
                • quality_measured_method - Method to measure the quality of tcp-connect. type: str choices: half-open, half-close + more... + +
                  • +
                • recoverytime - Number of successful responses received before server is considered recovered (1 - 3600). type: int + more... + +
                  • +
                • security_mode - Twamp controller security mode. type: str choices: none, authentication + more... + +
                  • +
                • server - IP address or FQDN name of the server. type: str + more... + +
                  • +
                • sla - Service level agreement (SLA). type: list member_path: health_check:name/sla:id + more... + +
                  • +
                    +
                  • id - SLA ID. type: int required: true + more... + +
                    • +
                  • jitter_threshold - Jitter for SLA to make decision in milliseconds. (0 - 10000000). type: int + more... + +
                    • +
                  • latency_threshold - Latency for SLA to make decision in milliseconds. (0 - 10000000). type: int + more... + +
                    • +
                  • link_cost_factor - Criteria on which to base link selection. type: str choices: latency, jitter, packet-loss + more... + +
                    • +
                  • packetloss_threshold - Packet loss for SLA to make decision in percentage. (0 - 100). type: int + more... + +
                    • +
                  +
                • sla_fail_log_period - Time interval in seconds that SLA fail log messages will be generated (0 - 3600). type: int + more... + +
                  • +
                • sla_pass_log_period - Time interval in seconds that SLA pass log messages will be generated (0 - 3600). type: int + more... + +
                  • +
                • system_dns - Enable/disable system DNS as the probe server. type: str choices: disable, enable + more... + +
                  • +
                • threshold_alert_jitter - Alert threshold for jitter (ms). type: int + more... + +
                  • +
                • threshold_alert_latency - Alert threshold for latency (ms). type: int + more... + +
                  • +
                • threshold_alert_packetloss - Alert threshold for packet loss (percentage). type: int + more... + +
                  • +
                • threshold_warning_jitter - Warning threshold for jitter (ms). type: int + more... + +
                  • +
                • threshold_warning_latency - Warning threshold for latency (ms). type: int + more... + +
                  • +
                • threshold_warning_packetloss - Warning threshold for packet loss (percentage). type: int + more... + +
                  • +
                • update_cascade_interface - Enable/disable update cascade interface. type: str choices: enable, disable + more... + +
                  • +
                • update_static_route - Enable/disable updating the static route. type: str choices: enable, disable + more... + +
                  • +
                • user - The user name to access probe server. type: str + more... + +
                  • +
                +
              • load_balance_mode - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based, measured-volume-based + more... + +
                • +
              • members - FortiGate interfaces added to the SD-WAN. type: list + more... + +
                • +
                  +
                • comment - Comments. type: str + more... + +
                  • +
                • cost - Cost of this interface for services in SLA mode (0 - 4294967295). type: int + more... + +
                  • +
                • gateway - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to. type: str + more... + +
                  • +
                • gateway6 - IPv6 gateway. type: str + more... + +
                  • +
                • ingress_spillover_threshold - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int + more... + +
                  • +
                • interface - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                • priority - Priority of the interface for IPv4 (1 - 65535). Used for SD-WAN rules or priority rules. type: int + more... + +
                  • +
                • priority6 - Priority of the interface for IPv6 (1 - 65535). Used for SD-WAN rules or priority rules. type: int + more... + +
                  • +
                • seq_num - Sequence number(1-512). type: int + more... + +
                  • +
                • source - Source IP address used in the health-check packet to the server. type: str + more... + +
                  • +
                • source6 - Source IPv6 address used in the health-check packet to the server. type: str + more... + +
                  • +
                • spillover_threshold - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int + more... + +
                  • +
                • status - Enable/disable this interface in the SD-WAN. type: str choices: disable, enable + more... + +
                  • +
                • volume_ratio - Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255). type: int + more... + +
                  • +
                • weight - Weight of this interface for weighted load balancing. (1 - 255) More traffic is directed to interfaces with higher weights. type: int + more... + +
                  • +
                • zone - Zone name. Source system.sdwan.zone.name. type: str + more... + +
                  • +
                +
              • neighbor - Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status. type: list member_path: neighbor:ip + more... + +
                • +
                  +
                • health_check - SD-WAN health-check name. Source system.sdwan.health-check.name. type: str + more... + +
                  • +
                • ip - IP/IPv6 address of neighbor. Source router.bgp.neighbor.ip. type: str required: true + more... + +
                  • +
                • member - Member sequence number. Source system.sdwan.members.seq-num. type: int + more... + +
                  • +
                • mode - What metric to select the neighbor. type: str choices: sla, speedtest + more... + +
                  • +
                • role - Role of neighbor. type: str choices: standalone, primary, secondary + more... + +
                  • +
                • sla_id - SLA ID. type: int + more... + +
                  • +
                +
              • neighbor_hold_boot_time - Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000). type: int + more... + +
                • +
              • neighbor_hold_down - Enable/disable hold switching from the secondary neighbor to the primary neighbor. type: str choices: enable, disable + more... + +
                • +
              • neighbor_hold_down_time - Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000). type: int + more... + +
                • +
              • service - Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN. type: list member_path: service:id + more... + +
                • +
                  +
                • addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                  • +
                • bandwidth_weight - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int + more... + +
                  • +
                • default - Enable/disable use of SD-WAN as default service. type: str choices: enable, disable + more... + +
                  • +
                • dscp_forward - Enable/disable forward traffic DSCP tag. type: str choices: enable, disable + more... + +
                  • +
                • dscp_forward_tag - Forward traffic DSCP tag. type: str + more... + +
                  • +
                • dscp_reverse - Enable/disable reverse traffic DSCP tag. type: str choices: enable, disable + more... + +
                  • +
                • dscp_reverse_tag - Reverse traffic DSCP tag. type: str + more... + +
                  • +
                • dst - Destination address name. type: list member_path: service:id/dst:name + more... + +
                  • +
                    +
                  • name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • dst_negate - Enable/disable negation of destination address match. type: str choices: enable, disable + more... + +
                  • +
                • dst6 - Destination address6 name. type: list member_path: service:id/dst6:name + more... + +
                  • +
                    +
                  • name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • end_port - End destination port number. type: int + more... + +
                  • +
                • gateway - Enable/disable SD-WAN service gateway. type: str choices: enable, disable + more... + +
                  • +
                • groups - User groups. type: list member_path: service:id/groups:name + more... + +
                  • +
                    +
                  • name - Group name. Source user.group.name. type: str required: true + more... + +
                    • +
                  +
                • hash_mode - Hash algorithm for selected priority members for load balance mode. type: str choices: round-robin, source-ip-based, source-dest-ip-based, inbandwidth, outbandwidth, bibandwidth + more... + +
                  • +
                • health_check - Health check list. type: list member_path: service:id/health_check:name + more... + +
                  • +
                    +
                  • name - Health check name. Source system.sdwan.health-check.name. type: str required: true + more... + +
                    • +
                  +
                • hold_down_time - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000). type: int + more... + +
                  • +
                • id - SD-WAN rule ID (1 - 4000). type: int required: true + more... + +
                  • +
                • input_device - Source interface name. type: list member_path: service:id/input_device:name + more... + +
                  • +
                    +
                  • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                    • +
                  +
                • input_device_negate - Enable/disable negation of input device match. type: str choices: enable, disable + more... + +
                  • +
                • internet_service - Enable/disable use of Internet service for application-based load balancing. type: str choices: enable, disable + more... + +
                  • +
                • internet_service_app_ctrl - Application control based Internet Service ID list. type: list member_path: service:id/internet_service_app_ctrl:id + more... + +
                  • +
                    +
                  • id - Application control based Internet Service ID. type: int required: true + more... + +
                    • +
                  +
                • internet_service_app_ctrl_group - Application control based Internet Service group list. type: list member_path: service:id/internet_service_app_ctrl_group:name + more... + +
                  • +
                    +
                  • name - Application control based Internet Service group name. Source application.group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_custom - Custom Internet service name list. type: list member_path: service:id/internet_service_custom:name + more... + +
                  • +
                    +
                  • name - Custom Internet service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_custom_group - Custom Internet Service group list. type: list member_path: service:id/internet_service_custom_group:name + more... + +
                  • +
                    +
                  • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_group - Internet Service group list. type: list member_path: service:id/internet_service_group:name + more... + +
                  • +
                    +
                  • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_name - Internet service name list. type: list member_path: service:id/internet_service_name:name + more... + +
                  • +
                    +
                  • name - Internet service name. Source firewall.internet-service-name.name. type: str required: true + more... + +
                    • +
                  +
                • jitter_weight - Coefficient of jitter in the formula of custom-profile-1. type: int + more... + +
                  • +
                • latency_weight - Coefficient of latency in the formula of custom-profile-1. type: int + more... + +
                  • +
                • link_cost_factor - Link cost factor. type: str choices: latency, jitter, packet-loss, inbandwidth, outbandwidth, bibandwidth, custom-profile-1 + more... + +
                  • +
                • link_cost_threshold - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). type: int + more... + +
                  • +
                • minimum_sla_meet_members - Minimum number of members which meet SLA. type: int + more... + +
                  • +
                • mode - Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN. type: str choices: auto, manual, priority, sla, load-balance + more... + +
                  • +
                • name - SD-WAN rule name. type: str + more... + +
                  • +
                • packet_loss_weight - Coefficient of packet-loss in the formula of custom-profile-1. type: int + more... + +
                  • +
                • passive_measurement - Enable/disable passive measurement based on the service criteria. type: str choices: enable, disable + more... + +
                  • +
                • priority_members - Member sequence number list. type: list + more... + +
                  • +
                    +
                  • seq_num - Member sequence number. Source system.sdwan.members.seq-num. type: int + more... + +
                    • +
                  +
                • priority_zone - Priority zone name list. type: list member_path: service:id/priority_zone:name + more... + +
                  • +
                    +
                  • name - Priority zone name. Source system.sdwan.zone.name. type: str required: true + more... + +
                    • +
                  +
                • protocol - Protocol number. type: int + more... + +
                  • +
                • quality_link - Quality grade. type: int + more... + +
                  • +
                • role - Service role to work with neighbor. type: str choices: standalone, primary, secondary + more... + +
                  • +
                • route_tag - IPv4 route map route-tag. type: int + more... + +
                  • +
                • sla - Service level agreement (SLA). type: list + more... + +
                  • +
                    +
                  • health_check - SD-WAN health-check. Source system.sdwan.health-check.name. type: str + more... + +
                    • +
                  • id - SLA ID. type: int + more... + +
                    • +
                  +
                • sla_compare_method - Method to compare SLA value for SLA mode. type: str choices: order, number + more... + +
                  • +
                • src - Source address name. type: list member_path: service:id/src:name + more... + +
                  • +
                    +
                  • name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • src_negate - Enable/disable negation of source address match. type: str choices: enable, disable + more... + +
                  • +
                • src6 - Source address6 name. type: list member_path: service:id/src6:name + more... + +
                  • +
                    +
                  • name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • standalone_action - Enable/disable service when selected neighbor role is standalone while service role is not standalone. type: str choices: enable, disable + more... + +
                  • +
                • start_port - Start destination port number. type: int + more... + +
                  • +
                • status - Enable/disable SD-WAN service. type: str choices: enable, disable + more... + +
                  • +
                • tie_break - Method of selecting member if more than one meets the SLA. type: str choices: zone, cfg-order, fib-best-match + more... + +
                  • +
                • tos - Type of service bit pattern. type: str + more... + +
                  • +
                • tos_mask - Type of service evaluated bits. type: str + more... + +
                  • +
                • use_shortcut_sla - Enable/disable use of ADVPN shortcut for quality comparison. type: str choices: enable, disable + more... + +
                  • +
                • users - User name. type: list member_path: service:id/users:name + more... + +
                  • +
                    +
                  • name - User name. Source user.local.name. type: str required: true + more... + +
                    • +
                  +
                +
              • speedtest_bypass_routing - Enable/disable bypass routing when speedtest on a SD-WAN member. type: str choices: disable, enable + more... + +
                • +
              • status - Enable/disable SD-WAN. type: str choices: disable, enable + more... + +
                • +
              • zone - Configure SD-WAN zones. type: list member_path: zone:name + more... + +
                • +
                  +
                • name - Zone name. type: str required: true + more... + +
                  • +
                • service_sla_tie_break - Method of selecting member if more than one meets the SLA. type: str choices: cfg-order, fib-best-match + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure redundant Internet connections with multiple outbound links and health-check profiles. + fortios_system_sdwan: + vdom: "{{ vdom }}" + system_sdwan: + duplication: + - + dstaddr: + - + name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" + dstaddr6: + - + name: "default_name_7 (source firewall.address6.name firewall.addrgrp6.name)" + dstintf: + - + name: "default_name_9 (source system.interface.name system.zone.name system.sdwan.zone.name)" + id: "10" + packet_de_duplication: "enable" + packet_duplication: "disable" + service: + - + name: "default_name_14 (source firewall.service.custom.name firewall.service.group.name)" + service_id: + - + id: "16 (source system.sdwan.service.id)" + srcaddr: + - + name: "default_name_18 (source firewall.address.name firewall.addrgrp.name)" + srcaddr6: + - + name: "default_name_20 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: + - + name: "default_name_22 (source system.interface.name system.zone.name system.sdwan.zone.name)" + duplication_max_num: "23" + fail_alert_interfaces: + - + name: "default_name_25 (source system.interface.name)" + fail_detect: "enable" + health_check: + - + addr_mode: "ipv4" + detect_mode: "active" + diffservcode: "" + dns_match_ip: "" + dns_request_domain: "" + failtime: "33" + ftp_file: "" + ftp_mode: "passive" + ha_priority: "36" + http_agent: "" + http_get: "" + http_match: "" + interval: "40" + members: + - + seq_num: "42 (source system.sdwan.members.seq-num)" + name: "default_name_43" + packet_size: "44" + password: "" + port: "46" + probe_count: "47" + probe_packets: "disable" + probe_timeout: "49" + protocol: "ping" + quality_measured_method: "half-open" + recoverytime: "52" + security_mode: "none" + server: "192.168.100.40" + sla: + - + id: "56" + jitter_threshold: "57" + latency_threshold: "58" + link_cost_factor: "latency" + packetloss_threshold: "60" + sla_fail_log_period: "61" + sla_pass_log_period: "62" + system_dns: "disable" + threshold_alert_jitter: "64" + threshold_alert_latency: "65" + threshold_alert_packetloss: "66" + threshold_warning_jitter: "67" + threshold_warning_latency: "68" + threshold_warning_packetloss: "69" + update_cascade_interface: "enable" + update_static_route: "enable" + user: "" + load_balance_mode: "source-ip-based" + members: + - + comment: "Comments." + cost: "76" + gateway: "" + gateway6: "" + ingress_spillover_threshold: "79" + interface: " (source system.interface.name)" + priority: "81" + priority6: "82" + seq_num: "83" + source: "" + source6: "" + spillover_threshold: "86" + status: "disable" + volume_ratio: "88" + weight: "89" + zone: " (source system.sdwan.zone.name)" + neighbor: + - + health_check: " (source system.sdwan.health-check.name)" + ip: " (source router.bgp.neighbor.ip)" + member: "94 (source system.sdwan.members.seq-num)" + mode: "sla" + role: "standalone" + sla_id: "97" + neighbor_hold_boot_time: "98" + neighbor_hold_down: "enable" + neighbor_hold_down_time: "100" + service: + - + addr_mode: "ipv4" + bandwidth_weight: "103" + default: "enable" + dscp_forward: "enable" + dscp_forward_tag: "" + dscp_reverse: "enable" + dscp_reverse_tag: "" + dst: + - + name: "default_name_110 (source firewall.address.name firewall.addrgrp.name)" + dst_negate: "enable" + dst6: + - + name: "default_name_113 (source firewall.address6.name firewall.addrgrp6.name)" + end_port: "114" + gateway: "enable" + groups: + - + name: "default_name_117 (source user.group.name)" + hash_mode: "round-robin" + health_check: + - + name: "default_name_120 (source system.sdwan.health-check.name)" + hold_down_time: "121" + id: "122" + input_device: + - + name: "default_name_124 (source system.interface.name)" + input_device_negate: "enable" + internet_service: "enable" + internet_service_app_ctrl: + - + id: "128" + internet_service_app_ctrl_group: + - + name: "default_name_130 (source application.group.name)" + internet_service_custom: + - + name: "default_name_132 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_134 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_136 (source firewall.internet-service-group.name)" + internet_service_name: + - + name: "default_name_138 (source firewall.internet-service-name.name)" + jitter_weight: "139" + latency_weight: "140" + link_cost_factor: "latency" + link_cost_threshold: "142" + minimum_sla_meet_members: "143" + mode: "auto" + name: "default_name_145" + packet_loss_weight: "146" + passive_measurement: "enable" + priority_members: + - + seq_num: "149 (source system.sdwan.members.seq-num)" + priority_zone: + - + name: "default_name_151 (source system.sdwan.zone.name)" + protocol: "152" + quality_link: "153" + role: "standalone" + route_tag: "155" + sla: + - + health_check: " (source system.sdwan.health-check.name)" + id: "158" + sla_compare_method: "order" + src: + - + name: "default_name_161 (source firewall.address.name firewall.addrgrp.name)" + src_negate: "enable" + src6: + - + name: "default_name_164 (source firewall.address6.name firewall.addrgrp6.name)" + standalone_action: "enable" + start_port: "166" + status: "enable" + tie_break: "zone" + tos: "" + tos_mask: "" + use_shortcut_sla: "enable" + users: + - + name: "default_name_173 (source user.local.name)" + speedtest_bypass_routing: "disable" + status: "disable" + zone: + - + name: "default_name_177" + service_sla_tie_break: "cfg-order" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_session_helper.rst b/gen/fortios_system_session_helper.rst new file mode 100644 index 00000000..6df26c56 --- /dev/null +++ b/gen/fortios_system_session_helper.rst @@ -0,0 +1,761 @@ +:source: fortios_system_session_helper.py + +:orphan: + +.. fortios_system_session_helper: + +fortios_system_session_helper -- Configure session helper in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and session_helper category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_session_helperyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_session_helper - Configure session helper. type: dict + more... + +
              • +
                +
              • id - Session helper ID. type: int required: true + more... + +
                • +
              • name - Helper name. type: str choices: ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b, pfcp + more... + +
                • +
              • port - Protocol port. type: int + more... + +
                • +
              • protocol - Protocol number. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure session helper. + fortios_system_session_helper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_session_helper: + id: "3" + name: "default_name_4" + port: "5" + protocol: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_session_ttl.rst b/gen/fortios_system_session_ttl.rst new file mode 100644 index 00000000..909f582e --- /dev/null +++ b/gen/fortios_system_session_ttl.rst @@ -0,0 +1,538 @@ +:source: fortios_system_session_ttl.py + +:orphan: + +.. fortios_system_session_ttl: + +fortios_system_session_ttl -- Configure global session TTL timers for this FortiGate in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and session_ttl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_session_ttlyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_session_ttl - Configure global session TTL timers for this FortiGate. type: dict + more... + +
              • +
                +
              • default - Default timeout. type: str + more... + +
                • +
              • port - Session TTL port. type: list member_path: port:id + more... + +
                • +
                  +
                • end_port - End port number. type: int + more... + +
                  • +
                • id - Table entry ID. type: int required: true + more... + +
                  • +
                • protocol - Protocol (0 - 255). type: int + more... + +
                  • +
                • start_port - Start port number. type: int + more... + +
                  • +
                • timeout - Session timeout (TTL). type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global session TTL timers for this FortiGate. + fortios_system_session_ttl: + vdom: "{{ vdom }}" + system_session_ttl: + default: "" + port: + - + end_port: "5" + id: "6" + protocol: "7" + start_port: "8" + timeout: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_settings.rst b/gen/fortios_system_settings.rst new file mode 100644 index 00000000..0cd17e83 --- /dev/null +++ b/gen/fortios_system_settings.rst @@ -0,0 +1,9900 @@ +:source: fortios_system_settings.py + +:orphan: + +.. fortios_system_settings: + +fortios_system_settings -- Configure VDOM settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_settings - Configure VDOM settings. type: dict + more... + +
              • +
                +
              • allow_linkdown_path - Enable/disable link down path. type: str choices: enable, disable + more... + +
                • +
              • allow_subnet_overlap - Enable/disable allowing interface subnets to use overlapping IP addresses. type: str choices: enable, disable + more... + +
                • +
              • application_bandwidth_tracking - Enable/disable application bandwidth tracking. type: str choices: disable, enable + more... + +
                • +
              • asymroute - Enable/disable IPv4 asymmetric routing. type: str choices: enable, disable + more... + +
                • +
              • asymroute_icmp - Enable/disable ICMP asymmetric routing. type: str choices: enable, disable + more... + +
                • +
              • asymroute6 - Enable/disable asymmetric IPv6 routing. type: str choices: enable, disable + more... + +
                • +
              • asymroute6_icmp - Enable/disable asymmetric ICMPv6 routing. type: str choices: enable, disable + more... + +
                • +
              • auxiliary_session - Enable/disable auxiliary session. type: str choices: enable, disable + more... + +
                • +
              • bfd - Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. type: str choices: enable, disable + more... + +
                • +
              • bfd_desired_min_tx - BFD desired minimal transmit interval (1 - 100000 ms). type: int + more... + +
                • +
              • bfd_detect_mult - BFD detection multiplier (1 - 50). type: int + more... + +
                • +
              • bfd_dont_enforce_src_port - Enable to not enforce verifying the source port of BFD Packets. type: str choices: enable, disable + more... + +
                • +
              • bfd_required_min_rx - BFD required minimal receive interval (1 - 100000 ms). type: int + more... + +
                • +
              • block_land_attack - Enable/disable blocking of land attacks. type: str choices: disable, enable + more... + +
                • +
              • central_nat - Enable/disable central NAT. type: str choices: enable, disable + more... + +
                • +
              • comments - VDOM comments. type: str + more... + +
                • +
              • compliance_check - Enable/disable PCI DSS compliance checking. type: str choices: enable, disable + more... + +
                • +
              • consolidated_firewall_mode - Consolidated firewall mode. type: str choices: enable, disable + more... + +
                • +
              • default_voip_alg_mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn"t include a VoIP profile. type: str choices: proxy-based, kernel-helper-based + more... + +
                • +
              • deny_tcp_with_icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. type: str choices: enable, disable + more... + +
                • +
              • device - Interface to use for management access for NAT mode. Source system.interface.name. type: str + more... + +
                • +
              • dhcp_proxy - Enable/disable the DHCP Proxy. type: str choices: enable, disable + more... + +
                • +
              • dhcp_proxy_interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • dhcp_proxy_interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • dhcp_server_ip - DHCP Server IPv4 address. type: list
                • +
              • dhcp6_server_ip - DHCPv6 server IPv6 address. type: list
                • +
              • discovered_device_timeout - Timeout for discovered devices (1 - 365 days). type: int + more... + +
                • +
              • ecmp_max_paths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 255). type: int + more... + +
                • +
              • email_portal_check_dns - Enable/disable using DNS to validate email addresses collected by a captive portal. type: str choices: disable, enable + more... + +
                • +
              • firewall_session_dirty - Select how to manage sessions affected by firewall policy configuration changes. type: str choices: check-all, check-new, check-policy-option + more... + +
                • +
              • fw_session_hairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. type: str choices: enable, disable + more... + +
                • +
              • gateway - Transparent mode IPv4 default gateway IP address. type: str + more... + +
                • +
              • gateway6 - Transparent mode IPv4 default gateway IP address. type: str + more... + +
                • +
              • gtp_asym_fgsp - Enable/disable GTP asymmetric traffic handling on FGSP. type: str choices: disable, enable + more... + +
                • +
              • gtp_monitor_mode - Enable/disable GTP monitor mode (VDOM level). type: str choices: enable, disable + more... + +
                • +
              • gui_advanced_policy - Enable/disable advanced policy configuration on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_allow_unnamed_policy - Enable/disable the requirement for policy naming on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_antivirus - Enable/disable AntiVirus on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_ap_profile - Enable/disable FortiAP profiles on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_application_control - Enable/disable application control on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_default_policy_columns - Default columns to display for policy lists on GUI. type: list member_path: gui_default_policy_columns:name + more... + +
                • +
                  +
                • name - Select column name. type: str required: true + more... + +
                  • +
                +
              • gui_dhcp_advanced - Enable/disable advanced DHCP options on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_dlp - Enable/disable DLP on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_dns_database - Enable/disable DNS database settings on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_dnsfilter - Enable/disable DNS Filtering on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_domain_ip_reputation - Enable/disable Domain and IP Reputation on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_dos_policy - Enable/disable DoS policies on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_dynamic_profile_display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_dynamic_routing - Enable/disable dynamic routing on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_email_collection - Enable/disable email collection on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_endpoint_control - Enable/disable endpoint control on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_endpoint_control_advanced - Enable/disable advanced endpoint control options on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_explicit_proxy - Enable/disable the explicit proxy on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_file_filter - Enable/disable File-filter on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_fortiap_split_tunneling - Enable/disable FortiAP split tunneling on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_fortiextender_controller - Enable/disable FortiExtender on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_icap - Enable/disable ICAP on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_implicit_policy - Enable/disable implicit firewall policies on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_ips - Enable/disable IPS on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_load_balance - Enable/disable server load balancing on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_local_in_policy - Enable/disable Local-In policies on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_local_reports - Enable/disable local reports on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_multicast_policy - Enable/disable multicast firewall policies on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_multiple_interface_policy - Enable/disable adding multiple interfaces to a policy on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_multiple_utm_profiles - Enable/disable multiple UTM profiles on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_nat46_64 - Enable/disable NAT46 and NAT64 settings on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_object_colors - Enable/disable object colors on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_per_policy_disclaimer - Enable/disable policy disclaimer on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_policy_based_ipsec - Enable/disable policy-based IPsec VPN on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_policy_disclaimer - Enable/disable policy disclaimer on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_policy_learning - Enable/disable firewall policy learning mode on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_security_profile_group - Enable/disable Security Profile Groups on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_spamfilter - Enable/disable Antispam on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_sslvpn_personal_bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_sslvpn_realms - Enable/disable SSL-VPN realms on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_switch_controller - Enable/disable the switch controller on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_threat_weight - Enable/disable threat weight on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_traffic_shaping - Enable/disable traffic shaping on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_videofilter - Enable/disable Video filtering on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_voip_profile - Enable/disable VoIP profiles on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_vpn - Enable/disable VPN tunnels on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_waf_profile - Enable/disable Web Application Firewall on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_wan_load_balancing - Enable/disable SD-WAN on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_wanopt_cache - Enable/disable WAN Optimization and Web Caching on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_webfilter - Enable/disable Web filtering on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_webfilter_advanced - Enable/disable advanced web filtering on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_wireless_controller - Enable/disable the wireless controller on the GUI. type: str choices: enable, disable + more... + +
                • +
              • gui_ztna - Enable/disable Zero Trust Network Access features on the GUI. type: str choices: enable, disable + more... + +
                • +
              • h323_direct_model - Enable/disable H323 direct model. type: str choices: disable, enable + more... + +
                • +
              • http_external_dest - Offload HTTP traffic to FortiWeb or FortiCache. type: str choices: fortiweb, forticache + more... + +
                • +
              • ike_dn_format - Configure IKE ASN.1 Distinguished Name format conventions. type: str choices: with-space, no-space + more... + +
                • +
              • ike_policy_route - Enable/disable IKE Policy Based Routing (PBR). type: str choices: enable, disable + more... + +
                • +
              • ike_port - UDP port for IKE/IPsec traffic . type: int + more... + +
                • +
              • ike_quick_crash_detect - Enable/disable IKE quick crash detection (RFC 6290). type: str choices: enable, disable + more... + +
                • +
              • ike_session_resume - Enable/disable IKEv2 session resumption (RFC 5723). type: str choices: enable, disable + more... + +
                • +
              • implicit_allow_dns - Enable/disable implicitly allowing DNS traffic. type: str choices: enable, disable + more... + +
                • +
              • inspection_mode - Inspection mode (proxy-based or flow-based). type: str choices: proxy, flow + more... + +
                • +
              • ip - IP address and netmask. type: str + more... + +
                • +
              • ip6 - IPv6 address prefix for NAT mode. type: str + more... + +
                • +
              • link_down_access - Enable/disable link down access traffic. type: str choices: enable, disable + more... + +
                • +
              • lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. type: str choices: enable, disable, global + more... + +
                • +
              • lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. type: str choices: enable, disable, global + more... + +
                • +
              • location_id - Local location ID in the form of an IPv4 address. type: str + more... + +
                • +
              • mac_ttl - Duration of MAC addresses in Transparent mode (300 - 8640000 sec). type: int + more... + +
                • +
              • manageip - Transparent mode IPv4 management IP address and netmask. type: str + more... + +
                • +
              • manageip6 - Transparent mode IPv6 management IP address and netmask. type: str + more... + +
                • +
              • multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable + more... + +
                • +
              • multicast_skip_policy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. type: str choices: enable, disable + more... + +
                • +
              • multicast_ttl_notchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. type: str choices: enable, disable + more... + +
                • +
              • ngfw_mode - Next Generation Firewall (NGFW) mode. type: str choices: profile-based, policy-based + more... + +
                • +
              • opmode - Firewall operation mode (NAT or Transparent). type: str choices: nat, transparent + more... + +
                • +
              • pfcp_monitor_mode - Enable/disable PFCP monitor mode (VDOM level). type: str choices: enable, disable + more... + +
                • +
              • prp_trailer_action - Enable/disable action to take on PRP trailer. type: str choices: enable, disable + more... + +
                • +
              • sccp_port - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). type: int + more... + +
                • +
              • sctp_session_without_init - Enable/disable SCTP session creation without SCTP INIT. type: str choices: enable, disable + more... + +
                • +
              • ses_denied_traffic - Enable/disable including denied session in the session table. type: str choices: enable, disable + more... + +
                • +
              • sip_expectation - Enable/disable the SIP kernel session helper to create an expectation for port 5060. type: str choices: enable, disable + more... + +
                • +
              • sip_helper - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). type: str choices: enable, disable + more... + +
                • +
              • sip_nat_trace - Enable/disable recording the original SIP source IP address when NAT is used. type: str choices: enable, disable + more... + +
                • +
              • sip_ssl_port - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). type: int + more... + +
                • +
              • sip_tcp_port - TCP port the SIP proxy monitors for SIP traffic (0 - 65535). type: list
                • +
              • sip_udp_port - UDP port the SIP proxy monitors for SIP traffic (0 - 65535). type: list
                • +
              • snat_hairpin_traffic - Enable/disable source NAT (SNAT) for hairpin traffic. type: str choices: enable, disable + more... + +
                • +
              • ssl_ssh_profile - Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name. type: str + more... + +
                • +
              • status - Enable/disable this VDOM. type: str choices: enable, disable + more... + +
                • +
              • strict_src_check - Enable/disable strict source verification. type: str choices: enable, disable + more... + +
                • +
              • tcp_session_without_syn - Enable/disable allowing TCP session without SYN flags. type: str choices: enable, disable + more... + +
                • +
              • utf8_spam_tagging - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. type: str choices: enable, disable + more... + +
                • +
              • v4_ecmp_mode - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based + more... + +
                • +
              • vpn_stats_log - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. type: list choices: ipsec, pptp, l2tp, ssl + more... + +
                • +
              • vpn_stats_period - Period to send VPN log statistics (0 or 60 - 86400 sec). type: int + more... + +
                • +
              • wccp_cache_engine - Enable/disable WCCP cache engine. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VDOM settings. + fortios_system_settings: + vdom: "{{ vdom }}" + system_settings: + allow_linkdown_path: "enable" + allow_subnet_overlap: "enable" + application_bandwidth_tracking: "disable" + asymroute: "enable" + asymroute_icmp: "enable" + asymroute6: "enable" + asymroute6_icmp: "enable" + auxiliary_session: "enable" + bfd: "enable" + bfd_desired_min_tx: "12" + bfd_detect_mult: "13" + bfd_dont_enforce_src_port: "enable" + bfd_required_min_rx: "15" + block_land_attack: "disable" + central_nat: "enable" + comments: "" + compliance_check: "enable" + consolidated_firewall_mode: "enable" + default_voip_alg_mode: "proxy-based" + deny_tcp_with_icmp: "enable" + device: " (source system.interface.name)" + dhcp_proxy: "enable" + dhcp_proxy_interface: " (source system.interface.name)" + dhcp_proxy_interface_select_method: "auto" + dhcp_server_ip: "" + dhcp6_server_ip: "" + discovered_device_timeout: "29" + ecmp_max_paths: "30" + email_portal_check_dns: "disable" + firewall_session_dirty: "check-all" + fw_session_hairpin: "enable" + gateway: "" + gateway6: "" + gtp_asym_fgsp: "disable" + gtp_monitor_mode: "enable" + gui_advanced_policy: "enable" + gui_allow_unnamed_policy: "enable" + gui_antivirus: "enable" + gui_ap_profile: "enable" + gui_application_control: "enable" + gui_default_policy_columns: + - + name: "default_name_44" + gui_dhcp_advanced: "enable" + gui_dlp: "enable" + gui_dns_database: "enable" + gui_dnsfilter: "enable" + gui_domain_ip_reputation: "enable" + gui_dos_policy: "enable" + gui_dynamic_profile_display: "enable" + gui_dynamic_routing: "enable" + gui_email_collection: "enable" + gui_endpoint_control: "enable" + gui_endpoint_control_advanced: "enable" + gui_explicit_proxy: "enable" + gui_file_filter: "enable" + gui_fortiap_split_tunneling: "enable" + gui_fortiextender_controller: "enable" + gui_icap: "enable" + gui_implicit_policy: "enable" + gui_ips: "enable" + gui_load_balance: "enable" + gui_local_in_policy: "enable" + gui_local_reports: "enable" + gui_multicast_policy: "enable" + gui_multiple_interface_policy: "enable" + gui_multiple_utm_profiles: "enable" + gui_nat46_64: "enable" + gui_object_colors: "enable" + gui_per_policy_disclaimer: "enable" + gui_policy_based_ipsec: "enable" + gui_policy_disclaimer: "enable" + gui_policy_learning: "enable" + gui_replacement_message_groups: "enable" + gui_security_profile_group: "enable" + gui_spamfilter: "enable" + gui_sslvpn_personal_bookmarks: "enable" + gui_sslvpn_realms: "enable" + gui_switch_controller: "enable" + gui_threat_weight: "enable" + gui_traffic_shaping: "enable" + gui_videofilter: "enable" + gui_voip_profile: "enable" + gui_vpn: "enable" + gui_waf_profile: "enable" + gui_wan_load_balancing: "enable" + gui_wanopt_cache: "enable" + gui_webfilter: "enable" + gui_webfilter_advanced: "enable" + gui_wireless_controller: "enable" + gui_ztna: "enable" + h323_direct_model: "disable" + http_external_dest: "fortiweb" + ike_dn_format: "with-space" + ike_policy_route: "enable" + ike_port: "97" + ike_quick_crash_detect: "enable" + ike_session_resume: "enable" + implicit_allow_dns: "enable" + inspection_mode: "proxy" + ip: "" + ip6: "" + link_down_access: "enable" + lldp_reception: "enable" + lldp_transmission: "enable" + location_id: "" + mac_ttl: "108" + manageip: "" + manageip6: "" + multicast_forward: "enable" + multicast_skip_policy: "enable" + multicast_ttl_notchange: "enable" + ngfw_mode: "profile-based" + opmode: "nat" + pfcp_monitor_mode: "enable" + prp_trailer_action: "enable" + sccp_port: "118" + sctp_session_without_init: "enable" + ses_denied_traffic: "enable" + sip_expectation: "enable" + sip_helper: "enable" + sip_nat_trace: "enable" + sip_ssl_port: "124" + sip_tcp_port: "125" + sip_udp_port: "126" + snat_hairpin_traffic: "enable" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + strict_src_check: "enable" + tcp_session_without_syn: "enable" + utf8_spam_tagging: "enable" + v4_ecmp_mode: "source-ip-based" + vpn_stats_log: "ipsec" + vpn_stats_period: "135" + wccp_cache_engine: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sflow.rst b/gen/fortios_system_sflow.rst new file mode 100644 index 00000000..6e268fd9 --- /dev/null +++ b/gen/fortios_system_sflow.rst @@ -0,0 +1,500 @@ +:source: fortios_system_sflow.py + +:orphan: + +.. fortios_system_sflow: + +fortios_system_sflow -- Configure sFlow in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sflowyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_sflow - Configure sFlow. type: dict + more... + +
              • +
                +
              • collector_ip - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . type: str + more... + +
                • +
              • collector_port - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - 65535). type: int + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • source_ip - Source IP address for sFlow agent. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure sFlow. + fortios_system_sflow: + vdom: "{{ vdom }}" + system_sflow: + collector_ip: "" + collector_port: "4" + interface: " (source system.interface.name)" + interface_select_method: "auto" + source_ip: "84.230.14.43" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sit_tunnel.rst b/gen/fortios_system_sit_tunnel.rst new file mode 100644 index 00000000..5475bfa4 --- /dev/null +++ b/gen/fortios_system_sit_tunnel.rst @@ -0,0 +1,614 @@ +:source: fortios_system_sit_tunnel.py + +:orphan: + +.. fortios_system_sit_tunnel: + +fortios_system_sit_tunnel -- Configure IPv6 tunnel over IPv4 in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sit_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sit_tunnelyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_sit_tunnel - Configure IPv6 tunnel over IPv4. type: dict + more... + +
              • +
                +
              • auto_asic_offload - Enable/disable tunnel ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • destination - Destination IP address of the tunnel. type: str + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • ip6 - IPv6 address of the tunnel. type: str + more... + +
                • +
              • name - Tunnel name. type: str required: true + more... + +
                • +
              • source - Source IP address of the tunnel. type: str + more... + +
                • +
              • use_sdwan - Enable/disable use of SD-WAN to reach remote gateway. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 tunnel over IPv4. + fortios_system_sit_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sit_tunnel: + auto_asic_offload: "enable" + destination: "" + interface: " (source system.interface.name)" + ip6: "" + name: "default_name_7" + source: "" + use_sdwan: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_smc_ntp.rst b/gen/fortios_system_smc_ntp.rst new file mode 100644 index 00000000..704a5917 --- /dev/null +++ b/gen/fortios_system_smc_ntp.rst @@ -0,0 +1,260 @@ +:source: fortios_system_smc_ntp.py + +:orphan: + +.. fortios_system_smc_ntp: + +fortios_system_smc_ntp -- Configure SMC NTP information in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and smc_ntp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + +
            v6.2.3
            fortios_system_smc_ntpyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_smc_ntp - Configure SMC NTP information. type: dict + more... + +
              • +
                +
              • channel - SMC NTP client will send NTP packets through this channel. type: int + more... + +
                • +
              • ntpserver - Configure the FortiGate SMC to connect to an NTP server. type: list member_path: ntpserver:id + more... + +
                • +
                  +
                • id - NTP server ID. type: int required: true + more... + +
                  • +
                • server - IP address of the NTP server. type: str + more... + +
                  • +
                +
              • ntpsync - Enable/disable setting the FortiGate SMC system time by synchronizing with an NTP server. type: str choices: enable, disable + more... + +
                • +
              • syncinterval - SMC NTP synchronization interval (1 - 65535 secs). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SMC NTP information. + fortios_system_smc_ntp: + vdom: "{{ vdom }}" + system_smc_ntp: + channel: "3" + ntpserver: + - + id: "5" + server: "192.168.100.40" + ntpsync: "enable" + syncinterval: "8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sms_server.rst b/gen/fortios_system_sms_server.rst new file mode 100644 index 00000000..974ec688 --- /dev/null +++ b/gen/fortios_system_sms_server.rst @@ -0,0 +1,308 @@ +:source: fortios_system_sms_server.py + +:orphan: + +.. fortios_system_sms_server: + +fortios_system_sms_server -- Configure SMS server for sending SMS messages to support user authentication in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sms_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sms_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_sms_server - Configure SMS server for sending SMS messages to support user authentication. type: dict + more... + +
              • +
                +
              • mail_server - Email-to-SMS server domain name. type: str + more... + +
                • +
              • name - Name of SMS server. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SMS server for sending SMS messages to support user authentication. + fortios_system_sms_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sms_server: + mail_server: "" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_snmp_community.rst b/gen/fortios_system_snmp_community.rst new file mode 100644 index 00000000..541d4c7f --- /dev/null +++ b/gen/fortios_system_snmp_community.rst @@ -0,0 +1,2596 @@ +:source: fortios_system_snmp_community.py + +:orphan: + +.. fortios_system_snmp_community: + +fortios_system_snmp_community -- SNMP community configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_snmp feature and community category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_snmp_communityyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_snmp_community - SNMP community configuration. type: dict + more... + +
              • +
                +
              • events - SNMP trap events. type: list choices: cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, ha-hb-failure, ips-signature, ips-anomaly, av-virus, av-oversize, av-pattern, av-fragmented, fm-if-change, fm-conf-change, bgp-established, bgp-backward-transition, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, ips-fail-open, temperature-high, voltage-alert, power-supply-failure, faz-disconnect, fan-failure, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, load-balance-real-server-down, device-new, per-cpu-high, dhcp, ospf-nbr-state-change, ospf-virtnbr-state-change + more... + +
                • +
              • hosts - Configure IPv4 SNMP managers (hosts). type: list member_path: hosts:id + more... + +
                • +
                  +
                • ha_direct - Enable/disable direct management of HA cluster members. type: str choices: enable, disable + more... + +
                  • +
                • host_type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. No traps will be sent when IP type is subnet. type: str choices: any, query, trap + more... + +
                  • +
                • id - Host entry ID. type: int required: true + more... + +
                  • +
                • ip - IPv4 address of the SNMP manager (host). type: str + more... + +
                  • +
                • source_ip - Source IPv4 address for SNMP traps. type: str + more... + +
                  • +
                +
              • hosts6 - Configure IPv6 SNMP managers. type: list member_path: hosts6:id + more... + +
                • +
                  +
                • ha_direct - Enable/disable direct management of HA cluster members. type: str choices: enable, disable + more... + +
                  • +
                • host_type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: any, query, trap + more... + +
                  • +
                • id - Host6 entry ID. type: int required: true + more... + +
                  • +
                • ipv6 - SNMP manager IPv6 address prefix. type: str + more... + +
                  • +
                • source_ipv6 - Source IPv6 address for SNMP traps. type: str + more... + +
                  • +
                +
              • id - Community ID. type: int required: true + more... + +
                • +
              • name - Community name. type: str + more... + +
                • +
              • query_v1_port - SNMP v1 query port . type: int + more... + +
                • +
              • query_v1_status - Enable/disable SNMP v1 queries. type: str choices: enable, disable + more... + +
                • +
              • query_v2c_port - SNMP v2c query port . type: int + more... + +
                • +
              • query_v2c_status - Enable/disable SNMP v2c queries. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable this SNMP community. type: str choices: enable, disable + more... + +
                • +
              • trap_v1_lport - SNMP v1 trap local port . type: int + more... + +
                • +
              • trap_v1_rport - SNMP v1 trap remote port . type: int + more... + +
                • +
              • trap_v1_status - Enable/disable SNMP v1 traps. type: str choices: enable, disable + more... + +
                • +
              • trap_v2c_lport - SNMP v2c trap local port . type: int + more... + +
                • +
              • trap_v2c_rport - SNMP v2c trap remote port . type: int + more... + +
                • +
              • trap_v2c_status - Enable/disable SNMP v2c traps. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SNMP community configuration. + fortios_system_snmp_community: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_snmp_community: + events: "cpu-high" + hosts: + - + ha_direct: "enable" + host_type: "any" + id: "7" + ip: "" + source_ip: "84.230.14.43" + hosts6: + - + ha_direct: "enable" + host_type: "any" + id: "13" + ipv6: "" + source_ipv6: "" + id: "16" + name: "default_name_17" + query_v1_port: "18" + query_v1_status: "enable" + query_v2c_port: "20" + query_v2c_status: "enable" + status: "enable" + trap_v1_lport: "23" + trap_v1_rport: "24" + trap_v1_status: "enable" + trap_v2c_lport: "26" + trap_v2c_rport: "27" + trap_v2c_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_snmp_sysinfo.rst b/gen/fortios_system_snmp_sysinfo.rst new file mode 100644 index 00000000..989efd0d --- /dev/null +++ b/gen/fortios_system_snmp_sysinfo.rst @@ -0,0 +1,722 @@ +:source: fortios_system_snmp_sysinfo.py + +:orphan: + +.. fortios_system_snmp_sysinfo: + +fortios_system_snmp_sysinfo -- SNMP system info configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_snmp feature and sysinfo category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_snmp_sysinfoyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_snmp_sysinfo - SNMP system info configuration. type: dict + more... + +
              • +
                +
              • contact_info - Contact information. type: str + more... + +
                • +
              • description - System description. type: str + more... + +
                • +
              • engine_id - Local SNMP engineID string (maximum 27 characters). type: str + more... + +
                • +
              • engine_id_type - Local SNMP engineID type (text/hex/mac). type: str choices: text, hex, mac + more... + +
                • +
              • location - System location. type: str + more... + +
                • +
              • status - Enable/disable SNMP. type: str choices: enable, disable + more... + +
                • +
              • trap_high_cpu_threshold - CPU usage when trap is sent. type: int + more... + +
                • +
              • trap_log_full_threshold - Log disk usage when trap is sent. type: int + more... + +
                • +
              • trap_low_memory_threshold - Memory usage when trap is sent. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SNMP system info configuration. + fortios_system_snmp_sysinfo: + vdom: "{{ vdom }}" + system_snmp_sysinfo: + contact_info: "" + description: "" + engine_id: "" + engine_id_type: "text" + location: "" + status: "enable" + trap_high_cpu_threshold: "9" + trap_log_full_threshold: "10" + trap_low_memory_threshold: "11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_snmp_user.rst b/gen/fortios_system_snmp_user.rst new file mode 100644 index 00000000..a928275e --- /dev/null +++ b/gen/fortios_system_snmp_user.rst @@ -0,0 +1,2153 @@ +:source: fortios_system_snmp_user.py + +:orphan: + +.. fortios_system_snmp_user: + +fortios_system_snmp_user -- SNMP user configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_snmp feature and user category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_snmp_useryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_snmp_user - SNMP user configuration. type: dict + more... + +
              • +
                +
              • auth_proto - Authentication protocol. type: str choices: md5, sha, sha224, sha256, sha384, sha512 + more... + +
                • +
              • auth_pwd - Password for authentication protocol. type: str + more... + +
                • +
              • events - SNMP notifications (traps) to send. type: list choices: cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, ha-hb-failure, ips-signature, ips-anomaly, av-virus, av-oversize, av-pattern, av-fragmented, fm-if-change, fm-conf-change, bgp-established, bgp-backward-transition, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, ips-fail-open, temperature-high, voltage-alert, power-supply-failure, faz-disconnect, fan-failure, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, load-balance-real-server-down, device-new, per-cpu-high, dhcp, ospf-nbr-state-change, ospf-virtnbr-state-change + more... + +
                • +
              • ha_direct - Enable/disable direct management of HA cluster members. type: str choices: enable, disable + more... + +
                • +
              • name - SNMP user name. type: str required: true + more... + +
                • +
              • notify_hosts - SNMP managers to send notifications (traps) to. type: list
                • +
              • notify_hosts6 - IPv6 SNMP managers to send notifications (traps) to. type: list
                • +
              • priv_proto - Privacy (encryption) protocol. type: str choices: aes, des, aes256, aes256cisco + more... + +
                • +
              • priv_pwd - Password for privacy (encryption) protocol. type: str + more... + +
                • +
              • queries - Enable/disable SNMP queries for this user. type: str choices: enable, disable + more... + +
                • +
              • query_port - SNMPv3 query port . type: int + more... + +
                • +
              • security_level - Security level for message authentication and encryption. type: str choices: no-auth-no-priv, auth-no-priv, auth-priv + more... + +
                • +
              • source_ip - Source IP for SNMP trap. type: str + more... + +
                • +
              • source_ipv6 - Source IPv6 for SNMP trap. type: str + more... + +
                • +
              • status - Enable/disable this SNMP user. type: str choices: enable, disable + more... + +
                • +
              • trap_lport - SNMPv3 local trap port . type: int + more... + +
                • +
              • trap_rport - SNMPv3 trap remote port . type: int + more... + +
                • +
              • trap_status - Enable/disable traps for this SNMP user. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SNMP user configuration. + fortios_system_snmp_user: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_snmp_user: + auth_proto: "md5" + auth_pwd: "" + events: "cpu-high" + ha_direct: "enable" + name: "default_name_7" + notify_hosts: "" + notify_hosts6: "" + priv_proto: "aes" + priv_pwd: "" + queries: "enable" + query_port: "13" + security_level: "no-auth-no-priv" + source_ip: "84.230.14.43" + source_ipv6: "" + status: "enable" + trap_lport: "18" + trap_rport: "19" + trap_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_speed_test_schedule.rst b/gen/fortios_system_speed_test_schedule.rst new file mode 100644 index 00000000..dea8b3d2 --- /dev/null +++ b/gen/fortios_system_speed_test_schedule.rst @@ -0,0 +1,589 @@ +:source: fortios_system_speed_test_schedule.py + +:orphan: + +.. fortios_system_speed_test_schedule: + +fortios_system_speed_test_schedule -- Speed test schedule for each interface in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and speed_test_schedule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_speed_test_scheduleyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_speed_test_schedule - Speed test schedule for each interface. type: dict + more... + +
              • +
                +
              • diffserv - DSCP used for speed test. type: str + more... + +
                • +
              • dynamic_server - Enable/disable dynamic server option. type: str choices: disable, enable + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str required: true + more... + +
                • +
              • schedules - Schedules for the interface. type: list member_path: schedules:name + more... + +
                • +
                  +
                • name - Name of a firewall recurring schedule. Source firewall.schedule.recurring.name. type: str required: true + more... + +
                  • +
                +
              • server_name - Speed test server name. type: str + more... + +
                • +
              • status - Enable/disable scheduled speed test. type: str choices: disable, enable + more... + +
                • +
              • update_inbandwidth - Enable/disable bypassing interface"s inbound bandwidth setting. type: str choices: disable, enable + more... + +
                • +
              • update_inbandwidth_maximum - Maximum downloading bandwidth (kbps) to be used in a speed test. type: int + more... + +
                • +
              • update_inbandwidth_minimum - Minimum downloading bandwidth (kbps) to be considered effective. type: int + more... + +
                • +
              • update_outbandwidth - Enable/disable bypassing interface"s outbound bandwidth setting. type: str choices: disable, enable + more... + +
                • +
              • update_outbandwidth_maximum - Maximum uploading bandwidth (kbps) to be used in a speed test. type: int + more... + +
                • +
              • update_outbandwidth_minimum - Minimum uploading bandwidth (kbps) to be considered effective. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Speed test schedule for each interface. + fortios_system_speed_test_schedule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_speed_test_schedule: + diffserv: "" + dynamic_server: "disable" + interface: " (source system.interface.name)" + schedules: + - + name: "default_name_7 (source firewall.schedule.recurring.name)" + server_name: "" + status: "disable" + update_inbandwidth: "disable" + update_inbandwidth_maximum: "11" + update_inbandwidth_minimum: "12" + update_outbandwidth: "disable" + update_outbandwidth_maximum: "14" + update_outbandwidth_minimum: "15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_speed_test_server.rst b/gen/fortios_system_speed_test_server.rst new file mode 100644 index 00000000..da6457ed --- /dev/null +++ b/gen/fortios_system_speed_test_server.rst @@ -0,0 +1,527 @@ +:source: fortios_system_speed_test_server.py + +:orphan: + +.. fortios_system_speed_test_server: + +fortios_system_speed_test_server -- Configure speed test server list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and speed_test_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_speed_test_serveryesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_speed_test_server - Configure speed test server list. type: dict + more... + +
              • +
                +
              • host - Hosts of the server. type: list member_path: host:id + more... + +
                • +
                  +
                • id - Server host ID. type: int required: true + more... + +
                  • +
                • ip - Server host IPv4 address. type: str + more... + +
                  • +
                • password - Speed test host password. type: str + more... + +
                  • +
                • port - Server host port number to communicate with client. type: int + more... + +
                  • +
                • user - Speed test host user name. type: str + more... + +
                  • +
                +
              • name - Speed test server name. type: str required: true + more... + +
                • +
              • timestamp - Speed test server timestamp. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure speed test server list. + fortios_system_speed_test_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_speed_test_server: + host: + - + id: "4" + ip: "" + password: "" + port: "7" + user: "" + name: "default_name_9" + timestamp: "10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sso_admin.rst b/gen/fortios_system_sso_admin.rst new file mode 100644 index 00000000..351a0133 --- /dev/null +++ b/gen/fortios_system_sso_admin.rst @@ -0,0 +1,1115 @@ +:source: fortios_system_sso_admin.py + +:orphan: + +.. fortios_system_sso_admin: + +fortios_system_sso_admin -- Configure SSO admin users in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sso_admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sso_adminyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_sso_admin - Configure SSO admin users. type: dict + more... + +
              • +
                +
              • accprofile - SSO admin user access profile. Source system.accprofile.name. type: str + more... + +
                • +
              • gui_dashboard - GUI dashboards. type: list member_path: gui_dashboard:id + more... + +
                • +
                  +
                • columns - Number of columns. type: int + more... + +
                  • +
                • id - Dashboard ID. type: int required: true + more... + +
                  • +
                • layout_type - Layout type. type: str choices: responsive, fixed + more... + +
                  • +
                • name - Dashboard name. type: str + more... + +
                  • +
                • permanent - Permanent dashboard (can"t be removed via the GUI). type: str choices: disable, enable + more... + +
                  • +
                • vdom - Virtual domain. Source system.vdom.name. type: str + more... + +
                  • +
                • widget - Dashboard widgets. type: list member_path: gui_dashboard:id/widget:id + more... + +
                  • +
                    +
                  • fabric_device - Fabric device to monitor. type: str + more... + +
                    • +
                  • fabric_device_widget_name - Fabric device widget name. type: str + more... + +
                    • +
                  • fabric_device_widget_visualization_type - Visualization type for fabric device widget. type: str + more... + +
                    • +
                  • fortiview_device - FortiView device. type: str + more... + +
                    • +
                  • fortiview_filters - FortiView filters. type: list member_path: gui_dashboard:id/widget:id/fortiview_filters:id + more... + +
                    • +
                      +
                    • id - FortiView Filter ID. type: int required: true + more... + +
                      • +
                    • key - Filter key. type: str + more... + +
                      • +
                    • value - Filter value. type: str + more... + +
                      • +
                    +
                  • fortiview_sort_by - FortiView sort by. type: str + more... + +
                    • +
                  • fortiview_timeframe - FortiView timeframe. type: str + more... + +
                    • +
                  • fortiview_type - FortiView type. type: str + more... + +
                    • +
                  • fortiview_visualization - FortiView visualization. type: str + more... + +
                    • +
                  • height - Height. type: int + more... + +
                    • +
                  • id - Widget ID. type: int required: true + more... + +
                    • +
                  • industry - Security Audit Rating industry. type: str choices: default, custom + more... + +
                    • +
                  • interface - Interface to monitor. Source system.interface.name. type: str + more... + +
                    • +
                  • region - Security Audit Rating region. type: str choices: default, custom + more... + +
                    • +
                  • title - Widget title. type: str + more... + +
                    • +
                  • type - Widget type. type: str choices: sysinfo, licinfo, forticloud, cpu-usage, memory-usage, disk-usage, log-rate, sessions, session-rate, tr-history, analytics, usb-modem, admins, security-fabric, security-fabric-ranking, sensor-info, ha-status, vulnerability-summary, host-scan-summary, fortiview, botnet-activity, fabric-device + more... + +
                    • +
                  • width - Width. type: int + more... + +
                    • +
                  • x_pos - X position. type: int + more... + +
                    • +
                  • y_pos - Y position. type: int + more... + +
                    • +
                  +
                +
              • gui_global_menu_favorites - Favorite GUI menu IDs for the global VDOM. type: list member_path: gui_global_menu_favorites:id + more... + +
                • +
                  +
                • id - Select menu ID. type: str required: true + more... + +
                  • +
                +
              • gui_ignore_release_overview_version - The FortiOS version to ignore release overview prompt for. type: str + more... + +
                • +
              • gui_new_feature_acknowledge - Acknowledgement of new features. type: list member_path: gui_new_feature_acknowledge:id + more... + +
                • +
                  +
                • id - Select menu ID. type: str required: true + more... + +
                  • +
                +
              • gui_vdom_menu_favorites - Favorite GUI menu IDs for VDOMs. type: list member_path: gui_vdom_menu_favorites:id + more... + +
                • +
                  +
                • id - Select menu ID. type: str required: true + more... + +
                  • +
                +
              • name - SSO admin name. type: str required: true + more... + +
                • +
              • vdom - Virtual domain(s) that the administrator can access. type: list member_path: vdom:name + more... + +
                • +
                  +
                • name - Virtual domain name. Source system.vdom.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSO admin users. + fortios_system_sso_admin: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sso_admin: + accprofile: " (source system.accprofile.name)" + gui_dashboard: + - + columns: "5" + id: "6" + layout_type: "responsive" + name: "default_name_8" + permanent: "disable" + vdom: " (source system.vdom.name)" + widget: + - + fabric_device: "" + fabric_device_widget_name: "" + fabric_device_widget_visualization_type: "" + fortiview_device: "" + fortiview_filters: + - + id: "17" + key: "" + value: "" + fortiview_sort_by: "" + fortiview_timeframe: "" + fortiview_type: "" + fortiview_visualization: "" + height: "24" + id: "25" + industry: "default" + interface: " (source system.interface.name)" + region: "default" + title: "" + type: "sysinfo" + width: "31" + x_pos: "32" + y_pos: "33" + gui_global_menu_favorites: + - + id: "35" + gui_ignore_release_overview_version: "" + gui_new_feature_acknowledge: + - + id: "38" + gui_vdom_menu_favorites: + - + id: "40" + name: "default_name_41" + vdom: + - + name: "default_name_43 (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_sso_forticloud_admin.rst b/gen/fortios_system_sso_forticloud_admin.rst new file mode 100644 index 00000000..22184fd9 --- /dev/null +++ b/gen/fortios_system_sso_forticloud_admin.rst @@ -0,0 +1,257 @@ +:source: fortios_system_sso_forticloud_admin.py + +:orphan: + +.. fortios_system_sso_forticloud_admin: + +fortios_system_sso_forticloud_admin -- Configure FortiCloud SSO admin users in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sso_forticloud_admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_sso_forticloud_adminyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_sso_forticloud_admin - Configure FortiCloud SSO admin users. type: dict + more... + +
              • +
                +
              • name - FortiCloud SSO admin name. type: str required: true + more... + +
                • +
              • vdom - Virtual domain(s) that the administrator can access. type: list member_path: vdom:name + more... + +
                • +
                  +
                • name - Virtual domain name. Source system.vdom.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiCloud SSO admin users. + fortios_system_sso_forticloud_admin: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sso_forticloud_admin: + name: "default_name_3" + vdom: + - + name: "default_name_5 (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_standalone_cluster.rst b/gen/fortios_system_standalone_cluster.rst new file mode 100644 index 00000000..9de1c4f8 --- /dev/null +++ b/gen/fortios_system_standalone_cluster.rst @@ -0,0 +1,395 @@ +:source: fortios_system_standalone_cluster.py + +:orphan: + +.. fortios_system_standalone_cluster: + +fortios_system_standalone_cluster -- Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and standalone_cluster category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_standalone_clusteryesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_standalone_cluster - Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes. type: dict + more... + +
              • +
                +
              • encryption - Enable/disable encryption when synchronizing sessions. type: str choices: enable, disable + more... + +
                • +
              • group_member_id - Cluster member ID (0 - 15). type: int + more... + +
                • +
              • layer2_connection - Indicate whether layer 2 connections are present among FGSP members. type: str choices: available, unavailable + more... + +
                • +
              • psksecret - Pre-shared secret for session synchronization (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • session_sync_dev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly. Source system.interface.name. type: list
                • +
              • standalone_group_id - Cluster group ID (0 - 255). Must be the same for all members. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes. + fortios_system_standalone_cluster: + vdom: "{{ vdom }}" + system_standalone_cluster: + encryption: "enable" + group_member_id: "4" + layer2_connection: "available" + psksecret: "" + session_sync_dev: " (source system.interface.name)" + standalone_group_id: "8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_storage.rst b/gen/fortios_system_storage.rst new file mode 100644 index 00000000..061a7113 --- /dev/null +++ b/gen/fortios_system_storage.rst @@ -0,0 +1,820 @@ +:source: fortios_system_storage.py + +:orphan: + +.. fortios_system_storage: + +fortios_system_storage -- Configure logical storage in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and storage category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_storageyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_storage - Configure logical storage. type: dict + more... + +
              • +
                +
              • device - Partition device. type: str + more... + +
                • +
              • media_status - The physical status of current media. type: str choices: enable, disable, fail + more... + +
                • +
              • name - Storage name. type: str required: true + more... + +
                • +
              • order - Set storage order. type: int + more... + +
                • +
              • partition - Label of underlying partition. type: str + more... + +
                • +
              • size - Partition size. type: int + more... + +
                • +
              • status - Enable/disable storage. type: str choices: enable, disable + more... + +
                • +
              • usage - Use hard disk for logging or WAN Optimization . type: str choices: log, wanopt + more... + +
                • +
              • wanopt_mode - WAN Optimization mode . type: str choices: mix, wanopt, webcache + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure logical storage. + fortios_system_storage: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_storage: + device: "" + media_status: "enable" + name: "default_name_5" + order: "6" + partition: "" + size: "8" + status: "enable" + usage: "log" + wanopt_mode: "mix" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_stp.rst b/gen/fortios_system_stp.rst new file mode 100644 index 00000000..3796e8da --- /dev/null +++ b/gen/fortios_system_stp.rst @@ -0,0 +1,759 @@ +:source: fortios_system_stp.py + +:orphan: + +.. fortios_system_stp: + +fortios_system_stp -- Configure Spanning Tree Protocol (STP) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and stp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_stpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_stp - Configure Spanning Tree Protocol (STP). type: dict + more... + +
              • +
                +
              • config_revision - STP configuration revision (0 - 4294967295). type: int + more... + +
                • +
              • forward_delay - Forward delay (4 - 30 sec). type: int + more... + +
                • +
              • hello_time - Hello time (1 - 10 sec). type: int + more... + +
                • +
              • max_age - Maximum packet age (6 - 40 sec). type: int + more... + +
                • +
              • max_hops - Maximum number of hops (1 - 40). type: int + more... + +
                • +
              • region_name - Set region name. type: str + more... + +
                • +
              • status - Enable/disable STP settings. type: str + more... + +
                • +
              • switch_priority - STP switch priority; the lower the number the higher the priority (select from 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, and 57344). type: str choices: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Spanning Tree Protocol (STP). + fortios_system_stp: + vdom: "{{ vdom }}" + system_stp: + config_revision: "3" + forward_delay: "4" + hello_time: "5" + max_age: "6" + max_hops: "7" + region_name: "" + status: "" + switch_priority: "0" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_switch_interface.rst b/gen/fortios_system_switch_interface.rst new file mode 100644 index 00000000..9bc24682 --- /dev/null +++ b/gen/fortios_system_switch_interface.rst @@ -0,0 +1,945 @@ +:source: fortios_system_switch_interface.py + +:orphan: + +.. fortios_system_switch_interface: + +fortios_system_switch_interface -- Configure software switch interfaces by grouping physical and WiFi interfaces in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and switch_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_switch_interfaceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_switch_interface - Configure software switch interfaces by grouping physical and WiFi interfaces. type: dict + more... + +
              • +
                +
              • intra_switch_policy - Allow any traffic between switch interfaces or require firewall policies to allow traffic between switch interfaces. type: str choices: implicit, explicit + more... + +
                • +
              • mac_ttl - Duration for which MAC addresses are held in the ARP table (300 - 8640000 sec). type: int + more... + +
                • +
              • member - Names of the interfaces that belong to the virtual switch. type: list + more... + +
                • +
                  +
                • interface_name - Physical interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • name - Interface name (name cannot be in use by any other interfaces, VLANs, or inter-VDOM links). type: str required: true + more... + +
                • +
              • span - Enable/disable port spanning. Port spanning echoes traffic received by the software switch to the span destination port. type: str choices: disable, enable + more... + +
                • +
              • span_dest_port - SPAN destination port name. All traffic on the SPAN source ports is echoed to the SPAN destination port. Source system.interface.name. type: str + more... + +
                • +
              • span_direction - The direction in which the SPAN port operates, either: rx, tx, or both. type: str choices: rx, tx, both + more... + +
                • +
              • span_source_port - Physical interface name. Port spanning echoes all traffic on the SPAN source ports to the SPAN destination port. type: list + more... + +
                • +
                  +
                • interface_name - Physical interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • type - Type of switch based on functionality: switch for normal functionality, or hub to duplicate packets to all port members. type: str choices: switch, hub + more... + +
                • +
              • vdom - VDOM that the software switch belongs to. Source system.vdom.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure software switch interfaces by grouping physical and WiFi interfaces. + fortios_system_switch_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_switch_interface: + intra_switch_policy: "implicit" + mac_ttl: "4" + member: + - + interface_name: " (source system.interface.name)" + name: "default_name_7" + span: "disable" + span_dest_port: " (source system.interface.name)" + span_direction: "rx" + span_source_port: + - + interface_name: " (source system.interface.name)" + type: "switch" + vdom: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_tos_based_priority.rst b/gen/fortios_system_tos_based_priority.rst new file mode 100644 index 00000000..9846d2e9 --- /dev/null +++ b/gen/fortios_system_tos_based_priority.rst @@ -0,0 +1,411 @@ +:source: fortios_system_tos_based_priority.py + +:orphan: + +.. fortios_system_tos_based_priority: + +fortios_system_tos_based_priority -- Configure Type of Service (ToS) based priority table to set network traffic priorities in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and tos_based_priority category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_tos_based_priorityyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_tos_based_priority - Configure Type of Service (ToS) based priority table to set network traffic priorities. type: dict + more... + +
              • +
                +
              • id - Item ID. type: int required: true + more... + +
                • +
              • priority - ToS based priority level to low, medium or high (these priorities match firewall traffic shaping priorities) . type: str choices: low, medium, high + more... + +
                • +
              • tos - Value of the ToS byte in the IP datagram header (0-15, 8: minimize delay, 4: maximize throughput, 2: maximize reliability, 1: minimize monetary cost, and 0: ). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Type of Service (ToS) based priority table to set network traffic priorities. + fortios_system_tos_based_priority: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_tos_based_priority: + id: "3" + priority: "low" + tos: "5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom.rst b/gen/fortios_system_vdom.rst new file mode 100644 index 00000000..e018c3db --- /dev/null +++ b/gen/fortios_system_vdom.rst @@ -0,0 +1,420 @@ +:source: fortios_system_vdom.py + +:orphan: + +.. fortios_system_vdom: + +fortios_system_vdom -- Configure virtual domain in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdomyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_vdom - Configure virtual domain. type: dict + more... + +
              • +
                +
              • flag - Flag. type: int + more... + +
                • +
              • name - VDOM name. type: str required: true + more... + +
                • +
              • short_name - VDOM short name. type: str + more... + +
                • +
              • temporary - Temporary. type: int + more... + +
                • +
              • vcluster_id - Virtual cluster ID (0 - 4294967295). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual domain. + fortios_system_vdom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom: + flag: "3" + name: "default_name_4" + short_name: "" + temporary: "6" + vcluster_id: "7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_dns.rst b/gen/fortios_system_vdom_dns.rst new file mode 100644 index 00000000..92436c59 --- /dev/null +++ b/gen/fortios_system_vdom_dns.rst @@ -0,0 +1,1163 @@ +:source: fortios_system_vdom_dns.py + +:orphan: + +.. fortios_system_vdom_dns: + +fortios_system_vdom_dns -- Configure DNS servers for a non-management VDOM in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_dns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_dnsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_vdom_dns - Configure DNS servers for a non-management VDOM. type: dict + more... + +
              • +
                +
              • alt_primary - Alternate primary DNS server. This is not used as a failover DNS server. type: str + more... + +
                • +
              • alt_secondary - Alternate secondary DNS server. This is not used as a failover DNS server. type: str + more... + +
                • +
              • dns_over_tls - Enable/disable/enforce DNS over TLS. type: str choices: disable, enable, enforce + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ip6_primary - Primary IPv6 DNS server IP address for the VDOM. type: str + more... + +
                • +
              • ip6_secondary - Secondary IPv6 DNS server IP address for the VDOM. type: str + more... + +
                • +
              • primary - Primary DNS server IP address for the VDOM. type: str + more... + +
                • +
              • protocol - DNS transport protocols. type: list choices: cleartext, dot, doh + more... + +
                • +
              • secondary - Secondary DNS server IP address for the VDOM. type: str + more... + +
                • +
              • server_hostname - DNS server host name list. type: list member_path: server_hostname:hostname + more... + +
                • +
                  +
                • hostname - DNS server host name list separated by space (maximum 4 domains). type: str required: true + more... + +
                  • +
                +
              • server_select_method - Specify how configured servers are prioritized. type: str choices: least-rtt, failover + more... + +
                • +
              • source_ip - Source IP for communications with the DNS server. type: str + more... + +
                • +
              • ssl_certificate - Name of local certificate for SSL connections. Source certificate.local.name. type: str + more... + +
                • +
              • vdom_dns - Enable/disable configuring DNS servers for the current VDOM. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS servers for a non-management VDOM. + fortios_system_vdom_dns: + vdom: "{{ vdom }}" + system_vdom_dns: + alt_primary: "" + alt_secondary: "" + dns_over_tls: "disable" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ip6_primary: "" + ip6_secondary: "" + primary: "" + protocol: "cleartext" + secondary: "" + server_hostname: + - + hostname: "myhostname" + server_select_method: "least-rtt" + source_ip: "84.230.14.43" + ssl_certificate: " (source certificate.local.name)" + vdom_dns: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_exception.rst b/gen/fortios_system_vdom_exception.rst new file mode 100644 index 00000000..beaa1533 --- /dev/null +++ b/gen/fortios_system_vdom_exception.rst @@ -0,0 +1,1252 @@ +:source: fortios_system_vdom_exception.py + +:orphan: + +.. fortios_system_vdom_exception: + +fortios_system_vdom_exception -- Global configuration objects that can be configured independently across different ha peers for all VDOMs or for the defined VDOM scope in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_exception category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_exceptionyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_vdom_exception - Global configuration objects that can be configured independently across different ha peers for all VDOMs or for the defined VDOM scope. type: dict + more... + +
              • +
                +
              • id - Index (1 - 4096). type: int required: true + more... + +
                • +
              • object - Name of the configuration object that can be configured independently for all VDOMs. type: str choices: log.fortianalyzer.setting, log.fortianalyzer.override-setting, log.fortianalyzer2.setting, log.fortianalyzer2.override-setting, log.fortianalyzer3.setting, log.fortianalyzer3.override-setting, log.fortianalyzer-cloud.setting, log.fortianalyzer-cloud.override-setting, log.syslogd.setting, log.syslogd.override-setting, log.syslogd2.setting, log.syslogd2.override-setting, log.syslogd3.setting, log.syslogd3.override-setting, log.syslogd4.setting, log.syslogd4.override-setting, system.gre-tunnel, system.central-management, system.csf, user.radius, system.interface, vpn.ipsec.phase1-interface, vpn.ipsec.phase2-interface, router.bgp, router.route-map, router.prefix-list, firewall.ippool, firewall.ippool6, router.static, router.static6, firewall.vip, firewall.vip6, system.sdwan, system.saml, router.policy, router.policy6, firewall.vip46, firewall.vip64 + more... + +
                • +
              • oid - Object ID. type: int + more... + +
                • +
              • scope - Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration. type: str choices: all, inclusive, exclusive + more... + +
                • +
              • vdom - Names of the VDOMs. type: list member_path: vdom:name + more... + +
                • +
                  +
                • name - VDOM name. Source system.vdom.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global configuration objects that can be configured independently across different ha peers for all VDOMs or for the defined VDOM scope. + fortios_system_vdom_exception: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_exception: + id: "3" + object: "log.fortianalyzer.setting" + oid: "5" + scope: "all" + vdom: + - + name: "default_name_8 (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_link.rst b/gen/fortios_system_vdom_link.rst new file mode 100644 index 00000000..264d32b8 --- /dev/null +++ b/gen/fortios_system_vdom_link.rst @@ -0,0 +1,430 @@ +:source: fortios_system_vdom_link.py + +:orphan: + +.. fortios_system_vdom_link: + +fortios_system_vdom_link -- Configure VDOM links in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_link category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_linkyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_vdom_link - Configure VDOM links. type: dict + more... + +
              • +
                +
              • name - VDOM link name (maximum = 11 characters). type: str required: true + more... + +
                • +
              • type - VDOM link type: PPP or Ethernet. type: str choices: ppp, ethernet + more... + +
                • +
              • vcluster - Virtual cluster. type: str choices: vcluster1, vcluster2 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VDOM links. + fortios_system_vdom_link: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_link: + name: "default_name_3" + type: "ppp" + vcluster: "vcluster1" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_netflow.rst b/gen/fortios_system_vdom_netflow.rst new file mode 100644 index 00000000..00d98d3f --- /dev/null +++ b/gen/fortios_system_vdom_netflow.rst @@ -0,0 +1,584 @@ +:source: fortios_system_vdom_netflow.py + +:orphan: + +.. fortios_system_vdom_netflow: + +fortios_system_vdom_netflow -- Configure NetFlow per VDOM in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_netflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_netflowyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_vdom_netflow - Configure NetFlow per VDOM. type: dict + more... + +
              • +
                +
              • collector_ip - NetFlow collector IP address. type: str + more... + +
                • +
              • collector_port - NetFlow collector port number. type: int + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • source_ip - Source IP address for communication with the NetFlow agent. type: str + more... + +
                • +
              • vdom_netflow - Enable/disable NetFlow per VDOM. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NetFlow per VDOM. + fortios_system_vdom_netflow: + vdom: "{{ vdom }}" + system_vdom_netflow: + collector_ip: "" + collector_port: "4" + interface: " (source system.interface.name)" + interface_select_method: "auto" + source_ip: "84.230.14.43" + vdom_netflow: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_property.rst b/gen/fortios_system_vdom_property.rst new file mode 100644 index 00000000..77ffac1d --- /dev/null +++ b/gen/fortios_system_vdom_property.rst @@ -0,0 +1,390 @@ +:source: fortios_system_vdom_property.py + +:orphan: + +.. fortios_system_vdom_property: + +fortios_system_vdom_property -- Configure VDOM property in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_property category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_propertyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_vdom_property - Configure VDOM property. type: dict + more... + +
              • +
                +
              • custom_service - Maximum guaranteed number of firewall custom services. type: list
                • +
              • description - Description. type: str + more... + +
                • +
              • dialup_tunnel - Maximum guaranteed number of dial-up tunnels. type: list
                • +
              • firewall_address - Maximum guaranteed number of firewall addresses (IPv4, IPv6, multicast). type: list
                • +
              • firewall_addrgrp - Maximum guaranteed number of firewall address groups (IPv4, IPv6). type: list
                • +
              • firewall_policy - Maximum guaranteed number of firewall policies (policy, DoS-policy4, DoS-policy6, multicast). type: list
                • +
              • ipsec_phase1 - Maximum guaranteed number of VPN IPsec phase 1 tunnels. type: list
                • +
              • ipsec_phase1_interface - Maximum guaranteed number of VPN IPsec phase1 interface tunnels. type: list
                • +
              • ipsec_phase2 - Maximum guaranteed number of VPN IPsec phase 2 tunnels. type: list
                • +
              • ipsec_phase2_interface - Maximum guaranteed number of VPN IPsec phase2 interface tunnels. type: list
                • +
              • log_disk_quota - Log disk quota in megabytes (MB). Range depends on how much disk space is available. type: list
                • +
              • name - VDOM name. Source system.vdom.name. type: str required: true + more... + +
                • +
              • onetime_schedule - Maximum guaranteed number of firewall one-time schedules. type: list
                • +
              • proxy - Maximum guaranteed number of concurrent proxy users. type: list
                • +
              • recurring_schedule - Maximum guaranteed number of firewall recurring schedules. type: list
                • +
              • service_group - Maximum guaranteed number of firewall service groups. type: list
                • +
              • session - Maximum guaranteed number of sessions. type: list
                • +
              • snmp_index - Permanent SNMP Index of the virtual domain (1 - 2147483647). type: int + more... + +
                • +
              • sslvpn - Maximum guaranteed number of SSL-VPNs. type: list
                • +
              • user - Maximum guaranteed number of local users. type: list
                • +
              • user_group - Maximum guaranteed number of user groups. type: list
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VDOM property. + fortios_system_vdom_property: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_property: + custom_service: "" + description: "" + dialup_tunnel: "" + firewall_address: "" + firewall_addrgrp: "" + firewall_policy: "" + ipsec_phase1: "" + ipsec_phase1_interface: "" + ipsec_phase2: "" + ipsec_phase2_interface: "" + log_disk_quota: "" + name: "default_name_14 (source system.vdom.name)" + onetime_schedule: "" + proxy: "" + recurring_schedule: "" + service_group: "" + session: "" + snmp_index: "20" + sslvpn: "" + user: "" + user_group: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_radius_server.rst b/gen/fortios_system_vdom_radius_server.rst new file mode 100644 index 00000000..83e68eef --- /dev/null +++ b/gen/fortios_system_vdom_radius_server.rst @@ -0,0 +1,392 @@ +:source: fortios_system_vdom_radius_server.py + +:orphan: + +.. fortios_system_vdom_radius_server: + +fortios_system_vdom_radius_server -- Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_radius_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_radius_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_vdom_radius_server - Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. type: dict + more... + +
              • +
                +
              • name - Name of the VDOM that you are adding the RADIUS server to. Source system.vdom.name. type: str required: true + more... + +
                • +
              • radius_server_vdom - Use this option to select another VDOM containing a VDOM RSSO RADIUS server to use for the current VDOM. Source system.vdom.name. type: str + more... + +
                • +
              • status - Enable/disable the RSSO RADIUS server for this VDOM. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. + fortios_system_vdom_radius_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_radius_server: + name: "default_name_3 (source system.vdom.name)" + radius_server_vdom: " (source system.vdom.name)" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vdom_sflow.rst b/gen/fortios_system_vdom_sflow.rst new file mode 100644 index 00000000..352e8612 --- /dev/null +++ b/gen/fortios_system_vdom_sflow.rst @@ -0,0 +1,585 @@ +:source: fortios_system_vdom_sflow.py + +:orphan: + +.. fortios_system_vdom_sflow: + +fortios_system_vdom_sflow -- Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an sFlow collector in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_sflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vdom_sflowyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_vdom_sflow - Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an sFlow collector. type: dict + more... + +
              • +
                +
              • collector_ip - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . type: str + more... + +
                • +
              • collector_port - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - 65535). type: int + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • source_ip - Source IP address for sFlow agent. type: str + more... + +
                • +
              • vdom_sflow - Enable/disable the sFlow configuration for the current VDOM. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an + sFlow collector. + fortios_system_vdom_sflow: + vdom: "{{ vdom }}" + system_vdom_sflow: + collector_ip: "" + collector_port: "4" + interface: " (source system.interface.name)" + interface_select_method: "auto" + source_ip: "84.230.14.43" + vdom_sflow: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_virtual_switch.rst b/gen/fortios_system_virtual_switch.rst new file mode 100644 index 00000000..b8561306 --- /dev/null +++ b/gen/fortios_system_virtual_switch.rst @@ -0,0 +1,1011 @@ +:source: fortios_system_virtual_switch.py + +:orphan: + +.. fortios_system_virtual_switch: + +fortios_system_virtual_switch -- Configure virtual hardware switch interfaces in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_virtual_switchyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_virtual_switch - Configure virtual hardware switch interfaces. type: dict + more... + +
              • +
                +
              • name - Name of the virtual switch. type: str required: true + more... + +
                • +
              • physical_switch - Physical switch parent. Source system.physical-switch.name. type: str + more... + +
                • +
              • port - Configure member ports. type: list member_path: port:name + more... + +
                • +
                  +
                • alias - Alias. type: str + more... + +
                  • +
                • mediatype - Select SFP media interface type. type: str choices: cfp2-sr10, cfp2-lr4 + more... + +
                  • +
                • name - Physical interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                • speed - Interface speed. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 1000auto, 10000full, 10000auto, 40000full, 100Gfull + more... + +
                  • +
                • status - Interface status. type: str choices: up, down + more... + +
                  • +
                +
              • span - Enable/disable SPAN. type: str choices: disable, enable + more... + +
                • +
              • span_dest_port - SPAN destination port. type: str + more... + +
                • +
              • span_direction - SPAN direction. type: str choices: rx, tx, both + more... + +
                • +
              • span_source_port - SPAN source port. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual hardware switch interfaces. + fortios_system_virtual_switch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_virtual_switch: + name: "default_name_3" + physical_switch: " (source system.physical-switch.name)" + port: + - + alias: "" + mediatype: "cfp2-sr10" + name: "default_name_8 (source system.interface.name)" + speed: "auto" + status: "up" + span: "disable" + span_dest_port: "" + span_direction: "rx" + span_source_port: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_virtual_wan_link.rst b/gen/fortios_system_virtual_wan_link.rst new file mode 100644 index 00000000..e92348cb --- /dev/null +++ b/gen/fortios_system_virtual_wan_link.rst @@ -0,0 +1,4761 @@ +:source: fortios_system_virtual_wan_link.py + +:orphan: + +.. fortios_system_virtual_wan_link: + +fortios_system_virtual_wan_link -- Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_wan_link category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7
            fortios_system_virtual_wan_linkyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_virtual_wan_link - Configure redundant internet connections using SD-WAN (formerly virtual WAN link). type: dict + more... + +
              • +
                +
              • fail_alert_interfaces - Physical interfaces that will be alerted. type: list member_path: fail_alert_interfaces:name + more... + +
                • +
                  +
                • name - Physical interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              • fail_detect - Enable/disable SD-WAN Internet connection status checking (failure detection). type: str choices: enable, disable + more... + +
                • +
              • health_check - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it. type: list member_path: health_check:name + more... + +
                • +
                  +
                • addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                  • +
                • diffservcode - Differentiated services code point (DSCP) in the IP header of the probe packet. type: str + more... + +
                  • +
                • failtime - Number of failures before server is considered lost (1 - 3600). type: int + more... + +
                  • +
                • ha_priority - HA election priority (1 - 50). type: int + more... + +
                  • +
                • http_agent - String in the http-agent field in the HTTP header. type: str + more... + +
                  • +
                • http_get - URL used to communicate with the server if the protocol if the protocol is HTTP. type: str + more... + +
                  • +
                • http_match - Response string expected from the server if the protocol is HTTP. type: str + more... + +
                  • +
                • interval - Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec). type: int + more... + +
                  • +
                • members - Member sequence number list. type: list + more... + +
                  • +
                    +
                  • seq_num - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int + more... + +
                    • +
                  +
                • name - Status check or health check name. type: str required: true + more... + +
                  • +
                • packet_size - Packet size of a twamp test session, type: int + more... + +
                  • +
                • password - Twamp controller password in authentication mode type: str + more... + +
                  • +
                • port - Port number used to communicate with the server over the selected protocol. type: int + more... + +
                  • +
                • probe_packets - Enable/disable transmission of probe packets. type: str choices: disable, enable + more... + +
                  • +
                • probe_timeout - Time to wait before a probe packet is considered lost (500 - 5000 msec). type: int + more... + +
                  • +
                • protocol - Protocol used to determine if the FortiGate can communicate with the server. type: str choices: ping, tcp-echo, udp-echo, http, twamp, ping6 + more... + +
                  • +
                • recoverytime - Number of successful responses received before server is considered recovered (1 - 3600). type: int + more... + +
                  • +
                • security_mode - Twamp controller security mode. type: str choices: none, authentication + more... + +
                  • +
                • server - IP address or FQDN name of the server. type: str + more... + +
                  • +
                • sla - Service level agreement (SLA). type: list member_path: health_check:name/sla:id + more... + +
                  • +
                    +
                  • id - SLA ID. type: int required: true + more... + +
                    • +
                  • jitter_threshold - Jitter for SLA to make decision in milliseconds. (0 - 10000000). type: int + more... + +
                    • +
                  • latency_threshold - Latency for SLA to make decision in milliseconds. (0 - 10000000). type: int + more... + +
                    • +
                  • link_cost_factor - Criteria on which to base link selection. type: str choices: latency, jitter, packet-loss + more... + +
                    • +
                  • packetloss_threshold - Packet loss for SLA to make decision in percentage. (0 - 100). type: int + more... + +
                    • +
                  +
                • sla_fail_log_period - Time interval in seconds that SLA fail log messages will be generated (0 - 3600). type: int + more... + +
                  • +
                • sla_pass_log_period - Time interval in seconds that SLA pass log messages will be generated (0 - 3600). type: int + more... + +
                  • +
                • threshold_alert_jitter - Alert threshold for jitter (ms). type: int + more... + +
                  • +
                • threshold_alert_latency - Alert threshold for latency (ms). type: int + more... + +
                  • +
                • threshold_alert_packetloss - Alert threshold for packet loss (percentage). type: int + more... + +
                  • +
                • threshold_warning_jitter - Warning threshold for jitter (ms). type: int + more... + +
                  • +
                • threshold_warning_latency - Warning threshold for latency (ms). type: int + more... + +
                  • +
                • threshold_warning_packetloss - Warning threshold for packet loss (percentage). type: int + more... + +
                  • +
                • update_cascade_interface - Enable/disable update cascade interface. type: str choices: enable, disable + more... + +
                  • +
                • update_static_route - Enable/disable updating the static route. type: str choices: enable, disable + more... + +
                  • +
                +
              • load_balance_mode - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based, measured-volume-based + more... + +
                • +
              • members - FortiGate interfaces added to the virtual-wan-link. type: list + more... + +
                • +
                  +
                • comment - Comments. type: str + more... + +
                  • +
                • cost - Cost of this interface for services in SLA mode (0 - 4294967295). type: int + more... + +
                  • +
                • gateway - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to. type: str + more... + +
                  • +
                • gateway6 - IPv6 gateway. type: str + more... + +
                  • +
                • ingress_spillover_threshold - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int + more... + +
                  • +
                • interface - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                • priority - Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules. type: int + more... + +
                  • +
                • seq_num - Sequence number(1-255). type: int + more... + +
                  • +
                • source - Source IP address used in the health-check packet to the server. type: str + more... + +
                  • +
                • source6 - Source IPv6 address used in the health-check packet to the server. type: str + more... + +
                  • +
                • spillover_threshold - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int + more... + +
                  • +
                • status - Enable/disable this interface in the SD-WAN. type: str choices: disable, enable + more... + +
                  • +
                • volume_ratio - Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255). type: int + more... + +
                  • +
                • weight - Weight of this interface for weighted load balancing. (1 - 255) More traffic is directed to interfaces with higher weights. type: int + more... + +
                  • +
                +
              • neighbor - Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status. type: list member_path: neighbor:ip + more... + +
                • +
                  +
                • health_check - SD-WAN health-check name. Source system.virtual-wan-link.health-check.name. type: str + more... + +
                  • +
                • ip - IP address of neighbor. Source router.bgp.neighbor.ip. type: str required: true + more... + +
                  • +
                • member - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int + more... + +
                  • +
                • role - Role of neighbor. type: str choices: standalone, primary, secondary + more... + +
                  • +
                • sla_id - SLA ID. type: int + more... + +
                  • +
                +
              • neighbor_hold_boot_time - Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000). type: int + more... + +
                • +
              • neighbor_hold_down - Enable/disable hold switching from the secondary neighbor to the primary neighbor. type: str choices: enable, disable + more... + +
                • +
              • neighbor_hold_down_time - Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000). type: int + more... + +
                • +
              • service - Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN. type: list member_path: service:id + more... + +
                • +
                  +
                • addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 + more... + +
                  • +
                • bandwidth_weight - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int + more... + +
                  • +
                • default - Enable/disable use of SD-WAN as default service. type: str choices: enable, disable + more... + +
                  • +
                • dscp_forward - Enable/disable forward traffic DSCP tag. type: str choices: enable, disable + more... + +
                  • +
                • dscp_forward_tag - Forward traffic DSCP tag. type: str + more... + +
                  • +
                • dscp_reverse - Enable/disable reverse traffic DSCP tag. type: str choices: enable, disable + more... + +
                  • +
                • dscp_reverse_tag - Reverse traffic DSCP tag. type: str + more... + +
                  • +
                • dst - Destination address name. type: list member_path: service:id/dst:name + more... + +
                  • +
                    +
                  • name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • dst_negate - Enable/disable negation of destination address match. type: str choices: enable, disable + more... + +
                  • +
                • dst6 - Destination address6 name. type: list member_path: service:id/dst6:name + more... + +
                  • +
                    +
                  • name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • end_port - End destination port number. type: int + more... + +
                  • +
                • gateway - Enable/disable SD-WAN service gateway. type: str choices: enable, disable + more... + +
                  • +
                • groups - User groups. type: list member_path: service:id/groups:name + more... + +
                  • +
                    +
                  • name - Group name. Source user.group.name. type: str required: true + more... + +
                    • +
                  +
                • health_check - Health check. Source system.virtual-wan-link.health-check.name. type: str + more... + +
                  • +
                • hold_down_time - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000). type: int + more... + +
                  • +
                • id - Priority rule ID (1 - 4000). type: int required: true + more... + +
                  • +
                • input_device - Source interface name. type: list member_path: service:id/input_device:name + more... + +
                  • +
                    +
                  • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                    • +
                  +
                • input_device_negate - Enable/disable negation of input device match. type: str choices: enable, disable + more... + +
                  • +
                • internet_service - Enable/disable use of Internet service for application-based load balancing. type: str choices: enable, disable + more... + +
                  • +
                • internet_service_app_ctrl - Application control based Internet Service ID list. type: list member_path: service:id/internet_service_app_ctrl:id + more... + +
                  • +
                    +
                  • id - Application control based Internet Service ID. type: int required: true + more... + +
                    • +
                  +
                • internet_service_app_ctrl_group - Application control based Internet Service group list. type: list member_path: service:id/internet_service_app_ctrl_group:name + more... + +
                  • +
                    +
                  • name - Application control based Internet Service group name. Source application.group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_ctrl - Control-based Internet Service ID list. type: list member_path: service:id/internet_service_ctrl:id + more... + +
                  • +
                    +
                  • id - Control-based Internet Service ID. type: int required: true + more... + +
                    • +
                  +
                • internet_service_ctrl_group - Control-based Internet Service group list. type: list member_path: service:id/internet_service_ctrl_group:name + more... + +
                  • +
                    +
                  • name - Control-based Internet Service group name. Source application.group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_custom - Custom Internet service name list. type: list member_path: service:id/internet_service_custom:name + more... + +
                  • +
                    +
                  • name - Custom Internet service name. Source firewall.internet-service-custom.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_custom_group - Custom Internet Service group list. type: list member_path: service:id/internet_service_custom_group:name + more... + +
                  • +
                    +
                  • name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_group - Internet Service group list. type: list member_path: service:id/internet_service_group:name + more... + +
                  • +
                    +
                  • name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: true + more... + +
                    • +
                  +
                • internet_service_id - Internet service ID list. type: list member_path: service:id/internet_service_id:id + more... + +
                  • +
                    +
                  • id - Internet service ID. Source firewall.internet-service.id. type: int required: true + more... + +
                    • +
                  +
                • jitter_weight - Coefficient of jitter in the formula of custom-profile-1. type: int + more... + +
                  • +
                • latency_weight - Coefficient of latency in the formula of custom-profile-1. type: int + more... + +
                  • +
                • link_cost_factor - Link cost factor. type: str choices: latency, jitter, packet-loss, inbandwidth, outbandwidth, bibandwidth, custom-profile-1 + more... + +
                  • +
                • link_cost_threshold - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). type: int + more... + +
                  • +
                • member - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int + more... + +
                  • +
                • mode - Control how the priority rule sets the priority of interfaces in the SD-WAN. type: str choices: auto, manual, priority, sla, load-balance + more... + +
                  • +
                • name - Priority rule name. type: str + more... + +
                  • +
                • packet_loss_weight - Coefficient of packet-loss in the formula of custom-profile-1. type: int + more... + +
                  • +
                • priority_members - Member sequence number list. type: list + more... + +
                  • +
                    +
                  • seq_num - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int + more... + +
                    • +
                  +
                • protocol - Protocol number. type: int + more... + +
                  • +
                • quality_link - Quality grade. type: int + more... + +
                  • +
                • role - Service role to work with neighbor. type: str choices: standalone, primary, secondary + more... + +
                  • +
                • route_tag - IPv4 route map route-tag. type: int + more... + +
                  • +
                • sla - Service level agreement (SLA). type: list + more... + +
                  • +
                    +
                  • health_check - Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name. type: str + more... + +
                    • +
                  • id - SLA ID. type: int + more... + +
                    • +
                  +
                • sla_compare_method - Method to compare SLA value for sla and load balance mode. type: str choices: order, number + more... + +
                  • +
                • src - Source address name. type: list member_path: service:id/src:name + more... + +
                  • +
                    +
                  • name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • src_negate - Enable/disable negation of source address match. type: str choices: enable, disable + more... + +
                  • +
                • src6 - Source address6 name. type: list member_path: service:id/src6:name + more... + +
                  • +
                    +
                  • name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • standalone_action - Enable/disable service when selected neighbor role is standalone while service role is not standalone. type: str choices: enable, disable + more... + +
                  • +
                • start_port - Start destination port number. type: int + more... + +
                  • +
                • status - Enable/disable SD-WAN service. type: str choices: enable, disable + more... + +
                  • +
                • tos - Type of service bit pattern. type: str + more... + +
                  • +
                • tos_mask - Type of service evaluated bits. type: str + more... + +
                  • +
                • users - User name. type: list member_path: service:id/users:name + more... + +
                  • +
                    +
                  • name - User name. Source user.local.name. type: str required: true + more... + +
                    • +
                  +
                +
              • status - Enable/disable SD-WAN. type: str choices: disable, enable + more... + +
                • +
              • zone - Configure SD-WAN zones. type: list member_path: zone:name + more... + +
                • +
                  +
                • name - Zone name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link). + fortios_system_virtual_wan_link: + vdom: "{{ vdom }}" + system_virtual_wan_link: + fail_alert_interfaces: + - + name: "default_name_4 (source system.interface.name)" + fail_detect: "enable" + health_check: + - + addr_mode: "ipv4" + diffservcode: "" + failtime: "9" + ha_priority: "10" + http_agent: "" + http_get: "" + http_match: "" + interval: "14" + members: + - + seq_num: "16 (source system.virtual-wan-link.members.seq-num)" + name: "default_name_17" + packet_size: "18" + password: "" + port: "20" + probe_packets: "disable" + probe_timeout: "22" + protocol: "ping" + recoverytime: "24" + security_mode: "none" + server: "192.168.100.40" + sla: + - + id: "28" + jitter_threshold: "29" + latency_threshold: "30" + link_cost_factor: "latency" + packetloss_threshold: "32" + sla_fail_log_period: "33" + sla_pass_log_period: "34" + threshold_alert_jitter: "35" + threshold_alert_latency: "36" + threshold_alert_packetloss: "37" + threshold_warning_jitter: "38" + threshold_warning_latency: "39" + threshold_warning_packetloss: "40" + update_cascade_interface: "enable" + update_static_route: "enable" + load_balance_mode: "source-ip-based" + members: + - + comment: "Comments." + cost: "46" + gateway: "" + gateway6: "" + ingress_spillover_threshold: "49" + interface: " (source system.interface.name)" + priority: "51" + seq_num: "52" + source: "" + source6: "" + spillover_threshold: "55" + status: "disable" + volume_ratio: "57" + weight: "58" + neighbor: + - + health_check: " (source system.virtual-wan-link.health-check.name)" + ip: " (source router.bgp.neighbor.ip)" + member: "62 (source system.virtual-wan-link.members.seq-num)" + role: "standalone" + sla_id: "64" + neighbor_hold_boot_time: "65" + neighbor_hold_down: "enable" + neighbor_hold_down_time: "67" + service: + - + addr_mode: "ipv4" + bandwidth_weight: "70" + default: "enable" + dscp_forward: "enable" + dscp_forward_tag: "" + dscp_reverse: "enable" + dscp_reverse_tag: "" + dst: + - + name: "default_name_77 (source firewall.address.name firewall.addrgrp.name)" + dst_negate: "enable" + dst6: + - + name: "default_name_80 (source firewall.address6.name firewall.addrgrp6.name)" + end_port: "81" + gateway: "enable" + groups: + - + name: "default_name_84 (source user.group.name)" + health_check: " (source system.virtual-wan-link.health-check.name)" + hold_down_time: "86" + id: "87" + input_device: + - + name: "default_name_89 (source system.interface.name)" + input_device_negate: "enable" + internet_service: "enable" + internet_service_app_ctrl: + - + id: "93" + internet_service_app_ctrl_group: + - + name: "default_name_95 (source application.group.name)" + internet_service_ctrl: + - + id: "97" + internet_service_ctrl_group: + - + name: "default_name_99 (source application.group.name)" + internet_service_custom: + - + name: "default_name_101 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_103 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_105 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "107 (source firewall.internet-service.id)" + jitter_weight: "108" + latency_weight: "109" + link_cost_factor: "latency" + link_cost_threshold: "111" + member: "112 (source system.virtual-wan-link.members.seq-num)" + mode: "auto" + name: "default_name_114" + packet_loss_weight: "115" + priority_members: + - + seq_num: "117 (source system.virtual-wan-link.members.seq-num)" + protocol: "118" + quality_link: "119" + role: "standalone" + route_tag: "121" + sla: + - + health_check: " (source system.virtual-wan-link.health-check.name)" + id: "124" + sla_compare_method: "order" + src: + - + name: "default_name_127 (source firewall.address.name firewall.addrgrp.name)" + src_negate: "enable" + src6: + - + name: "default_name_130 (source firewall.address6.name firewall.addrgrp6.name)" + standalone_action: "enable" + start_port: "132" + status: "enable" + tos: "" + tos_mask: "" + users: + - + name: "default_name_137 (source user.local.name)" + status: "disable" + zone: + - + name: "default_name_140" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_virtual_wire_pair.rst b/gen/fortios_system_virtual_wire_pair.rst new file mode 100644 index 00000000..5794a3cb --- /dev/null +++ b/gen/fortios_system_virtual_wire_pair.rst @@ -0,0 +1,487 @@ +:source: fortios_system_virtual_wire_pair.py + +:orphan: + +.. fortios_system_virtual_wire_pair: + +fortios_system_virtual_wire_pair -- Configure virtual wire pairs in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_wire_pair category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_virtual_wire_pairyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_virtual_wire_pair - Configure virtual wire pairs. type: dict + more... + +
              • +
                +
              • member - Interfaces belong to the virtual-wire-pair. type: list + more... + +
                • +
                  +
                • interface_name - Interface name. Source system.interface.name. type: str + more... + +
                  • +
                +
              • name - Virtual-wire-pair name. Must be a unique interface name. type: str required: true + more... + +
                • +
              • vlan_filter - Set VLAN filters. type: str + more... + +
                • +
              • wildcard_vlan - Enable/disable wildcard VLAN. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual wire pairs. + fortios_system_virtual_wire_pair: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_virtual_wire_pair: + member: + - + interface_name: " (source system.interface.name)" + name: "default_name_5" + vlan_filter: "" + wildcard_vlan: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vne_tunnel.rst b/gen/fortios_system_vne_tunnel.rst new file mode 100644 index 00000000..95a6b6ef --- /dev/null +++ b/gen/fortios_system_vne_tunnel.rst @@ -0,0 +1,545 @@ +:source: fortios_system_vne_tunnel.py + +:orphan: + +.. fortios_system_vne_tunnel: + +fortios_system_vne_tunnel -- Configure virtual network enabler tunnel in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vne_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vne_tunnelyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • system_vne_tunnel - Configure virtual network enabler tunnel. type: dict + more... + +
              • +
                +
              • auto_asic_offload - Enable/disable tunnel ASIC offloading. type: str choices: enable, disable + more... + +
                • +
              • bmr_hostname - BMR hostname. type: str + more... + +
                • +
              • br - Border relay IPv6 address. type: str + more... + +
                • +
              • interface - Interface name. Source system.interface.name. type: str + more... + +
                • +
              • ipv4_address - Tunnel IPv4 address and netmask. type: str + more... + +
                • +
              • mode - VNE tunnel mode. type: str choices: map-e, fixed-ip + more... + +
                • +
              • ssl_certificate - Name of local certificate for SSL connections. Source certificate.local.name. type: str + more... + +
                • +
              • status - Enable/disable VNE tunnel. type: str choices: enable, disable + more... + +
                • +
              • update_url - URL of provisioning server. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual network enabler tunnel. + fortios_system_vne_tunnel: + vdom: "{{ vdom }}" + system_vne_tunnel: + auto_asic_offload: "enable" + bmr_hostname: "" + br: "" + interface: " (source system.interface.name)" + ipv4_address: "" + mode: "map-e" + ssl_certificate: " (source certificate.local.name)" + status: "enable" + update_url: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_vxlan.rst b/gen/fortios_system_vxlan.rst new file mode 100644 index 00000000..d576534b --- /dev/null +++ b/gen/fortios_system_vxlan.rst @@ -0,0 +1,758 @@ +:source: fortios_system_vxlan.py + +:orphan: + +.. fortios_system_vxlan: + +fortios_system_vxlan -- Configure VXLAN devices in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vxlan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_vxlanyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_vxlan - Configure VXLAN devices. type: dict + more... + +
              • +
                +
              • dstport - VXLAN destination port (1 - 65535). type: int + more... + +
                • +
              • interface - Outgoing interface for VXLAN encapsulated traffic. Source system.interface.name. type: str + more... + +
                • +
              • ip_version - IP version to use for the VXLAN interface and so for communication over the VXLAN. IPv4 or IPv6 unicast or multicast. type: str choices: ipv4-unicast, ipv6-unicast, ipv4-multicast, ipv6-multicast + more... + +
                • +
              • multicast_ttl - VXLAN multicast TTL (1-255). type: int + more... + +
                • +
              • name - VXLAN device or interface name. Must be a unique interface name. type: str required: true + more... + +
                • +
              • remote_ip - IPv4 address of the VXLAN interface on the device at the remote end of the VXLAN. type: list member_path: remote_ip:ip + more... + +
                • +
                  +
                • ip - IPv4 address. type: str required: true + more... + +
                  • +
                +
              • remote_ip6 - IPv6 IP address of the VXLAN interface on the device at the remote end of the VXLAN. type: list member_path: remote_ip6:ip6 + more... + +
                • +
                  +
                • ip6 - IPv6 address. type: str required: true + more... + +
                  • +
                +
              • vni - VXLAN network ID. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VXLAN devices. + fortios_system_vxlan: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vxlan: + dstport: "3" + interface: " (source system.interface.name)" + ip_version: "ipv4-unicast" + multicast_ttl: "6" + name: "default_name_7" + remote_ip: + - + ip: "" + remote_ip6: + - + ip6: "" + vni: "12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_wccp.rst b/gen/fortios_system_wccp.rst new file mode 100644 index 00000000..1ba90101 --- /dev/null +++ b/gen/fortios_system_wccp.rst @@ -0,0 +1,1636 @@ +:source: fortios_system_wccp.py + +:orphan: + +.. fortios_system_wccp: + +fortios_system_wccp -- Configure WCCP in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and wccp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_wccpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_wccp - Configure WCCP. type: dict + more... + +
              • +
                +
              • assignment_bucket_format - Assignment bucket format for the WCCP cache engine. type: str choices: wccp-v2, cisco-implementation + more... + +
                • +
              • assignment_dstaddr_mask - Assignment destination address mask. type: str + more... + +
                • +
              • assignment_method - Hash key assignment preference. type: str choices: HASH, MASK, any + more... + +
                • +
              • assignment_srcaddr_mask - Assignment source address mask. type: str + more... + +
                • +
              • assignment_weight - Assignment of hash weight/ratio for the WCCP cache engine. type: int + more... + +
                • +
              • authentication - Enable/disable MD5 authentication. type: str choices: enable, disable + more... + +
                • +
              • cache_engine_method - Method used to forward traffic to the routers or to return to the cache engine. type: str choices: GRE, L2 + more... + +
                • +
              • cache_id - IP address known to all routers. If the addresses are the same, use the default 0.0.0.0. type: str + more... + +
                • +
              • forward_method - Method used to forward traffic to the cache servers. type: str choices: GRE, L2, any + more... + +
                • +
              • group_address - IP multicast address used by the cache routers. For the FortiGate to ignore multicast WCCP traffic, use the default 0.0.0.0. type: str + more... + +
                • +
              • password - Password for MD5 authentication. type: str + more... + +
                • +
              • ports - Service ports. type: list
                • +
              • ports_defined - Match method. type: str choices: source, destination + more... + +
                • +
              • primary_hash - Hash method. type: list choices: src-ip, dst-ip, src-port, dst-port + more... + +
                • +
              • priority - Service priority. type: int + more... + +
                • +
              • protocol - Service protocol. type: int + more... + +
                • +
              • return_method - Method used to decline a redirected packet and return it to the FortiGate unit. type: str choices: GRE, L2, any + more... + +
                • +
              • router_id - IP address known to all cache engines. If all cache engines connect to the same FortiGate interface, use the default 0.0.0.0. type: str + more... + +
                • +
              • router_list - IP addresses of one or more WCCP routers. type: list
                • +
              • server_list - IP addresses and netmasks for up to four cache servers. type: list
                • +
              • server_type - Cache server type. type: str choices: forward, proxy + more... + +
                • +
              • service_id - Service ID. type: str + more... + +
                • +
              • service_type - WCCP service type used by the cache server for logical interception and redirection of traffic. type: str choices: auto, standard, dynamic + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WCCP. + fortios_system_wccp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_wccp: + assignment_bucket_format: "wccp-v2" + assignment_dstaddr_mask: "" + assignment_method: "HASH" + assignment_srcaddr_mask: "" + assignment_weight: "7" + authentication: "enable" + cache_engine_method: "GRE" + cache_id: "" + forward_method: "GRE" + group_address: "" + password: "" + ports: "" + ports_defined: "source" + primary_hash: "src-ip" + priority: "17" + protocol: "18" + return_method: "GRE" + router_id: "" + router_list: "" + server_list: "" + server_type: "forward" + service_id: "" + service_type: "auto" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_system_zone.rst b/gen/fortios_system_zone.rst new file mode 100644 index 00000000..15b3ba44 --- /dev/null +++ b/gen/fortios_system_zone.rst @@ -0,0 +1,724 @@ +:source: fortios_system_zone.py + +:orphan: + +.. fortios_system_zone: + +fortios_system_zone -- Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in the zone in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and zone category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_system_zoneyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • system_zone - Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in the zone. type: dict + more... + +
              • +
                +
              • description - Description. type: str + more... + +
                • +
              • interface - Add interfaces to this zone. Interfaces must not be assigned to another zone or have firewall policies defined. type: list + more... + +
                • +
                  +
                • interface_name - Select interfaces to add to the zone. Source system.interface.name. type: str + more... + +
                  • +
                +
              • intrazone - Allow or deny traffic routing between different interfaces in the same zone . type: str choices: allow, deny + more... + +
                • +
              • name - Zone name. type: str required: true + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in + the zone. + fortios_system_zone: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_zone: + description: "" + interface: + - + interface_name: " (source system.interface.name)" + intrazone: "allow" + name: "default_name_7" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_10" + tags: + - + name: "default_name_12 (source system.object-tagging.tags.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_adgrp.rst b/gen/fortios_user_adgrp.rst new file mode 100644 index 00000000..b4b6a1a3 --- /dev/null +++ b/gen/fortios_user_adgrp.rst @@ -0,0 +1,400 @@ +:source: fortios_user_adgrp.py + +:orphan: + +.. fortios_user_adgrp: + +fortios_user_adgrp -- Configure FSSO groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and adgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_adgrpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_adgrp - Configure FSSO groups. type: dict + more... + +
              • +
                +
              • connector_source - FSSO connector source. type: str + more... + +
                • +
              • id - Group ID. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • server_name - FSSO agent name. Source user.fsso.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FSSO groups. + fortios_user_adgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_adgrp: + connector_source: "" + id: "4" + name: "default_name_5" + server_name: " (source user.fsso.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_certificate.rst b/gen/fortios_user_certificate.rst new file mode 100644 index 00000000..dc41d80a --- /dev/null +++ b/gen/fortios_user_certificate.rst @@ -0,0 +1,348 @@ +:source: fortios_user_certificate.py + +:orphan: + +.. fortios_user_certificate: + +fortios_user_certificate -- Configure certificate users in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and certificate category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + +
            v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_certificateyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_certificate - Configure certificate users. type: dict + more... + +
              • +
                +
              • common_name - Certificate common name. type: str + more... + +
                • +
              • id - User ID. type: int + more... + +
                • +
              • issuer - CA certificate used for client certificate verification. Source vpn.certificate.ca.name. type: str + more... + +
                • +
              • name - User name. type: str required: true + more... + +
                • +
              • status - Enable/disable allowing the certificate user to authenticate with the FortiGate unit. type: str choices: enable, disable + more... + +
                • +
              • type - Type of certificate authentication method. type: str choices: single-certificate, trusted-issuer + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure certificate users. + fortios_user_certificate: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_certificate: + common_name: "" + id: "4" + issuer: " (source vpn.certificate.ca.name)" + name: "default_name_6" + status: "enable" + type: "single-certificate" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_device.rst b/gen/fortios_user_device.rst new file mode 100644 index 00000000..cfb479db --- /dev/null +++ b/gen/fortios_user_device.rst @@ -0,0 +1,656 @@ +:source: fortios_user_device.py + +:orphan: + +.. fortios_user_device: + +fortios_user_device -- Configure devices in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.3
            fortios_user_deviceyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_device - Configure devices. type: dict + more... + +
              • +
                +
              • alias - Device alias. type: str required: true + more... + +
                • +
              • avatar - Image file for avatar (maximum 4K base64 encoded). type: str + more... + +
                • +
              • category - Family. type: str choices: none, amazon-device, android-device, blackberry-device, fortinet-device, ios-device, windows-device + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • mac - Device MAC address. type: str + more... + +
                • +
              • master_device - Master device (optional). Source user.device.alias. type: str + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              • type - Type. type: str choices: unknown, android-phone, android-tablet, blackberry-phone, blackberry-playbook, forticam, fortifone, fortinet-device, gaming-console, ip-phone, ipad, iphone, linux-pc, mac, media-streaming, printer, router-nat-device, windows-pc, windows-phone, windows-tablet, other-network-device + more... + +
                • +
              • user - User name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure devices. + fortios_user_device: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device: + alias: "" + avatar: "" + category: "none" + comment: "Comment." + mac: "" + master_device: " (source user.device.alias)" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_11" + tags: + - + name: "default_name_13 (source system.object-tagging.tags.name)" + type: "unknown" + user: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_device_access_list.rst b/gen/fortios_user_device_access_list.rst new file mode 100644 index 00000000..74a1d825 --- /dev/null +++ b/gen/fortios_user_device_access_list.rst @@ -0,0 +1,311 @@ +:source: fortios_user_device_access_list.py + +:orphan: + +.. fortios_user_device_access_list: + +fortios_user_device_access_list -- Configure device access control lists in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device_access_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_user_device_access_listyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_device_access_list - Configure device access control lists. type: dict + more... + +
              • +
                +
              • default_action - Accept or deny unknown/unspecified devices. type: str choices: accept, deny + more... + +
                • +
              • device_list - Device list. type: list member_path: device_list:id + more... + +
                • +
                  +
                • action - Allow or block device. type: str choices: accept, deny + more... + +
                  • +
                • device - Firewall device or device group. Source user.device.alias user.device-group.name user.device-category.name. type: str + more... + +
                  • +
                • id - Entry ID. type: int required: true + more... + +
                  • +
                +
              • name - Device access list name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure device access control lists. + fortios_user_device_access_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device_access_list: + default_action: "accept" + device_list: + - + action: "accept" + device: " (source user.device.alias user.device-group.name user.device-category.name)" + id: "7" + name: "default_name_8" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_device_category.rst b/gen/fortios_user_device_category.rst new file mode 100644 index 00000000..5bba6068 --- /dev/null +++ b/gen/fortios_user_device_category.rst @@ -0,0 +1,224 @@ +:source: fortios_user_device_category.py + +:orphan: + +.. fortios_user_device_category: + +fortios_user_device_category -- Configure device categories in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device_category category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11
            fortios_user_device_categoryyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_device_category - Configure device categories. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • desc - Device category description. type: str + more... + +
                • +
              • name - Device category name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure device categories. + fortios_user_device_category: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device_category: + comment: "Comment." + desc: "" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_device_group.rst b/gen/fortios_user_device_group.rst new file mode 100644 index 00000000..843da473 --- /dev/null +++ b/gen/fortios_user_device_group.rst @@ -0,0 +1,375 @@ +:source: fortios_user_device_group.py + +:orphan: + +.. fortios_user_device_group: + +fortios_user_device_group -- Configure device groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.3
            fortios_user_device_groupyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_device_group - Configure device groups. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • member - Device group member. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Device name. Source user.device.alias user.device-category.name. type: str required: true + more... + +
                  • +
                +
              • name - Device group name. type: str required: true + more... + +
                • +
              • tagging - Config object tagging. type: list member_path: tagging:name + more... + +
                • +
                  +
                • category - Tag category. Source system.object-tagging.category. type: str + more... + +
                  • +
                • name - Tagging entry name. type: str required: true + more... + +
                  • +
                • tags - Tags. type: list member_path: tagging:name/tags:name + more... + +
                  • +
                    +
                  • name - Tag name. Source system.object-tagging.tags.name. type: str required: true + more... + +
                    • +
                  +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure device groups. + fortios_user_device_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device_group: + comment: "Comment." + member: + - + name: "default_name_5 (source user.device.alias user.device-category.name)" + name: "default_name_6" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_9" + tags: + - + name: "default_name_11 (source system.object-tagging.tags.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_domain_controller.rst b/gen/fortios_user_domain_controller.rst new file mode 100644 index 00000000..76e35e10 --- /dev/null +++ b/gen/fortios_user_domain_controller.rst @@ -0,0 +1,1585 @@ +:source: fortios_user_domain_controller.py + +:orphan: + +.. fortios_user_domain_controller: + +fortios_user_domain_controller -- Configure domain controller entries in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and domain_controller category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_domain_controlleryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_domain_controller - Configure domain controller entries. type: dict + more... + +
              • +
                +
              • ad_mode - Set Active Directory mode. type: str choices: none, ds, lds + more... + +
                • +
              • adlds_dn - AD LDS distinguished name. type: str + more... + +
                • +
              • adlds_ip_address - AD LDS IPv4 address. type: str + more... + +
                • +
              • adlds_ip6 - AD LDS IPv6 address. type: str + more... + +
                • +
              • adlds_port - Port number of AD LDS service . type: int + more... + +
                • +
              • dns_srv_lookup - Enable/disable DNS service lookup. type: str choices: enable, disable + more... + +
                • +
              • domain_name - Domain DNS name. type: str + more... + +
                • +
              • extra_server - Extra servers. type: list member_path: extra_server:id + more... + +
                • +
                  +
                • id - Server ID. type: int required: true + more... + +
                  • +
                • ip_address - Domain controller IP address. type: str + more... + +
                  • +
                • port - Port to be used for communication with the domain controller . type: int + more... + +
                  • +
                • source_ip_address - FortiGate IPv4 address to be used for communication with the domain controller. type: str + more... + +
                  • +
                • source_port - Source port to be used for communication with the domain controller. type: int + more... + +
                  • +
                +
              • hostname - Hostname of the server to connect to. type: str + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ip_address - Domain controller IPv4 address. type: str + more... + +
                • +
              • ip6 - Domain controller IPv6 address. type: str + more... + +
                • +
              • ldap_server - LDAP server name(s). Source user.ldap.name. type: str + more... + +
                • +
              • name - Domain controller entry name. type: str required: true + more... + +
                • +
              • password - Password for specified username. type: str + more... + +
                • +
              • port - Port to be used for communication with the domain controller . type: int + more... + +
                • +
              • replication_port - Port to be used for communication with the domain controller for replication service. Port number 0 indicates automatic discovery. type: int + more... + +
                • +
              • source_ip_address - FortiGate IPv4 address to be used for communication with the domain controller. type: str + more... + +
                • +
              • source_ip6 - FortiGate IPv6 address to be used for communication with the domain controller. type: str + more... + +
                • +
              • source_port - Source port to be used for communication with the domain controller. type: int + more... + +
                • +
              • username - User name to sign in with. Must have proper permissions for service. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure domain controller entries. + fortios_user_domain_controller: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_domain_controller: + ad_mode: "none" + adlds_dn: "" + adlds_ip_address: "" + adlds_ip6: "" + adlds_port: "7" + dns_srv_lookup: "enable" + domain_name: "" + extra_server: + - + id: "11" + ip_address: "" + port: "13" + source_ip_address: "" + source_port: "15" + hostname: "myhostname" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ip_address: "" + ip6: "" + ldap_server: + - + name: "default_name_22 (source user.ldap.name)" + name: "default_name_23" + password: "" + port: "25" + replication_port: "26" + source_ip_address: "" + source_ip6: "" + source_port: "29" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_exchange.rst b/gen/fortios_user_exchange.rst new file mode 100644 index 00000000..a4922261 --- /dev/null +++ b/gen/fortios_user_exchange.rst @@ -0,0 +1,1087 @@ +:source: fortios_user_exchange.py + +:orphan: + +.. fortios_user_exchange: + +fortios_user_exchange -- Configure MS Exchange server entries in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and exchange category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_exchangeyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_exchange - Configure MS Exchange server entries. type: dict + more... + +
              • +
                +
              • auth_level - Authentication security level used for the RPC protocol layer. type: str choices: connect, call, packet, integrity, privacy + more... + +
                • +
              • auth_type - Authentication security type used for the RPC protocol layer. type: str choices: spnego, ntlm, kerberos + more... + +
                • +
              • auto_discover_kdc - Enable/disable automatic discovery of KDC IP addresses. type: str choices: enable, disable + more... + +
                • +
              • connect_protocol - Connection protocol used to connect to MS Exchange service. type: str choices: rpc-over-tcp, rpc-over-http, rpc-over-https + more... + +
                • +
              • domain_name - MS Exchange server fully qualified domain name. type: str + more... + +
                • +
              • http_auth_type - Authentication security type used for the HTTP transport. type: str choices: basic, ntlm + more... + +
                • +
              • ip - Server IPv4 address. type: str + more... + +
                • +
              • kdc_ip - KDC IPv4 addresses for Kerberos authentication. type: list member_path: kdc_ip:ipv4 + more... + +
                • +
                  +
                • ipv4 - KDC IPv4 addresses for Kerberos authentication. type: str required: true + more... + +
                  • +
                +
              • name - MS Exchange server entry name. type: str required: true + more... + +
                • +
              • password - Password for the specified username. type: str + more... + +
                • +
              • server_name - MS Exchange server hostname. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum SSL/TLS protocol version for HTTPS transport . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • username - User name used to sign in to the server. Must have proper permissions for service. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MS Exchange server entries. + fortios_user_exchange: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_exchange: + auth_level: "connect" + auth_type: "spnego" + auto_discover_kdc: "enable" + connect_protocol: "rpc-over-tcp" + domain_name: "" + http_auth_type: "basic" + ip: "" + kdc_ip: + - + ipv4: "" + name: "default_name_12" + password: "" + server_name: "" + ssl_min_proto_version: "default" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_fortitoken.rst b/gen/fortios_user_fortitoken.rst new file mode 100644 index 00000000..088648de --- /dev/null +++ b/gen/fortios_user_fortitoken.rst @@ -0,0 +1,646 @@ +:source: fortios_user_fortitoken.py + +:orphan: + +.. fortios_user_fortitoken: + +fortios_user_fortitoken -- Configure FortiToken in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and fortitoken category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_fortitokenyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_fortitoken - Configure FortiToken. type: dict + more... + +
              • +
                +
              • activation_code - Mobile token user activation-code. type: str + more... + +
                • +
              • activation_expire - Mobile token user activation-code expire time. type: int + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • license - Mobile token license. type: str + more... + +
                • +
              • os_ver - Device Mobile Version. type: str + more... + +
                • +
              • reg_id - Device Reg ID. type: str + more... + +
                • +
              • seed - Token seed. type: str + more... + +
                • +
              • serial_number - Serial number. type: str + more... + +
                • +
              • status - Status. type: str choices: active, lock + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiToken. + fortios_user_fortitoken: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_fortitoken: + activation_code: "" + activation_expire: "4" + comments: "" + license: "" + os_ver: "" + reg_id: "" + seed: "" + serial_number: "" + status: "active" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_fsso.rst b/gen/fortios_user_fsso.rst new file mode 100644 index 00000000..b869506b --- /dev/null +++ b/gen/fortios_user_fsso.rst @@ -0,0 +1,1889 @@ +:source: fortios_user_fsso.py + +:orphan: + +.. fortios_user_fsso: + +fortios_user_fsso -- Configure Fortinet Single Sign On (FSSO) agents in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and fsso category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_fssoyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_fsso - Configure Fortinet Single Sign On (FSSO) agents. type: dict + more... + +
              • +
                +
              • group_poll_interval - Interval in minutes within to fetch groups from FSSO server, or unset to disable. type: int + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ldap_poll - Enable/disable automatic fetching of groups from LDAP server. type: str choices: enable, disable + more... + +
                • +
              • ldap_poll_filter - Filter used to fetch groups. type: str + more... + +
                • +
              • ldap_poll_interval - Interval in minutes within to fetch groups from LDAP server. type: int + more... + +
                • +
              • ldap_server - LDAP server to get group information. Source user.ldap.name. type: str + more... + +
                • +
              • logon_timeout - Interval in minutes to keep logons after FSSO server down. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • password - Password of the first FSSO collector agent. type: str + more... + +
                • +
              • password2 - Password of the second FSSO collector agent. type: str + more... + +
                • +
              • password3 - Password of the third FSSO collector agent. type: str + more... + +
                • +
              • password4 - Password of the fourth FSSO collector agent. type: str + more... + +
                • +
              • password5 - Password of the fifth FSSO collector agent. type: str + more... + +
                • +
              • port - Port of the first FSSO collector agent. type: int + more... + +
                • +
              • port2 - Port of the second FSSO collector agent. type: int + more... + +
                • +
              • port3 - Port of the third FSSO collector agent. type: int + more... + +
                • +
              • port4 - Port of the fourth FSSO collector agent. type: int + more... + +
                • +
              • port5 - Port of the fifth FSSO collector agent. type: int + more... + +
                • +
              • server - Domain name or IP address of the first FSSO collector agent. type: str + more... + +
                • +
              • server2 - Domain name or IP address of the second FSSO collector agent. type: str + more... + +
                • +
              • server3 - Domain name or IP address of the third FSSO collector agent. type: str + more... + +
                • +
              • server4 - Domain name or IP address of the fourth FSSO collector agent. type: str + more... + +
                • +
              • server5 - Domain name or IP address of the fifth FSSO collector agent. type: str + more... + +
                • +
              • source_ip - Source IP for communications to FSSO agent. type: str + more... + +
                • +
              • source_ip6 - IPv6 source for communications to FSSO agent. type: str + more... + +
                • +
              • ssl - Enable/disable use of SSL. type: str choices: enable, disable + more... + +
                • +
              • ssl_server_host_ip_check - Enable/disable server host/IP verification. type: str choices: enable, disable + more... + +
                • +
              • ssl_trusted_cert - Trusted server certificate or CA certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • type - Server type. type: str choices: default, fortinac, fortiems, fortiems-cloud + more... + +
                • +
              • user_info_server - LDAP server to get user information. Source user.ldap.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Fortinet Single Sign On (FSSO) agents. + fortios_user_fsso: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_fsso: + group_poll_interval: "3" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ldap_poll: "enable" + ldap_poll_filter: "" + ldap_poll_interval: "8" + ldap_server: " (source user.ldap.name)" + logon_timeout: "10" + name: "default_name_11" + password: "" + password2: "" + password3: "" + password4: "" + password5: "" + port: "17" + port2: "18" + port3: "19" + port4: "20" + port5: "21" + server: "192.168.100.40" + server2: "" + server3: "" + server4: "" + server5: "" + source_ip: "84.230.14.43" + source_ip6: "" + ssl: "enable" + ssl_server_host_ip_check: "enable" + ssl_trusted_cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" + type: "default" + user_info_server: " (source user.ldap.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_fsso_polling.rst b/gen/fortios_user_fsso_polling.rst new file mode 100644 index 00000000..a9b7f256 --- /dev/null +++ b/gen/fortios_user_fsso_polling.rst @@ -0,0 +1,977 @@ +:source: fortios_user_fsso_polling.py + +:orphan: + +.. fortios_user_fsso_polling: + +fortios_user_fsso_polling -- Configure FSSO active directory servers for polling mode in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and fsso_polling category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_fsso_pollingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_fsso_polling - Configure FSSO active directory servers for polling mode. type: dict + more... + +
              • +
                +
              • adgrp - LDAP Group Info. type: list member_path: adgrp:name + more... + +
                • +
                  +
                • name - Name. type: str required: true + more... + +
                  • +
                +
              • default_domain - Default domain managed by this Active Directory server. type: str + more... + +
                • +
              • id - Active Directory server ID. type: int required: true + more... + +
                • +
              • ldap_server - LDAP server name used in LDAP connection strings. Source user.ldap.name. type: str + more... + +
                • +
              • logon_history - Number of hours of logon history to keep, 0 means keep all history. type: int + more... + +
                • +
              • password - Password required to log into this Active Directory server. type: str + more... + +
                • +
              • polling_frequency - Polling frequency (every 1 to 30 seconds). type: int + more... + +
                • +
              • port - Port to communicate with this Active Directory server. type: int + more... + +
                • +
              • server - Host name or IP address of the Active Directory server. type: str + more... + +
                • +
              • smb_ntlmv1_auth - Enable/disable support of NTLMv1 for Samba authentication. type: str choices: enable, disable + more... + +
                • +
              • smbv1 - Enable/disable support of SMBv1 for Samba. type: str choices: enable, disable + more... + +
                • +
              • status - Enable/disable polling for the status of this Active Directory server. type: str choices: enable, disable + more... + +
                • +
              • user - User name required to log into this Active Directory server. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FSSO active directory servers for polling mode. + fortios_user_fsso_polling: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_fsso_polling: + adgrp: + - + name: "default_name_4" + default_domain: "" + id: "6" + ldap_server: " (source user.ldap.name)" + logon_history: "8" + password: "" + polling_frequency: "10" + port: "11" + server: "192.168.100.40" + smb_ntlmv1_auth: "enable" + smbv1: "enable" + status: "enable" + user: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_group.rst b/gen/fortios_user_group.rst new file mode 100644 index 00000000..df47c282 --- /dev/null +++ b/gen/fortios_user_group.rst @@ -0,0 +1,2544 @@ +:source: fortios_user_group.py + +:orphan: + +.. fortios_user_group: + +fortios_user_group -- Configure user groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_group - Configure user groups. type: dict + more... + +
              • +
                +
              • auth_concurrent_override - Enable/disable overriding the global number of concurrent authentication sessions for this user group. type: str choices: enable, disable + more... + +
                • +
              • auth_concurrent_value - Maximum number of concurrent authenticated connections per user (0 - 100). type: int + more... + +
                • +
              • authtimeout - Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout. type: int + more... + +
                • +
              • company - Set the action for the company guest user field. type: str choices: optional, mandatory, disabled + more... + +
                • +
              • email - Enable/disable the guest user email address field. type: str choices: disable, enable + more... + +
                • +
              • expire - Time in seconds before guest user accounts expire (1 - 31536000). type: int + more... + +
                • +
              • expire_type - Determine when the expiration countdown begins. type: str choices: immediately, first-successful-login + more... + +
                • +
              • group_type - Set the group to be for firewall authentication, FSSO, RSSO, or guest users. type: str choices: firewall, fsso-service, rsso, guest + more... + +
                • +
              • guest - Guest User. type: list member_path: guest:id + more... + +
                • +
                  +
                • comment - Comment. type: str + more... + +
                  • +
                • company - Set the action for the company guest user field. type: str + more... + +
                  • +
                • email - Email. type: str + more... + +
                  • +
                • expiration - Expire time. type: str + more... + +
                  • +
                • id - Guest ID. type: int required: true + more... + +
                  • +
                • mobile_phone - Mobile phone. type: str + more... + +
                  • +
                • name - Guest name. type: str + more... + +
                  • +
                • password - Guest password. type: str + more... + +
                  • +
                • sponsor - Set the action for the sponsor guest user field. type: str + more... + +
                  • +
                • user_id - Guest ID. type: str + more... + +
                  • +
                +
              • http_digest_realm - Realm attribute for MD5-digest authentication. type: str + more... + +
                • +
              • id - Group ID. type: int + more... + +
                • +
              • match - Group matches. type: list member_path: match:id + more... + +
                • +
                  +
                • group_name - Name of matching user or group on remote authentication server. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • server_name - Name of remote auth server. Source user.radius.name user.ldap.name user.tacacs+.name user.saml.name. type: str + more... + +
                  • +
                +
              • max_accounts - Maximum number of guest accounts that can be created for this group (0 means unlimited). type: int + more... + +
                • +
              • member - Names of users, peers, LDAP severs, or RADIUS servers to add to the user group. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Group member name. Source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.saml.name user .adgrp.name user.pop3.name user.certificate.name. type: str required: true + more... + +
                  • +
                +
              • mobile_phone - Enable/disable the guest user mobile phone number field. type: str choices: disable, enable + more... + +
                • +
              • multiple_guest_add - Enable/disable addition of multiple guests. type: str choices: disable, enable + more... + +
                • +
              • name - Group name. type: str required: true + more... + +
                • +
              • password - Guest user password type. type: str choices: auto-generate, specify, disable + more... + +
                • +
              • sms_custom_server - SMS server. Source system.sms-server.name. type: str + more... + +
                • +
              • sms_server - Send SMS through FortiGuard or other external server. type: str choices: fortiguard, custom + more... + +
                • +
              • sponsor - Set the action for the sponsor guest user field. type: str choices: optional, mandatory, disabled + more... + +
                • +
              • sso_attribute_value - Name of the RADIUS user group that this local user group represents. type: str + more... + +
                • +
              • user_id - Guest user ID type. type: str choices: email, auto-generate, specify + more... + +
                • +
              • user_name - Enable/disable the guest user name entry. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user groups. + fortios_user_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_group: + auth_concurrent_override: "enable" + auth_concurrent_value: "4" + authtimeout: "5" + company: "optional" + email: "disable" + expire: "8" + expire_type: "immediately" + group_type: "firewall" + guest: + - + comment: "Comment." + company: "" + email: "" + expiration: "" + id: "16" + mobile_phone: "" + name: "default_name_18" + password: "" + sponsor: "" + user_id: "" + http_digest_realm: "" + id: "23" + match: + - + group_name: "" + id: "26" + server_name: " (source user.radius.name user.ldap.name user.tacacs+.name user.saml.name)" + max_accounts: "28" + member: + - + name: "default_name_30 (source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.saml.name user.adgrp.name + user.pop3.name user.certificate.name)" + mobile_phone: "disable" + multiple_guest_add: "disable" + name: "default_name_33" + password: "auto-generate" + sms_custom_server: " (source system.sms-server.name)" + sms_server: "fortiguard" + sponsor: "optional" + sso_attribute_value: "" + user_id: "email" + user_name: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_krb_keytab.rst b/gen/fortios_user_krb_keytab.rst new file mode 100644 index 00000000..637d1a5d --- /dev/null +++ b/gen/fortios_user_krb_keytab.rst @@ -0,0 +1,510 @@ +:source: fortios_user_krb_keytab.py + +:orphan: + +.. fortios_user_krb_keytab: + +fortios_user_krb_keytab -- Configure Kerberos keytab entries in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and krb_keytab category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_krb_keytabyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_krb_keytab - Configure Kerberos keytab entries. type: dict + more... + +
              • +
                +
              • keytab - Base64 coded keytab file containing a pre-shared key. type: str + more... + +
                • +
              • ldap_server - LDAP server name(s). Source user.ldap.name. type: str + more... + +
                • +
              • name - Kerberos keytab entry name. type: str required: true + more... + +
                • +
              • pac_data - Enable/disable parsing PAC data in the ticket. type: str choices: enable, disable + more... + +
                • +
              • password - Password for keytab. type: str + more... + +
                • +
              • principal - Kerberos service principal. For example, HTTP/myfgt.example.com@example.com. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Kerberos keytab entries. + fortios_user_krb_keytab: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_krb_keytab: + keytab: "" + ldap_server: + - + name: "default_name_5 (source user.ldap.name)" + name: "default_name_6" + pac_data: "enable" + password: "" + principal: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_ldap.rst b/gen/fortios_user_ldap.rst new file mode 100644 index 00000000..5c1a7dbb --- /dev/null +++ b/gen/fortios_user_ldap.rst @@ -0,0 +1,2529 @@ +:source: fortios_user_ldap.py + +:orphan: + +.. fortios_user_ldap: + +fortios_user_ldap -- Configure LDAP server entries in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and ldap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_ldapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_ldap - Configure LDAP server entries. type: dict + more... + +
              • +
                +
              • account_key_filter - Account key filter, using the UPN as the search filter. type: str + more... + +
                • +
              • account_key_processing - Account key processing operation, either keep or strip domain string of UPN in the token. type: str choices: same, strip + more... + +
                • +
              • antiphish - Enable/disable AntiPhishing credential backend. type: str choices: enable, disable + more... + +
                • +
              • ca_cert - CA certificate name. Source vpn.certificate.ca.name. type: str + more... + +
                • +
              • cnid - Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". type: str + more... + +
                • +
              • dn - Distinguished name used to look up entries on the LDAP server. type: str + more... + +
                • +
              • group_filter - Filter used for group matching. type: str + more... + +
                • +
              • group_member_check - Group member checking methods. type: str choices: user-attr, group-object, posix-group-object + more... + +
                • +
              • group_object_filter - Filter used for group searching. type: str + more... + +
                • +
              • group_search_base - Search base used for group searching. type: str + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • member_attr - Name of attribute from which to get group membership. type: str + more... + +
                • +
              • name - LDAP server entry name. type: str required: true + more... + +
                • +
              • obtain_user_info - Enable/disable obtaining of user information. type: str choices: enable, disable + more... + +
                • +
              • password - Password for initial binding. type: str + more... + +
                • +
              • password_attr - Name of attribute to get password hash. type: str + more... + +
                • +
              • password_expiry_warning - Enable/disable password expiry warnings. type: str choices: enable, disable + more... + +
                • +
              • password_renewal - Enable/disable online password renewal. type: str choices: enable, disable + more... + +
                • +
              • port - Port to be used for communication with the LDAP server . type: int + more... + +
                • +
              • search_type - Search type. type: list choices: recursive + more... + +
                • +
              • secondary_server - Secondary LDAP server CN domain name or IP. type: str + more... + +
                • +
              • secure - Port to be used for authentication. type: str choices: disable, starttls, ldaps + more... + +
                • +
              • server - LDAP server CN domain name or IP. type: str + more... + +
                • +
              • server_identity_check - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). type: str choices: enable, disable + more... + +
                • +
              • source_ip - FortiGate IP address to be used for communication with the LDAP server. type: str + more... + +
                • +
              • source_port - Source port to be used for communication with the LDAP server. type: int + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • tertiary_server - Tertiary LDAP server CN domain name or IP. type: str + more... + +
                • +
              • two_factor - Enable/disable two-factor authentication. type: str choices: disable, fortitoken-cloud + more... + +
                • +
              • two_factor_authentication - Authentication method by FortiToken Cloud. type: str choices: fortitoken, email, sms + more... + +
                • +
              • two_factor_notification - Notification method for user activation by FortiToken Cloud. type: str choices: email, sms + more... + +
                • +
              • type - Authentication type for LDAP searches. type: str choices: simple, anonymous, regular + more... + +
                • +
              • user_info_exchange_server - MS Exchange server from which to fetch user information. Source user.exchange.name. type: str + more... + +
                • +
              • username - Username (full DN) for initial binding. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure LDAP server entries. + fortios_user_ldap: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_ldap: + account_key_filter: "" + account_key_processing: "same" + antiphish: "enable" + ca_cert: " (source vpn.certificate.ca.name)" + cnid: "" + dn: "" + group_filter: "" + group_member_check: "user-attr" + group_object_filter: "" + group_search_base: "" + interface: " (source system.interface.name)" + interface_select_method: "auto" + member_attr: "" + name: "default_name_16" + obtain_user_info: "enable" + password: "" + password_attr: "" + password_expiry_warning: "enable" + password_renewal: "enable" + port: "22" + search_type: "recursive" + secondary_server: "" + secure: "disable" + server: "192.168.100.40" + server_identity_check: "enable" + source_ip: "84.230.14.43" + source_port: "29" + ssl_min_proto_version: "default" + tertiary_server: "" + two_factor: "disable" + two_factor_authentication: "fortitoken" + two_factor_notification: "email" + type: "simple" + user_info_exchange_server: " (source user.exchange.name)" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_local.rst b/gen/fortios_user_local.rst new file mode 100644 index 00000000..4b31bb92 --- /dev/null +++ b/gen/fortios_user_local.rst @@ -0,0 +1,1848 @@ +:source: fortios_user_local.py + +:orphan: + +.. fortios_user_local: + +fortios_user_local -- Configure local users in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_localyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_local - Configure local users. type: dict + more... + +
              • +
                +
              • auth_concurrent_override - Enable/disable overriding the policy-auth-concurrent under config system global. type: str choices: enable, disable + more... + +
                • +
              • auth_concurrent_value - Maximum number of concurrent logins permitted from the same user. type: int + more... + +
                • +
              • authtimeout - Time in minutes before the authentication timeout for a user is reached. type: int + more... + +
                • +
              • email_to - Two-factor recipient"s email address. type: str + more... + +
                • +
              • fortitoken - Two-factor recipient"s FortiToken serial number. Source user.fortitoken.serial-number. type: str + more... + +
                • +
              • id - User ID. type: int + more... + +
                • +
              • ldap_server - Name of LDAP server with which the user must authenticate. Source user.ldap.name. type: str + more... + +
                • +
              • name - User name. type: str required: true + more... + +
                • +
              • passwd - User"s password. type: str + more... + +
                • +
              • passwd_policy - Password policy to apply to this user, as defined in config user password-policy. Source user.password-policy.name. type: str + more... + +
                • +
              • passwd_time - Time of the last password update. type: str + more... + +
                • +
              • ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str + more... + +
                • +
              • ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • radius_server - Name of RADIUS server with which the user must authenticate. Source user.radius.name. type: str + more... + +
                • +
              • sms_custom_server - Two-factor recipient"s SMS server. Source system.sms-server.name. type: str + more... + +
                • +
              • sms_phone - Two-factor recipient"s mobile phone number. type: str + more... + +
                • +
              • sms_server - Send SMS through FortiGuard or other external server. type: str choices: fortiguard, custom + more... + +
                • +
              • status - Enable/disable allowing the local user to authenticate with the FortiGate unit. type: str choices: enable, disable + more... + +
                • +
              • tacacs+_server - Name of TACACS+ server with which the user must authenticate. Source user.tacacs+.name. type: str + more... + +
                • +
              • two_factor - Enable/disable two-factor authentication. type: str choices: disable, fortitoken, fortitoken-cloud, email, sms + more... + +
                • +
              • two_factor_authentication - Authentication method by FortiToken Cloud. type: str choices: fortitoken, email, sms + more... + +
                • +
              • two_factor_notification - Notification method for user activation by FortiToken Cloud. type: str choices: email, sms + more... + +
                • +
              • type - Authentication method. type: str choices: password, radius, tacacs+, ldap + more... + +
                • +
              • username_case_sensitivity - Enable/disable case sensitivity when performing username matching (uppercase and lowercase letters are treated either as distinct or equivalent). type: str choices: disable, enable + more... + +
                • +
              • username_sensitivity - Enable/disable case and accent sensitivity when performing username matching (accents are stripped and case is ignored when disabled). type: str choices: disable, enable + more... + +
                • +
              • workstation - Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure local users. + fortios_user_local: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_local: + auth_concurrent_override: "enable" + auth_concurrent_value: "4" + authtimeout: "5" + email_to: "" + fortitoken: " (source user.fortitoken.serial-number)" + id: "8" + ldap_server: " (source user.ldap.name)" + name: "default_name_10" + passwd: "" + passwd_policy: " (source user.password-policy.name)" + passwd_time: "" + ppk_identity: "" + ppk_secret: "" + radius_server: " (source user.radius.name)" + sms_custom_server: " (source system.sms-server.name)" + sms_phone: "" + sms_server: "fortiguard" + status: "enable" + tacacs+_server: " (source user.tacacs+.name)" + two_factor: "disable" + two_factor_authentication: "fortitoken" + two_factor_notification: "email" + type: "password" + username_case_sensitivity: "disable" + username_sensitivity: "disable" + workstation: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_nac_policy.rst b/gen/fortios_user_nac_policy.rst new file mode 100644 index 00000000..aaa26bac --- /dev/null +++ b/gen/fortios_user_nac_policy.rst @@ -0,0 +1,1054 @@ +:source: fortios_user_nac_policy.py + +:orphan: + +.. fortios_user_nac_policy: + +fortios_user_nac_policy -- Configure NAC policy matching pattern to identify matching NAC devices in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and nac_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_nac_policyyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_nac_policy - Configure NAC policy matching pattern to identify matching NAC devices. type: dict + more... + +
              • +
                +
              • category - Category of NAC policy. type: str choices: device, firewall-user, ems-tag + more... + +
                • +
              • description - Description for the NAC policy matching pattern. type: str + more... + +
                • +
              • ems_tag - NAC policy matching EMS tag. Source firewall.address.name. type: str + more... + +
                • +
              • family - NAC policy matching family. type: str + more... + +
                • +
              • firewall_address - Dynamic firewall address to associate MAC which match this policy. Source firewall.address.name. type: str + more... + +
                • +
              • host - NAC policy matching host. type: str + more... + +
                • +
              • hw_vendor - NAC policy matching hardware vendor. type: str + more... + +
                • +
              • hw_version - NAC policy matching hardware version. type: str + more... + +
                • +
              • mac - NAC policy matching MAC address. type: str + more... + +
                • +
              • name - NAC policy name. type: str required: true + more... + +
                • +
              • os - NAC policy matching operating system. type: str + more... + +
                • +
              • src - NAC policy matching source. type: str + more... + +
                • +
              • ssid_policy - SSID policy to be applied on the matched NAC policy. Source wireless-controller.ssid-policy.name. type: str + more... + +
                • +
              • status - Enable/disable NAC policy. type: str choices: enable, disable + more... + +
                • +
              • sw_version - NAC policy matching software version. type: str + more... + +
                • +
              • switch_auto_auth - NAC device auto authorization when discovered and nac-policy matched. type: str choices: global, disable, enable + more... + +
                • +
              • switch_fortilink - FortiLink interface for which this NAC policy belongs to. Source system.interface.name. type: str + more... + +
                • +
              • switch_group - List of managed FortiSwitch groups on which NAC policy can be applied. type: list member_path: switch_group:name + more... + +
                • +
                  +
                • name - Managed FortiSwitch group name from available options. Source switch-controller.switch-group.name. type: str required: true + more... + +
                  • +
                +
              • switch_mac_policy - Switch MAC policy action to be applied on the matched NAC policy. Source switch-controller.mac-policy.name. type: str + more... + +
                • +
              • switch_port_policy - switch-port-policy to be applied on the matched NAC policy. Source switch-controller.port-policy.name. type: str + more... + +
                • +
              • switch_scope - List of managed FortiSwitches on which NAC policy can be applied. type: list + more... + +
                • +
                  +
                • switch_id - Managed FortiSwitch name from available options. Source switch-controller.managed-switch.switch-id. type: str + more... + +
                  • +
                +
              • type - NAC policy matching type. type: str + more... + +
                • +
              • user - NAC policy matching user. type: str + more... + +
                • +
              • user_group - NAC policy matching user group. Source user.group.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NAC policy matching pattern to identify matching NAC devices. + fortios_user_nac_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_nac_policy: + category: "device" + description: "" + ems_tag: " (source firewall.address.name)" + family: "" + firewall_address: " (source firewall.address.name)" + host: "myhostname" + hw_vendor: "" + hw_version: "" + mac: "" + name: "default_name_12" + os: "" + src: "" + ssid_policy: " (source wireless-controller.ssid-policy.name)" + status: "enable" + sw_version: "" + switch_auto_auth: "global" + switch_fortilink: " (source system.interface.name)" + switch_group: + - + name: "default_name_21 (source switch-controller.switch-group.name)" + switch_mac_policy: " (source switch-controller.mac-policy.name)" + switch_port_policy: " (source switch-controller.port-policy.name)" + switch_scope: + - + switch_id: " (source switch-controller.managed-switch.switch-id)" + type: "" + user: "" + user_group: " (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_password_policy.rst b/gen/fortios_user_password_policy.rst new file mode 100644 index 00000000..c216941a --- /dev/null +++ b/gen/fortios_user_password_policy.rst @@ -0,0 +1,438 @@ +:source: fortios_user_password_policy.py + +:orphan: + +.. fortios_user_password_policy: + +fortios_user_password_policy -- Configure user password policy in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and password_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_password_policyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_password_policy - Configure user password policy. type: dict + more... + +
              • +
                +
              • expire_days - Time in days before the user"s password expires. type: int + more... + +
                • +
              • expired_password_renewal - Enable/disable renewal of a password that already is expired. type: str choices: enable, disable + more... + +
                • +
              • name - Password policy name. type: str required: true + more... + +
                • +
              • warn_days - Time in days before a password expiration warning message is displayed to the user upon login. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user password policy. + fortios_user_password_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_password_policy: + expire_days: "3" + expired_password_renewal: "enable" + name: "default_name_5" + warn_days: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_peer.rst b/gen/fortios_user_peer.rst new file mode 100644 index 00000000..e51aa3b1 --- /dev/null +++ b/gen/fortios_user_peer.rst @@ -0,0 +1,1023 @@ +:source: fortios_user_peer.py + +:orphan: + +.. fortios_user_peer: + +fortios_user_peer -- Configure peer users in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and peer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_peeryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_peer - Configure peer users. type: dict + more... + +
              • +
                +
              • ca - Name of the CA certificate. Source vpn.certificate.ca.name. type: str + more... + +
                • +
              • cn - Peer certificate common name. type: str + more... + +
                • +
              • cn_type - Peer certificate common name type. type: str choices: string, email, FQDN, ipv4, ipv6 + more... + +
                • +
              • ldap_mode - Mode for LDAP peer authentication. type: str choices: password, principal-name + more... + +
                • +
              • ldap_password - Password for LDAP server bind. type: str + more... + +
                • +
              • ldap_server - Name of an LDAP server defined under the user ldap command. Performs client access rights check. Source user.ldap.name. type: str + more... + +
                • +
              • ldap_username - Username for LDAP server bind. type: str + more... + +
                • +
              • mandatory_ca_verify - Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid. type: str choices: enable, disable + more... + +
                • +
              • name - Peer name. type: str required: true + more... + +
                • +
              • ocsp_override_server - Online Certificate Status Protocol (OCSP) server for certificate retrieval. Source vpn.certificate.ocsp-server.name. type: str + more... + +
                • +
              • passwd - Peer"s password used for two-factor authentication. type: str + more... + +
                • +
              • subject - Peer certificate name constraints. type: str + more... + +
                • +
              • two_factor - Enable/disable two-factor authentication, applying certificate and password-based authentication. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure peer users. + fortios_user_peer: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_peer: + ca: " (source vpn.certificate.ca.name)" + cn: "" + cn_type: "string" + ldap_mode: "password" + ldap_password: "" + ldap_server: " (source user.ldap.name)" + ldap_username: "" + mandatory_ca_verify: "enable" + name: "default_name_11" + ocsp_override_server: " (source vpn.certificate.ocsp-server.name)" + passwd: "" + subject: "" + two_factor: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_peergrp.rst b/gen/fortios_user_peergrp.rst new file mode 100644 index 00000000..5c8ab6ad --- /dev/null +++ b/gen/fortios_user_peergrp.rst @@ -0,0 +1,357 @@ +:source: fortios_user_peergrp.py + +:orphan: + +.. fortios_user_peergrp: + +fortios_user_peergrp -- Configure peer groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and peergrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_peergrpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_peergrp - Configure peer groups. type: dict + more... + +
              • +
                +
              • member - Peer group members. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Peer group member name. Source user.peer.name. type: str required: true + more... + +
                  • +
                +
              • name - Peer group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure peer groups. + fortios_user_peergrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_peergrp: + member: + - + name: "default_name_4 (source user.peer.name)" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_pop3.rst b/gen/fortios_user_pop3.rst new file mode 100644 index 00000000..f3f36e95 --- /dev/null +++ b/gen/fortios_user_pop3.rst @@ -0,0 +1,598 @@ +:source: fortios_user_pop3.py + +:orphan: + +.. fortios_user_pop3: + +fortios_user_pop3 -- POP3 server entry configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and pop3 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_pop3yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_pop3 - POP3 server entry configuration. type: dict + more... + +
              • +
                +
              • name - POP3 server entry name. type: str required: true + more... + +
                • +
              • port - POP3 service port number. type: int + more... + +
                • +
              • secure - SSL connection. type: str choices: none, starttls, pop3s + more... + +
                • +
              • server - Server domain name or IP address. type: str + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: POP3 server entry configuration. + fortios_user_pop3: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_pop3: + name: "default_name_3" + port: "4" + secure: "none" + server: "192.168.100.40" + ssl_min_proto_version: "default" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_quarantine.rst b/gen/fortios_user_quarantine.rst new file mode 100644 index 00000000..cf205f39 --- /dev/null +++ b/gen/fortios_user_quarantine.rst @@ -0,0 +1,825 @@ +:source: fortios_user_quarantine.py + +:orphan: + +.. fortios_user_quarantine: + +fortios_user_quarantine -- Configure quarantine support in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_quarantineyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • user_quarantine - Configure quarantine support. type: dict + more... + +
              • +
                +
              • firewall_groups - Firewall address group which includes all quarantine MAC address. Source firewall.addrgrp.name. type: str + more... + +
                • +
              • quarantine - Enable/disable quarantine. type: str choices: enable, disable + more... + +
                • +
              • targets - Quarantine entry to hold multiple MACs. type: list member_path: targets:entry + more... + +
                • +
                  +
                • description - Description for the quarantine entry. type: str + more... + +
                  • +
                • entry - Quarantine entry name. type: str required: true + more... + +
                  • +
                • macs - Quarantine MACs. type: list member_path: targets:entry/macs:mac + more... + +
                  • +
                    +
                  • description - Description for the quarantine MAC. type: str + more... + +
                    • +
                  • drop - Enable/disable dropping of quarantined device traffic. type: str choices: disable, enable + more... + +
                    • +
                  • entry_id - FSW entry id for the quarantine MAC. type: int + more... + +
                    • +
                  • mac - Quarantine MAC. type: str required: true + more... + +
                    • +
                  • parent - Parent entry name. type: str + more... + +
                    • +
                  +
                +
              • traffic_policy - Traffic policy for quarantined MACs. Source switch-controller.traffic-policy.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure quarantine support. + fortios_user_quarantine: + vdom: "{{ vdom }}" + user_quarantine: + firewall_groups: " (source firewall.addrgrp.name)" + quarantine: "enable" + targets: + - + description: "" + entry: "" + macs: + - + description: "" + drop: "disable" + entry_id: "11" + mac: "" + parent: "" + traffic_policy: " (source switch-controller.traffic-policy.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_radius.rst b/gen/fortios_user_radius.rst new file mode 100644 index 00000000..9914ac57 --- /dev/null +++ b/gen/fortios_user_radius.rst @@ -0,0 +1,5027 @@ +:source: fortios_user_radius.py + +:orphan: + +.. fortios_user_radius: + +fortios_user_radius -- Configure RADIUS server entries in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and radius category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_radiusyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_radius - Configure RADIUS server entries. type: dict + more... + +
              • +
                +
              • accounting_server - Additional accounting servers. type: list member_path: accounting_server:id + more... + +
                • +
                  +
                • id - ID (0 - 4294967295). type: int required: true + more... + +
                  • +
                • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                  • +
                • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                  • +
                • port - RADIUS accounting port number. type: int + more... + +
                  • +
                • secret - Secret key. type: str + more... + +
                  • +
                • server - Server CN domain name or IP address. type: str + more... + +
                  • +
                • source_ip - Source IP address for communications to the RADIUS server. type: str + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • acct_all_servers - Enable/disable sending of accounting messages to all configured servers . type: str choices: enable, disable + more... + +
                • +
              • acct_interim_interval - Time in seconds between each accounting interim update message. type: int + more... + +
                • +
              • all_usergroup - Enable/disable automatically including this RADIUS server in all user groups. type: str choices: disable, enable + more... + +
                • +
              • auth_type - Authentication methods/protocols permitted for this RADIUS server. type: str choices: auto, ms_chap_v2, ms_chap, chap, pap + more... + +
                • +
              • class - Class attribute name(s). type: list member_path: class:name + more... + +
                • +
                  +
                • name - Class name. type: str required: true + more... + +
                  • +
                +
              • group_override_attr_type - RADIUS attribute type to override user group information. type: str choices: filter-Id, class + more... + +
                • +
              • h3c_compatibility - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. type: str choices: enable, disable + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • name - RADIUS server entry name. type: str required: true + more... + +
                • +
              • nas_ip - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. type: str + more... + +
                • +
              • password_encoding - Password encoding. type: str choices: auto, ISO-8859-1 + more... + +
                • +
              • password_renewal - Enable/disable password renewal. type: str choices: enable, disable + more... + +
                • +
              • radius_coa - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. type: str choices: enable, disable + more... + +
                • +
              • radius_port - RADIUS service port number. type: int + more... + +
                • +
              • rsso - Enable/disable RADIUS based single sign on feature. type: str choices: enable, disable + more... + +
                • +
              • rsso_context_timeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users. type: int + more... + +
                • +
              • rsso_endpoint_attribute - RADIUS attributes used to extract the user end point identifier from the RADIUS Start record. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id + more... + +
                • +
              • rsso_endpoint_block_attribute - RADIUS attributes used to block a user. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id + more... + +
                • +
              • rsso_ep_one_ip_only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. type: str choices: enable, disable + more... + +
                • +
              • rsso_flush_ip_session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. type: str choices: enable, disable + more... + +
                • +
              • rsso_log_flags - Events to log. type: list choices: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none + more... + +
                • +
              • rsso_log_period - Time interval in seconds that group event log messages will be generated for dynamic profile events. type: int + more... + +
                • +
              • rsso_radius_response - Enable/disable sending RADIUS response packets after receiving Start and Stop records. type: str choices: enable, disable + more... + +
                • +
              • rsso_radius_server_port - UDP port to listen on for RADIUS Start and Stop records. type: int + more... + +
                • +
              • rsso_secret - RADIUS secret used by the RADIUS accounting server. type: str + more... + +
                • +
              • rsso_validate_request_secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. type: str choices: enable, disable + more... + +
                • +
              • secondary_secret - Secret key to access the secondary server. type: str + more... + +
                • +
              • secondary_server - Secondary RADIUS CN domain name or IP address. type: str + more... + +
                • +
              • secret - Pre-shared secret key used to access the primary RADIUS server. type: str + more... + +
                • +
              • server - Primary RADIUS server CN domain name or IP address. type: str + more... + +
                • +
              • source_ip - Source IP address for communications to the RADIUS server. type: str + more... + +
                • +
              • sso_attribute - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id + more... + +
                • +
              • sso_attribute_key - Key prefix for SSO group value in the SSO attribute. type: str + more... + +
                • +
              • sso_attribute_value_override - Enable/disable override old attribute value with new value for the same endpoint. type: str choices: enable, disable + more... + +
                • +
              • switch_controller_acct_fast_framedip_detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds). type: int + more... + +
                • +
              • switch_controller_service_type - RADIUS service type. type: list choices: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative + more... + +
                • +
              • tertiary_secret - Secret key to access the tertiary server. type: str + more... + +
                • +
              • tertiary_server - Tertiary RADIUS CN domain name or IP address. type: str + more... + +
                • +
              • timeout - Time in seconds between re-sending authentication requests. type: int + more... + +
                • +
              • use_management_vdom - Enable/disable using management VDOM to send requests. type: str choices: enable, disable + more... + +
                • +
              • username_case_sensitive - Enable/disable case sensitive user names. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure RADIUS server entries. + fortios_user_radius: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_radius: + accounting_server: + - + id: "4" + interface: " (source system.interface.name)" + interface_select_method: "auto" + port: "7" + secret: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + acct_all_servers: "enable" + acct_interim_interval: "13" + all_usergroup: "disable" + auth_type: "auto" + class: + - + name: "default_name_17" + group_override_attr_type: "filter-Id" + h3c_compatibility: "enable" + interface: " (source system.interface.name)" + interface_select_method: "auto" + name: "default_name_22" + nas_ip: "" + password_encoding: "auto" + password_renewal: "enable" + radius_coa: "enable" + radius_port: "27" + rsso: "enable" + rsso_context_timeout: "29" + rsso_endpoint_attribute: "User-Name" + rsso_endpoint_block_attribute: "User-Name" + rsso_ep_one_ip_only: "enable" + rsso_flush_ip_session: "enable" + rsso_log_flags: "protocol-error" + rsso_log_period: "35" + rsso_radius_response: "enable" + rsso_radius_server_port: "37" + rsso_secret: "" + rsso_validate_request_secret: "enable" + secondary_secret: "" + secondary_server: "" + secret: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + sso_attribute: "User-Name" + sso_attribute_key: "" + sso_attribute_value_override: "enable" + switch_controller_acct_fast_framedip_detect: "48" + switch_controller_service_type: "login" + tertiary_secret: "" + tertiary_server: "" + timeout: "52" + use_management_vdom: "enable" + username_case_sensitive: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_saml.rst b/gen/fortios_user_saml.rst new file mode 100644 index 00000000..6f999e4d --- /dev/null +++ b/gen/fortios_user_saml.rst @@ -0,0 +1,1620 @@ +:source: fortios_user_saml.py + +:orphan: + +.. fortios_user_saml: + +fortios_user_saml -- SAML server entry configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and saml category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_samlyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_saml - SAML server entry configuration. type: dict + more... + +
              • +
                +
              • adfs_claim - Enable/disable ADFS Claim for user/group attribute in assertion statement . type: str choices: enable, disable + more... + +
                • +
              • cert - Certificate to sign SAML messages. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • clock_tolerance - Clock skew tolerance in seconds (0 - 300). type: int + more... + +
                • +
              • digest_method - Digest method algorithm . type: str choices: sha1, sha256 + more... + +
                • +
              • entity_id - SP entity ID. type: str + more... + +
                • +
              • group_claim_type - Group claim in assertion statement. type: str choices: email, given-name, name, upn, common-name, email-adfs-1x, group, upn-adfs-1x, role, sur-name, ppid, name-identifier, authentication-method, deny-only-group-sid, deny-only-primary-sid, deny-only-primary-group-sid, group-sid, primary-group-sid, primary-sid, windows-account-name + more... + +
                • +
              • group_name - Group name in assertion statement. type: str + more... + +
                • +
              • idp_cert - IDP Certificate name. Source vpn.certificate.remote.name. type: str + more... + +
                • +
              • idp_entity_id - IDP entity ID. type: str + more... + +
                • +
              • idp_single_logout_url - IDP single logout url. type: str + more... + +
                • +
              • idp_single_sign_on_url - IDP single sign-on URL. type: str + more... + +
                • +
              • limit_relaystate - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). type: str choices: enable, disable + more... + +
                • +
              • name - SAML server entry name. type: str required: true + more... + +
                • +
              • single_logout_url - SP single logout URL. type: str + more... + +
                • +
              • single_sign_on_url - SP single sign-on URL. type: str + more... + +
                • +
              • user_claim_type - User name claim in assertion statement. type: str choices: email, given-name, name, upn, common-name, email-adfs-1x, group, upn-adfs-1x, role, sur-name, ppid, name-identifier, authentication-method, deny-only-group-sid, deny-only-primary-sid, deny-only-primary-group-sid, group-sid, primary-group-sid, primary-sid, windows-account-name + more... + +
                • +
              • user_name - User name in assertion statement. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SAML server entry configuration. + fortios_user_saml: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_saml: + adfs_claim: "enable" + cert: " (source vpn.certificate.local.name)" + clock_tolerance: "5" + digest_method: "sha1" + entity_id: "" + group_claim_type: "email" + group_name: "" + idp_cert: " (source vpn.certificate.remote.name)" + idp_entity_id: "" + idp_single_logout_url: "" + idp_single_sign_on_url: "" + limit_relaystate: "enable" + name: "default_name_15" + single_logout_url: "" + single_sign_on_url: "" + user_claim_type: "email" + user_name: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_security_exempt_list.rst b/gen/fortios_user_security_exempt_list.rst new file mode 100644 index 00000000..e23011f3 --- /dev/null +++ b/gen/fortios_user_security_exempt_list.rst @@ -0,0 +1,737 @@ +:source: fortios_user_security_exempt_list.py + +:orphan: + +.. fortios_user_security_exempt_list: + +fortios_user_security_exempt_list -- Configure security exemption list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and security_exempt_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_security_exempt_listyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_security_exempt_list - Configure security exemption list. type: dict + more... + +
              • +
                +
              • description - Description. type: str + more... + +
                • +
              • name - Name of the exempt list. type: str required: true + more... + +
                • +
              • rule - Configure rules for exempting users from captive portal authentication. type: list member_path: rule:id + more... + +
                • +
                  +
                • devices - Devices or device groups. type: list member_path: rule:id/devices:name + more... + +
                  • +
                    +
                  • name - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. type: str required: true + more... + +
                    • +
                  +
                • dstaddr - Destination addresses or address groups. type: list member_path: rule:id/dstaddr:name + more... + +
                  • +
                    +
                  • name - Address or group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • service - Destination services. type: list member_path: rule:id/service:name + more... + +
                  • +
                    +
                  • name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true + more... + +
                    • +
                  +
                • srcaddr - Source addresses or address groups. type: list member_path: rule:id/srcaddr:name + more... + +
                  • +
                    +
                  • name - Address or group name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure security exemption list. + fortios_user_security_exempt_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_security_exempt_list: + description: "" + name: "default_name_4" + rule: + - + devices: + - + name: "default_name_7 (source user.device.alias user.device-group.name user.device-category.name)" + dstaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + id: "10" + service: + - + name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_setting.rst b/gen/fortios_user_setting.rst new file mode 100644 index 00000000..52c6f32f --- /dev/null +++ b/gen/fortios_user_setting.rst @@ -0,0 +1,2023 @@ +:source: fortios_user_setting.py + +:orphan: + +.. fortios_user_setting: + +fortios_user_setting -- Configure user authentication setting in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • user_setting - Configure user authentication setting. type: dict + more... + +
              • +
                +
              • auth_blackout_time - Time in seconds an IP address is denied access after failing to authenticate five times within one minute. type: int + more... + +
                • +
              • auth_ca_cert - HTTPS CA certificate for policy authentication. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • auth_cert - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • auth_http_basic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. type: str choices: enable, disable + more... + +
                • +
              • auth_invalid_max - Maximum number of failed authentication attempts before the user is blocked. type: int + more... + +
                • +
              • auth_lockout_duration - Lockout period in seconds after too many login failures. type: int + more... + +
                • +
              • auth_lockout_threshold - Maximum number of failed login attempts before login lockout is triggered. type: int + more... + +
                • +
              • auth_on_demand - Always/implicitly trigger firewall authentication on demand. type: str choices: always, implicitly + more... + +
                • +
              • auth_portal_timeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min). type: int + more... + +
                • +
              • auth_ports - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. type: list member_path: auth_ports:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • port - Non-standard port for firewall user authentication. type: int + more... + +
                  • +
                • type - Service type. type: str choices: http, https, ftp, telnet + more... + +
                  • +
                +
              • auth_secure_http - Enable/disable redirecting HTTP user authentication to more secure HTTPS. type: str choices: enable, disable + more... + +
                • +
              • auth_src_mac - Enable/disable source MAC for user identity. type: str choices: enable, disable + more... + +
                • +
              • auth_ssl_allow_renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. type: str choices: enable, disable + more... + +
                • +
              • auth_ssl_max_proto_version - Maximum supported protocol version for SSL/TLS connections . type: str choices: sslv3, tlsv1, tlsv1-1, tlsv1-2, tlsv1-3 + more... + +
                • +
              • auth_ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • auth_ssl_sigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only). type: str choices: no-rsa-pss, all + more... + +
                • +
              • auth_timeout - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. type: int + more... + +
                • +
              • auth_timeout_type - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. type: str choices: idle-timeout, hard-timeout, new-session + more... + +
                • +
              • auth_type - Supported firewall policy authentication protocols/methods. type: list choices: http, https, ftp, telnet + more... + +
                • +
              • per_policy_disclaimer - Enable/disable per policy disclaimer. type: str choices: enable, disable + more... + +
                • +
              • radius_ses_timeout_act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. type: str choices: hard-timeout, ignore-timeout + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user authentication setting. + fortios_user_setting: + vdom: "{{ vdom }}" + user_setting: + auth_blackout_time: "3" + auth_ca_cert: " (source vpn.certificate.local.name)" + auth_cert: " (source vpn.certificate.local.name)" + auth_http_basic: "enable" + auth_invalid_max: "7" + auth_lockout_duration: "8" + auth_lockout_threshold: "9" + auth_on_demand: "always" + auth_portal_timeout: "11" + auth_ports: + - + id: "13" + port: "14" + type: "http" + auth_secure_http: "enable" + auth_src_mac: "enable" + auth_ssl_allow_renegotiation: "enable" + auth_ssl_max_proto_version: "sslv3" + auth_ssl_min_proto_version: "default" + auth_ssl_sigalgs: "no-rsa-pss" + auth_timeout: "22" + auth_timeout_type: "idle-timeout" + auth_type: "http" + per_policy_disclaimer: "enable" + radius_ses_timeout_act: "hard-timeout" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_user_tacacsplus.rst b/gen/fortios_user_tacacsplus.rst new file mode 100644 index 00000000..71b35a68 --- /dev/null +++ b/gen/fortios_user_tacacsplus.rst @@ -0,0 +1,1004 @@ +:source: fortios_user_tacacsplus.py + +:orphan: + +.. fortios_user_tacacsplus: + +fortios_user_tacacsplus -- Configure TACACS+ server entries in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and tacacsplus category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_user_tacacsplusyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • user_tacacsplus - Configure TACACS+ server entries. type: dict + more... + +
              • +
                +
              • authen_type - Allowed authentication protocols/methods. type: str choices: mschap, chap, pap, ascii, auto + more... + +
                • +
              • authorization - Enable/disable TACACS+ authorization. type: str choices: enable, disable + more... + +
                • +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • key - Key to access the primary server. type: str + more... + +
                • +
              • name - TACACS+ server entry name. type: str required: true + more... + +
                • +
              • port - Port number of the TACACS+ server. type: int + more... + +
                • +
              • secondary_key - Key to access the secondary server. type: str + more... + +
                • +
              • secondary_server - Secondary TACACS+ server CN domain name or IP address. type: str + more... + +
                • +
              • server - Primary TACACS+ server CN domain name or IP address. type: str + more... + +
                • +
              • source_ip - Source IP address for communications to TACACS+ server. type: str + more... + +
                • +
              • tertiary_key - Key to access the tertiary server. type: str + more... + +
                • +
              • tertiary_server - Tertiary TACACS+ server CN domain name or IP address. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure TACACS+ server entries. + fortios_user_tacacsplus: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_tacacsplus: + authen_type: "mschap" + authorization: "enable" + interface: " (source system.interface.name)" + interface_select_method: "auto" + key: "" + name: "default_name_8" + port: "9" + secondary_key: "" + secondary_server: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + tertiary_key: "" + tertiary_server: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_videofilter_profile.rst b/gen/fortios_videofilter_profile.rst new file mode 100644 index 00000000..a1865a5c --- /dev/null +++ b/gen/fortios_videofilter_profile.rst @@ -0,0 +1,671 @@ +:source: fortios_videofilter_profile.py + +:orphan: + +.. fortios_videofilter_profile: + +fortios_videofilter_profile -- Configure VideoFilter profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify videofilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_videofilter_profileyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • videofilter_profile - Configure VideoFilter profile. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • dailymotion - Enable/disable Dailymotion video source. type: str choices: enable, disable + more... + +
                • +
              • fortiguard_category - Configure FortiGuard categories. type: dict + more... + +
                • +
                  +
                • filters - Configure VideoFilter FortiGuard category. type: list member_path: fortiguard_category/filters:id + more... + +
                  • +
                    +
                  • action - VideoFilter action. type: str choices: allow, monitor, block, bypass + more... + +
                    • +
                  • category_id - Category ID. type: int + more... + +
                    • +
                  • id - ID. type: int required: true + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • vimeo - Enable/disable Vimeo video source. type: str choices: enable, disable + more... + +
                • +
              • vimeo_restrict - Set Vimeo-restrict ("7" = don"t show mature content, "134" = don"t show unrated and mature content). A value of cookie "content_rating". type: str + more... + +
                • +
              • youtube - Enable/disable YouTube video source. type: str choices: enable, disable + more... + +
                • +
              • youtube_channel_filter - Set YouTube channel filter. Source videofilter.youtube-channel-filter.id. type: int + more... + +
                • +
              • youtube_restrict - Set YouTube-restrict mode. type: str choices: none, strict, moderate + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VideoFilter profile. + fortios_videofilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + videofilter_profile: + comment: "Comment." + dailymotion: "enable" + fortiguard_category: + filters: + - + action: "allow" + category_id: "8" + id: "9" + log: "enable" + name: "default_name_11" + replacemsg_group: " (source system.replacemsg-group.name)" + vimeo: "enable" + vimeo_restrict: "" + youtube: "enable" + youtube_channel_filter: "16 (source videofilter.youtube-channel-filter.id)" + youtube_restrict: "none" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_videofilter_youtube_channel_filter.rst b/gen/fortios_videofilter_youtube_channel_filter.rst new file mode 100644 index 00000000..53bfa039 --- /dev/null +++ b/gen/fortios_videofilter_youtube_channel_filter.rst @@ -0,0 +1,520 @@ +:source: fortios_videofilter_youtube_channel_filter.py + +:orphan: + +.. fortios_videofilter_youtube_channel_filter: + +fortios_videofilter_youtube_channel_filter -- Configure YouTube channel filter in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify videofilter feature and youtube_channel_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_videofilter_youtube_channel_filteryesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • videofilter_youtube_channel_filter - Configure YouTube channel filter. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • default_action - YouTube channel filter default action. type: str choices: allow, monitor, block + more... + +
                • +
              • entries - YouTube filter entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - YouTube channel filter action. type: str choices: allow, monitor, block, bypass + more... + +
                  • +
                • channel_id - Channel ID. type: str + more... + +
                  • +
                • comment - Comment. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                • +
              • name - Name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure YouTube channel filter. + fortios_videofilter_youtube_channel_filter: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + videofilter_youtube_channel_filter: + comment: "Comment." + default_action: "allow" + entries: + - + action: "allow" + channel_id: "" + comment: "Comment." + id: "9" + id: "10" + log: "enable" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_videofilter_youtube_key.rst b/gen/fortios_videofilter_youtube_key.rst new file mode 100644 index 00000000..f72b182c --- /dev/null +++ b/gen/fortios_videofilter_youtube_key.rst @@ -0,0 +1,252 @@ +:source: fortios_videofilter_youtube_key.py + +:orphan: + +.. fortios_videofilter_youtube_key: + +fortios_videofilter_youtube_key -- Configure YouTube API keys in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify videofilter feature and youtube_key category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_videofilter_youtube_keyyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • videofilter_youtube_key - Configure YouTube API keys. type: dict + more... + +
              • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • key - Key. type: str + more... + +
                • +
              • status - Enable/disable YouTube API service. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure YouTube API keys. + fortios_videofilter_youtube_key: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + videofilter_youtube_key: + id: "3" + key: "" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_voip_profile.rst b/gen/fortios_voip_profile.rst new file mode 100644 index 00000000..07dc960a --- /dev/null +++ b/gen/fortios_voip_profile.rst @@ -0,0 +1,10733 @@ +:source: fortios_voip_profile.py + +:orphan: + +.. fortios_voip_profile: + +fortios_voip_profile -- Configure VoIP profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_voip_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • voip_profile - Configure VoIP profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • feature_set - Flow or proxy inspection feature set. type: str choices: flow, proxy + more... + +
                • +
              • msrp - MSRP. type: dict + more... + +
                • +
                  +
                • log_violations - Enable/disable logging of MSRP violations. type: str choices: disable, enable + more... + +
                  • +
                • max_msg_size - Maximum allowable MSRP message size (1-65535). type: int + more... + +
                  • +
                • max_msg_size_action - Action for violation of max-msg-size. type: str choices: pass, block, reset, monitor + more... + +
                  • +
                • status - Enable/disable MSRP. type: str choices: disable, enable + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • sccp - SCCP. type: dict + more... + +
                • +
                  +
                • block_mcast - Enable/disable block multicast RTP connections. type: str choices: disable, enable + more... + +
                  • +
                • log_call_summary - Enable/disable log summary of SCCP calls. type: str choices: disable, enable + more... + +
                  • +
                • log_violations - Enable/disable logging of SCCP violations. type: str choices: disable, enable + more... + +
                  • +
                • max_calls - Maximum calls per minute per SCCP client (max 65535). type: int + more... + +
                  • +
                • status - Enable/disable SCCP. type: str choices: disable, enable + more... + +
                  • +
                • verify_header - Enable/disable verify SCCP header content. type: str choices: disable, enable + more... + +
                  • +
                +
              • sip - SIP. type: dict + more... + +
                • +
                  +
                • ack_rate - ACK request rate limit (per second, per policy). type: int + more... + +
                  • +
                • ack_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • block_ack - Enable/disable block ACK requests. type: str choices: disable, enable + more... + +
                  • +
                • block_bye - Enable/disable block BYE requests. type: str choices: disable, enable + more... + +
                  • +
                • block_cancel - Enable/disable block CANCEL requests. type: str choices: disable, enable + more... + +
                  • +
                • block_geo_red_options - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. type: str choices: disable, enable + more... + +
                  • +
                • block_info - Enable/disable block INFO requests. type: str choices: disable, enable + more... + +
                  • +
                • block_invite - Enable/disable block INVITE requests. type: str choices: disable, enable + more... + +
                  • +
                • block_long_lines - Enable/disable block requests with headers exceeding max-line-length. type: str choices: disable, enable + more... + +
                  • +
                • block_message - Enable/disable block MESSAGE requests. type: str choices: disable, enable + more... + +
                  • +
                • block_notify - Enable/disable block NOTIFY requests. type: str choices: disable, enable + more... + +
                  • +
                • block_options - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. type: str choices: disable, enable + more... + +
                  • +
                • block_prack - Enable/disable block prack requests. type: str choices: disable, enable + more... + +
                  • +
                • block_publish - Enable/disable block PUBLISH requests. type: str choices: disable, enable + more... + +
                  • +
                • block_refer - Enable/disable block REFER requests. type: str choices: disable, enable + more... + +
                  • +
                • block_register - Enable/disable block REGISTER requests. type: str choices: disable, enable + more... + +
                  • +
                • block_subscribe - Enable/disable block SUBSCRIBE requests. type: str choices: disable, enable + more... + +
                  • +
                • block_unknown - Block unrecognized SIP requests (enabled by default). type: str choices: disable, enable + more... + +
                  • +
                • block_update - Enable/disable block UPDATE requests. type: str choices: disable, enable + more... + +
                  • +
                • bye_rate - BYE request rate limit (per second, per policy). type: int + more... + +
                  • +
                • bye_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • call_keepalive - Continue tracking calls with no RTP for this many minutes. type: int + more... + +
                  • +
                • cancel_rate - CANCEL request rate limit (per second, per policy). type: int + more... + +
                  • +
                • cancel_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • contact_fixup - Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port. type: str choices: disable, enable + more... + +
                  • +
                • hnt_restrict_source_ip - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. type: str choices: disable, enable + more... + +
                  • +
                • hosted_nat_traversal - Hosted NAT Traversal (HNT). type: str choices: disable, enable + more... + +
                  • +
                • info_rate - INFO request rate limit (per second, per policy). type: int + more... + +
                  • +
                • info_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • invite_rate - INVITE request rate limit (per second, per policy). type: int + more... + +
                  • +
                • invite_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • ips_rtp - Enable/disable allow IPS on RTP. type: str choices: disable, enable + more... + +
                  • +
                • log_call_summary - Enable/disable logging of SIP call summary. type: str choices: disable, enable + more... + +
                  • +
                • log_violations - Enable/disable logging of SIP violations. type: str choices: disable, enable + more... + +
                  • +
                • malformed_header_allow - Action for malformed Allow header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_call_id - Action for malformed Call-ID header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_contact - Action for malformed Contact header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_content_length - Action for malformed Content-Length header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_content_type - Action for malformed Content-Type header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_cseq - Action for malformed CSeq header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_expires - Action for malformed Expires header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_from - Action for malformed From header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_max_forwards - Action for malformed Max-Forwards header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_no_proxy_require - Action for malformed SIP messages without Proxy-Require header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_no_require - Action for malformed SIP messages without Require header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_p_asserted_identity - Action for malformed P-Asserted-Identity header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_rack - Action for malformed RAck header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_record_route - Action for malformed Record-Route header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_route - Action for malformed Route header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_rseq - Action for malformed RSeq header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_a - Action for malformed SDP a line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_b - Action for malformed SDP b line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_c - Action for malformed SDP c line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_i - Action for malformed SDP i line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_k - Action for malformed SDP k line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_m - Action for malformed SDP m line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_o - Action for malformed SDP o line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_r - Action for malformed SDP r line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_s - Action for malformed SDP s line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_t - Action for malformed SDP t line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_v - Action for malformed SDP v line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_sdp_z - Action for malformed SDP z line. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_to - Action for malformed To header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_header_via - Action for malformed VIA header. type: str choices: discard, pass, respond + more... + +
                  • +
                • malformed_request_line - Action for malformed request line. type: str choices: discard, pass, respond + more... + +
                  • +
                • max_body_length - Maximum SIP message body length (0 meaning no limit). type: int + more... + +
                  • +
                • max_dialogs - Maximum number of concurrent calls/dialogs (per policy). type: int + more... + +
                  • +
                • max_idle_dialogs - Maximum number established but idle dialogs to retain (per policy). type: int + more... + +
                  • +
                • max_line_length - Maximum SIP header line length (78-4096). type: int + more... + +
                  • +
                • message_rate - MESSAGE request rate limit (per second, per policy). type: int + more... + +
                  • +
                • message_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • nat_port_range - RTP NAT port range. type: str + more... + +
                  • +
                • nat_trace - Enable/disable preservation of original IP in SDP i line. type: str choices: disable, enable + more... + +
                  • +
                • no_sdp_fixup - Enable/disable no SDP fix-up. type: str choices: disable, enable + more... + +
                  • +
                • notify_rate - NOTIFY request rate limit (per second, per policy). type: int + more... + +
                  • +
                • notify_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • open_contact_pinhole - Enable/disable open pinhole for non-REGISTER Contact port. type: str choices: disable, enable + more... + +
                  • +
                • open_record_route_pinhole - Enable/disable open pinhole for Record-Route port. type: str choices: disable, enable + more... + +
                  • +
                • open_register_pinhole - Enable/disable open pinhole for REGISTER Contact port. type: str choices: disable, enable + more... + +
                  • +
                • open_via_pinhole - Enable/disable open pinhole for Via port. type: str choices: disable, enable + more... + +
                  • +
                • options_rate - OPTIONS request rate limit (per second, per policy). type: int + more... + +
                  • +
                • options_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • prack_rate - PRACK request rate limit (per second, per policy). type: int + more... + +
                  • +
                • prack_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • preserve_override - Override i line to preserve original IPS . type: str choices: disable, enable + more... + +
                  • +
                • provisional_invite_expiry_time - Expiry time (10-3600, in seconds) for provisional INVITE. type: int + more... + +
                  • +
                • publish_rate - PUBLISH request rate limit (per second, per policy). type: int + more... + +
                  • +
                • publish_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • refer_rate - REFER request rate limit (per second, per policy). type: int + more... + +
                  • +
                • refer_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • register_contact_trace - Enable/disable trace original IP/port within the contact header of REGISTER requests. type: str choices: disable, enable + more... + +
                  • +
                • register_rate - REGISTER request rate limit (per second, per policy). type: int + more... + +
                  • +
                • register_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • rfc2543_branch - Enable/disable support via branch compliant with RFC 2543. type: str choices: disable, enable + more... + +
                  • +
                • rtp - Enable/disable create pinholes for RTP traffic to traverse firewall. type: str choices: disable, enable + more... + +
                  • +
                • ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low + more... + +
                  • +
                • ssl_auth_client - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str + more... + +
                  • +
                • ssl_auth_server - Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str + more... + +
                  • +
                • ssl_client_certificate - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. type: str + more... + +
                  • +
                • ssl_client_renegotiation - Allow/block client renegotiation by server. type: str choices: allow, deny, secure + more... + +
                  • +
                • ssl_max_version - Highest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_min_version - Lowest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 + more... + +
                  • +
                • ssl_mode - SSL/TLS mode for encryption & decryption of traffic. type: str choices: False, full + more... + +
                  • +
                • ssl_pfs - SSL Perfect Forward Secrecy. type: str choices: require, deny, allow + more... + +
                  • +
                • ssl_send_empty_frags - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). type: str choices: enable, disable + more... + +
                  • +
                • ssl_server_certificate - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. type: str + more... + +
                  • +
                • status - Enable/disable SIP. type: str choices: disable, enable + more... + +
                  • +
                • strict_register - Enable/disable only allow the registrar to connect. type: str choices: disable, enable + more... + +
                  • +
                • subscribe_rate - SUBSCRIBE request rate limit (per second, per policy). type: int + more... + +
                  • +
                • subscribe_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                • unknown_header - Action for unknown SIP header. type: str choices: discard, pass, respond + more... + +
                  • +
                • update_rate - UPDATE request rate limit (per second, per policy). type: int + more... + +
                  • +
                • update_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VoIP profiles. + fortios_voip_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + voip_profile: + comment: "Comment." + feature_set: "flow" + msrp: + log_violations: "disable" + max_msg_size: "7" + max_msg_size_action: "pass" + status: "disable" + name: "default_name_10" + sccp: + block_mcast: "disable" + log_call_summary: "disable" + log_violations: "disable" + max_calls: "15" + status: "disable" + verify_header: "disable" + sip: + ack_rate: "19" + ack_rate_track: "none" + block_ack: "disable" + block_bye: "disable" + block_cancel: "disable" + block_geo_red_options: "disable" + block_info: "disable" + block_invite: "disable" + block_long_lines: "disable" + block_message: "disable" + block_notify: "disable" + block_options: "disable" + block_prack: "disable" + block_publish: "disable" + block_refer: "disable" + block_register: "disable" + block_subscribe: "disable" + block_unknown: "disable" + block_update: "disable" + bye_rate: "38" + bye_rate_track: "none" + call_keepalive: "40" + cancel_rate: "41" + cancel_rate_track: "none" + contact_fixup: "disable" + hnt_restrict_source_ip: "disable" + hosted_nat_traversal: "disable" + info_rate: "46" + info_rate_track: "none" + invite_rate: "48" + invite_rate_track: "none" + ips_rtp: "disable" + log_call_summary: "disable" + log_violations: "disable" + malformed_header_allow: "discard" + malformed_header_call_id: "discard" + malformed_header_contact: "discard" + malformed_header_content_length: "discard" + malformed_header_content_type: "discard" + malformed_header_cseq: "discard" + malformed_header_expires: "discard" + malformed_header_from: "discard" + malformed_header_max_forwards: "discard" + malformed_header_no_proxy_require: "discard" + malformed_header_no_require: "discard" + malformed_header_p_asserted_identity: "discard" + malformed_header_rack: "discard" + malformed_header_record_route: "discard" + malformed_header_route: "discard" + malformed_header_rseq: "discard" + malformed_header_sdp_a: "discard" + malformed_header_sdp_b: "discard" + malformed_header_sdp_c: "discard" + malformed_header_sdp_i: "discard" + malformed_header_sdp_k: "discard" + malformed_header_sdp_m: "discard" + malformed_header_sdp_o: "discard" + malformed_header_sdp_r: "discard" + malformed_header_sdp_s: "discard" + malformed_header_sdp_t: "discard" + malformed_header_sdp_v: "discard" + malformed_header_sdp_z: "discard" + malformed_header_to: "discard" + malformed_header_via: "discard" + malformed_request_line: "discard" + max_body_length: "84" + max_dialogs: "85" + max_idle_dialogs: "86" + max_line_length: "87" + message_rate: "88" + message_rate_track: "none" + nat_port_range: "" + nat_trace: "disable" + no_sdp_fixup: "disable" + notify_rate: "93" + notify_rate_track: "none" + open_contact_pinhole: "disable" + open_record_route_pinhole: "disable" + open_register_pinhole: "disable" + open_via_pinhole: "disable" + options_rate: "99" + options_rate_track: "none" + prack_rate: "101" + prack_rate_track: "none" + preserve_override: "disable" + provisional_invite_expiry_time: "104" + publish_rate: "105" + publish_rate_track: "none" + refer_rate: "107" + refer_rate_track: "none" + register_contact_trace: "disable" + register_rate: "110" + register_rate_track: "none" + rfc2543_branch: "disable" + rtp: "disable" + ssl_algorithm: "high" + ssl_auth_client: " (source user.peer.name user.peergrp.name)" + ssl_auth_server: " (source user.peer.name user.peergrp.name)" + ssl_client_certificate: " (source vpn.certificate.local.name)" + ssl_client_renegotiation: "allow" + ssl_max_version: "ssl-3.0" + ssl_min_version: "ssl-3.0" + ssl_mode: "off" + ssl_pfs: "require" + ssl_send_empty_frags: "enable" + ssl_server_certificate: " (source vpn.certificate.local.name)" + status: "disable" + strict_register: "disable" + subscribe_rate: "127" + subscribe_rate_track: "none" + unknown_header: "discard" + update_rate: "130" + update_rate_track: "none" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_certificate_ca.rst b/gen/fortios_vpn_certificate_ca.rst new file mode 100644 index 00000000..d2b1b56c --- /dev/null +++ b/gen/fortios_vpn_certificate_ca.rst @@ -0,0 +1,865 @@ +:source: fortios_vpn_certificate_ca.py + +:orphan: + +.. fortios_vpn_certificate_ca: + +fortios_vpn_certificate_ca -- CA certificate in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and ca category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_certificate_cayesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_certificate_ca - CA certificate. type: dict + more... + +
              • +
                +
              • auto_update_days - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). type: int + more... + +
                • +
              • auto_update_days_warning - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). type: int + more... + +
                • +
              • ca - CA certificate as a PEM file. type: str + more... + +
                • +
              • ca_identifier - CA identifier of the SCEP server. type: str + more... + +
                • +
              • last_updated - Time at which CA was last updated. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • range - Either global or VDOM IP address range for the CA certificate. type: str choices: global, vdom + more... + +
                • +
              • scep_url - URL of the SCEP server. type: str + more... + +
                • +
              • source - CA certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              • source_ip - Source IP address for communications to the SCEP server. type: str + more... + +
                • +
              • ssl_inspection_trusted - Enable/disable this CA as a trusted CA for SSL inspection. type: str choices: enable, disable + more... + +
                • +
              • trusted - Enable/disable as a trusted CA. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: CA certificate. + fortios_vpn_certificate_ca: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_ca: + auto_update_days: "3" + auto_update_days_warning: "4" + ca: "" + ca_identifier: "myId_6" + last_updated: "7" + name: "default_name_8" + range: "global" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + ssl_inspection_trusted: "enable" + trusted: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_certificate_crl.rst b/gen/fortios_vpn_certificate_crl.rst new file mode 100644 index 00000000..1b17700f --- /dev/null +++ b/gen/fortios_vpn_certificate_crl.rst @@ -0,0 +1,933 @@ +:source: fortios_vpn_certificate_crl.py + +:orphan: + +.. fortios_vpn_certificate_crl: + +fortios_vpn_certificate_crl -- Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and crl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_certificate_crlyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_certificate_crl - Certificate Revocation List as a PEM file. type: dict + more... + +
              • +
                +
              • crl - Certificate Revocation List as a PEM file. type: str + more... + +
                • +
              • http_url - HTTP server URL for CRL auto-update. type: str + more... + +
                • +
              • last_updated - Time at which CRL was last updated. type: int + more... + +
                • +
              • ldap_password - LDAP server user password. type: str + more... + +
                • +
              • ldap_server - LDAP server name for CRL auto-update. type: str + more... + +
                • +
              • ldap_username - LDAP server user name. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • range - Either global or VDOM IP address range for the certificate. type: str choices: global, vdom + more... + +
                • +
              • scep_cert - Local certificate for SCEP communication for CRL auto-update. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • scep_url - SCEP server URL for CRL auto-update. type: str + more... + +
                • +
              • source - Certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              • source_ip - Source IP address for communications to a HTTP or SCEP CA server. type: str + more... + +
                • +
              • update_interval - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. type: int + more... + +
                • +
              • update_vdom - VDOM for CRL update. Source system.vdom.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Certificate Revocation List as a PEM file. + fortios_vpn_certificate_crl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_crl: + crl: "" + http_url: "" + last_updated: "5" + ldap_password: "" + ldap_server: "" + ldap_username: "" + name: "default_name_9" + range: "global" + scep_cert: " (source vpn.certificate.local.name)" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + update_interval: "15" + update_vdom: " (source system.vdom.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_certificate_local.rst b/gen/fortios_vpn_certificate_local.rst new file mode 100644 index 00000000..23e25d17 --- /dev/null +++ b/gen/fortios_vpn_certificate_local.rst @@ -0,0 +1,1813 @@ +:source: fortios_vpn_certificate_local.py + +:orphan: + +.. fortios_vpn_certificate_local: + +fortios_vpn_certificate_local -- Local keys and certificates in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_certificate_localyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_certificate_local - Local keys and certificates. type: dict + more... + +
              • +
                +
              • acme_ca_url - The URL for the ACME CA server (Let"s Encrypt is the ). type: str + more... + +
                • +
              • acme_domain - A valid domain that resolves to this FortiGate unit. type: str + more... + +
                • +
              • acme_email - Contact email address that is required by some CAs like LetsEncrypt. type: str + more... + +
                • +
              • acme_renew_window - Beginning of the renewal window (in days before certificate expiration, 30 by default). type: int + more... + +
                • +
              • acme_rsa_key_size - Length of the RSA private key of the generated cert (Minimum 2048 bits). type: int + more... + +
                • +
              • auto_regenerate_days - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). type: int + more... + +
                • +
              • auto_regenerate_days_warning - Number of days to wait before an expiry warning message is generated (0 = disabled). type: int + more... + +
                • +
              • ca_identifier - CA identifier of the CA server for signing via SCEP. type: str + more... + +
                • +
              • certificate - PEM format certificate. type: str + more... + +
                • +
              • cmp_path - Path location inside CMP server. type: str + more... + +
                • +
              • cmp_regeneration_method - CMP auto-regeneration method. type: str choices: keyupate, renewal + more... + +
                • +
              • cmp_server - Address and port for CMP server (format = address:port). type: str + more... + +
                • +
              • cmp_server_cert - CMP server certificate. Source vpn.certificate.ca.name vpn.certificate.remote.name. type: str + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • csr - Certificate Signing Request. type: str + more... + +
                • +
              • enroll_protocol - Certificate enrollment protocol. type: str choices: none, scep, cmpv2, acme2 + more... + +
                • +
              • ike_localid - Local ID the FortiGate uses for authentication as a VPN client. type: str + more... + +
                • +
              • ike_localid_type - IKE local ID type. type: str choices: asn1dn, fqdn + more... + +
                • +
              • last_updated - Time at which certificate was last updated. type: int + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • name_encoding - Name encoding method for auto-regeneration. type: str choices: printable, utf8 + more... + +
                • +
              • password - Password as a PEM file. type: str + more... + +
                • +
              • private_key - PEM format key encrypted with a password. type: str + more... + +
                • +
              • range - Either a global or VDOM IP address range for the certificate. type: str choices: global, vdom + more... + +
                • +
              • scep_password - SCEP server challenge password for auto-regeneration. type: str + more... + +
                • +
              • scep_url - SCEP server URL. type: str + more... + +
                • +
              • source - Certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              • source_ip - Source IP address for communications to the SCEP server. type: str + more... + +
                • +
              • state - Certificate Signing Request State. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Local keys and certificates. + fortios_vpn_certificate_local: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_local: + acme_ca_url: "" + acme_domain: "" + acme_email: "" + acme_renew_window: "6" + acme_rsa_key_size: "7" + auto_regenerate_days: "8" + auto_regenerate_days_warning: "9" + ca_identifier: "myId_10" + certificate: "" + cmp_path: "" + cmp_regeneration_method: "keyupate" + cmp_server: "" + cmp_server_cert: " (source vpn.certificate.ca.name vpn.certificate.remote.name)" + comments: "" + csr: "" + enroll_protocol: "none" + ike_localid: "" + ike_localid_type: "asn1dn" + last_updated: "21" + name: "default_name_22" + name_encoding: "printable" + password: "" + private_key: "" + range: "global" + scep_password: "" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + state: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_certificate_ocsp_server.rst b/gen/fortios_vpn_certificate_ocsp_server.rst new file mode 100644 index 00000000..de3d28d5 --- /dev/null +++ b/gen/fortios_vpn_certificate_ocsp_server.rst @@ -0,0 +1,576 @@ +:source: fortios_vpn_certificate_ocsp_server.py + +:orphan: + +.. fortios_vpn_certificate_ocsp_server: + +fortios_vpn_certificate_ocsp_server -- OCSP server configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and ocsp_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_certificate_ocsp_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_certificate_ocsp_server - OCSP server configuration. type: dict + more... + +
              • +
                +
              • cert - OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • name - OCSP server entry name. type: str required: true + more... + +
                • +
              • secondary_cert - Secondary OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. type: str + more... + +
                • +
              • secondary_url - Secondary OCSP server URL. type: str + more... + +
                • +
              • source_ip - Source IP address for communications to the OCSP server. type: str + more... + +
                • +
              • unavail_action - Action when server is unavailable (revoke the certificate or ignore the result of the check). type: str choices: revoke, ignore + more... + +
                • +
              • url - OCSP server URL. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: OCSP server configuration. + fortios_vpn_certificate_ocsp_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_ocsp_server: + cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" + name: "default_name_4" + secondary_cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" + secondary_url: "" + source_ip: "84.230.14.43" + unavail_action: "revoke" + url: "myurl.com" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_certificate_remote.rst b/gen/fortios_vpn_certificate_remote.rst new file mode 100644 index 00000000..3f747cf9 --- /dev/null +++ b/gen/fortios_vpn_certificate_remote.rst @@ -0,0 +1,495 @@ +:source: fortios_vpn_certificate_remote.py + +:orphan: + +.. fortios_vpn_certificate_remote: + +fortios_vpn_certificate_remote -- Remote certificate as a PEM file in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and remote category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_certificate_remoteyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_certificate_remote - Remote certificate as a PEM file. type: dict + more... + +
              • +
                +
              • name - Name. type: str required: true + more... + +
                • +
              • range - Either the global or VDOM IP address range for the remote certificate. type: str choices: global, vdom + more... + +
                • +
              • remote - Remote certificate. type: str + more... + +
                • +
              • source - Remote certificate source type. type: str choices: factory, user, bundle + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Remote certificate as a PEM file. + fortios_vpn_certificate_remote: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_remote: + name: "default_name_3" + range: "global" + remote: "" + source: "factory" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_certificate_setting.rst b/gen/fortios_vpn_certificate_setting.rst new file mode 100644 index 00000000..82399896 --- /dev/null +++ b/gen/fortios_vpn_certificate_setting.rst @@ -0,0 +1,2275 @@ +:source: fortios_vpn_certificate_setting.py + +:orphan: + +.. fortios_vpn_certificate_setting: + +fortios_vpn_certificate_setting -- VPN certificate setting in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_certificate_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • vpn_certificate_setting - VPN certificate setting. type: dict + more... + +
              • +
                +
              • certname_dsa1024 - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_dsa2048 - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_ecdsa256 - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_ecdsa384 - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_ecdsa521 - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_ed25519 - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_ed448 - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_rsa1024 - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_rsa2048 - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • certname_rsa4096 - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • check_ca_cert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . type: str choices: enable, disable + more... + +
                • +
              • check_ca_chain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted . type: str choices: enable, disable + more... + +
                • +
              • cmp_key_usage_checking - Enable/disable server certificate key usage checking in CMP mode . type: str choices: enable, disable + more... + +
                • +
              • cmp_save_extra_certs - Enable/disable saving extra certificates in CMP mode . type: str choices: enable, disable + more... + +
                • +
              • cn_allow_multi - When searching for a matching certificate, allow multiple CN fields in certificate subject name . type: str choices: disable, enable + more... + +
                • +
              • cn_match - When searching for a matching certificate, control how to do CN value matching with certificate subject name . type: str choices: substring, value + more... + +
                • +
              • crl_verification - CRL verification options. type: dict + more... + +
                • +
                  +
                • chain_crl_absence - CRL verification option when CRL of any certificate in chain is absent . type: str choices: ignore, revoke + more... + +
                  • +
                • expiry - CRL verification option when CRL is expired . type: str choices: ignore, revoke + more... + +
                  • +
                • leaf_crl_absence - CRL verification option when leaf CRL is absent . type: str choices: ignore, revoke + more... + +
                  • +
                +
              • interface - Specify outgoing interface to reach server. Source system.interface.name. type: str + more... + +
                • +
              • interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify + more... + +
                • +
              • ocsp_default_server - Default OCSP server. Source vpn.certificate.ocsp-server.name. type: str + more... + +
                • +
              • ocsp_option - Specify whether the OCSP URL is from certificate or configured OCSP server. type: str choices: certificate, server + more... + +
                • +
              • ocsp_status - Enable/disable receiving certificates using the OCSP. type: str choices: enable, disable + more... + +
                • +
              • ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2 + more... + +
                • +
              • ssl_ocsp_option - Specify whether the OCSP URL is from the certificate or the default OCSP server. type: str choices: certificate, server + more... + +
                • +
              • ssl_ocsp_source_ip - Source IP address to use to communicate with the OCSP server. type: str + more... + +
                • +
              • ssl_ocsp_status - Enable/disable SSL OCSP. type: str choices: enable, disable + more... + +
                • +
              • strict_crl_check - Enable/disable strict mode CRL checking. type: str choices: enable, disable + more... + +
                • +
              • strict_ocsp_check - Enable/disable strict mode OCSP checking. type: str choices: enable, disable + more... + +
                • +
              • subject_match - When searching for a matching certificate, control how to do RDN value matching with certificate subject name . type: str choices: substring, value + more... + +
                • +
              • subject_set - When searching for a matching certificate, control how to do RDN set matching with certificate subject name . type: str choices: subset, superset + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: VPN certificate setting. + fortios_vpn_certificate_setting: + vdom: "{{ vdom }}" + vpn_certificate_setting: + certname_dsa1024: " (source vpn.certificate.local.name)" + certname_dsa2048: " (source vpn.certificate.local.name)" + certname_ecdsa256: " (source vpn.certificate.local.name)" + certname_ecdsa384: " (source vpn.certificate.local.name)" + certname_ecdsa521: " (source vpn.certificate.local.name)" + certname_ed25519: " (source vpn.certificate.local.name)" + certname_ed448: " (source vpn.certificate.local.name)" + certname_rsa1024: " (source vpn.certificate.local.name)" + certname_rsa2048: " (source vpn.certificate.local.name)" + certname_rsa4096: " (source vpn.certificate.local.name)" + check_ca_cert: "enable" + check_ca_chain: "enable" + cmp_key_usage_checking: "enable" + cmp_save_extra_certs: "enable" + cn_allow_multi: "disable" + cn_match: "substring" + crl_verification: + chain_crl_absence: "ignore" + expiry: "ignore" + leaf_crl_absence: "ignore" + interface: " (source system.interface.name)" + interface_select_method: "auto" + ocsp_default_server: " (source vpn.certificate.ocsp-server.name)" + ocsp_option: "certificate" + ocsp_status: "enable" + ssl_min_proto_version: "default" + ssl_ocsp_option: "certificate" + ssl_ocsp_source_ip: "" + ssl_ocsp_status: "enable" + strict_crl_check: "enable" + strict_ocsp_check: "enable" + subject_match: "substring" + subject_set: "subset" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ike_gateway.rst b/gen/fortios_vpn_ike_gateway.rst new file mode 100644 index 00000000..93bfcf89 --- /dev/null +++ b/gen/fortios_vpn_ike_gateway.rst @@ -0,0 +1,235 @@ +:source: fortios_vpn_ike_gateway.py + +:orphan: + +.. fortios_vpn_ike_gateway: + +fortios_vpn_ike_gateway -- List gateways in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ike feature and gateway category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ike_gatewayyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • vpn_ike_gateway - List gateways. type: dict + more... + +
              • +
                +
              • - Name of IKE gateway to list. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: List gateways. + fortios_vpn_ike_gateway: + vdom: "{{ vdom }}" + vpn_ike_gateway: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_concentrator.rst b/gen/fortios_vpn_ipsec_concentrator.rst new file mode 100644 index 00000000..d57a262c --- /dev/null +++ b/gen/fortios_vpn_ipsec_concentrator.rst @@ -0,0 +1,487 @@ +:source: fortios_vpn_ipsec_concentrator.py + +:orphan: + +.. fortios_vpn_ipsec_concentrator: + +fortios_vpn_ipsec_concentrator -- Concentrator configuration in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and concentrator category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_concentratoryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_concentrator - Concentrator configuration. type: dict + more... + +
              • +
                +
              • id - Concentrator ID (1 - 65535). type: int required: true + more... + +
                • +
              • member - Names of up to 3 VPN tunnels to add to the concentrator. type: list member_path: member:name + more... + +
                • +
                  +
                • name - Member name. Source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name. type: str required: true + more... + +
                  • +
                +
              • name - Concentrator name. type: str + more... + +
                • +
              • src_check - Enable to check source address of phase 2 selector. Disable to check only the destination selector. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Concentrator configuration. + fortios_vpn_ipsec_concentrator: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_concentrator: + id: "3" + member: + - + name: "default_name_5 (source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name)" + name: "default_name_6" + src_check: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_fec.rst b/gen/fortios_vpn_ipsec_fec.rst new file mode 100644 index 00000000..fd49d5e3 --- /dev/null +++ b/gen/fortios_vpn_ipsec_fec.rst @@ -0,0 +1,391 @@ +:source: fortios_vpn_ipsec_fec.py + +:orphan: + +.. fortios_vpn_ipsec_fec: + +fortios_vpn_ipsec_fec -- Configure Forward Error Correction (FEC) mapping profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and fec category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_fecyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_fec - Configure Forward Error Correction (FEC) mapping profiles. type: dict + more... + +
              • +
                +
              • mappings - FEC redundancy mapping table. type: list member_path: mappings:seqno + more... + +
                • +
                  +
                • bandwidth_bi_threshold - Apply FEC parameters when available bi-bandwidth is >= threshold (kbps, 0 means no threshold). type: int + more... + +
                  • +
                • bandwidth_down_threshold - Apply FEC parameters when available down bandwidth is >= threshold (kbps, 0 means no threshold). type: int + more... + +
                  • +
                • bandwidth_up_threshold - Apply FEC parameters when available up bandwidth is >= threshold (kbps, 0 means no threshold). type: int + more... + +
                  • +
                • base - Number of base FEC packets (1 - 20). type: int + more... + +
                  • +
                • latency_threshold - Apply FEC parameters when latency is <= threshold (0 means no threshold). type: int + more... + +
                  • +
                • packet_loss_threshold - Apply FEC parameters when packet loss is >= threshold (0 - 100, 0 means no threshold). type: int + more... + +
                  • +
                • redundant - Number of redundant FEC packets (1 - 5). type: int + more... + +
                  • +
                • seqno - Sequence number (1 - 64). type: int required: true + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Forward Error Correction (FEC) mapping profiles. + fortios_vpn_ipsec_fec: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_fec: + mappings: + - + bandwidth_bi_threshold: "4" + bandwidth_down_threshold: "5" + bandwidth_up_threshold: "6" + base: "7" + latency_threshold: "8" + packet_loss_threshold: "9" + redundant: "10" + seqno: "11" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_forticlient.rst b/gen/fortios_vpn_ipsec_forticlient.rst new file mode 100644 index 00000000..f2c53952 --- /dev/null +++ b/gen/fortios_vpn_ipsec_forticlient.rst @@ -0,0 +1,438 @@ +:source: fortios_vpn_ipsec_forticlient.py + +:orphan: + +.. fortios_vpn_ipsec_forticlient: + +fortios_vpn_ipsec_forticlient -- Configure FortiClient policy realm in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and forticlient category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_forticlientyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_forticlient - Configure FortiClient policy realm. type: dict + more... + +
              • +
                +
              • phase2name - Phase 2 tunnel name that you defined in the FortiClient dialup configuration. Source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface .name. type: str + more... + +
                • +
              • realm - FortiClient realm name. type: str required: true + more... + +
                • +
              • status - Enable/disable this FortiClient configuration. type: str choices: enable, disable + more... + +
                • +
              • usergroupname - User group name for FortiClient users. Source user.group.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient policy realm. + fortios_vpn_ipsec_forticlient: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_forticlient: + phase2name: " (source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface.name)" + realm: "" + status: "enable" + usergroupname: " (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_manualkey.rst b/gen/fortios_vpn_ipsec_manualkey.rst new file mode 100644 index 00000000..76ff9e36 --- /dev/null +++ b/gen/fortios_vpn_ipsec_manualkey.rst @@ -0,0 +1,1064 @@ +:source: fortios_vpn_ipsec_manualkey.py + +:orphan: + +.. fortios_vpn_ipsec_manualkey: + +fortios_vpn_ipsec_manualkey -- Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and manualkey category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_manualkeyyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_manualkey - Configure IPsec manual keys. type: dict + more... + +
              • +
                +
              • authentication - Authentication algorithm. Must be the same for both ends of the tunnel. type: str choices: None, md5, sha1, sha256, sha384, sha512 + more... + +
                • +
              • authkey - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. type: str + more... + +
                • +
              • enckey - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. type: str + more... + +
                • +
              • encryption - Encryption algorithm. Must be the same for both ends of the tunnel. type: str choices: None, des, 3des, aes128, aes192, aes256, aria128, aria192, aria256, seed + more... + +
                • +
              • interface - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. type: str + more... + +
                • +
              • local_gw - Local gateway. type: str + more... + +
                • +
              • localspi - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str + more... + +
                • +
              • name - IPsec tunnel name. type: str required: true + more... + +
                • +
              • npu_offload - Enable/disable NPU offloading. type: str choices: enable, disable + more... + +
                • +
              • remote_gw - Peer gateway. type: str + more... + +
                • +
              • remotespi - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPsec manual keys. + fortios_vpn_ipsec_manualkey: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_manualkey: + authentication: "null" + authkey: "" + enckey: "" + encryption: "null" + interface: " (source system.interface.name)" + local_gw: "" + localspi: "" + name: "default_name_10" + npu_offload: "enable" + remote_gw: "" + remotespi: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_manualkey_interface.rst b/gen/fortios_vpn_ipsec_manualkey_interface.rst new file mode 100644 index 00000000..d68412a6 --- /dev/null +++ b/gen/fortios_vpn_ipsec_manualkey_interface.rst @@ -0,0 +1,1324 @@ +:source: fortios_vpn_ipsec_manualkey_interface.py + +:orphan: + +.. fortios_vpn_ipsec_manualkey_interface: + +fortios_vpn_ipsec_manualkey_interface -- Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and manualkey_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_manualkey_interfaceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_manualkey_interface - Configure IPsec manual keys. type: dict + more... + +
              • +
                +
              • addr_type - IP version to use for IP packets. type: str choices: 4, 6 + more... + +
                • +
              • auth_alg - Authentication algorithm. Must be the same for both ends of the tunnel. type: str choices: None, md5, sha1, sha256, sha384, sha512 + more... + +
                • +
              • auth_key - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. type: str + more... + +
                • +
              • enc_alg - Encryption algorithm. Must be the same for both ends of the tunnel. type: str choices: None, des, 3des, aes128, aes192, aes256, aria128, aria192, aria256, seed + more... + +
                • +
              • enc_key - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. type: str + more... + +
                • +
              • interface - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. type: str + more... + +
                • +
              • ip_version - IP version to use for VPN interface. type: str choices: 4, 6 + more... + +
                • +
              • local_gw - IPv4 address of the local gateway"s external interface. type: str + more... + +
                • +
              • local_gw6 - Local IPv6 address of VPN gateway. type: str + more... + +
                • +
              • local_spi - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str + more... + +
                • +
              • name - IPsec tunnel name. type: str required: true + more... + +
                • +
              • npu_offload - Enable/disable offloading IPsec VPN manual key sessions to NPUs. type: str choices: enable, disable + more... + +
                • +
              • remote_gw - IPv4 address of the remote gateway"s external interface. type: str + more... + +
                • +
              • remote_gw6 - Remote IPv6 address of VPN gateway. type: str + more... + +
                • +
              • remote_spi - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPsec manual keys. + fortios_vpn_ipsec_manualkey_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_manualkey_interface: + addr_type: "4" + auth_alg: "null" + auth_key: "" + enc_alg: "null" + enc_key: "" + interface: " (source system.interface.name)" + ip_version: "4" + local_gw: "" + local_gw6: "" + local_spi: "" + name: "default_name_13" + npu_offload: "enable" + remote_gw: "" + remote_gw6: "" + remote_spi: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_phase1.rst b/gen/fortios_vpn_ipsec_phase1.rst new file mode 100644 index 00000000..f40004ab --- /dev/null +++ b/gen/fortios_vpn_ipsec_phase1.rst @@ -0,0 +1,9917 @@ +:source: fortios_vpn_ipsec_phase1.py + +:orphan: + +.. fortios_vpn_ipsec_phase1: + +fortios_vpn_ipsec_phase1 -- Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_phase1yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_phase1 - Configure VPN remote gateway. type: dict + more... + +
              • +
                +
              • acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable + more... + +
                • +
              • add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable + more... + +
                • +
              • add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable + more... + +
                • +
              • assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable + more... + +
                • +
              • assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name + more... + +
                • +
              • authmethod - Authentication method. type: str choices: psk, signature + more... + +
                • +
              • authmethod_remote - Authentication method (remote side). type: str choices: psk, signature + more... + +
                • +
              • authpasswd - XAuth password (max 35 characters). type: str + more... + +
                • +
              • authusr - XAuth user name. type: str + more... + +
                • +
              • authusrgrp - Authentication user group. Source user.group.name. type: str + more... + +
                • +
              • auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable + more... + +
                • +
              • backup_gateway - Instruct unity clients about the backup gateway address(es). type: list member_path: backup_gateway:address + more... + +
                • +
                  +
                • address - Address of backup gateway. type: str required: true + more... + +
                  • +
                +
              • banner - Message that unity client should display after connecting. type: str + more... + +
                • +
              • cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable + more... + +
                • +
              • certificate - Names of up to 4 signed personal certificates. type: list member_path: certificate:name + more... + +
                • +
                  +
                • name - Certificate name. Source vpn.certificate.local.name. type: str required: true + more... + +
                  • +
                +
              • childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable + more... + +
                • +
              • client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable + more... + +
                • +
              • client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str + more... + +
                • +
              • dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str + more... + +
                • +
              • dhgrp - DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32 + more... + +
                • +
              • digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable + more... + +
                • +
              • distance - Distance for routes added by IKE (1 - 255). type: int + more... + +
                • +
              • dns_mode - DNS server mode. type: str choices: manual, auto + more... + +
                • +
              • domain - Instruct unity clients about the single default DNS domain. type: str + more... + +
                • +
              • dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand + more... + +
                • +
              • dpd_retrycount - Number of DPD retry attempts. type: int + more... + +
                • +
              • dpd_retryinterval - DPD retry interval. type: str + more... + +
                • +
              • eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable + more... + +
                • +
              • eap_exclude_peergrp - Peer group excluded from EAP authentication. Source user.peergrp.name. type: str + more... + +
                • +
              • eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request + more... + +
                • +
              • enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old + more... + +
                • +
              • esn - Extended sequence number (ESN) negotiation. type: str choices: require, allow, disable + more... + +
                • +
              • fec_base - Number of base Forward Error Correction packets (1 - 20). type: int + more... + +
                • +
              • fec_codec - Forward Error Correction encoding/decoding algorithm. type: str choices: rs, xor + more... + +
                • +
              • fec_egress - Enable/disable Forward Error Correction for egress IPsec traffic. type: str choices: enable, disable + more... + +
                • +
              • fec_health_check - SD-WAN health check. Source system.sdwan.health-check.name. type: str + more... + +
                • +
              • fec_ingress - Enable/disable Forward Error Correction for ingress IPsec traffic. type: str choices: enable, disable + more... + +
                • +
              • fec_mapping_profile - Forward Error Correction (FEC) mapping profile. type: str + more... + +
                • +
              • fec_receive_timeout - Timeout in milliseconds before dropping Forward Error Correction packets (1 - 1000). type: int + more... + +
                • +
              • fec_redundant - Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon, 1 for xor). type: int + more... + +
                • +
              • fec_send_timeout - Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000). type: int + more... + +
                • +
              • forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable + more... + +
                • +
              • fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable + more... + +
                • +
              • fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int + more... + +
                • +
              • group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable + more... + +
                • +
              • group_authentication_secret - Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x. type: str + more... + +
                • +
              • ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable + more... + +
                • +
              • idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable + more... + +
                • +
              • idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int + more... + +
                • +
              • ike_version - IKE protocol version. type: str choices: 1, 2 + more... + +
                • +
              • include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable + more... + +
                • +
              • interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str + more... + +
                • +
              • ip_delay_interval - IP address reuse delay interval in seconds (0 - 28800). type: int + more... + +
                • +
              • ipv4_dns_server1 - IPv4 DNS server 1. type: str + more... + +
                • +
              • ipv4_dns_server2 - IPv4 DNS server 2. type: str + more... + +
                • +
              • ipv4_dns_server3 - IPv4 DNS server 3. type: str + more... + +
                • +
              • ipv4_end_ip - End of IPv4 range. type: str + more... + +
                • +
              • ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list member_path: ipv4_exclude_range:id + more... + +
                • +
                  +
                • end_ip - End of IPv4 exclusive range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IPv4 exclusive range. type: str + more... + +
                  • +
                +
              • ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • ipv4_netmask - IPv4 Netmask. type: str + more... + +
                • +
              • ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • ipv4_start_ip - Start of IPv4 range. type: str + more... + +
                • +
              • ipv4_wins_server1 - WINS server 1. type: str + more... + +
                • +
              • ipv4_wins_server2 - WINS server 2. type: str + more... + +
                • +
              • ipv6_dns_server1 - IPv6 DNS server 1. type: str + more... + +
                • +
              • ipv6_dns_server2 - IPv6 DNS server 2. type: str + more... + +
                • +
              • ipv6_dns_server3 - IPv6 DNS server 3. type: str + more... + +
                • +
              • ipv6_end_ip - End of IPv6 range. type: str + more... + +
                • +
              • ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list member_path: ipv6_exclude_range:id + more... + +
                • +
                  +
                • end_ip - End of IPv6 exclusive range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IPv6 exclusive range. type: str + more... + +
                  • +
                +
              • ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ipv6_prefix - IPv6 prefix. type: int + more... + +
                • +
              • ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ipv6_start_ip - Start of IPv6 range. type: str + more... + +
                • +
              • keepalive - NAT-T keep alive interval. type: int + more... + +
                • +
              • keylife - Time to wait in seconds before phase 1 encryption key expires. type: int + more... + +
                • +
              • local_gw - Local VPN gateway. type: str + more... + +
                • +
              • localid - Local ID. type: str + more... + +
                • +
              • localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn + more... + +
                • +
              • loopback_asymroute - Enable/disable asymmetric routing for IKE traffic on loopback interface. type: str choices: enable, disable + more... + +
                • +
              • mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host + more... + +
                • +
              • mode - ID protection mode used to establish a secure channel. type: str choices: aggressive, main + more... + +
                • +
              • mode_cfg - Enable/disable configuration method. type: str choices: disable, enable + more... + +
                • +
              • name - IPsec remote gateway name. type: str required: true + more... + +
                • +
              • nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced + more... + +
                • +
              • negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int + more... + +
                • +
              • network_id - VPN gateway network ID. type: int + more... + +
                • +
              • network_overlay - Enable/disable network overlays. type: str choices: disable, enable + more... + +
                • +
              • npu_offload - Enable/disable offloading NPU. type: str choices: enable, disable + more... + +
                • +
              • peer - Accept this peer certificate. Source user.peer.name. type: str + more... + +
                • +
              • peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str + more... + +
                • +
              • peerid - Accept this peer identity. type: str + more... + +
                • +
              • peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp + more... + +
                • +
              • ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require + more... + +
                • +
              • ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str + more... + +
                • +
              • ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • priority - Priority for routes added by IKE (1 - 65535). type: int + more... + +
                • +
              • proposal - Phase1 proposal. type: list choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512 + more... + +
                • +
              • psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable + more... + +
                • +
              • rekey - Enable/disable phase1 rekey. type: str choices: enable, disable + more... + +
                • +
              • remote_gw - Remote VPN gateway. type: str + more... + +
                • +
              • remotegw_ddns - Domain name of remote gateway. For example, name.ddns.com. type: str + more... + +
                • +
              • rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss + more... + +
                • +
              • save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable + more... + +
                • +
              • send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable + more... + +
                • +
              • signature_hash_alg - Digital Signature Authentication hash algorithms. type: list choices: sha1, sha2-256, sha2-384, sha2-512 + more... + +
                • +
              • split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str + more... + +
                • +
              • suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256 + more... + +
                • +
              • type - Remote gateway type. type: str choices: static, dynamic, ddns + more... + +
                • +
              • unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable + more... + +
                • +
              • usrgrp - User group name for dialup peers. Source user.group.name. type: str + more... + +
                • +
              • wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw, simplified-static-fortigate, hub-fortigate-auto-discovery, spoke-fortigate-auto-discovery + more... + +
                • +
              • xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN remote gateway. + fortios_vpn_ipsec_phase1: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase1: + acct_verify: "enable" + add_gw_route: "enable" + add_route: "disable" + assign_ip: "disable" + assign_ip_from: "range" + authmethod: "psk" + authmethod_remote: "psk" + authpasswd: "" + authusr: "" + authusrgrp: " (source user.group.name)" + auto_negotiate: "enable" + backup_gateway: + - + address: "" + banner: "" + cert_id_validation: "enable" + certificate: + - + name: "default_name_19 (source vpn.certificate.local.name)" + childless_ike: "enable" + client_auto_negotiate: "disable" + client_keep_alive: "disable" + comments: "" + dhcp_ra_giaddr: "" + dhcp6_ra_linkaddr: "" + dhgrp: "1" + digital_signature_auth: "enable" + distance: "28" + dns_mode: "manual" + domain: "" + dpd: "disable" + dpd_retrycount: "32" + dpd_retryinterval: "" + eap: "enable" + eap_exclude_peergrp: " (source user.peergrp.name)" + eap_identity: "use-id-payload" + enforce_unique_id: "disable" + esn: "require" + fec_base: "39" + fec_codec: "rs" + fec_egress: "enable" + fec_health_check: " (source system.sdwan.health-check.name)" + fec_ingress: "enable" + fec_mapping_profile: "" + fec_receive_timeout: "45" + fec_redundant: "46" + fec_send_timeout: "47" + forticlient_enforcement: "enable" + fragmentation: "enable" + fragmentation_mtu: "50" + group_authentication: "enable" + group_authentication_secret: "" + ha_sync_esp_seqno: "enable" + idle_timeout: "enable" + idle_timeoutinterval: "55" + ike_version: "1" + include_local_lan: "disable" + interface: " (source system.interface.name)" + ip_delay_interval: "59" + ipv4_dns_server1: "" + ipv4_dns_server2: "" + ipv4_dns_server3: "" + ipv4_end_ip: "" + ipv4_exclude_range: + - + end_ip: "" + id: "66" + start_ip: "" + ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_netmask: "" + ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_start_ip: "" + ipv4_wins_server1: "" + ipv4_wins_server2: "" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_dns_server3: "" + ipv6_end_ip: "" + ipv6_exclude_range: + - + end_ip: "" + id: "81" + start_ip: "" + ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_prefix: "84" + ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_start_ip: "" + keepalive: "88" + keylife: "89" + local_gw: "" + localid: "" + localid_type: "auto" + loopback_asymroute: "enable" + mesh_selector_type: "disable" + mode: "aggressive" + mode_cfg: "disable" + name: "default_name_97" + nattraversal: "enable" + negotiate_timeout: "99" + network_id: "100" + network_overlay: "disable" + npu_offload: "enable" + peer: " (source user.peer.name)" + peergrp: " (source user.peergrp.name)" + peerid: "" + peertype: "any" + ppk: "disable" + ppk_identity: "" + ppk_secret: "" + priority: "110" + proposal: "des-md5" + psksecret: "" + psksecret_remote: "" + reauth: "disable" + rekey: "enable" + remote_gw: "" + remotegw_ddns: "" + rsa_signature_format: "pkcs1" + save_password: "disable" + send_cert_chain: "enable" + signature_hash_alg: "sha1" + split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" + suite_b: "disable" + type: "static" + unity_support: "disable" + usrgrp: " (source user.group.name)" + wizard_type: "custom" + xauthtype: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_phase1_interface.rst b/gen/fortios_vpn_ipsec_phase1_interface.rst new file mode 100644 index 00000000..5962131a --- /dev/null +++ b/gen/fortios_vpn_ipsec_phase1_interface.rst @@ -0,0 +1,12138 @@ +:source: fortios_vpn_ipsec_phase1_interface.py + +:orphan: + +.. fortios_vpn_ipsec_phase1_interface: + +fortios_vpn_ipsec_phase1_interface -- Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_phase1_interfaceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_phase1_interface - Configure VPN remote gateway. type: dict + more... + +
              • +
                +
              • acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable + more... + +
                • +
              • add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable + more... + +
                • +
              • add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable + more... + +
                • +
              • aggregate_member - Enable/disable use as an aggregate member. type: str choices: enable, disable + more... + +
                • +
              • aggregate_weight - Link weight for aggregate. type: int + more... + +
                • +
              • assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable + more... + +
                • +
              • assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name + more... + +
                • +
              • authmethod - Authentication method. type: str choices: psk, signature + more... + +
                • +
              • authmethod_remote - Authentication method (remote side). type: str choices: psk, signature + more... + +
                • +
              • authpasswd - XAuth password (max 35 characters). type: str + more... + +
                • +
              • authusr - XAuth user name. type: str + more... + +
                • +
              • authusrgrp - Authentication user group. Source user.group.name. type: str + more... + +
                • +
              • auto_discovery_forwarder - Enable/disable forwarding auto-discovery short-cut messages. type: str choices: enable, disable + more... + +
                • +
              • auto_discovery_psk - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. type: str choices: enable, disable + more... + +
                • +
              • auto_discovery_receiver - Enable/disable accepting auto-discovery short-cut messages. type: str choices: enable, disable + more... + +
                • +
              • auto_discovery_sender - Enable/disable sending auto-discovery short-cut messages. type: str choices: enable, disable + more... + +
                • +
              • auto_discovery_shortcuts - Control deletion of child short-cut tunnels when the parent tunnel goes down. type: str choices: independent, dependent + more... + +
                • +
              • auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable + more... + +
                • +
              • backup_gateway - Instruct unity clients about the backup gateway address(es). type: list member_path: backup_gateway:address + more... + +
                • +
                  +
                • address - Address of backup gateway. type: str required: true + more... + +
                  • +
                +
              • banner - Message that unity client should display after connecting. type: str + more... + +
                • +
              • cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable + more... + +
                • +
              • certificate - The names of up to 4 signed personal certificates. type: list member_path: certificate:name + more... + +
                • +
                  +
                • name - Certificate name. Source vpn.certificate.local.name. type: str required: true + more... + +
                  • +
                +
              • childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable + more... + +
                • +
              • client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable + more... + +
                • +
              • client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • default_gw - IPv4 address of default route gateway to use for traffic exiting the interface. type: str + more... + +
                • +
              • default_gw_priority - Priority for default gateway route. A higher priority number signifies a less preferred route. type: int + more... + +
                • +
              • dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str + more... + +
                • +
              • dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str + more... + +
                • +
              • dhgrp - DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32 + more... + +
                • +
              • digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable + more... + +
                • +
              • distance - Distance for routes added by IKE (1 - 255). type: int + more... + +
                • +
              • dns_mode - DNS server mode. type: str choices: manual, auto + more... + +
                • +
              • domain - Instruct unity clients about the single default DNS domain. type: str + more... + +
                • +
              • dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand + more... + +
                • +
              • dpd_retrycount - Number of DPD retry attempts. type: int + more... + +
                • +
              • dpd_retryinterval - DPD retry interval. type: str + more... + +
                • +
              • eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable + more... + +
                • +
              • eap_exclude_peergrp - Peer group excluded from EAP authentication. Source user.peergrp.name. type: str + more... + +
                • +
              • eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request + more... + +
                • +
              • encap_local_gw4 - Local IPv4 address of GRE/VXLAN tunnel. type: str + more... + +
                • +
              • encap_local_gw6 - Local IPv6 address of GRE/VXLAN tunnel. type: str + more... + +
                • +
              • encap_remote_gw4 - Remote IPv4 address of GRE/VXLAN tunnel. type: str + more... + +
                • +
              • encap_remote_gw6 - Remote IPv6 address of GRE/VXLAN tunnel. type: str + more... + +
                • +
              • encapsulation - Enable/disable GRE/VXLAN encapsulation. type: str choices: none, gre, vxlan + more... + +
                • +
              • encapsulation_address - Source for GRE/VXLAN tunnel address. type: str choices: ike, ipv4, ipv6 + more... + +
                • +
              • enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old + more... + +
                • +
              • esn - Extended sequence number (ESN) negotiation. type: str choices: require, allow, disable + more... + +
                • +
              • exchange_interface_ip - Enable/disable exchange of IPsec interface IP address. type: str choices: enable, disable + more... + +
                • +
              • exchange_ip_addr4 - IPv4 address to exchange with peers. type: str + more... + +
                • +
              • exchange_ip_addr6 - IPv6 address to exchange with peers. type: str + more... + +
                • +
              • fec_base - Number of base Forward Error Correction packets (1 - 20). type: int + more... + +
                • +
              • fec_codec - Forward Error Correction encoding/decoding algorithm. type: str choices: rs, xor + more... + +
                • +
              • fec_egress - Enable/disable Forward Error Correction for egress IPsec traffic. type: str choices: enable, disable + more... + +
                • +
              • fec_health_check - SD-WAN health check. Source system.sdwan.health-check.name. type: str + more... + +
                • +
              • fec_ingress - Enable/disable Forward Error Correction for ingress IPsec traffic. type: str choices: enable, disable + more... + +
                • +
              • fec_mapping_profile - Forward Error Correction (FEC) mapping profile. Source vpn.ipsec.fec.name. type: str + more... + +
                • +
              • fec_receive_timeout - Timeout in milliseconds before dropping Forward Error Correction packets (1 - 1000). type: int + more... + +
                • +
              • fec_redundant - Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon, 1 for xor). type: int + more... + +
                • +
              • fec_send_timeout - Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000). type: int + more... + +
                • +
              • forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable + more... + +
                • +
              • fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable + more... + +
                • +
              • fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int + more... + +
                • +
              • group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable + more... + +
                • +
              • group_authentication_secret - Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x. type: str + more... + +
                • +
              • ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable + more... + +
                • +
              • idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable + more... + +
                • +
              • idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int + more... + +
                • +
              • ike_version - IKE protocol version. type: str choices: 1, 2 + more... + +
                • +
              • include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable + more... + +
                • +
              • interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str + more... + +
                • +
              • ip_delay_interval - IP address reuse delay interval in seconds (0 - 28800). type: int + more... + +
                • +
              • ip_fragmentation - Determine whether IP packets are fragmented before or after IPsec encapsulation. type: str choices: pre-encapsulation, post-encapsulation + more... + +
                • +
              • ip_version - IP version to use for VPN interface. type: str choices: 4, 6 + more... + +
                • +
              • ipv4_dns_server1 - IPv4 DNS server 1. type: str + more... + +
                • +
              • ipv4_dns_server2 - IPv4 DNS server 2. type: str + more... + +
                • +
              • ipv4_dns_server3 - IPv4 DNS server 3. type: str + more... + +
                • +
              • ipv4_end_ip - End of IPv4 range. type: str + more... + +
                • +
              • ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list member_path: ipv4_exclude_range:id + more... + +
                • +
                  +
                • end_ip - End of IPv4 exclusive range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IPv4 exclusive range. type: str + more... + +
                  • +
                +
              • ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • ipv4_netmask - IPv4 Netmask. type: str + more... + +
                • +
              • ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • ipv4_start_ip - Start of IPv4 range. type: str + more... + +
                • +
              • ipv4_wins_server1 - WINS server 1. type: str + more... + +
                • +
              • ipv4_wins_server2 - WINS server 2. type: str + more... + +
                • +
              • ipv6_dns_server1 - IPv6 DNS server 1. type: str + more... + +
                • +
              • ipv6_dns_server2 - IPv6 DNS server 2. type: str + more... + +
                • +
              • ipv6_dns_server3 - IPv6 DNS server 3. type: str + more... + +
                • +
              • ipv6_end_ip - End of IPv6 range. type: str + more... + +
                • +
              • ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list member_path: ipv6_exclude_range:id + more... + +
                • +
                  +
                • end_ip - End of IPv6 exclusive range. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • start_ip - Start of IPv6 exclusive range. type: str + more... + +
                  • +
                +
              • ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ipv6_prefix - IPv6 prefix. type: int + more... + +
                • +
              • ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • ipv6_start_ip - Start of IPv6 range. type: str + more... + +
                • +
              • keepalive - NAT-T keep alive interval. type: int + more... + +
                • +
              • keylife - Time to wait in seconds before phase 1 encryption key expires. type: int + more... + +
                • +
              • local_gw - IPv4 address of the local gateway"s external interface. type: str + more... + +
                • +
              • local_gw6 - IPv6 address of the local gateway"s external interface. type: str + more... + +
                • +
              • localid - Local ID. type: str + more... + +
                • +
              • localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn + more... + +
                • +
              • loopback_asymroute - Enable/disable asymmetric routing for IKE traffic on loopback interface. type: str choices: enable, disable + more... + +
                • +
              • mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host + more... + +
                • +
              • mode - The ID protection mode used to establish a secure channel. type: str choices: aggressive, main + more... + +
                • +
              • mode_cfg - Enable/disable configuration method. type: str choices: disable, enable + more... + +
                • +
              • monitor - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. type: str + more... + +
                • +
              • monitor_hold_down_delay - Time to wait in seconds before recovery once primary re-establishes. type: int + more... + +
                • +
              • monitor_hold_down_time - Time of day at which to fail back to primary after it re-establishes. type: str + more... + +
                • +
              • monitor_hold_down_type - Recovery time method when primary interface re-establishes. type: str choices: immediate, delay, time + more... + +
                • +
              • monitor_hold_down_weekday - Day of the week to recover once primary re-establishes. type: str choices: everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              • name - IPsec remote gateway name. type: str required: true + more... + +
                • +
              • nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced + more... + +
                • +
              • negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int + more... + +
                • +
              • net_device - Enable/disable kernel device creation. type: str choices: enable, disable + more... + +
                • +
              • network_id - VPN gateway network ID. type: int + more... + +
                • +
              • network_overlay - Enable/disable network overlays. type: str choices: disable, enable + more... + +
                • +
              • npu_offload - Enable/disable offloading NPU. type: str choices: enable, disable + more... + +
                • +
              • passive_mode - Enable/disable IPsec passive mode for static tunnels. type: str choices: enable, disable + more... + +
                • +
              • peer - Accept this peer certificate. Source user.peer.name. type: str + more... + +
                • +
              • peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str + more... + +
                • +
              • peerid - Accept this peer identity. type: str + more... + +
                • +
              • peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp + more... + +
                • +
              • ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require + more... + +
                • +
              • ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str + more... + +
                • +
              • ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • priority - Priority for routes added by IKE (1 - 65535). type: int + more... + +
                • +
              • proposal - Phase1 proposal. type: list choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512 + more... + +
                • +
              • psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable + more... + +
                • +
              • rekey - Enable/disable phase1 rekey. type: str choices: enable, disable + more... + +
                • +
              • remote_gw - IPv4 address of the remote gateway"s external interface. type: str + more... + +
                • +
              • remote_gw6 - IPv6 address of the remote gateway"s external interface. type: str + more... + +
                • +
              • remotegw_ddns - Domain name of remote gateway. For example, name.ddns.com. type: str + more... + +
                • +
              • rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss + more... + +
                • +
              • save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable + more... + +
                • +
              • send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable + more... + +
                • +
              • signature_hash_alg - Digital Signature Authentication hash algorithms. type: list choices: sha1, sha2-256, sha2-384, sha2-512 + more... + +
                • +
              • split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str + more... + +
                • +
              • suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256 + more... + +
                • +
              • tunnel_search - Tunnel search method for when the interface is shared. type: str choices: selectors, nexthop + more... + +
                • +
              • type - Remote gateway type. type: str choices: static, dynamic, ddns + more... + +
                • +
              • unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable + more... + +
                • +
              • usrgrp - User group name for dialup peers. Source user.group.name. type: str + more... + +
                • +
              • vni - VNI of VXLAN tunnel. type: int + more... + +
                • +
              • wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw, simplified-static-fortigate, hub-fortigate-auto-discovery, spoke-fortigate-auto-discovery + more... + +
                • +
              • xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN remote gateway. + fortios_vpn_ipsec_phase1_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase1_interface: + acct_verify: "enable" + add_gw_route: "enable" + add_route: "disable" + aggregate_member: "enable" + aggregate_weight: "7" + assign_ip: "disable" + assign_ip_from: "range" + authmethod: "psk" + authmethod_remote: "psk" + authpasswd: "" + authusr: "" + authusrgrp: " (source user.group.name)" + auto_discovery_forwarder: "enable" + auto_discovery_psk: "enable" + auto_discovery_receiver: "enable" + auto_discovery_sender: "enable" + auto_discovery_shortcuts: "independent" + auto_negotiate: "enable" + backup_gateway: + - + address: "" + banner: "" + cert_id_validation: "enable" + certificate: + - + name: "default_name_26 (source vpn.certificate.local.name)" + childless_ike: "enable" + client_auto_negotiate: "disable" + client_keep_alive: "disable" + comments: "" + default_gw: "" + default_gw_priority: "32" + dhcp_ra_giaddr: "" + dhcp6_ra_linkaddr: "" + dhgrp: "1" + digital_signature_auth: "enable" + distance: "37" + dns_mode: "manual" + domain: "" + dpd: "disable" + dpd_retrycount: "41" + dpd_retryinterval: "" + eap: "enable" + eap_exclude_peergrp: " (source user.peergrp.name)" + eap_identity: "use-id-payload" + encap_local_gw4: "" + encap_local_gw6: "" + encap_remote_gw4: "" + encap_remote_gw6: "" + encapsulation: "none" + encapsulation_address: "ike" + enforce_unique_id: "disable" + esn: "require" + exchange_interface_ip: "enable" + exchange_ip_addr4: "" + exchange_ip_addr6: "" + fec_base: "57" + fec_codec: "rs" + fec_egress: "enable" + fec_health_check: " (source system.sdwan.health-check.name)" + fec_ingress: "enable" + fec_mapping_profile: " (source vpn.ipsec.fec.name)" + fec_receive_timeout: "63" + fec_redundant: "64" + fec_send_timeout: "65" + forticlient_enforcement: "enable" + fragmentation: "enable" + fragmentation_mtu: "68" + group_authentication: "enable" + group_authentication_secret: "" + ha_sync_esp_seqno: "enable" + idle_timeout: "enable" + idle_timeoutinterval: "73" + ike_version: "1" + include_local_lan: "disable" + interface: " (source system.interface.name)" + ip_delay_interval: "77" + ip_fragmentation: "pre-encapsulation" + ip_version: "4" + ipv4_dns_server1: "" + ipv4_dns_server2: "" + ipv4_dns_server3: "" + ipv4_end_ip: "" + ipv4_exclude_range: + - + end_ip: "" + id: "86" + start_ip: "" + ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_netmask: "" + ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_start_ip: "" + ipv4_wins_server1: "" + ipv4_wins_server2: "" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_dns_server3: "" + ipv6_end_ip: "" + ipv6_exclude_range: + - + end_ip: "" + id: "101" + start_ip: "" + ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_prefix: "104" + ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_start_ip: "" + keepalive: "108" + keylife: "109" + local_gw: "" + local_gw6: "" + localid: "" + localid_type: "auto" + loopback_asymroute: "enable" + mesh_selector_type: "disable" + mode: "aggressive" + mode_cfg: "disable" + monitor: " (source vpn.ipsec.phase1-interface.name)" + monitor_hold_down_delay: "119" + monitor_hold_down_time: "" + monitor_hold_down_type: "immediate" + monitor_hold_down_weekday: "everyday" + name: "default_name_123" + nattraversal: "enable" + negotiate_timeout: "125" + net_device: "enable" + network_id: "127" + network_overlay: "disable" + npu_offload: "enable" + passive_mode: "enable" + peer: " (source user.peer.name)" + peergrp: " (source user.peergrp.name)" + peerid: "" + peertype: "any" + ppk: "disable" + ppk_identity: "" + ppk_secret: "" + priority: "138" + proposal: "des-md5" + psksecret: "" + psksecret_remote: "" + reauth: "disable" + rekey: "enable" + remote_gw: "" + remote_gw6: "" + remotegw_ddns: "" + rsa_signature_format: "pkcs1" + save_password: "disable" + send_cert_chain: "enable" + signature_hash_alg: "sha1" + split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" + suite_b: "disable" + tunnel_search: "selectors" + type: "static" + unity_support: "disable" + usrgrp: " (source user.group.name)" + vni: "157" + wizard_type: "custom" + xauthtype: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_phase2.rst b/gen/fortios_vpn_ipsec_phase2.rst new file mode 100644 index 00000000..419a7ef1 --- /dev/null +++ b/gen/fortios_vpn_ipsec_phase2.rst @@ -0,0 +1,4623 @@ +:source: fortios_vpn_ipsec_phase2.py + +:orphan: + +.. fortios_vpn_ipsec_phase2: + +fortios_vpn_ipsec_phase2 -- Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase2 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_phase2yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_phase2 - Configure VPN autokey tunnel. type: dict + more... + +
              • +
                +
              • add_route - Enable/disable automatic route addition. type: str choices: phase1, enable, disable + more... + +
                • +
              • auto_negotiate - Enable/disable IPsec SA auto-negotiation. type: str choices: enable, disable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dhcp_ipsec - Enable/disable DHCP-IPsec. type: str choices: enable, disable + more... + +
                • +
              • dhgrp - Phase2 DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32 + more... + +
                • +
              • diffserv - Enable/disable applying DSCP value to the IPsec tunnel outer IP header. type: str choices: enable, disable + more... + +
                • +
              • diffservcode - DSCP value to be applied to the IPsec tunnel outer IP header. type: str + more... + +
                • +
              • dst_addr_type - Remote proxy ID type. type: str choices: subnet, range, ip, name + more... + +
                • +
              • dst_end_ip - Remote proxy ID IPv4 end. type: str + more... + +
                • +
              • dst_end_ip6 - Remote proxy ID IPv6 end. type: str + more... + +
                • +
              • dst_name - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • dst_name6 - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • dst_port - Quick mode destination port (1 - 65535 or 0 for all). type: int + more... + +
                • +
              • dst_start_ip - Remote proxy ID IPv4 start. type: str + more... + +
                • +
              • dst_start_ip6 - Remote proxy ID IPv6 start. type: str + more... + +
                • +
              • dst_subnet - Remote proxy ID IPv4 subnet. type: str + more... + +
                • +
              • dst_subnet6 - Remote proxy ID IPv6 subnet. type: str + more... + +
                • +
              • encapsulation - ESP encapsulation mode. type: str choices: tunnel-mode, transport-mode + more... + +
                • +
              • initiator_ts_narrow - Enable/disable traffic selector narrowing for IKEv2 initiator. type: str choices: enable, disable + more... + +
                • +
              • ipv4_df - Enable/disable setting and resetting of IPv4 "Don"t Fragment" bit. type: str choices: enable, disable + more... + +
                • +
              • keepalive - Enable/disable keep alive. type: str choices: enable, disable + more... + +
                • +
              • keylife_type - Keylife type. type: str choices: seconds, kbs, both + more... + +
                • +
              • keylifekbs - Phase2 key life in number of kilobytes of traffic (5120 - 4294967295). type: int + more... + +
                • +
              • keylifeseconds - Phase2 key life in time in seconds (120 - 172800). type: int + more... + +
                • +
              • l2tp - Enable/disable L2TP over IPsec. type: str choices: enable, disable + more... + +
                • +
              • name - IPsec tunnel name. type: str required: true + more... + +
                • +
              • pfs - Enable/disable PFS feature. type: str choices: enable, disable + more... + +
                • +
              • phase1name - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1.name. type: str + more... + +
                • +
              • proposal - Phase2 proposal. type: list choices: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512 + more... + +
                • +
              • protocol - Quick mode protocol selector (1 - 255 or 0 for all). type: int + more... + +
                • +
              • replay - Enable/disable replay detection. type: str choices: enable, disable + more... + +
                • +
              • route_overlap - Action for overlapping routes. type: str choices: use-old, use-new, allow + more... + +
                • +
              • selector_match - Match type to use when comparing selectors. type: str choices: exact, subset, auto + more... + +
                • +
              • single_source - Enable/disable single source IP restriction. type: str choices: enable, disable + more... + +
                • +
              • src_addr_type - Local proxy ID type. type: str choices: subnet, range, ip, name + more... + +
                • +
              • src_end_ip - Local proxy ID end. type: str + more... + +
                • +
              • src_end_ip6 - Local proxy ID IPv6 end. type: str + more... + +
                • +
              • src_name - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • src_name6 - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • src_port - Quick mode source port (1 - 65535 or 0 for all). type: int + more... + +
                • +
              • src_start_ip - Local proxy ID start. type: str + more... + +
                • +
              • src_start_ip6 - Local proxy ID IPv6 start. type: str + more... + +
                • +
              • src_subnet - Local proxy ID subnet. type: str + more... + +
                • +
              • src_subnet6 - Local proxy ID IPv6 subnet. type: str + more... + +
                • +
              • use_natip - Enable to use the FortiGate public IP as the source selector when outbound NAT is used. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN autokey tunnel. + fortios_vpn_ipsec_phase2: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase2: + add_route: "phase1" + auto_negotiate: "enable" + comments: "" + dhcp_ipsec: "enable" + dhgrp: "1" + diffserv: "enable" + diffservcode: "" + dst_addr_type: "subnet" + dst_end_ip: "" + dst_end_ip6: "" + dst_name: " (source firewall.address.name firewall.addrgrp.name)" + dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + dst_port: "15" + dst_start_ip: "" + dst_start_ip6: "" + dst_subnet: "" + dst_subnet6: "" + encapsulation: "tunnel-mode" + initiator_ts_narrow: "enable" + ipv4_df: "enable" + keepalive: "enable" + keylife_type: "seconds" + keylifekbs: "25" + keylifeseconds: "26" + l2tp: "enable" + name: "default_name_28" + pfs: "enable" + phase1name: " (source vpn.ipsec.phase1.name)" + proposal: "null-md5" + protocol: "32" + replay: "enable" + route_overlap: "use-old" + selector_match: "exact" + single_source: "enable" + src_addr_type: "subnet" + src_end_ip: "" + src_end_ip6: "" + src_name: " (source firewall.address.name firewall.addrgrp.name)" + src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + src_port: "42" + src_start_ip: "" + src_start_ip6: "" + src_subnet: "" + src_subnet6: "" + use_natip: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ipsec_phase2_interface.rst b/gen/fortios_vpn_ipsec_phase2_interface.rst new file mode 100644 index 00000000..37aedc7c --- /dev/null +++ b/gen/fortios_vpn_ipsec_phase2_interface.rst @@ -0,0 +1,4794 @@ +:source: fortios_vpn_ipsec_phase2_interface.py + +:orphan: + +.. fortios_vpn_ipsec_phase2_interface: + +fortios_vpn_ipsec_phase2_interface -- Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase2_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ipsec_phase2_interfaceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ipsec_phase2_interface - Configure VPN autokey tunnel. type: dict + more... + +
              • +
                +
              • add_route - Enable/disable automatic route addition. type: str choices: phase1, enable, disable + more... + +
                • +
              • auto_discovery_forwarder - Enable/disable forwarding short-cut messages. type: str choices: phase1, enable, disable + more... + +
                • +
              • auto_discovery_sender - Enable/disable sending short-cut messages. type: str choices: phase1, enable, disable + more... + +
                • +
              • auto_negotiate - Enable/disable IPsec SA auto-negotiation. type: str choices: enable, disable + more... + +
                • +
              • comments - Comment. type: str + more... + +
                • +
              • dhcp_ipsec - Enable/disable DHCP-IPsec. type: str choices: enable, disable + more... + +
                • +
              • dhgrp - Phase2 DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32 + more... + +
                • +
              • diffserv - Enable/disable applying DSCP value to the IPsec tunnel outer IP header. type: str choices: enable, disable + more... + +
                • +
              • diffservcode - DSCP value to be applied to the IPsec tunnel outer IP header. type: str + more... + +
                • +
              • dst_addr_type - Remote proxy ID type. type: str choices: subnet, range, ip, name, subnet6, range6, ip6, name6 + more... + +
                • +
              • dst_end_ip - Remote proxy ID IPv4 end. type: str + more... + +
                • +
              • dst_end_ip6 - Remote proxy ID IPv6 end. type: str + more... + +
                • +
              • dst_name - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • dst_name6 - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • dst_port - Quick mode destination port (1 - 65535 or 0 for all). type: int + more... + +
                • +
              • dst_start_ip - Remote proxy ID IPv4 start. type: str + more... + +
                • +
              • dst_start_ip6 - Remote proxy ID IPv6 start. type: str + more... + +
                • +
              • dst_subnet - Remote proxy ID IPv4 subnet. type: str + more... + +
                • +
              • dst_subnet6 - Remote proxy ID IPv6 subnet. type: str + more... + +
                • +
              • encapsulation - ESP encapsulation mode. type: str choices: tunnel-mode, transport-mode + more... + +
                • +
              • initiator_ts_narrow - Enable/disable traffic selector narrowing for IKEv2 initiator. type: str choices: enable, disable + more... + +
                • +
              • ipv4_df - Enable/disable setting and resetting of IPv4 "Don"t Fragment" bit. type: str choices: enable, disable + more... + +
                • +
              • keepalive - Enable/disable keep alive. type: str choices: enable, disable + more... + +
                • +
              • keylife_type - Keylife type. type: str choices: seconds, kbs, both + more... + +
                • +
              • keylifekbs - Phase2 key life in number of kilobytes of traffic (5120 - 4294967295). type: int + more... + +
                • +
              • keylifeseconds - Phase2 key life in time in seconds (120 - 172800). type: int + more... + +
                • +
              • l2tp - Enable/disable L2TP over IPsec. type: str choices: enable, disable + more... + +
                • +
              • name - IPsec tunnel name. type: str required: true + more... + +
                • +
              • pfs - Enable/disable PFS feature. type: str choices: enable, disable + more... + +
                • +
              • phase1name - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1-interface.name. type: str + more... + +
                • +
              • proposal - Phase2 proposal. type: list choices: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512 + more... + +
                • +
              • protocol - Quick mode protocol selector (1 - 255 or 0 for all). type: int + more... + +
                • +
              • replay - Enable/disable replay detection. type: str choices: enable, disable + more... + +
                • +
              • route_overlap - Action for overlapping routes. type: str choices: use-old, use-new, allow + more... + +
                • +
              • single_source - Enable/disable single source IP restriction. type: str choices: enable, disable + more... + +
                • +
              • src_addr_type - Local proxy ID type. type: str choices: subnet, range, ip, name, subnet6, range6, ip6, name6 + more... + +
                • +
              • src_end_ip - Local proxy ID end. type: str + more... + +
                • +
              • src_end_ip6 - Local proxy ID IPv6 end. type: str + more... + +
                • +
              • src_name - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                • +
              • src_name6 - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str + more... + +
                • +
              • src_port - Quick mode source port (1 - 65535 or 0 for all). type: int + more... + +
                • +
              • src_start_ip - Local proxy ID start. type: str + more... + +
                • +
              • src_start_ip6 - Local proxy ID IPv6 start. type: str + more... + +
                • +
              • src_subnet - Local proxy ID subnet. type: str + more... + +
                • +
              • src_subnet6 - Local proxy ID IPv6 subnet. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN autokey tunnel. + fortios_vpn_ipsec_phase2_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase2_interface: + add_route: "phase1" + auto_discovery_forwarder: "phase1" + auto_discovery_sender: "phase1" + auto_negotiate: "enable" + comments: "" + dhcp_ipsec: "enable" + dhgrp: "1" + diffserv: "enable" + diffservcode: "" + dst_addr_type: "subnet" + dst_end_ip: "" + dst_end_ip6: "" + dst_name: " (source firewall.address.name firewall.addrgrp.name)" + dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + dst_port: "17" + dst_start_ip: "" + dst_start_ip6: "" + dst_subnet: "" + dst_subnet6: "" + encapsulation: "tunnel-mode" + initiator_ts_narrow: "enable" + ipv4_df: "enable" + keepalive: "enable" + keylife_type: "seconds" + keylifekbs: "27" + keylifeseconds: "28" + l2tp: "enable" + name: "default_name_30" + pfs: "enable" + phase1name: " (source vpn.ipsec.phase1-interface.name)" + proposal: "null-md5" + protocol: "34" + replay: "enable" + route_overlap: "use-old" + single_source: "enable" + src_addr_type: "subnet" + src_end_ip: "" + src_end_ip6: "" + src_name: " (source firewall.address.name firewall.addrgrp.name)" + src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + src_port: "43" + src_start_ip: "" + src_start_ip6: "" + src_subnet: "" + src_subnet6: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_l2tp.rst b/gen/fortios_vpn_l2tp.rst new file mode 100644 index 00000000..2d0a9c7d --- /dev/null +++ b/gen/fortios_vpn_l2tp.rst @@ -0,0 +1,741 @@ +:source: fortios_vpn_l2tp.py + +:orphan: + +.. fortios_vpn_l2tp: + +fortios_vpn_l2tp -- Configure L2TP in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn feature and l2tp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_l2tpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • vpn_l2tp - Configure L2TP. type: dict + more... + +
              • +
                +
              • compress - Enable/disable data compression. type: str choices: enable, disable + more... + +
                • +
              • eip - End IP. type: str + more... + +
                • +
              • enforce_ipsec - Enable/disable IPsec enforcement. type: str choices: enable, disable + more... + +
                • +
              • hello_interval - L2TP hello message interval in seconds (0 - 3600 sec). type: int + more... + +
                • +
              • lcp_echo_interval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. type: int + more... + +
                • +
              • lcp_max_echo_fails - Maximum number of missed LCP echo messages before disconnect. type: int + more... + +
                • +
              • sip - Start IP. type: str + more... + +
                • +
              • status - Enable/disable FortiGate as a L2TP gateway. type: str choices: enable, disable + more... + +
                • +
              • usrgrp - User group. Source user.group.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure L2TP. + fortios_vpn_l2tp: + vdom: "{{ vdom }}" + vpn_l2tp: + compress: "enable" + eip: "" + enforce_ipsec: "enable" + hello_interval: "6" + lcp_echo_interval: "7" + lcp_max_echo_fails: "8" + sip: "" + status: "enable" + usrgrp: " (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ocvpn.rst b/gen/fortios_vpn_ocvpn.rst new file mode 100644 index 00000000..42cf5e49 --- /dev/null +++ b/gen/fortios_vpn_ocvpn.rst @@ -0,0 +1,2162 @@ +:source: fortios_vpn_ocvpn.py + +:orphan: + +.. fortios_vpn_ocvpn: + +fortios_vpn_ocvpn -- Configure Overlay Controller VPN settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn feature and ocvpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ocvpnyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • vpn_ocvpn - Configure Overlay Controller VPN settings. type: dict + more... + +
              • +
                +
              • auto_discovery - Enable/disable auto-discovery shortcuts. type: str choices: enable, disable + more... + +
                • +
              • auto_discovery_shortcut_mode - Control deletion of child short-cut tunnels when the parent tunnel goes down. type: str choices: independent, dependent + more... + +
                • +
              • eap - Enable/disable EAP client authentication. type: str choices: enable, disable + more... + +
                • +
              • eap_users - EAP authentication user group. Source user.group.name. type: str + more... + +
                • +
              • forticlient_access - Configure FortiClient settings. type: dict + more... + +
                • +
                  +
                • auth_groups - FortiClient user authentication groups. type: list member_path: forticlient_access/auth_groups:name + more... + +
                  • +
                    +
                  • auth_group - Authentication user group for FortiClient access. Source user.group.name. type: str + more... + +
                    • +
                  • name - Group name. type: str required: true + more... + +
                    • +
                  • overlays - OCVPN overlays to allow access to. type: list + more... + +
                    • +
                      +
                    • overlay_name - Overlay name. Source vpn.ocvpn.overlays.overlay-name. type: str + more... + +
                      • +
                    +
                  +
                • psksecret - Pre-shared secret for FortiClient PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                  • +
                • status - Enable/disable FortiClient to access OCVPN networks. type: str choices: enable, disable + more... + +
                  • +
                +
              • ha_alias - Hidden HA alias. type: str + more... + +
                • +
              • ip_allocation_block - Class B subnet reserved for private IP address assignment. type: str + more... + +
                • +
              • multipath - Enable/disable multipath redundancy. type: str choices: enable, disable + more... + +
                • +
              • nat - Enable/disable NAT support. type: str choices: enable, disable + more... + +
                • +
              • overlays - Network overlays to register with Overlay Controller VPN service. type: list + more... + +
                • +
                  +
                • assign_ip - Enable/disable mode-cfg address assignment. type: str choices: enable, disable + more... + +
                  • +
                • id - ID. type: int + more... + +
                  • +
                • inter_overlay - Allow or deny traffic from other overlays. type: str choices: allow, deny + more... + +
                  • +
                • ipv4_end_ip - End of IPv4 range. type: str + more... + +
                  • +
                • ipv4_start_ip - Start of IPv4 range. type: str + more... + +
                  • +
                • name - Overlay name. type: str + more... + +
                  • +
                • overlay_name - Overlay name. type: str + more... + +
                  • +
                • subnets - Internal subnets to register with OCVPN service. type: list member_path: subnets:id + more... + +
                  • +
                    +
                  • id - ID. type: int required: true + more... + +
                    • +
                  • interface - LAN interface. Source system.interface.name. type: str + more... + +
                    • +
                  • subnet - IPv4 address and subnet mask. type: str + more... + +
                    • +
                  • type - Subnet type. type: str choices: subnet, interface + more... + +
                    • +
                  +
                +
              • poll_interval - Overlay Controller VPN polling interval. type: int + more... + +
                • +
              • role - Set device role. type: str choices: spoke, primary-hub, secondary-hub + more... + +
                • +
              • sdwan - Enable/disable adding OCVPN tunnels to SD-WAN. type: str choices: enable, disable + more... + +
                • +
              • sdwan_zone - Set SD-WAN zone. Source system.sdwan.zone.name. type: str + more... + +
                • +
              • status - Enable/disable Overlay Controller cloud assisted VPN. type: str choices: enable, disable + more... + +
                • +
              • subnets - Internal subnets to register with Overlay Controller VPN service. type: list member_path: subnets:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • interface - LAN interface. Source system.interface.name. type: str + more... + +
                  • +
                • subnet - IPv4 address and subnet mask. type: str + more... + +
                  • +
                • type - Subnet type. type: str choices: subnet, interface + more... + +
                  • +
                +
              • wan_interface - FortiGate WAN interfaces to use with OCVPN. type: list member_path: wan_interface:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Overlay Controller VPN settings. + fortios_vpn_ocvpn: + vdom: "{{ vdom }}" + vpn_ocvpn: + auto_discovery: "enable" + auto_discovery_shortcut_mode: "independent" + eap: "enable" + eap_users: " (source user.group.name)" + forticlient_access: + auth_groups: + - + auth_group: " (source user.group.name)" + name: "default_name_10" + overlays: + - + overlay_name: " (source vpn.ocvpn.overlays.overlay-name)" + psksecret: "" + status: "enable" + ha_alias: "" + ip_allocation_block: "" + multipath: "enable" + nat: "enable" + overlays: + - + assign_ip: "enable" + id: "21" + inter_overlay: "allow" + ipv4_end_ip: "" + ipv4_start_ip: "" + name: "default_name_25" + overlay_name: "" + subnets: + - + id: "28" + interface: " (source system.interface.name)" + subnet: "" + type: "subnet" + poll_interval: "32" + role: "spoke" + sdwan: "enable" + sdwan_zone: " (source system.sdwan.zone.name)" + status: "enable" + subnets: + - + id: "38" + interface: " (source system.interface.name)" + subnet: "" + type: "subnet" + wan_interface: + - + name: "default_name_43 (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_pptp.rst b/gen/fortios_vpn_pptp.rst new file mode 100644 index 00000000..dbeabab7 --- /dev/null +++ b/gen/fortios_vpn_pptp.rst @@ -0,0 +1,565 @@ +:source: fortios_vpn_pptp.py + +:orphan: + +.. fortios_vpn_pptp: + +fortios_vpn_pptp -- Configure PPTP in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn feature and pptp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_pptpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • vpn_pptp - Configure PPTP. type: dict + more... + +
              • +
                +
              • eip - End IP. type: str + more... + +
                • +
              • ip_mode - IP assignment mode for PPTP client. type: str choices: range, usrgrp + more... + +
                • +
              • local_ip - Local IP to be used for peer"s remote IP. type: str + more... + +
                • +
              • sip - Start IP. type: str + more... + +
                • +
              • status - Enable/disable FortiGate as a PPTP gateway. type: str choices: enable, disable + more... + +
                • +
              • usrgrp - User group. Source user.group.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure PPTP. + fortios_vpn_pptp: + vdom: "{{ vdom }}" + vpn_pptp: + eip: "" + ip_mode: "range" + local_ip: "" + sip: "" + status: "enable" + usrgrp: " (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_client.rst b/gen/fortios_vpn_ssl_client.rst new file mode 100644 index 00000000..d26e1aa1 --- /dev/null +++ b/gen/fortios_vpn_ssl_client.rst @@ -0,0 +1,558 @@ +:source: fortios_vpn_ssl_client.py + +:orphan: + +.. fortios_vpn_ssl_client: + +fortios_vpn_ssl_client -- Client in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl feature and client category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_clientyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ssl_client - Client. type: dict + more... + +
              • +
                +
              • certificate - Certificate to offer to SSL-VPN server if it requests one. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • distance - Distance for routes added by SSL-VPN (1 - 255). type: int + more... + +
                • +
              • interface - SSL interface to send/receive traffic over. Source system.interface.name. type: str + more... + +
                • +
              • name - SSL-VPN tunnel name. type: str required: true + more... + +
                • +
              • peer - Authenticate peer"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str + more... + +
                • +
              • port - SSL-VPN server port. type: int + more... + +
                • +
              • priority - Priority for routes added by SSL-VPN (1 - 65535). type: int + more... + +
                • +
              • psk - Pre-shared secret to authenticate with the server (ASCII string or hexadecimal encoded with a leading 0x). type: str + more... + +
                • +
              • realm - Realm name configured on SSL-VPN server. type: str + more... + +
                • +
              • server - IPv4, IPv6 or DNS address of the SSL-VPN server. type: str + more... + +
                • +
              • source_ip - IPv4 or IPv6 address to use as a source for the SSL-VPN connection to the server. type: str + more... + +
                • +
              • status - Enable/disable this SSL-VPN client configuration. type: str choices: enable, disable + more... + +
                • +
              • user - Username to offer to the peer to authenticate the client. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Client. + fortios_vpn_ssl_client: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_client: + certificate: " (source vpn.certificate.local.name)" + comment: "Comment." + distance: "5" + interface: " (source system.interface.name)" + name: "default_name_7" + peer: " (source user.peer.name user.peergrp.name)" + port: "9" + priority: "10" + psk: "" + realm: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + user: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_settings.rst b/gen/fortios_vpn_ssl_settings.rst new file mode 100644 index 00000000..2dbcce58 --- /dev/null +++ b/gen/fortios_vpn_ssl_settings.rst @@ -0,0 +1,6651 @@ +:source: fortios_vpn_ssl_settings.py + +:orphan: + +.. fortios_vpn_ssl_settings: + +fortios_vpn_ssl_settings -- Configure SSL-VPN in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • vpn_ssl_settings - Configure SSL-VPN. type: dict + more... + +
              • +
                +
              • algorithm - Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. type: str choices: high, medium, default, low + more... + +
                • +
              • auth_session_check_source_ip - Enable/disable checking of source IP for authentication session. type: str choices: enable, disable + more... + +
                • +
              • auth_timeout - SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout). type: int + more... + +
                • +
              • authentication_rule - Authentication rule for SSL-VPN. type: list member_path: authentication_rule:id + more... + +
                • +
                  +
                • auth - SSL-VPN authentication method restriction. type: str choices: any, local, radius, tacacs+, ldap, peer + more... + +
                  • +
                • cipher - SSL-VPN cipher strength. type: str choices: any, high, medium + more... + +
                  • +
                • client_cert - Enable/disable SSL-VPN client certificate restrictive. type: str choices: enable, disable + more... + +
                  • +
                • groups - User groups. type: list member_path: authentication_rule:id/groups:name + more... + +
                  • +
                    +
                  • name - Group name. Source user.group.name. type: str required: true + more... + +
                    • +
                  +
                • id - ID (0 - 4294967295). type: int required: true + more... + +
                  • +
                • portal - SSL-VPN portal. Source vpn.ssl.web.portal.name. type: str + more... + +
                  • +
                • realm - SSL-VPN realm. Source vpn.ssl.web.realm.url-path. type: str + more... + +
                  • +
                • source_address - Source address of incoming traffic. type: list member_path: authentication_rule:id/source_address:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address.name firewall.addrgrp.name system.external-resource.name. type: str required: true + more... + +
                    • +
                  +
                • source_address_negate - Enable/disable negated source address match. type: str choices: enable, disable + more... + +
                  • +
                • source_address6 - IPv6 source address of incoming traffic. type: list member_path: authentication_rule:id/source_address6:name + more... + +
                  • +
                    +
                  • name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                    • +
                  +
                • source_address6_negate - Enable/disable negated source IPv6 address match. type: str choices: enable, disable + more... + +
                  • +
                • source_interface - SSL-VPN source interface of incoming traffic. type: list member_path: authentication_rule:id/source_interface:name + more... + +
                  • +
                    +
                  • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                    • +
                  +
                • user_peer - Name of user peer. Source user.peer.name. type: str + more... + +
                  • +
                • users - User name. type: list member_path: authentication_rule:id/users:name + more... + +
                  • +
                    +
                  • name - User name. Source user.local.name. type: str required: true + more... + +
                    • +
                  +
                +
              • auto_tunnel_static_route - Enable/disable to auto-create static routes for the SSL-VPN tunnel IP addresses. type: str choices: enable, disable + more... + +
                • +
              • banned_cipher - Select one or more cipher technologies that cannot be used in SSL-VPN negotiations. Only applies to TLS 1.2 and below. type: list choices: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM, DH, ECDH + more... + +
                • +
              • check_referer - Enable/disable verification of referer field in HTTP request header. type: str choices: enable, disable + more... + +
                • +
              • ciphersuite - Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. type: list choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256 + more... + +
                • +
              • client_sigalgs - Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. type: str choices: no-rsa-pss, all + more... + +
                • +
              • default_portal - Default SSL-VPN portal. Source vpn.ssl.web.portal.name. type: str + more... + +
                • +
              • deflate_compression_level - Compression level (0~9). type: int + more... + +
                • +
              • deflate_min_data_size - Minimum amount of data that triggers compression (200 - 65535 bytes). type: int + more... + +
                • +
              • dns_server1 - DNS server 1. type: str + more... + +
                • +
              • dns_server2 - DNS server 2. type: str + more... + +
                • +
              • dns_suffix - DNS suffix used for SSL-VPN clients. type: str + more... + +
                • +
              • dtls_hello_timeout - SSLVPN maximum DTLS hello timeout (10 - 60 sec). type: int + more... + +
                • +
              • dtls_max_proto_ver - DTLS maximum protocol version. type: str choices: dtls1-0, dtls1-2 + more... + +
                • +
              • dtls_min_proto_ver - DTLS minimum protocol version. type: str choices: dtls1-0, dtls1-2 + more... + +
                • +
              • dtls_tunnel - Enable/disable DTLS to prevent eavesdropping, tampering, or message forgery. type: str choices: enable, disable + more... + +
                • +
              • dual_stack_mode - Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. type: str choices: enable, disable + more... + +
                • +
              • encode_2f_sequence - Encode 2F sequence to forward slash in URLs. type: str choices: enable, disable + more... + +
                • +
              • encrypt_and_store_password - Encrypt and store user passwords for SSL-VPN web sessions. type: str choices: enable, disable + more... + +
                • +
              • force_two_factor_auth - Enable/disable only PKI users with two-factor authentication for SSL-VPNs. type: str choices: enable, disable + more... + +
                • +
              • header_x_forwarded_for - Forward the same, add, or remove HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • hsts_include_subdomains - Add HSTS includeSubDomains response header. type: str choices: enable, disable + more... + +
                • +
              • http_compression - Enable/disable to allow HTTP compression over SSL-VPN tunnels. type: str choices: enable, disable + more... + +
                • +
              • http_only_cookie - Enable/disable SSL-VPN support for HttpOnly cookies. type: str choices: enable, disable + more... + +
                • +
              • http_request_body_timeout - SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec). type: int + more... + +
                • +
              • http_request_header_timeout - SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec). type: int + more... + +
                • +
              • https_redirect - Enable/disable redirect of port 80 to SSL-VPN port. type: str choices: enable, disable + more... + +
                • +
              • idle_timeout - SSL-VPN disconnects if idle for specified time in seconds. type: int + more... + +
                • +
              • ipv6_dns_server1 - IPv6 DNS server 1. type: str + more... + +
                • +
              • ipv6_dns_server2 - IPv6 DNS server 2. type: str + more... + +
                • +
              • ipv6_wins_server1 - IPv6 WINS server 1. type: str + more... + +
                • +
              • ipv6_wins_server2 - IPv6 WINS server 2. type: str + more... + +
                • +
              • login_attempt_limit - SSL-VPN maximum login attempt times before block (0 - 10). type: int + more... + +
                • +
              • login_block_time - Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec). type: int + more... + +
                • +
              • login_timeout - SSLVPN maximum login timeout (10 - 180 sec). type: int + more... + +
                • +
              • port - SSL-VPN access port (1 - 65535). type: int + more... + +
                • +
              • port_precedence - Enable/disable, Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. type: str choices: enable, disable + more... + +
                • +
              • reqclientcert - Enable/disable to require client certificates for all SSL-VPN users. type: str choices: enable, disable + more... + +
                • +
              • route_source_interface - Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. type: str choices: enable, disable + more... + +
                • +
              • saml_redirect_port - SAML local redirect port in the machine running FortiClient (0 - 65535). 0 is to disable redirection on FGT side. type: int + more... + +
                • +
              • servercert - Name of the server certificate to be used for SSL-VPNs. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • source_address - Source address of incoming traffic. type: list member_path: source_address:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • source_address_negate - Enable/disable negated source address match. type: str choices: enable, disable + more... + +
                • +
              • source_address6 - IPv6 source address of incoming traffic. type: list member_path: source_address6:name + more... + +
                • +
                  +
                • name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: true + more... + +
                  • +
                +
              • source_address6_negate - Enable/disable negated source IPv6 address match. type: str choices: enable, disable + more... + +
                • +
              • source_interface - SSL-VPN source interface of incoming traffic. type: list member_path: source_interface:name + more... + +
                • +
                  +
                • name - Interface name. Source system.interface.name system.zone.name. type: str required: true + more... + +
                  • +
                +
              • ssl_client_renegotiation - Enable/disable to allow client renegotiation by the server if the tunnel goes down. type: str choices: disable, enable + more... + +
                • +
              • ssl_insert_empty_fragment - Enable/disable insertion of empty fragment. type: str choices: enable, disable + more... + +
                • +
              • ssl_max_proto_ver - SSL maximum protocol version. type: str choices: tls1-0, tls1-1, tls1-2, tls1-3 + more... + +
                • +
              • ssl_min_proto_ver - SSL minimum protocol version. type: str choices: tls1-0, tls1-1, tls1-2, tls1-3 + more... + +
                • +
              • status - Enable/disable SSL-VPN. type: str choices: enable, disable + more... + +
                • +
              • tlsv1_0 - tlsv1-0 type: str choices: enable, disable + more... + +
                • +
              • tlsv1_1 - tlsv1-1 type: str choices: enable, disable + more... + +
                • +
              • tlsv1_2 - tlsv1-2 type: str choices: enable, disable + more... + +
                • +
              • tlsv1_3 - tlsv1-3 type: str choices: enable, disable + more... + +
                • +
              • transform_backward_slashes - Transform backward slashes to forward slashes in URLs. type: str choices: enable, disable + more... + +
                • +
              • tunnel_addr_assigned_method - Method used for assigning address for tunnel. type: str choices: first-available, round-robin + more... + +
                • +
              • tunnel_connect_without_reauth - Enable/disable tunnel connection without re-authorization if previous connection dropped. type: str choices: enable, disable + more... + +
                • +
              • tunnel_ip_pools - Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. type: list member_path: tunnel_ip_pools:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • tunnel_ipv6_pools - Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. type: list member_path: tunnel_ipv6_pools:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • tunnel_user_session_timeout - Time out value to clean up user session after tunnel connection is dropped (1 - 255 sec). type: int + more... + +
                • +
              • unsafe_legacy_renegotiation - Enable/disable unsafe legacy re-negotiation. type: str choices: enable, disable + more... + +
                • +
              • url_obscuration - Enable/disable to obscure the host name of the URL of the web browser display. type: str choices: enable, disable + more... + +
                • +
              • user_peer - Name of user peer. Source user.peer.name. type: str + more... + +
                • +
              • wins_server1 - WINS server 1. type: str + more... + +
                • +
              • wins_server2 - WINS server 2. type: str + more... + +
                • +
              • x_content_type_options - Add HTTP X-Content-Type-Options header. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL-VPN. + fortios_vpn_ssl_settings: + vdom: "{{ vdom }}" + vpn_ssl_settings: + algorithm: "high" + auth_session_check_source_ip: "enable" + auth_timeout: "5" + authentication_rule: + - + auth: "any" + cipher: "any" + client_cert: "enable" + groups: + - + name: "default_name_11 (source user.group.name)" + id: "12" + portal: " (source vpn.ssl.web.portal.name)" + realm: " (source vpn.ssl.web.realm.url-path)" + source_address: + - + name: "default_name_16 (source firewall.address.name firewall.addrgrp.name system.external-resource.name)" + source_address_negate: "enable" + source_address6: + - + name: "default_name_19 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + source_address6_negate: "enable" + source_interface: + - + name: "default_name_22 (source system.interface.name system.zone.name)" + user_peer: " (source user.peer.name)" + users: + - + name: "default_name_25 (source user.local.name)" + auto_tunnel_static_route: "enable" + banned_cipher: "RSA" + check_referer: "enable" + ciphersuite: "TLS-AES-128-GCM-SHA256" + client_sigalgs: "no-rsa-pss" + default_portal: " (source vpn.ssl.web.portal.name)" + deflate_compression_level: "32" + deflate_min_data_size: "33" + dns_server1: "" + dns_server2: "" + dns_suffix: "" + dtls_hello_timeout: "37" + dtls_max_proto_ver: "dtls1-0" + dtls_min_proto_ver: "dtls1-0" + dtls_tunnel: "enable" + dual_stack_mode: "enable" + encode_2f_sequence: "enable" + encrypt_and_store_password: "enable" + force_two_factor_auth: "enable" + header_x_forwarded_for: "pass" + hsts_include_subdomains: "enable" + http_compression: "enable" + http_only_cookie: "enable" + http_request_body_timeout: "49" + http_request_header_timeout: "50" + https_redirect: "enable" + idle_timeout: "52" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_wins_server1: "" + ipv6_wins_server2: "" + login_attempt_limit: "57" + login_block_time: "58" + login_timeout: "59" + port: "60" + port_precedence: "enable" + reqclientcert: "enable" + route_source_interface: "enable" + saml_redirect_port: "64" + servercert: " (source vpn.certificate.local.name)" + source_address: + - + name: "default_name_67 (source firewall.address.name firewall.addrgrp.name system.external-resource.name)" + source_address_negate: "enable" + source_address6: + - + name: "default_name_70 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + source_address6_negate: "enable" + source_interface: + - + name: "default_name_73 (source system.interface.name system.zone.name)" + ssl_client_renegotiation: "disable" + ssl_insert_empty_fragment: "enable" + ssl_max_proto_ver: "tls1-0" + ssl_min_proto_ver: "tls1-0" + status: "enable" + tlsv1_0: "enable" + tlsv1_1: "enable" + tlsv1_2: "enable" + tlsv1_3: "enable" + transform_backward_slashes: "enable" + tunnel_addr_assigned_method: "first-available" + tunnel_connect_without_reauth: "enable" + tunnel_ip_pools: + - + name: "default_name_87 (source firewall.address.name firewall.addrgrp.name)" + tunnel_ipv6_pools: + - + name: "default_name_89 (source firewall.address6.name firewall.addrgrp6.name)" + tunnel_user_session_timeout: "90" + unsafe_legacy_renegotiation: "enable" + url_obscuration: "enable" + user_peer: " (source user.peer.name)" + wins_server1: "" + wins_server2: "" + x_content_type_options: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_web_host_check_software.rst b/gen/fortios_vpn_ssl_web_host_check_software.rst new file mode 100644 index 00000000..56ecc8bf --- /dev/null +++ b/gen/fortios_vpn_ssl_web_host_check_software.rst @@ -0,0 +1,991 @@ +:source: fortios_vpn_ssl_web_host_check_software.py + +:orphan: + +.. fortios_vpn_ssl_web_host_check_software: + +fortios_vpn_ssl_web_host_check_software -- SSL-VPN host check software in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and host_check_software category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_web_host_check_softwareyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ssl_web_host_check_software - SSL-VPN host check software. type: dict + more... + +
              • +
                +
              • check_item_list - Check item list. type: list member_path: check_item_list:id + more... + +
                • +
                  +
                • action - Action. type: str choices: require, deny + more... + +
                  • +
                • id - ID (0 - 4294967295). type: int required: true + more... + +
                  • +
                • md5s - MD5 checksum. type: list member_path: check_item_list:id/md5s:id + more... + +
                  • +
                    +
                  • id - Hex string of MD5 checksum. type: str required: true + more... + +
                    • +
                  +
                • target - Target. type: str + more... + +
                  • +
                • type - Type. type: str choices: file, registry, process + more... + +
                  • +
                • version - Version. type: str + more... + +
                  • +
                +
              • guid - Globally unique ID. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • os_type - OS type. type: str choices: windows, macos + more... + +
                • +
              • type - Type. type: str choices: av, fw + more... + +
                • +
              • version - Version. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSL-VPN host check software. + fortios_vpn_ssl_web_host_check_software: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_host_check_software: + check_item_list: + - + action: "require" + id: "5" + md5s: + - + id: "7" + target: "" + type: "file" + version: "" + guid: "" + name: "default_name_12" + os_type: "windows" + type: "av" + version: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_web_portal.rst b/gen/fortios_vpn_ssl_web_portal.rst new file mode 100644 index 00000000..c843a383 --- /dev/null +++ b/gen/fortios_vpn_ssl_web_portal.rst @@ -0,0 +1,9811 @@ +:source: fortios_vpn_ssl_web_portal.py + +:orphan: + +.. fortios_vpn_ssl_web_portal: + +fortios_vpn_ssl_web_portal -- Portal in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_web_portalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ssl_web_portal - Portal. type: dict + more... + +
              • +
                +
              • allow_user_access - Allow user access to SSL-VPN applications. type: list choices: web, ftp, smb, sftp, telnet, ssh, vnc, rdp, ping, citrix, portforward + more... + +
                • +
              • auto_connect - Enable/disable automatic connect by client when system is up. type: str choices: enable, disable + more... + +
                • +
              • bookmark_group - Portal bookmark group. type: list member_path: bookmark_group:name + more... + +
                • +
                  +
                • bookmarks - Bookmark table. type: list member_path: bookmark_group:name/bookmarks:name + more... + +
                  • +
                    +
                  • additional_params - Additional parameters. type: str + more... + +
                    • +
                  • apptype - Application type. type: str choices: ftp, rdp, sftp, smb, ssh, telnet, vnc, web, citrix, portforward + more... + +
                    • +
                  • color_depth - Color depth per pixel. type: str choices: 32, 16, 8 + more... + +
                    • +
                  • description - Description. type: str + more... + +
                    • +
                  • domain - Login domain. type: str + more... + +
                    • +
                  • folder - Network shared file folder parameter. type: str + more... + +
                    • +
                  • form_data - Form data. type: list member_path: bookmark_group:name/bookmarks:name/form_data:name + more... + +
                    • +
                      +
                    • name - Name. type: str required: true + more... + +
                      • +
                    • value - Value. type: str + more... + +
                      • +
                    +
                  • height - Screen height (range from 480 - 65535). type: int + more... + +
                    • +
                  • host - Host name/IP parameter. type: str + more... + +
                    • +
                  • keyboard_layout - Keyboard layout. type: str choices: ar-101, ar-102, ar-102-azerty, can-mul, cz, cz-qwerty, cz-pr, da, nl, de, de-ch, de-ibm, en-uk, en-uk-ext, en-us, en-us-dvorak, es, es-var, fi, fi-sami, fr, fr-ca, fr-ch, fr-be, hr, hu, hu-101, it, it-142, ja, ko, lt, lt-ibm, lt-std, lav-std, lav-leg, mk, mk-std, False, no-sami, pol-214, pol-pr, pt, pt-br, pt-br-abnt2, ru, ru-mne, ru-t, sl, sv, sv-sami, tuk, tur-f, tur-q, zh-sym-sg-us, zh-sym-us, zh-tr-hk, zh-tr-mo, zh-tr-us + more... + +
                    • +
                  • listening_port - Listening port (0 - 65535). type: int + more... + +
                    • +
                  • load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str + more... + +
                    • +
                  • logon_password - Logon password. type: str + more... + +
                    • +
                  • logon_user - Logon user. type: str + more... + +
                    • +
                  • name - Bookmark name. type: str required: true + more... + +
                    • +
                  • port - Remote port. type: int + more... + +
                    • +
                  • preconnection_blob - An arbitrary string which identifies the RDP source. type: str + more... + +
                    • +
                  • preconnection_id - The numeric ID of the RDP source (0-4294967295). type: int + more... + +
                    • +
                  • remote_port - Remote port (0 - 65535). type: int + more... + +
                    • +
                  • restricted_admin - Enable/disable restricted admin mode for RDP. type: str choices: enable, disable + more... + +
                    • +
                  • security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any + more... + +
                    • +
                  • send_preconnection_id - Enable/disable sending of preconnection ID. type: str choices: enable, disable + more... + +
                    • +
                  • server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-ca-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe + more... + +
                    • +
                  • show_status_window - Enable/disable showing of status window. type: str choices: enable, disable + more... + +
                    • +
                  • sso - Single Sign-On. type: str choices: disable, static, auto + more... + +
                    • +
                  • sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative + more... + +
                    • +
                  • sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable + more... + +
                    • +
                  • sso_password - SSO password. type: str + more... + +
                    • +
                  • sso_username - SSO user name. type: str + more... + +
                    • +
                  • url - URL parameter. type: str + more... + +
                    • +
                  • width - Screen width (range from 640 - 65535). type: int + more... + +
                    • +
                  +
                • name - Bookmark group name. type: str required: true + more... + +
                  • +
                +
              • clipboard - Enable to support RDP/VPC clipboard functionality. type: str choices: enable, disable + more... + +
                • +
              • custom_lang - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str + more... + +
                • +
              • customize_forticlient_download_url - Enable support of customized download URL for FortiClient. type: str choices: enable, disable + more... + +
                • +
              • display_bookmark - Enable to display the web portal bookmark widget. type: str choices: enable, disable + more... + +
                • +
              • display_connection_tools - Enable to display the web portal connection tools widget. type: str choices: enable, disable + more... + +
                • +
              • display_history - Enable to display the web portal user login history widget. type: str choices: enable, disable + more... + +
                • +
              • display_status - Enable to display the web portal status widget. type: str choices: enable, disable + more... + +
                • +
              • dns_server1 - IPv4 DNS server 1. type: str + more... + +
                • +
              • dns_server2 - IPv4 DNS server 2. type: str + more... + +
                • +
              • dns_suffix - DNS suffix. type: str + more... + +
                • +
              • exclusive_routing - Enable/disable all traffic go through tunnel only. type: str choices: enable, disable + more... + +
                • +
              • forticlient_download - Enable/disable download option for FortiClient. type: str choices: enable, disable + more... + +
                • +
              • forticlient_download_method - FortiClient download method. type: str choices: direct, ssl-vpn + more... + +
                • +
              • heading - Web portal heading message. type: str + more... + +
                • +
              • hide_sso_credential - Enable to prevent SSO credential being sent to client. type: str choices: enable, disable + more... + +
                • +
              • host_check - Type of host checking performed on endpoints. type: str choices: none, av, fw, av-fw, custom + more... + +
                • +
              • host_check_interval - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int + more... + +
                • +
              • host_check_policy - One or more policies to require the endpoint to have specific security software. type: list member_path: host_check_policy:name + more... + +
                • +
                  +
                • name - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str required: true + more... + +
                  • +
                +
              • ip_mode - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str choices: range, user-group + more... + +
                • +
              • ip_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list member_path: ip_pools:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • ipv6_dns_server1 - IPv6 DNS server 1. type: str + more... + +
                • +
              • ipv6_dns_server2 - IPv6 DNS server 2. type: str + more... + +
                • +
              • ipv6_exclusive_routing - Enable/disable all IPv6 traffic go through tunnel only. type: str choices: enable, disable + more... + +
                • +
              • ipv6_pools - IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list member_path: ipv6_pools:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • ipv6_service_restriction - Enable/disable IPv6 tunnel service restriction. type: str choices: enable, disable + more... + +
                • +
              • ipv6_split_tunneling - Enable/disable IPv6 split tunneling. type: str choices: enable, disable + more... + +
                • +
              • ipv6_split_tunneling_routing_address - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list member_path: ipv6_split_tunneling_routing_address:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • ipv6_split_tunneling_routing_negate - Enable to negate IPv6 split tunneling routing address. type: str choices: enable, disable + more... + +
                • +
              • ipv6_tunnel_mode - Enable/disable IPv6 SSL-VPN tunnel mode. type: str choices: enable, disable + more... + +
                • +
              • ipv6_wins_server1 - IPv6 WINS server 1. type: str + more... + +
                • +
              • ipv6_wins_server2 - IPv6 WINS server 2. type: str + more... + +
                • +
              • keep_alive - Enable/disable automatic reconnect for FortiClient connections. type: str choices: enable, disable + more... + +
                • +
              • limit_user_logins - Enable to limit each user to one SSL-VPN session at a time. type: str choices: enable, disable + more... + +
                • +
              • mac_addr_action - Client MAC address action. type: str choices: allow, deny + more... + +
                • +
              • mac_addr_check - Enable/disable MAC address host checking. type: str choices: enable, disable + more... + +
                • +
              • mac_addr_check_rule - Client MAC address check rule. type: list member_path: mac_addr_check_rule:name + more... + +
                • +
                  +
                • mac_addr_list - Client MAC address list. type: list member_path: mac_addr_check_rule:name/mac_addr_list:addr + more... + +
                  • +
                    +
                  • addr - Client MAC address. type: str required: true + more... + +
                    • +
                  +
                • mac_addr_mask - Client MAC address mask. type: int + more... + +
                  • +
                • name - Client MAC address check rule name. type: str required: true + more... + +
                  • +
                +
              • macos_forticlient_download_url - Download URL for Mac FortiClient. type: str + more... + +
                • +
              • name - Portal name. type: str required: true + more... + +
                • +
              • os_check - Enable to let the FortiGate decide action based on client OS. type: str choices: enable, disable + more... + +
                • +
              • os_check_list - SSL-VPN OS checks. type: list member_path: os_check_list:name + more... + +
                • +
                  +
                • action - OS check options. type: str choices: deny, allow, check-up-to-date + more... + +
                  • +
                • latest_patch_level - Latest OS patch level. type: str + more... + +
                  • +
                • name - Name. type: str required: true + more... + +
                  • +
                • tolerance - OS patch level tolerance. type: int + more... + +
                  • +
                +
              • prefer_ipv6_dns - Prefer to query IPv6 DNS server first if enabled. type: str choices: enable, disable + more... + +
                • +
              • redir_url - Client login redirect URL. type: str + more... + +
                • +
              • rewrite_ip_uri_ui - Rewrite contents for URI contains IP and /ui/ . type: str choices: enable, disable + more... + +
                • +
              • save_password - Enable/disable FortiClient saving the user"s password. type: str choices: enable, disable + more... + +
                • +
              • service_restriction - Enable/disable tunnel service restriction. type: str choices: enable, disable + more... + +
                • +
              • skip_check_for_browser - Enable to skip host check for browser support. type: str choices: enable, disable + more... + +
                • +
              • skip_check_for_unsupported_browser - Enable to skip host check if browser does not support it. type: str choices: enable, disable + more... + +
                • +
              • skip_check_for_unsupported_os - Enable to skip host check if client OS does not support it. type: str choices: enable, disable + more... + +
                • +
              • smb_max_version - SMB maximum client protocol version. type: str choices: smbv1, smbv2, smbv3 + more... + +
                • +
              • smb_min_version - SMB minimum client protocol version. type: str choices: smbv1, smbv2, smbv3 + more... + +
                • +
              • smb_ntlmv1_auth - Enable support of NTLMv1 for Samba authentication. type: str choices: enable, disable + more... + +
                • +
              • smbv1 - SMB version 1. type: str choices: enable, disable + more... + +
                • +
              • split_dns - Split DNS for SSL-VPN. type: list member_path: split_dns:id + more... + +
                • +
                  +
                • dns_server1 - DNS server 1. type: str + more... + +
                  • +
                • dns_server2 - DNS server 2. type: str + more... + +
                  • +
                • domains - Split DNS domains used for SSL-VPN clients separated by comma. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ipv6_dns_server1 - IPv6 DNS server 1. type: str + more... + +
                  • +
                • ipv6_dns_server2 - IPv6 DNS server 2. type: str + more... + +
                  • +
                +
              • split_tunneling - Enable/disable IPv4 split tunneling. type: str choices: enable, disable + more... + +
                • +
              • split_tunneling_routing_address - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list member_path: split_tunneling_routing_address:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • split_tunneling_routing_negate - Enable to negate split tunneling routing address. type: str choices: enable, disable + more... + +
                • +
              • theme - Web portal color scheme. type: str choices: jade, neutrino, mariner, graphite, melongene, dark-matter, onyx, eclipse, blue, green, red + more... + +
                • +
              • transform_backward_slashes - Transform backward slashes to forward slashes in URLs. type: str choices: enable, disable + more... + +
                • +
              • tunnel_mode - Enable/disable IPv4 SSL-VPN tunnel mode. type: str choices: enable, disable + more... + +
                • +
              • use_sdwan - Use SD-WAN rules to get output interface. type: str choices: enable, disable + more... + +
                • +
              • user_bookmark - Enable to allow web portal users to create their own bookmarks. type: str choices: enable, disable + more... + +
                • +
              • user_group_bookmark - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str choices: enable, disable + more... + +
                • +
              • web_mode - Enable/disable SSL-VPN web mode. type: str choices: enable, disable + more... + +
                • +
              • windows_forticlient_download_url - Download URL for Windows FortiClient. type: str + more... + +
                • +
              • wins_server1 - IPv4 WINS server 1. type: str + more... + +
                • +
              • wins_server2 - IPv4 WINS server 1. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Portal. + fortios_vpn_ssl_web_portal: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_portal: + allow_user_access: "web" + auto_connect: "enable" + bookmark_group: + - + bookmarks: + - + additional_params: "" + apptype: "ftp" + color_depth: "32" + description: "" + domain: "" + folder: "" + form_data: + - + name: "default_name_14" + value: "" + height: "16" + host: "" + keyboard_layout: "ar-101" + listening_port: "19" + load_balancing_info: "" + logon_password: "" + logon_user: "" + name: "default_name_23" + port: "24" + preconnection_blob: "" + preconnection_id: "26" + remote_port: "27" + restricted_admin: "enable" + security: "rdp" + send_preconnection_id: "enable" + server_layout: "de-de-qwertz" + show_status_window: "enable" + sso: "disable" + sso_credential: "sslvpn-login" + sso_credential_sent_once: "enable" + sso_password: "" + sso_username: "" + url: "myurl.com" + width: "39" + name: "default_name_40" + clipboard: "enable" + custom_lang: " (source system.custom-language.name)" + customize_forticlient_download_url: "enable" + display_bookmark: "enable" + display_connection_tools: "enable" + display_history: "enable" + display_status: "enable" + dns_server1: "" + dns_server2: "" + dns_suffix: "" + exclusive_routing: "enable" + forticlient_download: "enable" + forticlient_download_method: "direct" + heading: "" + hide_sso_credential: "enable" + host_check: "none" + host_check_interval: "57" + host_check_policy: + - + name: "default_name_59 (source vpn.ssl.web.host-check-software.name)" + ip_mode: "range" + ip_pools: + - + name: "default_name_62 (source firewall.address.name firewall.addrgrp.name)" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_exclusive_routing: "enable" + ipv6_pools: + - + name: "default_name_67 (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_service_restriction: "enable" + ipv6_split_tunneling: "enable" + ipv6_split_tunneling_routing_address: + - + name: "default_name_71 (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_split_tunneling_routing_negate: "enable" + ipv6_tunnel_mode: "enable" + ipv6_wins_server1: "" + ipv6_wins_server2: "" + keep_alive: "enable" + limit_user_logins: "enable" + mac_addr_action: "allow" + mac_addr_check: "enable" + mac_addr_check_rule: + - + mac_addr_list: + - + addr: "" + mac_addr_mask: "83" + name: "default_name_84" + macos_forticlient_download_url: "" + name: "default_name_86" + os_check: "enable" + os_check_list: + - + action: "deny" + latest_patch_level: "" + name: "default_name_91" + tolerance: "92" + prefer_ipv6_dns: "enable" + redir_url: "" + rewrite_ip_uri_ui: "enable" + save_password: "enable" + service_restriction: "enable" + skip_check_for_browser: "enable" + skip_check_for_unsupported_browser: "enable" + skip_check_for_unsupported_os: "enable" + smb_max_version: "smbv1" + smb_min_version: "smbv1" + smb_ntlmv1_auth: "enable" + smbv1: "enable" + split_dns: + - + dns_server1: "" + dns_server2: "" + domains: "" + id: "109" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + split_tunneling: "enable" + split_tunneling_routing_address: + - + name: "default_name_114 (source firewall.address.name firewall.addrgrp.name)" + split_tunneling_routing_negate: "enable" + theme: "jade" + transform_backward_slashes: "enable" + tunnel_mode: "enable" + use_sdwan: "enable" + user_bookmark: "enable" + user_group_bookmark: "enable" + web_mode: "enable" + windows_forticlient_download_url: "" + wins_server1: "" + wins_server2: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_web_realm.rst b/gen/fortios_vpn_ssl_web_realm.rst new file mode 100644 index 00000000..f9ded5e1 --- /dev/null +++ b/gen/fortios_vpn_ssl_web_realm.rst @@ -0,0 +1,668 @@ +:source: fortios_vpn_ssl_web_realm.py + +:orphan: + +.. fortios_vpn_ssl_web_realm: + +fortios_vpn_ssl_web_realm -- Realm in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and realm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_web_realmyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ssl_web_realm - Realm. type: dict + more... + +
              • +
                +
              • login_page - Replacement HTML for SSL-VPN login page. type: str + more... + +
                • +
              • max_concurrent_user - Maximum concurrent users (0 - 65535, 0 means unlimited). type: int + more... + +
                • +
              • nas_ip - IP address used as a NAS-IP to communicate with the RADIUS server. type: str + more... + +
                • +
              • radius_port - RADIUS service port number (0 - 65535, 0 means user.radius.radius-port). type: int + more... + +
                • +
              • radius_server - RADIUS server associated with realm. Source user.radius.name. type: str + more... + +
                • +
              • url_path - URL path to access SSL-VPN login page. type: str + more... + +
                • +
              • virtual_host - Virtual host name for realm. type: str + more... + +
                • +
              • virtual_host_only - Enable/disable enforcement of virtual host method for SSL-VPN client access. type: str choices: enable, disable + more... + +
                • +
              • virtual_host_server_cert - Name of the server certificate to used for this realm. Source vpn.certificate.local.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Realm. + fortios_vpn_ssl_web_realm: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_realm: + login_page: "" + max_concurrent_user: "4" + nas_ip: "" + radius_port: "6" + radius_server: " (source user.radius.name)" + url_path: "" + virtual_host: "" + virtual_host_only: "enable" + virtual_host_server_cert: "myhostname (source vpn.certificate.local.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_web_user_bookmark.rst b/gen/fortios_vpn_ssl_web_user_bookmark.rst new file mode 100644 index 00000000..89c89835 --- /dev/null +++ b/gen/fortios_vpn_ssl_web_user_bookmark.rst @@ -0,0 +1,3701 @@ +:source: fortios_vpn_ssl_web_user_bookmark.py + +:orphan: + +.. fortios_vpn_ssl_web_user_bookmark: + +fortios_vpn_ssl_web_user_bookmark -- Configure SSL-VPN user bookmark in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and user_bookmark category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_web_user_bookmarkyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ssl_web_user_bookmark - Configure SSL-VPN user bookmark. type: dict + more... + +
              • +
                +
              • bookmarks - Bookmark table. type: list member_path: bookmarks:name + more... + +
                • +
                  +
                • additional_params - Additional parameters. type: str + more... + +
                  • +
                • apptype - Application type. type: str choices: ftp, rdp, sftp, smb, ssh, telnet, vnc, web, citrix, portforward + more... + +
                  • +
                • color_depth - Color depth per pixel. type: str choices: 32, 16, 8 + more... + +
                  • +
                • description - Description. type: str + more... + +
                  • +
                • domain - Login domain. type: str + more... + +
                  • +
                • folder - Network shared file folder parameter. type: str + more... + +
                  • +
                • form_data - Form data. type: list member_path: bookmarks:name/form_data:name + more... + +
                  • +
                    +
                  • name - Name. type: str required: true + more... + +
                    • +
                  • value - Value. type: str + more... + +
                    • +
                  +
                • height - Screen height (range from 480 - 65535). type: int + more... + +
                  • +
                • host - Host name/IP parameter. type: str + more... + +
                  • +
                • keyboard_layout - Keyboard layout. type: str choices: ar-101, ar-102, ar-102-azerty, can-mul, cz, cz-qwerty, cz-pr, da, nl, de, de-ch, de-ibm, en-uk, en-uk-ext, en-us, en-us-dvorak, es, es-var, fi, fi-sami, fr, fr-ca, fr-ch, fr-be, hr, hu, hu-101, it, it-142, ja, ko, lt, lt-ibm, lt-std, lav-std, lav-leg, mk, mk-std, False, no-sami, pol-214, pol-pr, pt, pt-br, pt-br-abnt2, ru, ru-mne, ru-t, sl, sv, sv-sami, tuk, tur-f, tur-q, zh-sym-sg-us, zh-sym-us, zh-tr-hk, zh-tr-mo, zh-tr-us + more... + +
                  • +
                • listening_port - Listening port (0 - 65535). type: int + more... + +
                  • +
                • load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str + more... + +
                  • +
                • logon_password - Logon password. type: str + more... + +
                  • +
                • logon_user - Logon user. type: str + more... + +
                  • +
                • name - Bookmark name. type: str required: true + more... + +
                  • +
                • port - Remote port. type: int + more... + +
                  • +
                • preconnection_blob - An arbitrary string which identifies the RDP source. type: str + more... + +
                  • +
                • preconnection_id - The numeric ID of the RDP source (0-4294967295). type: int + more... + +
                  • +
                • remote_port - Remote port (0 - 65535). type: int + more... + +
                  • +
                • restricted_admin - Enable/disable restricted admin mode for RDP. type: str choices: enable, disable + more... + +
                  • +
                • security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any + more... + +
                  • +
                • send_preconnection_id - Enable/disable sending of preconnection ID. type: str choices: enable, disable + more... + +
                  • +
                • server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-ca-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe + more... + +
                  • +
                • show_status_window - Enable/disable showing of status window. type: str choices: enable, disable + more... + +
                  • +
                • sso - Single Sign-On. type: str choices: disable, static, auto + more... + +
                  • +
                • sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative + more... + +
                  • +
                • sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable + more... + +
                  • +
                • sso_password - SSO password. type: str + more... + +
                  • +
                • sso_username - SSO user name. type: str + more... + +
                  • +
                • url - URL parameter. type: str + more... + +
                  • +
                • width - Screen width (range from 640 - 65535). type: int + more... + +
                  • +
                +
              • custom_lang - Personal language. Source system.custom-language.name. type: str + more... + +
                • +
              • name - User and group name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL-VPN user bookmark. + fortios_vpn_ssl_web_user_bookmark: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_user_bookmark: + bookmarks: + - + additional_params: "" + apptype: "ftp" + color_depth: "32" + description: "" + domain: "" + folder: "" + form_data: + - + name: "default_name_11" + value: "" + height: "13" + host: "" + keyboard_layout: "ar-101" + listening_port: "16" + load_balancing_info: "" + logon_password: "" + logon_user: "" + name: "default_name_20" + port: "21" + preconnection_blob: "" + preconnection_id: "23" + remote_port: "24" + restricted_admin: "enable" + security: "rdp" + send_preconnection_id: "enable" + server_layout: "de-de-qwertz" + show_status_window: "enable" + sso: "disable" + sso_credential: "sslvpn-login" + sso_credential_sent_once: "enable" + sso_password: "" + sso_username: "" + url: "myurl.com" + width: "36" + custom_lang: " (source system.custom-language.name)" + name: "default_name_38" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_vpn_ssl_web_user_group_bookmark.rst b/gen/fortios_vpn_ssl_web_user_group_bookmark.rst new file mode 100644 index 00000000..76ce86e9 --- /dev/null +++ b/gen/fortios_vpn_ssl_web_user_group_bookmark.rst @@ -0,0 +1,3655 @@ +:source: fortios_vpn_ssl_web_user_group_bookmark.py + +:orphan: + +.. fortios_vpn_ssl_web_user_group_bookmark: + +fortios_vpn_ssl_web_user_group_bookmark -- Configure SSL-VPN user group bookmark in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and user_group_bookmark category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_vpn_ssl_web_user_group_bookmarkyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • vpn_ssl_web_user_group_bookmark - Configure SSL-VPN user group bookmark. type: dict + more... + +
              • +
                +
              • bookmarks - Bookmark table. type: list member_path: bookmarks:name + more... + +
                • +
                  +
                • additional_params - Additional parameters. type: str + more... + +
                  • +
                • apptype - Application type. type: str choices: ftp, rdp, sftp, smb, ssh, telnet, vnc, web, citrix, portforward + more... + +
                  • +
                • color_depth - Color depth per pixel. type: str choices: 32, 16, 8 + more... + +
                  • +
                • description - Description. type: str + more... + +
                  • +
                • domain - Login domain. type: str + more... + +
                  • +
                • folder - Network shared file folder parameter. type: str + more... + +
                  • +
                • form_data - Form data. type: list member_path: bookmarks:name/form_data:name + more... + +
                  • +
                    +
                  • name - Name. type: str required: true + more... + +
                    • +
                  • value - Value. type: str + more... + +
                    • +
                  +
                • height - Screen height (range from 480 - 65535). type: int + more... + +
                  • +
                • host - Host name/IP parameter. type: str + more... + +
                  • +
                • keyboard_layout - Keyboard layout. type: str choices: ar-101, ar-102, ar-102-azerty, can-mul, cz, cz-qwerty, cz-pr, da, nl, de, de-ch, de-ibm, en-uk, en-uk-ext, en-us, en-us-dvorak, es, es-var, fi, fi-sami, fr, fr-ca, fr-ch, fr-be, hr, hu, hu-101, it, it-142, ja, ko, lt, lt-ibm, lt-std, lav-std, lav-leg, mk, mk-std, False, no-sami, pol-214, pol-pr, pt, pt-br, pt-br-abnt2, ru, ru-mne, ru-t, sl, sv, sv-sami, tuk, tur-f, tur-q, zh-sym-sg-us, zh-sym-us, zh-tr-hk, zh-tr-mo, zh-tr-us + more... + +
                  • +
                • listening_port - Listening port (0 - 65535). type: int + more... + +
                  • +
                • load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str + more... + +
                  • +
                • logon_password - Logon password. type: str + more... + +
                  • +
                • logon_user - Logon user. type: str + more... + +
                  • +
                • name - Bookmark name. type: str required: true + more... + +
                  • +
                • port - Remote port. type: int + more... + +
                  • +
                • preconnection_blob - An arbitrary string which identifies the RDP source. type: str + more... + +
                  • +
                • preconnection_id - The numeric ID of the RDP source (0-4294967295). type: int + more... + +
                  • +
                • remote_port - Remote port (0 - 65535). type: int + more... + +
                  • +
                • restricted_admin - Enable/disable restricted admin mode for RDP. type: str choices: enable, disable + more... + +
                  • +
                • security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any + more... + +
                  • +
                • send_preconnection_id - Enable/disable sending of preconnection ID. type: str choices: enable, disable + more... + +
                  • +
                • server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-ca-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe + more... + +
                  • +
                • show_status_window - Enable/disable showing of status window. type: str choices: enable, disable + more... + +
                  • +
                • sso - Single Sign-On. type: str choices: disable, static, auto + more... + +
                  • +
                • sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative + more... + +
                  • +
                • sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable + more... + +
                  • +
                • sso_password - SSO password. type: str + more... + +
                  • +
                • sso_username - SSO user name. type: str + more... + +
                  • +
                • url - URL parameter. type: str + more... + +
                  • +
                • width - Screen width (range from 640 - 65535). type: int + more... + +
                  • +
                +
              • name - Group name. Source user.group.name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL-VPN user group bookmark. + fortios_vpn_ssl_web_user_group_bookmark: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_user_group_bookmark: + bookmarks: + - + additional_params: "" + apptype: "ftp" + color_depth: "32" + description: "" + domain: "" + folder: "" + form_data: + - + name: "default_name_11" + value: "" + height: "13" + host: "" + keyboard_layout: "ar-101" + listening_port: "16" + load_balancing_info: "" + logon_password: "" + logon_user: "" + name: "default_name_20" + port: "21" + preconnection_blob: "" + preconnection_id: "23" + remote_port: "24" + restricted_admin: "enable" + security: "rdp" + send_preconnection_id: "enable" + server_layout: "de-de-qwertz" + show_status_window: "enable" + sso: "disable" + sso_credential: "sslvpn-login" + sso_credential_sent_once: "enable" + sso_password: "" + sso_username: "" + url: "myurl.com" + width: "36" + name: "default_name_37 (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_waf_main_class.rst b/gen/fortios_waf_main_class.rst new file mode 100644 index 00000000..fb859122 --- /dev/null +++ b/gen/fortios_waf_main_class.rst @@ -0,0 +1,308 @@ +:source: fortios_waf_main_class.py + +:orphan: + +.. fortios_waf_main_class: + +fortios_waf_main_class -- Hidden table for datasource in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify waf feature and main_class category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_waf_main_classyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • waf_main_class - Hidden table for datasource. type: dict + more... + +
              • +
                +
              • id - Main signature class ID. type: int required: true + more... + +
                • +
              • name - Main signature class name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Hidden table for datasource. + fortios_waf_main_class: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_main_class: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_waf_profile.rst b/gen/fortios_waf_profile.rst new file mode 100644 index 00000000..40349ac3 --- /dev/null +++ b/gen/fortios_waf_profile.rst @@ -0,0 +1,11588 @@ +:source: fortios_waf_profile.py + +:orphan: + +.. fortios_waf_profile: + +fortios_waf_profile -- Configure Web application firewall configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify waf feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_waf_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • waf_profile - Configure Web application firewall configuration. type: dict + more... + +
              • +
                +
              • address_list - Address block and allow lists. type: dict + more... + +
                • +
                  +
                • blocked_address - Blocked address. type: list member_path: address_list/blocked_address:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • blocked_log - Enable/disable logging on blocked addresses. type: str choices: enable, disable + more... + +
                  • +
                • severity - Severity. type: str choices: high, medium, low + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                • trusted_address - Trusted address. type: list member_path: address_list/trusted_address:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                +
              • comment - Comment. type: str + more... + +
                • +
              • constraint - WAF HTTP protocol restrictions. type: dict + more... + +
                • +
                  +
                • content_length - HTTP content length in request. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • length - Length of HTTP content in bytes (0 to 2147483647). type: int + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • exception - HTTP constraint exception. type: list member_path: constraint/exception:id + more... + +
                  • +
                    +
                  • address - Host address. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                    • +
                  • content_length - HTTP content length in request. type: str choices: enable, disable + more... + +
                    • +
                  • header_length - HTTP header length in request. type: str choices: enable, disable + more... + +
                    • +
                  • hostname - Enable/disable hostname check. type: str choices: enable, disable + more... + +
                    • +
                  • id - Exception ID. type: int required: true + more... + +
                    • +
                  • line_length - HTTP line length in request. type: str choices: enable, disable + more... + +
                    • +
                  • malformed - Enable/disable malformed HTTP request check. type: str choices: enable, disable + more... + +
                    • +
                  • max_cookie - Maximum number of cookies in HTTP request. type: str choices: enable, disable + more... + +
                    • +
                  • max_header_line - Maximum number of HTTP header line. type: str choices: enable, disable + more... + +
                    • +
                  • max_range_segment - Maximum number of range segments in HTTP range line. type: str choices: enable, disable + more... + +
                    • +
                  • max_url_param - Maximum number of parameters in URL. type: str choices: enable, disable + more... + +
                    • +
                  • method - Enable/disable HTTP method check. type: str choices: enable, disable + more... + +
                    • +
                  • param_length - Maximum length of parameter in URL, HTTP POST request or HTTP body. type: str choices: enable, disable + more... + +
                    • +
                  • pattern - URL pattern. type: str + more... + +
                    • +
                  • regex - Enable/disable regular expression based pattern match. type: str choices: enable, disable + more... + +
                    • +
                  • url_param_length - Maximum length of parameter in URL. type: str choices: enable, disable + more... + +
                    • +
                  • version - Enable/disable HTTP version check. type: str choices: enable, disable + more... + +
                    • +
                  +
                • header_length - HTTP header length in request. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • length - Length of HTTP header in bytes (0 to 2147483647). type: int + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • hostname - Enable/disable hostname check. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • line_length - HTTP line length in request. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • length - Length of HTTP line in bytes (0 to 2147483647). type: int + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • malformed - Enable/disable malformed HTTP request check. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • max_cookie - Maximum number of cookies in HTTP request. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • max_cookie - Maximum number of cookies in HTTP request (0 to 2147483647). type: int + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • max_header_line - Maximum number of HTTP header line. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • max_header_line - Maximum number HTTP header lines (0 to 2147483647). type: int + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • max_range_segment - Maximum number of range segments in HTTP range line. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • max_range_segment - Maximum number of range segments in HTTP range line (0 to 2147483647). type: int + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • max_url_param - Maximum number of parameters in URL. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • max_url_param - Maximum number of parameters in URL (0 to 2147483647). type: int + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • method - Enable/disable HTTP method check. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • param_length - Maximum length of parameter in URL, HTTP POST request or HTTP body. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • length - Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). type: int + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • url_param_length - Maximum length of parameter in URL. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • length - Maximum length of URL parameter in bytes (0 to 2147483647). type: int + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                • version - Enable/disable HTTP version check. type: dict + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Enable/disable the constraint. type: str choices: enable, disable + more... + +
                    • +
                  +
                +
              • extended_log - Enable/disable extended logging. type: str choices: enable, disable + more... + +
                • +
              • external - Disable/Enable external HTTP Inspection. type: str choices: disable, enable + more... + +
                • +
              • method - Method restriction. type: dict + more... + +
                • +
                  +
                • default_allowed_methods - Methods. type: list choices: get, post, put, head, connect, trace, options, delete, others + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • method_policy - HTTP method policy. type: list member_path: method/method_policy:id + more... + +
                  • +
                    +
                  • address - Host address. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                    • +
                  • allowed_methods - Allowed Methods. type: str choices: get, post, put, head, connect, trace, options, delete, others + more... + +
                    • +
                  • id - HTTP method policy ID. type: int required: true + more... + +
                    • +
                  • pattern - URL pattern. type: str + more... + +
                    • +
                  • regex - Enable/disable regular expression based pattern match. type: str choices: enable, disable + more... + +
                    • +
                  +
                • severity - Severity. type: str choices: high, medium, low + more... + +
                  • +
                • status - Status. type: str choices: enable, disable + more... + +
                  • +
                +
              • name - WAF Profile name. type: str required: true + more... + +
                • +
              • signature - WAF signatures. type: dict + more... + +
                • +
                  +
                • credit_card_detection_threshold - The minimum number of Credit cards to detect violation. type: int + more... + +
                  • +
                • custom_signature - Custom signature. type: list member_path: signature/custom_signature:name + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block, erase + more... + +
                    • +
                  • case_sensitivity - Case sensitivity in pattern. type: str choices: disable, enable + more... + +
                    • +
                  • direction - Traffic direction. type: str choices: request, response + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • name - Signature name. type: str required: true + more... + +
                    • +
                  • pattern - Match pattern. type: str + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Status. type: str choices: enable, disable + more... + +
                    • +
                  • target - Match HTTP target. type: str choices: arg, arg-name, req-body, req-cookie, req-cookie-name, req-filename, req-header, req-header-name, req-raw-uri, req-uri, resp-body, resp-hdr, resp-status + more... + +
                    • +
                  +
                • disabled_signature - Disabled signatures. type: list member_path: signature/disabled_signature:id + more... + +
                  • +
                    +
                  • id - Signature ID. Source waf.signature.id. type: int required: true + more... + +
                    • +
                  +
                • disabled_sub_class - Disabled signature subclasses. type: list member_path: signature/disabled_sub_class:id + more... + +
                  • +
                    +
                  • id - Signature subclass ID. Source waf.sub-class.id. type: int required: true + more... + +
                    • +
                  +
                • main_class - Main signature class. type: list member_path: signature/main_class:id + more... + +
                  • +
                    +
                  • action - Action. type: str choices: allow, block, erase + more... + +
                    • +
                  • id - Main signature class ID. Source waf.main-class.id. type: int required: true + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • severity - Severity. type: str choices: high, medium, low + more... + +
                    • +
                  • status - Status. type: str choices: enable, disable + more... + +
                    • +
                  +
                +
              • url_access - URL access list. type: list member_path: url_access:id + more... + +
                • +
                  +
                • access_pattern - URL access pattern. type: list member_path: url_access:id/access_pattern:id + more... + +
                  • +
                    +
                  • id - URL access pattern ID. type: int required: true + more... + +
                    • +
                  • negate - Enable/disable match negation. type: str choices: enable, disable + more... + +
                    • +
                  • pattern - URL pattern. type: str + more... + +
                    • +
                  • regex - Enable/disable regular expression based pattern match. type: str choices: enable, disable + more... + +
                    • +
                  • srcaddr - Source address. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                    • +
                  +
                • action - Action. type: str choices: bypass, permit, block + more... + +
                  • +
                • address - Host address. Source firewall.address.name firewall.addrgrp.name. type: str + more... + +
                  • +
                • id - URL access ID. type: int required: true + more... + +
                  • +
                • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • severity - Severity. type: str choices: high, medium, low + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web application firewall configuration. + fortios_waf_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_profile: + address_list: + blocked_address: + - + name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" + blocked_log: "enable" + severity: "high" + status: "enable" + trusted_address: + - + name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" + comment: "Comment." + constraint: + content_length: + action: "allow" + length: "15" + log: "enable" + severity: "high" + status: "enable" + exception: + - + address: " (source firewall.address.name firewall.addrgrp.name)" + content_length: "enable" + header_length: "enable" + hostname: "enable" + id: "24" + line_length: "enable" + malformed: "enable" + max_cookie: "enable" + max_header_line: "enable" + max_range_segment: "enable" + max_url_param: "enable" + method: "enable" + param_length: "enable" + pattern: "" + regex: "enable" + url_param_length: "enable" + version: "enable" + header_length: + action: "allow" + length: "39" + log: "enable" + severity: "high" + status: "enable" + hostname: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + line_length: + action: "allow" + length: "50" + log: "enable" + severity: "high" + status: "enable" + malformed: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + max_cookie: + action: "allow" + log: "enable" + max_cookie: "62" + severity: "high" + status: "enable" + max_header_line: + action: "allow" + log: "enable" + max_header_line: "68" + severity: "high" + status: "enable" + max_range_segment: + action: "allow" + log: "enable" + max_range_segment: "74" + severity: "high" + status: "enable" + max_url_param: + action: "allow" + log: "enable" + max_url_param: "80" + severity: "high" + status: "enable" + method: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + param_length: + action: "allow" + length: "90" + log: "enable" + severity: "high" + status: "enable" + url_param_length: + action: "allow" + length: "96" + log: "enable" + severity: "high" + status: "enable" + version: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + extended_log: "enable" + external: "disable" + method: + default_allowed_methods: "get" + log: "enable" + method_policy: + - + address: " (source firewall.address.name firewall.addrgrp.name)" + allowed_methods: "get" + id: "113" + pattern: "" + regex: "enable" + severity: "high" + status: "enable" + name: "default_name_118" + signature: + credit_card_detection_threshold: "120" + custom_signature: + - + action: "allow" + case_sensitivity: "disable" + direction: "request" + log: "enable" + name: "default_name_126" + pattern: "" + severity: "high" + status: "enable" + target: "arg" + disabled_signature: + - + id: "132 (source waf.signature.id)" + disabled_sub_class: + - + id: "134 (source waf.sub-class.id)" + main_class: + - + action: "allow" + id: "137 (source waf.main-class.id)" + log: "enable" + severity: "high" + status: "enable" + url_access: + - + access_pattern: + - + id: "143" + negate: "enable" + pattern: "" + regex: "enable" + srcaddr: " (source firewall.address.name firewall.addrgrp.name)" + action: "bypass" + address: " (source firewall.address.name firewall.addrgrp.name)" + id: "150" + log: "enable" + severity: "high" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_waf_signature.rst b/gen/fortios_waf_signature.rst new file mode 100644 index 00000000..9cf1014e --- /dev/null +++ b/gen/fortios_waf_signature.rst @@ -0,0 +1,308 @@ +:source: fortios_waf_signature.py + +:orphan: + +.. fortios_waf_signature: + +fortios_waf_signature -- Hidden table for datasource in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify waf feature and signature category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_waf_signatureyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • waf_signature - Hidden table for datasource. type: dict + more... + +
              • +
                +
              • desc - Signature description. type: str + more... + +
                • +
              • id - Signature ID. type: int required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Hidden table for datasource. + fortios_waf_signature: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_signature: + desc: "" + id: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_waf_sub_class.rst b/gen/fortios_waf_sub_class.rst new file mode 100644 index 00000000..6b8959e4 --- /dev/null +++ b/gen/fortios_waf_sub_class.rst @@ -0,0 +1,308 @@ +:source: fortios_waf_sub_class.py + +:orphan: + +.. fortios_waf_sub_class: + +fortios_waf_sub_class -- Hidden table for datasource in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify waf feature and sub_class category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_waf_sub_classyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • waf_sub_class - Hidden table for datasource. type: dict + more... + +
              • +
                +
              • id - Signature subclass ID. type: int required: true + more... + +
                • +
              • name - Signature subclass name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Hidden table for datasource. + fortios_waf_sub_class: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_sub_class: + id: "3" + name: "default_name_4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_auth_group.rst b/gen/fortios_wanopt_auth_group.rst new file mode 100644 index 00000000..7ed327d6 --- /dev/null +++ b/gen/fortios_wanopt_auth_group.rst @@ -0,0 +1,587 @@ +:source: fortios_wanopt_auth_group.py + +:orphan: + +.. fortios_wanopt_auth_group: + +fortios_wanopt_auth_group -- Configure WAN optimization authentication groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and auth_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_auth_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wanopt_auth_group - Configure WAN optimization authentication groups. type: dict + more... + +
              • +
                +
              • auth_method - Select certificate or pre-shared key authentication for this authentication group. type: str choices: cert, psk + more... + +
                • +
              • cert - Name of certificate to identify this peer. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • name - Auth-group name. type: str required: true + more... + +
                • +
              • peer - If peer-accept is set to one, select the name of one peer to add to this authentication group. The peer must have added with the wanopt peer command. Source wanopt.peer.peer-host-id. type: str + more... + +
                • +
              • peer_accept - Determine if this auth group accepts, any peer, a list of defined peers, or just one peer. type: str choices: any, defined, one + more... + +
                • +
              • psk - Pre-shared key used by the peers in this authentication group. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization authentication groups. + fortios_wanopt_auth_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_auth_group: + auth_method: "cert" + cert: " (source vpn.certificate.local.name)" + name: "default_name_5" + peer: " (source wanopt.peer.peer-host-id)" + peer_accept: "any" + psk: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_cache_service.rst b/gen/fortios_wanopt_cache_service.rst new file mode 100644 index 00000000..afec72a1 --- /dev/null +++ b/gen/fortios_wanopt_cache_service.rst @@ -0,0 +1,1088 @@ +:source: fortios_wanopt_cache_service.py + +:orphan: + +.. fortios_wanopt_cache_service: + +fortios_wanopt_cache_service -- Designate cache-service for wan-optimization and webcache in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and cache_service category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_cache_serviceyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wanopt_cache_service - Designate cache-service for wan-optimization and webcache. type: dict + more... + +
              • +
                +
              • acceptable_connections - Set strategy when accepting cache collaboration connection. type: str choices: any, peers + more... + +
                • +
              • collaboration - Enable/disable cache-collaboration between cache-service clusters. type: str choices: enable, disable + more... + +
                • +
              • device_id - Set identifier for this cache device. type: str + more... + +
                • +
              • dst_peer - Modify cache-service destination peer list. type: list + more... + +
                • +
                  +
                • auth_type - Set authentication type for this peer. type: int + more... + +
                  • +
                • device_id - Device ID of this peer. type: str + more... + +
                  • +
                • encode_type - Set encode type for this peer. type: int + more... + +
                  • +
                • ip - Set cluster IP address of this peer. type: str + more... + +
                  • +
                • priority - Set priority for this peer. type: int + more... + +
                  • +
                +
              • prefer_scenario - Set the preferred cache behavior towards the balance between latency and hit-ratio. type: str choices: balance, prefer-speed, prefer-cache + more... + +
                • +
              • src_peer - Modify cache-service source peer list. type: list + more... + +
                • +
                  +
                • auth_type - Set authentication type for this peer. type: int + more... + +
                  • +
                • device_id - Device ID of this peer. type: str + more... + +
                  • +
                • encode_type - Set encode type for this peer. type: int + more... + +
                  • +
                • ip - Set cluster IP address of this peer. type: str + more... + +
                  • +
                • priority - Set priority for this peer. type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Designate cache-service for wan-optimization and webcache. + fortios_wanopt_cache_service: + vdom: "{{ vdom }}" + wanopt_cache_service: + acceptable_connections: "any" + collaboration: "enable" + device_id: "" + dst_peer: + - + auth_type: "7" + device_id: "" + encode_type: "9" + ip: "" + priority: "11" + prefer_scenario: "balance" + src_peer: + - + auth_type: "14" + device_id: "" + encode_type: "16" + ip: "" + priority: "18" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_content_delivery_network_rule.rst b/gen/fortios_wanopt_content_delivery_network_rule.rst new file mode 100644 index 00000000..bd3eeb9f --- /dev/null +++ b/gen/fortios_wanopt_content_delivery_network_rule.rst @@ -0,0 +1,2592 @@ +:source: fortios_wanopt_content_delivery_network_rule.py + +:orphan: + +.. fortios_wanopt_content_delivery_network_rule: + +fortios_wanopt_content_delivery_network_rule -- Configure WAN optimization content delivery network rules in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and content_delivery_network_rule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_content_delivery_network_ruleyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wanopt_content_delivery_network_rule - Configure WAN optimization content delivery network rules. type: dict + more... + +
              • +
                +
              • category - Content delivery network rule category. type: str choices: vcache, youtube + more... + +
                • +
              • comment - Comment about this CDN-rule. type: str + more... + +
                • +
              • host_domain_name_suffix - Suffix portion of the fully qualified domain name. For example, fortinet.com in "www.fortinet.com". type: list member_path: host_domain_name_suffix:name + more... + +
                • +
                  +
                • name - Suffix portion of the fully qualified domain name. type: str required: true + more... + +
                  • +
                +
              • name - Name of table. type: str required: true + more... + +
                • +
              • request_cache_control - Enable/disable HTTP request cache control. type: str choices: enable, disable + more... + +
                • +
              • response_cache_control - Enable/disable HTTP response cache control. type: str choices: enable, disable + more... + +
                • +
              • response_expires - Enable/disable HTTP response cache expires. type: str choices: enable, disable + more... + +
                • +
              • rules - WAN optimization content delivery network rule entries. type: list member_path: rules:name + more... + +
                • +
                  +
                • content_id - Content ID settings. type: dict + more... + +
                  • +
                    +
                  • end_direction - Search direction from end-str match. type: str choices: forward, backward + more... + +
                    • +
                  • end_skip - Number of characters in URL to skip after end-str has been matched. type: int + more... + +
                    • +
                  • end_str - String from which to end search. type: str + more... + +
                    • +
                  • range_str - Name of content ID within the start string and end string. type: str + more... + +
                    • +
                  • start_direction - Search direction from start-str match. type: str choices: forward, backward + more... + +
                    • +
                  • start_skip - Number of characters in URL to skip after start-str has been matched. type: int + more... + +
                    • +
                  • start_str - String from which to start search. type: str + more... + +
                    • +
                  • target - Option in HTTP header or URL parameter to match. type: str choices: path, parameter, referrer, youtube-map, youtube-id, youku-id, hls-manifest, dash-manifest, hls-fragment, dash-fragment + more... + +
                    • +
                  +
                • match_entries - List of entries to match. type: list member_path: rules:name/match_entries:id + more... + +
                  • +
                    +
                  • id - Rule ID. type: int required: true + more... + +
                    • +
                  • pattern - Pattern string for matching target (Referrer or URL pattern). For example, a, a*c, *a*, a*c*e, and *. type: list member_path: rules:name/match_entries:id/pattern:string + more... + +
                    • +
                      +
                    • string - Pattern strings. type: str required: true + more... + +
                      • +
                    +
                  • target - Option in HTTP header or URL parameter to match. type: str choices: path, parameter, referrer, youtube-map, youtube-id, youku-id + more... + +
                    • +
                  +
                • match_mode - Match criteria for collecting content ID. type: str choices: all, any + more... + +
                  • +
                • name - WAN optimization content delivery network rule name. type: str required: true + more... + +
                  • +
                • skip_entries - List of entries to skip. type: list member_path: rules:name/skip_entries:id + more... + +
                  • +
                    +
                  • id - Rule ID. type: int required: true + more... + +
                    • +
                  • pattern - Pattern string for matching target (Referrer or URL pattern). For example, a, a*c, *a*, a*c*e, and *. type: list member_path: rules:name/skip_entries:id/pattern:string + more... + +
                    • +
                      +
                    • string - Pattern strings. type: str required: true + more... + +
                      • +
                    +
                  • target - Option in HTTP header or URL parameter to match. type: str choices: path, parameter, referrer, youtube-map, youtube-id, youku-id + more... + +
                    • +
                  +
                • skip_rule_mode - Skip mode when evaluating skip-rules. type: str choices: all, any + more... + +
                  • +
                +
              • status - Enable/disable WAN optimization content delivery network rules. type: str choices: enable, disable + more... + +
                • +
              • text_response_vcache - Enable/disable caching of text responses. type: str choices: enable, disable + more... + +
                • +
              • updateserver - Enable/disable update server. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization content delivery network rules. + fortios_wanopt_content_delivery_network_rule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_content_delivery_network_rule: + category: "vcache" + comment: "Comment about this CDN-rule." + host_domain_name_suffix: + - + name: "default_name_6" + name: "default_name_7" + request_cache_control: "enable" + response_cache_control: "enable" + response_expires: "enable" + rules: + - + content_id: + end_direction: "forward" + end_skip: "14" + end_str: "" + range_str: "" + start_direction: "forward" + start_skip: "18" + start_str: "" + target: "path" + match_entries: + - + id: "22" + pattern: + - + string: "" + target: "path" + match_mode: "all" + name: "default_name_27" + skip_entries: + - + id: "29" + pattern: + - + string: "" + target: "path" + skip_rule_mode: "all" + status: "enable" + text_response_vcache: "enable" + updateserver: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_peer.rst b/gen/fortios_wanopt_peer.rst new file mode 100644 index 00000000..fa961fd1 --- /dev/null +++ b/gen/fortios_wanopt_peer.rst @@ -0,0 +1,308 @@ +:source: fortios_wanopt_peer.py + +:orphan: + +.. fortios_wanopt_peer: + +fortios_wanopt_peer -- Configure WAN optimization peers in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and peer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_peeryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wanopt_peer - Configure WAN optimization peers. type: dict + more... + +
              • +
                +
              • ip - Peer IP address. type: str + more... + +
                • +
              • peer_host_id - Peer host ID. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization peers. + fortios_wanopt_peer: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_peer: + ip: "" + peer_host_id: "myhostname" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_profile.rst b/gen/fortios_wanopt_profile.rst new file mode 100644 index 00000000..983feeb4 --- /dev/null +++ b/gen/fortios_wanopt_profile.rst @@ -0,0 +1,4051 @@ +:source: fortios_wanopt_profile.py + +:orphan: + +.. fortios_wanopt_profile: + +fortios_wanopt_profile -- Configure WAN optimization profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wanopt_profile - Configure WAN optimization profiles. type: dict + more... + +
              • +
                +
              • auth_group - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. Source wanopt.auth-group.name. type: str + more... + +
                • +
              • cifs - Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features. type: dict + more... + +
                • +
                  +
                • byte_caching - Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable + more... + +
                  • +
                • log_traffic - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • port - Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int + more... + +
                  • +
                • prefer_chunking - Select dynamic or fixed-size data chunking for WAN Optimization. type: str choices: dynamic, fix + more... + +
                  • +
                • protocol_opt - Select protocol specific optimization or generic TCP optimization. type: str choices: protocol, tcp + more... + +
                  • +
                • secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable WAN Optimization. type: str choices: enable, disable + more... + +
                  • +
                • tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: shared, express-shared, private + more... + +
                  • +
                +
              • comments - Comment. type: str + more... + +
                • +
              • ftp - Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features. type: dict + more... + +
                • +
                  +
                • byte_caching - Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable + more... + +
                  • +
                • log_traffic - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • port - Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int + more... + +
                  • +
                • prefer_chunking - Select dynamic or fixed-size data chunking for WAN Optimization. type: str choices: dynamic, fix + more... + +
                  • +
                • protocol_opt - Select protocol specific optimization or generic TCP optimization. type: str choices: protocol, tcp + more... + +
                  • +
                • secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable + more... + +
                  • +
                • ssl - Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable WAN Optimization. type: str choices: enable, disable + more... + +
                  • +
                • tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: shared, express-shared, private + more... + +
                  • +
                +
              • http - Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features. type: dict + more... + +
                • +
                  +
                • byte_caching - Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable + more... + +
                  • +
                • log_traffic - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • port - Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int + more... + +
                  • +
                • prefer_chunking - Select dynamic or fixed-size data chunking for WAN Optimization. type: str choices: dynamic, fix + more... + +
                  • +
                • protocol_opt - Select protocol specific optimization or generic TCP optimization. type: str choices: protocol, tcp + more... + +
                  • +
                • secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable + more... + +
                  • +
                • ssl - Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel. type: str choices: enable, disable + more... + +
                  • +
                • ssl_port - Port on which to expect HTTPS traffic for SSL/TLS offloading. type: int + more... + +
                  • +
                • status - Enable/disable WAN Optimization. type: str choices: enable, disable + more... + +
                  • +
                • tunnel_non_http - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. type: str choices: enable, disable + more... + +
                  • +
                • tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: shared, express-shared, private + more... + +
                  • +
                • unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, tunnel, best-effort + more... + +
                  • +
                +
              • mapi - Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features. type: dict + more... + +
                • +
                  +
                • byte_caching - Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable + more... + +
                  • +
                • log_traffic - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • port - Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int + more... + +
                  • +
                • secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable WAN Optimization. type: str choices: enable, disable + more... + +
                  • +
                • tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: shared, express-shared, private + more... + +
                  • +
                +
              • name - Profile name. type: str required: true + more... + +
                • +
              • tcp - Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features. type: dict + more... + +
                • +
                  +
                • byte_caching - Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable + more... + +
                  • +
                • byte_caching_opt - Select whether TCP byte-caching uses system memory only or both memory and disk space. type: str choices: mem-only, mem-disk + more... + +
                  • +
                • log_traffic - Enable/disable logging. type: str choices: enable, disable + more... + +
                  • +
                • port - Port numbers or port number ranges for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: str + more... + +
                  • +
                • secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable + more... + +
                  • +
                • ssl - Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel. type: str choices: enable, disable + more... + +
                  • +
                • ssl_port - Port numbers or port number ranges on which to expect HTTPS traffic for SSL/TLS offloading. type: str + more... + +
                  • +
                • status - Enable/disable WAN Optimization. type: str choices: enable, disable + more... + +
                  • +
                • tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: shared, express-shared, private + more... + +
                  • +
                +
              • transparent - Enable/disable transparent mode. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization profiles. + fortios_wanopt_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_profile: + auth_group: " (source wanopt.auth-group.name)" + cifs: + byte_caching: "enable" + log_traffic: "enable" + port: "7" + prefer_chunking: "dynamic" + protocol_opt: "protocol" + secure_tunnel: "enable" + status: "enable" + tunnel_sharing: "shared" + comments: "" + ftp: + byte_caching: "enable" + log_traffic: "enable" + port: "17" + prefer_chunking: "dynamic" + protocol_opt: "protocol" + secure_tunnel: "enable" + ssl: "enable" + status: "enable" + tunnel_sharing: "shared" + http: + byte_caching: "enable" + log_traffic: "enable" + port: "27" + prefer_chunking: "dynamic" + protocol_opt: "protocol" + secure_tunnel: "enable" + ssl: "enable" + ssl_port: "32" + status: "enable" + tunnel_non_http: "enable" + tunnel_sharing: "shared" + unknown_http_version: "reject" + mapi: + byte_caching: "enable" + log_traffic: "enable" + port: "40" + secure_tunnel: "enable" + status: "enable" + tunnel_sharing: "shared" + name: "default_name_44" + tcp: + byte_caching: "enable" + byte_caching_opt: "mem-only" + log_traffic: "enable" + port: "" + secure_tunnel: "enable" + ssl: "enable" + ssl_port: "" + status: "enable" + tunnel_sharing: "shared" + transparent: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_remote_storage.rst b/gen/fortios_wanopt_remote_storage.rst new file mode 100644 index 00000000..0047b9a8 --- /dev/null +++ b/gen/fortios_wanopt_remote_storage.rst @@ -0,0 +1,435 @@ +:source: fortios_wanopt_remote_storage.py + +:orphan: + +.. fortios_wanopt_remote_storage: + +fortios_wanopt_remote_storage -- Configure a remote cache device as Web cache storage in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and remote_storage category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_remote_storageyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wanopt_remote_storage - Configure a remote cache device as Web cache storage. type: dict + more... + +
              • +
                +
              • local_cache_id - ID that this device uses to connect to the remote device. type: str + more... + +
                • +
              • remote_cache_id - ID of the remote device to which the device connects. type: str + more... + +
                • +
              • remote_cache_ip - IP address of the remote device to which the device connects. type: str + more... + +
                • +
              • status - Enable/disable using remote device as Web cache storage. type: str choices: disable, enable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure a remote cache device as Web cache storage. + fortios_wanopt_remote_storage: + vdom: "{{ vdom }}" + wanopt_remote_storage: + local_cache_id: "" + remote_cache_id: "" + remote_cache_ip: "" + status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_settings.rst b/gen/fortios_wanopt_settings.rst new file mode 100644 index 00000000..a47dc1b9 --- /dev/null +++ b/gen/fortios_wanopt_settings.rst @@ -0,0 +1,446 @@ +:source: fortios_wanopt_settings.py + +:orphan: + +.. fortios_wanopt_settings: + +fortios_wanopt_settings -- Configure WAN optimization settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_settingsyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wanopt_settings - Configure WAN optimization settings. type: dict + more... + +
              • +
                +
              • auto_detect_algorithm - Auto detection algorithms used in tunnel negotiations. type: str choices: simple, diff-req-resp + more... + +
                • +
              • host_id - Local host ID (must also be entered in the remote FortiGate"s peer list). type: str + more... + +
                • +
              • tunnel_ssl_algorithm - Relative strength of encryption algorithms accepted during tunnel negotiation. type: str choices: high, medium, low + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization settings. + fortios_wanopt_settings: + vdom: "{{ vdom }}" + wanopt_settings: + auto_detect_algorithm: "simple" + host_id: "myhostname" + tunnel_ssl_algorithm: "high" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wanopt_webcache.rst b/gen/fortios_wanopt_webcache.rst new file mode 100644 index 00000000..ac0343e2 --- /dev/null +++ b/gen/fortios_wanopt_webcache.rst @@ -0,0 +1,1413 @@ +:source: fortios_wanopt_webcache.py + +:orphan: + +.. fortios_wanopt_webcache: + +fortios_wanopt_webcache -- Configure global Web cache settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and webcache category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wanopt_webcacheyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wanopt_webcache - Configure global Web cache settings. type: dict + more... + +
              • +
                +
              • always_revalidate - Enable/disable revalidation of requested cached objects, which have content on the server, before serving it to the client. type: str choices: enable, disable + more... + +
                • +
              • cache_by_default - Enable/disable caching content that lacks explicit caching policies from the server. type: str choices: enable, disable + more... + +
                • +
              • cache_cookie - Enable/disable caching cookies. Since cookies contain information for or about individual users, they not usually cached. type: str choices: enable, disable + more... + +
                • +
              • cache_expired - Enable/disable caching type-1 objects that are already expired on arrival. type: str choices: enable, disable + more... + +
                • +
              • default_ttl - Default object expiry time . This only applies to those objects that do not have an expiry time set by the web server. type: int + more... + +
                • +
              • external - Enable/disable external Web caching. type: str choices: enable, disable + more... + +
                • +
              • fresh_factor - Frequency that the server is checked to see if any objects have expired (1 - 100). The higher the fresh factor, the less often the checks occur. type: int + more... + +
                • +
              • host_validate - Enable/disable validating "Host:" with original server IP. type: str choices: enable, disable + more... + +
                • +
              • ignore_conditional - Enable/disable controlling the behavior of cache-control HTTP 1.1 header values. type: str choices: enable, disable + more... + +
                • +
              • ignore_ie_reload - Enable/disable ignoring the PNC-interpretation of Internet Explorer"s Accept: / header. type: str choices: enable, disable + more... + +
                • +
              • ignore_ims - Enable/disable ignoring the if-modified-since (IMS) header. type: str choices: enable, disable + more... + +
                • +
              • ignore_pnc - Enable/disable ignoring the pragma no-cache (PNC) header. type: str choices: enable, disable + more... + +
                • +
              • max_object_size - Maximum cacheable object size in kB (1 - 2147483 kb (2GB). All objects that exceed this are delivered to the client but not stored in the web cache. type: int + more... + +
                • +
              • max_ttl - Maximum time an object can stay in the web cache without checking to see if it has expired on the server . type: int + more... + +
                • +
              • min_ttl - Minimum time an object can stay in the web cache without checking to see if it has expired on the server . type: int + more... + +
                • +
              • neg_resp_time - Time in minutes to cache negative responses or errors (0 - 4294967295). type: int + more... + +
                • +
              • reval_pnc - Enable/disable revalidation of pragma-no-cache (PNC) to address bandwidth concerns. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global Web cache settings. + fortios_wanopt_webcache: + vdom: "{{ vdom }}" + wanopt_webcache: + always_revalidate: "enable" + cache_by_default: "enable" + cache_cookie: "enable" + cache_expired: "enable" + default_ttl: "7" + external: "enable" + fresh_factor: "9" + host_validate: "enable" + ignore_conditional: "enable" + ignore_ie_reload: "enable" + ignore_ims: "enable" + ignore_pnc: "enable" + max_object_size: "15" + max_ttl: "16" + min_ttl: "17" + neg_resp_time: "18" + reval_pnc: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_debug_url.rst b/gen/fortios_web_proxy_debug_url.rst new file mode 100644 index 00000000..8aa62686 --- /dev/null +++ b/gen/fortios_web_proxy_debug_url.rst @@ -0,0 +1,476 @@ +:source: fortios_web_proxy_debug_url.py + +:orphan: + +.. fortios_web_proxy_debug_url: + +fortios_web_proxy_debug_url -- Configure debug URL addresses in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and debug_url category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_debug_urlyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • web_proxy_debug_url - Configure debug URL addresses. type: dict + more... + +
              • +
                +
              • exact - Enable/disable matching the exact path. type: str choices: enable, disable + more... + +
                • +
              • name - Debug URL name. type: str required: true + more... + +
                • +
              • status - Enable/disable this URL exemption. type: str choices: enable, disable + more... + +
                • +
              • url_pattern - URL exemption pattern. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure debug URL addresses. + fortios_web_proxy_debug_url: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_debug_url: + exact: "enable" + name: "default_name_4" + status: "enable" + url_pattern: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_explicit.rst b/gen/fortios_web_proxy_explicit.rst new file mode 100644 index 00000000..6ba0dae4 --- /dev/null +++ b/gen/fortios_web_proxy_explicit.rst @@ -0,0 +1,2455 @@ +:source: fortios_web_proxy_explicit.py + +:orphan: + +.. fortios_web_proxy_explicit: + +fortios_web_proxy_explicit -- Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_explicityesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • web_proxy_explicit - Configure explicit Web proxy settings. type: dict + more... + +
              • +
                +
              • ftp_incoming_port - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). type: str + more... + +
                • +
              • ftp_over_http - Enable to proxy FTP-over-HTTP sessions sent from a web browser. type: str choices: enable, disable + more... + +
                • +
              • http_incoming_port - Accept incoming HTTP requests on one or more ports (0 - 65535). type: str + more... + +
                • +
              • https_incoming_port - Accept incoming HTTPS requests on one or more ports (0 - 65535). type: str + more... + +
                • +
              • https_replacement_message - Enable/disable sending the client a replacement message for HTTPS requests. type: str choices: enable, disable + more... + +
                • +
              • incoming_ip - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. type: str + more... + +
                • +
              • incoming_ip6 - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. type: str + more... + +
                • +
              • ipv6_status - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. type: str choices: enable, disable + more... + +
                • +
              • message_upon_server_error - Enable/disable displaying a replacement message when a server error is detected. type: str choices: enable, disable + more... + +
                • +
              • outgoing_ip - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. type: list
                • +
              • outgoing_ip6 - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. type: list
                • +
              • pac_file_data - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str + more... + +
                • +
              • pac_file_name - Pac file name. type: str + more... + +
                • +
              • pac_file_server_port - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). type: str + more... + +
                • +
              • pac_file_server_status - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. type: str choices: enable, disable + more... + +
                • +
              • pac_file_url - PAC file access URL. type: str + more... + +
                • +
              • pac_policy - PAC policies. type: list member_path: pac_policy:policyid + more... + +
                • +
                  +
                • comments - Optional comments. type: str + more... + +
                  • +
                • dstaddr - Destination address objects. type: list member_path: pac_policy:policyid/dstaddr:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • pac_file_data - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str + more... + +
                  • +
                • pac_file_name - Pac file name. type: str + more... + +
                  • +
                • policyid - Policy ID. type: int required: true + more... + +
                  • +
                • srcaddr - Source address objects. type: list member_path: pac_policy:policyid/srcaddr:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • srcaddr6 - Source address6 objects. type: list member_path: pac_policy:policyid/srcaddr6:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • status - Enable/disable policy. type: str choices: enable, disable + more... + +
                  • +
                +
              • pref_dns_result - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . type: str choices: ipv4, ipv6 + more... + +
                • +
              • realm - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). type: str + more... + +
                • +
              • sec_default_action - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. type: str choices: accept, deny + more... + +
                • +
              • socks - Enable/disable the SOCKS proxy. type: str choices: enable, disable + more... + +
                • +
              • socks_incoming_port - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). type: str + more... + +
                • +
              • ssl_algorithm - Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. type: str choices: high, medium, low + more... + +
                • +
              • status - Enable/disable the explicit Web proxy for HTTP and HTTPS session. type: str choices: enable, disable + more... + +
                • +
              • strict_guest - Enable/disable strict guest user checking by the explicit web proxy. type: str choices: enable, disable + more... + +
                • +
              • trace_auth_no_rsp - Enable/disable logging timed-out authentication requests. type: str choices: enable, disable + more... + +
                • +
              • unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, best-effort, tunnel + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure explicit Web proxy settings. + fortios_web_proxy_explicit: + vdom: "{{ vdom }}" + web_proxy_explicit: + ftp_incoming_port: "" + ftp_over_http: "enable" + http_incoming_port: "" + https_incoming_port: "" + https_replacement_message: "enable" + incoming_ip: "" + incoming_ip6: "" + ipv6_status: "enable" + message_upon_server_error: "enable" + outgoing_ip: "" + outgoing_ip6: "" + pac_file_data: "" + pac_file_name: "" + pac_file_server_port: "" + pac_file_server_status: "enable" + pac_file_url: "" + pac_policy: + - + comments: "" + dstaddr: + - + name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" + pac_file_data: "" + pac_file_name: "" + policyid: "25" + srcaddr: + - + name: "default_name_27 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" + srcaddr6: + - + name: "default_name_29 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + pref_dns_result: "ipv4" + realm: "" + sec_default_action: "accept" + socks: "enable" + socks_incoming_port: "" + ssl_algorithm: "high" + status: "enable" + strict_guest: "enable" + trace_auth_no_rsp: "enable" + unknown_http_version: "reject" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_forward_server.rst b/gen/fortios_web_proxy_forward_server.rst new file mode 100644 index 00000000..16b2d204 --- /dev/null +++ b/gen/fortios_web_proxy_forward_server.rst @@ -0,0 +1,836 @@ +:source: fortios_web_proxy_forward_server.py + +:orphan: + +.. fortios_web_proxy_forward_server: + +fortios_web_proxy_forward_server -- Configure forward-server addresses in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and forward_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_forward_serveryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • web_proxy_forward_server - Configure forward-server addresses. type: dict + more... + +
              • +
                +
              • addr_type - Address type of the forwarding proxy server: IP or FQDN. type: str choices: ip, fqdn + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • fqdn - Forward server Fully Qualified Domain Name (FQDN). type: str + more... + +
                • +
              • healthcheck - Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that the forwarding server is operating normally. type: str choices: disable, enable + more... + +
                • +
              • ip - Forward proxy server IP address. type: str + more... + +
                • +
              • monitor - URL for forward server health check monitoring . type: str + more... + +
                • +
              • name - Server name. type: str required: true + more... + +
                • +
              • password - HTTP authentication password. type: str + more... + +
                • +
              • port - Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535). type: int + more... + +
                • +
              • server_down_option - Action to take when the forward server is found to be down: block sessions until the server is back up or pass sessions to their destination. type: str choices: block, pass + more... + +
                • +
              • username - HTTP authentication user name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure forward-server addresses. + fortios_web_proxy_forward_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_forward_server: + addr_type: "ip" + comment: "Comment." + fqdn: "" + healthcheck: "disable" + ip: "" + monitor: "" + name: "default_name_9" + password: "" + port: "11" + server_down_option: "block" + username: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_forward_server_group.rst b/gen/fortios_web_proxy_forward_server_group.rst new file mode 100644 index 00000000..2f49a2a6 --- /dev/null +++ b/gen/fortios_web_proxy_forward_server_group.rst @@ -0,0 +1,674 @@ +:source: fortios_web_proxy_forward_server_group.py + +:orphan: + +.. fortios_web_proxy_forward_server_group: + +fortios_web_proxy_forward_server_group -- Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and forward_server_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_forward_server_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • web_proxy_forward_server_group - Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. type: dict + more... + +
              • +
                +
              • affinity - Enable/disable affinity, attaching a source-ip"s traffic to the assigned forwarding server until the forward-server-affinity-timeout is reached (under web-proxy global). type: str choices: enable, disable + more... + +
                • +
              • group_down_option - Action to take when all of the servers in the forward server group are down: block sessions until at least one server is back up or pass sessions to their destination. type: str choices: block, pass + more... + +
                • +
              • ldb_method - Load balance method: weighted or least-session. type: str choices: weighted, least-session, active-passive + more... + +
                • +
              • name - Configure a forward server group consisting one or multiple forward servers. Supports failover and load balancing. type: str required: true + more... + +
                • +
              • server_list - Add web forward servers to a list to form a server group. Optionally assign weights to each server. type: list member_path: server_list:name + more... + +
                • +
                  +
                • name - Forward server name. Source web-proxy.forward-server.name. type: str required: true + more... + +
                  • +
                • weight - Optionally assign a weight of the forwarding server for weighted load balancing (1 - 100). type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. + fortios_web_proxy_forward_server_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_forward_server_group: + affinity: "enable" + group_down_option: "block" + ldb_method: "weighted" + name: "default_name_6" + server_list: + - + name: "default_name_8 (source web-proxy.forward-server.name)" + weight: "9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_global.rst b/gen/fortios_web_proxy_global.rst new file mode 100644 index 00000000..e903028a --- /dev/null +++ b/gen/fortios_web_proxy_global.rst @@ -0,0 +1,1404 @@ +:source: fortios_web_proxy_global.py + +:orphan: + +.. fortios_web_proxy_global: + +fortios_web_proxy_global -- Configure Web proxy global settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_globalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • web_proxy_global - Configure Web proxy global settings. type: dict + more... + +
              • +
                +
              • fast_policy_match - Enable/disable fast matching algorithm for explicit and transparent proxy policy. type: str choices: enable, disable + more... + +
                • +
              • forward_proxy_auth - Enable/disable forwarding proxy authentication headers. type: str choices: enable, disable + more... + +
                • +
              • forward_server_affinity_timeout - Period of time before the source IP"s traffic is no longer assigned to the forwarding server (6 - 60 min). type: int + more... + +
                • +
              • ldap_user_cache - Enable/disable LDAP user cache for explicit and transparent proxy user. type: str choices: enable, disable + more... + +
                • +
              • learn_client_ip - Enable/disable learning the client"s IP address from headers. type: str choices: enable, disable + more... + +
                • +
              • learn_client_ip_from_header - Learn client IP address from the specified headers. type: list choices: true-client-ip, x-real-ip, x-forwarded-for + more... + +
                • +
              • learn_client_ip_srcaddr - Source address name (srcaddr or srcaddr6 must be set). type: list member_path: learn_client_ip_srcaddr:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                  • +
                +
              • learn_client_ip_srcaddr6 - IPv6 Source address name (srcaddr or srcaddr6 must be set). type: list member_path: learn_client_ip_srcaddr6:name + more... + +
                • +
                  +
                • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                  • +
                +
              • max_message_length - Maximum length of HTTP message, not including body (16 - 256 Kbytes). type: int + more... + +
                • +
              • max_request_length - Maximum length of HTTP request line (2 - 64 Kbytes). type: int + more... + +
                • +
              • max_waf_body_cache_length - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes). type: int + more... + +
                • +
              • proxy_fqdn - Fully Qualified Domain Name (FQDN) that clients connect to to connect to the explicit web proxy. type: str + more... + +
                • +
              • src_affinity_exempt_addr - IPv4 source addresses to exempt proxy affinity. type: list
                • +
              • src_affinity_exempt_addr6 - IPv6 source addresses to exempt proxy affinity. type: list
                • +
              • ssl_ca_cert - SSL CA certificate for SSL interception. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • ssl_cert - SSL certificate for SSL interception. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • strict_web_check - Enable/disable strict web checking to block web sites that send incorrect headers that don"t conform to HTTP 1.1. type: str choices: enable, disable + more... + +
                • +
              • tunnel_non_http - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. type: str choices: enable, disable + more... + +
                • +
              • unknown_http_version - Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort. type: str choices: reject, tunnel, best-effort + more... + +
                • +
              • webproxy_profile - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web proxy global settings. + fortios_web_proxy_global: + vdom: "{{ vdom }}" + web_proxy_global: + fast_policy_match: "enable" + forward_proxy_auth: "enable" + forward_server_affinity_timeout: "5" + ldap_user_cache: "enable" + learn_client_ip: "enable" + learn_client_ip_from_header: "true-client-ip" + learn_client_ip_srcaddr: + - + name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" + learn_client_ip_srcaddr6: + - + name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" + max_message_length: "13" + max_request_length: "14" + max_waf_body_cache_length: "15" + proxy_fqdn: "" + src_affinity_exempt_addr: "" + src_affinity_exempt_addr6: "" + ssl_ca_cert: " (source vpn.certificate.local.name)" + ssl_cert: " (source vpn.certificate.local.name)" + strict_web_check: "enable" + tunnel_non_http: "enable" + unknown_http_version: "reject" + webproxy_profile: " (source web-proxy.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_profile.rst b/gen/fortios_web_proxy_profile.rst new file mode 100644 index 00000000..9be0ef3c --- /dev/null +++ b/gen/fortios_web_proxy_profile.rst @@ -0,0 +1,2012 @@ +:source: fortios_web_proxy_profile.py + +:orphan: + +.. fortios_web_proxy_profile: + +fortios_web_proxy_profile -- Configure web proxy profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • web_proxy_profile - Configure web proxy profiles. type: dict + more... + +
              • +
                +
              • header_client_ip - Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_front_end_https - Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_via_request - Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_via_response - Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_x_authenticated_groups - Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_x_authenticated_user - Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_x_forwarded_client_cert - Action to take on the HTTP x-forwarded-client-cert header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • header_x_forwarded_for - Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove + more... + +
                • +
              • headers - Configure HTTP forwarded requests headers. type: list member_path: headers:id + more... + +
                • +
                  +
                • action - Action when the HTTP header is forwarded. type: str choices: add-to-request, add-to-response, remove-from-request, remove-from-response + more... + +
                  • +
                • add_option - Configure options to append content to existing HTTP header or add new HTTP header. type: str choices: append, new-on-not-found, new + more... + +
                  • +
                • base64_encoding - Enable/disable use of base64 encoding of HTTP content. type: str choices: disable, enable + more... + +
                  • +
                • content - HTTP header content. type: str + more... + +
                  • +
                • dstaddr - Destination address and address group names. type: list member_path: headers:id/dstaddr:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true + more... + +
                    • +
                  +
                • dstaddr6 - Destination address and address group names (IPv6). type: list member_path: headers:id/dstaddr6:name + more... + +
                  • +
                    +
                  • name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true + more... + +
                    • +
                  +
                • id - HTTP forwarded header id. type: int required: true + more... + +
                  • +
                • name - HTTP forwarded header name. type: str + more... + +
                  • +
                • protocol - Configure protocol(s) to take add-option action on (HTTP, HTTPS, or both). type: list choices: https, http + more... + +
                  • +
                +
              • log_header_change - Enable/disable logging HTTP header changes. type: str choices: enable, disable + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • strip_encoding - Enable/disable stripping unsupported encoding from the request header. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web proxy profiles. + fortios_web_proxy_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_profile: + header_client_ip: "pass" + header_front_end_https: "pass" + header_via_request: "pass" + header_via_response: "pass" + header_x_authenticated_groups: "pass" + header_x_authenticated_user: "pass" + header_x_forwarded_client_cert: "pass" + header_x_forwarded_for: "pass" + headers: + - + action: "add-to-request" + add_option: "append" + base64_encoding: "disable" + content: "" + dstaddr: + - + name: "default_name_17 (source firewall.address.name firewall.addrgrp.name)" + dstaddr6: + - + name: "default_name_19 (source firewall.address6.name firewall.addrgrp6.name)" + id: "20" + name: "default_name_21" + protocol: "https" + log_header_change: "enable" + name: "default_name_24" + strip_encoding: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_url_match.rst b/gen/fortios_web_proxy_url_match.rst new file mode 100644 index 00000000..b0dea508 --- /dev/null +++ b/gen/fortios_web_proxy_url_match.rst @@ -0,0 +1,568 @@ +:source: fortios_web_proxy_url_match.py + +:orphan: + +.. fortios_web_proxy_url_match: + +fortios_web_proxy_url_match -- Exempt URLs from web proxy forwarding and caching in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and url_match category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_url_matchyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • web_proxy_url_match - Exempt URLs from web proxy forwarding and caching. type: dict + more... + +
              • +
                +
              • cache_exemption - Enable/disable exempting this URL pattern from caching. type: str choices: enable, disable + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • forward_server - Forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str + more... + +
                • +
              • name - Configure a name for the URL to be exempted. type: str required: true + more... + +
                • +
              • status - Enable/disable exempting the URLs matching the URL pattern from web proxy forwarding and caching. type: str choices: enable, disable + more... + +
                • +
              • url_pattern - URL pattern to be exempted from web proxy forwarding and caching. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Exempt URLs from web proxy forwarding and caching. + fortios_web_proxy_url_match: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_url_match: + cache_exemption: "enable" + comment: "Comment." + forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + name: "default_name_6" + status: "enable" + url_pattern: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_web_proxy_wisp.rst b/gen/fortios_web_proxy_wisp.rst new file mode 100644 index 00000000..d30ce4cf --- /dev/null +++ b/gen/fortios_web_proxy_wisp.rst @@ -0,0 +1,538 @@ +:source: fortios_web_proxy_wisp.py + +:orphan: + +.. fortios_web_proxy_wisp: + +fortios_web_proxy_wisp -- Configure Websense Integrated Services Protocol (WISP) servers in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and wisp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_web_proxy_wispyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • web_proxy_wisp - Configure Websense Integrated Services Protocol (WISP) servers. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • max_connections - Maximum number of web proxy WISP connections (4 - 4096). type: int + more... + +
                • +
              • name - Server name. type: str required: true + more... + +
                • +
              • outgoing_ip - WISP outgoing IP address. type: str + more... + +
                • +
              • server_ip - WISP server IP address. type: str + more... + +
                • +
              • server_port - WISP server port (1 - 65535). type: int + more... + +
                • +
              • timeout - Period of time before WISP requests time out (1 - 15 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Websense Integrated Services Protocol (WISP) servers. + fortios_web_proxy_wisp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_wisp: + comment: "Comment." + max_connections: "4" + name: "default_name_5" + outgoing_ip: "" + server_ip: "" + server_port: "8" + timeout: "9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_content.rst b/gen/fortios_webfilter_content.rst new file mode 100644 index 00000000..72952bc6 --- /dev/null +++ b/gen/fortios_webfilter_content.rst @@ -0,0 +1,964 @@ +:source: fortios_webfilter_content.py + +:orphan: + +.. fortios_webfilter_content: + +fortios_webfilter_content -- Configure Web filter banned word table in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and content category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_contentyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_content - Configure Web filter banned word table. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Configure banned word entries. type: list member_path: entries:name + more... + +
                • +
                  +
                • action - Block or exempt word when a match is found. type: str choices: block, exempt + more... + +
                  • +
                • lang - Language of banned word. type: str choices: western, simch, trach, japanese, korean, french, thai, spanish, cyrillic + more... + +
                  • +
                • name - Banned word. type: str required: true + more... + +
                  • +
                • pattern_type - Banned word pattern type: wildcard pattern or Perl regular expression. type: str choices: wildcard, regexp + more... + +
                  • +
                • score - Score, to be applied every time the word appears on a web page (0 - 4294967295). type: int + more... + +
                  • +
                • status - Enable/disable banned word. type: str choices: enable, disable + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web filter banned word table. + fortios_webfilter_content: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_content: + comment: "Optional comments." + entries: + - + action: "block" + lang: "western" + name: "default_name_7" + pattern_type: "wildcard" + score: "9" + status: "enable" + id: "11" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_content_header.rst b/gen/fortios_webfilter_content_header.rst new file mode 100644 index 00000000..ccc0b1c7 --- /dev/null +++ b/gen/fortios_webfilter_content_header.rst @@ -0,0 +1,554 @@ +:source: fortios_webfilter_content_header.py + +:orphan: + +.. fortios_webfilter_content_header: + +fortios_webfilter_content_header -- Configure content types used by Web filter in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and content_header category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_content_headeryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_content_header - Configure content types used by Web filter. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - Configure content types used by web filter. type: list member_path: entries:pattern + more... + +
                • +
                  +
                • action - Action to take for this content type. type: str choices: block, allow, exempt + more... + +
                  • +
                • category - Categories that this content type applies to. type: list
                  • +
                • pattern - Content type (regular expression). type: str required: true + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • name - Name of table. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure content types used by Web filter. + fortios_webfilter_content_header: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_content_header: + comment: "Optional comments." + entries: + - + action: "block" + category: "" + pattern: "" + id: "8" + name: "default_name_9" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_fortiguard.rst b/gen/fortios_webfilter_fortiguard.rst new file mode 100644 index 00000000..bb43d23f --- /dev/null +++ b/gen/fortios_webfilter_fortiguard.rst @@ -0,0 +1,933 @@ +:source: fortios_webfilter_fortiguard.py + +:orphan: + +.. fortios_webfilter_fortiguard: + +fortios_webfilter_fortiguard -- Configure FortiGuard Web Filter service in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_fortiguardyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • webfilter_fortiguard - Configure FortiGuard Web Filter service. type: dict + more... + +
              • +
                +
              • cache_mem_percent - Maximum percentage of available memory allocated to caching (1 - 15). type: int + more... + +
                • +
              • cache_mode - Cache entry expiration mode. type: str choices: ttl, db-ver + more... + +
                • +
              • cache_prefix_match - Enable/disable prefix matching in the cache. type: str choices: enable, disable + more... + +
                • +
              • close_ports - Close ports used for HTTP/HTTPS override authentication and disable user overrides. type: str choices: enable, disable + more... + +
                • +
              • ovrd_auth_https - Enable/disable use of HTTPS for override authentication. type: str choices: enable, disable + more... + +
                • +
              • ovrd_auth_port - Port to use for FortiGuard Web Filter override authentication. type: int + more... + +
                • +
              • ovrd_auth_port_http - Port to use for FortiGuard Web Filter HTTP override authentication. type: int + more... + +
                • +
              • ovrd_auth_port_https - Port to use for FortiGuard Web Filter HTTPS override authentication in proxy mode. type: int + more... + +
                • +
              • ovrd_auth_port_https_flow - Port to use for FortiGuard Web Filter HTTPS override authentication in flow mode. type: int + more... + +
                • +
              • ovrd_auth_port_warning - Port to use for FortiGuard Web Filter Warning override authentication. type: int + more... + +
                • +
              • request_packet_size_limit - Limit size of URL request packets sent to FortiGuard server (0 for default). type: int + more... + +
                • +
              • warn_auth_https - Enable/disable use of HTTPS for warning and authentication. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard Web Filter service. + fortios_webfilter_fortiguard: + vdom: "{{ vdom }}" + webfilter_fortiguard: + cache_mem_percent: "3" + cache_mode: "ttl" + cache_prefix_match: "enable" + close_ports: "enable" + ovrd_auth_https: "enable" + ovrd_auth_port: "8" + ovrd_auth_port_http: "9" + ovrd_auth_port_https: "10" + ovrd_auth_port_https_flow: "11" + ovrd_auth_port_warning: "12" + request_packet_size_limit: "13" + warn_auth_https: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_ftgd_local_cat.rst b/gen/fortios_webfilter_ftgd_local_cat.rst new file mode 100644 index 00000000..096c9f0e --- /dev/null +++ b/gen/fortios_webfilter_ftgd_local_cat.rst @@ -0,0 +1,392 @@ +:source: fortios_webfilter_ftgd_local_cat.py + +:orphan: + +.. fortios_webfilter_ftgd_local_cat: + +fortios_webfilter_ftgd_local_cat -- Configure FortiGuard Web Filter local categories in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ftgd_local_cat category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_ftgd_local_catyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_ftgd_local_cat - Configure FortiGuard Web Filter local categories. type: dict + more... + +
              • +
                +
              • desc - Local category description. type: str required: true + more... + +
                • +
              • id - Local category ID. type: int + more... + +
                • +
              • status - Enable/disable the local category. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard Web Filter local categories. + fortios_webfilter_ftgd_local_cat: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_ftgd_local_cat: + desc: "" + id: "4" + status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_ftgd_local_rating.rst b/gen/fortios_webfilter_ftgd_local_rating.rst new file mode 100644 index 00000000..b9020dcc --- /dev/null +++ b/gen/fortios_webfilter_ftgd_local_rating.rst @@ -0,0 +1,438 @@ +:source: fortios_webfilter_ftgd_local_rating.py + +:orphan: + +.. fortios_webfilter_ftgd_local_rating: + +fortios_webfilter_ftgd_local_rating -- Configure local FortiGuard Web Filter local ratings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ftgd_local_rating category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_ftgd_local_ratingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_ftgd_local_rating - Configure local FortiGuard Web Filter local ratings. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • rating - Local rating. type: str + more... + +
                • +
              • status - Enable/disable local rating. type: str choices: enable, disable + more... + +
                • +
              • url - URL to rate locally. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure local FortiGuard Web Filter local ratings. + fortios_webfilter_ftgd_local_rating: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_ftgd_local_rating: + comment: "Comment." + rating: "" + status: "enable" + url: "myurl.com" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_ips_urlfilter_cache_setting.rst b/gen/fortios_webfilter_ips_urlfilter_cache_setting.rst new file mode 100644 index 00000000..60f5d1ee --- /dev/null +++ b/gen/fortios_webfilter_ips_urlfilter_cache_setting.rst @@ -0,0 +1,305 @@ +:source: fortios_webfilter_ips_urlfilter_cache_setting.py + +:orphan: + +.. fortios_webfilter_ips_urlfilter_cache_setting: + +fortios_webfilter_ips_urlfilter_cache_setting -- Configure IPS URL filter cache settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ips_urlfilter_cache_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_ips_urlfilter_cache_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • webfilter_ips_urlfilter_cache_setting - Configure IPS URL filter cache settings. type: dict + more... + +
              • +
                +
              • dns_retry_interval - Retry interval. Refresh DNS faster than TTL to capture multiple IPs for hosts. 0 means use DNS server"s TTL only. type: int + more... + +
                • +
              • extended_ttl - Extend time to live beyond reported by DNS. Use of 0 means use DNS server"s TTL. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter cache settings. + fortios_webfilter_ips_urlfilter_cache_setting: + vdom: "{{ vdom }}" + webfilter_ips_urlfilter_cache_setting: + dns_retry_interval: "3" + extended_ttl: "4" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_ips_urlfilter_setting.rst b/gen/fortios_webfilter_ips_urlfilter_setting.rst new file mode 100644 index 00000000..d335a0f7 --- /dev/null +++ b/gen/fortios_webfilter_ips_urlfilter_setting.rst @@ -0,0 +1,397 @@ +:source: fortios_webfilter_ips_urlfilter_setting.py + +:orphan: + +.. fortios_webfilter_ips_urlfilter_setting: + +fortios_webfilter_ips_urlfilter_setting -- Configure IPS URL filter settings in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ips_urlfilter_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_ips_urlfilter_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • webfilter_ips_urlfilter_setting - Configure IPS URL filter settings. type: dict + more... + +
              • +
                +
              • device - Interface for this route. Source system.interface.name. type: str + more... + +
                • +
              • distance - Administrative distance (1 - 255) for this route. type: int + more... + +
                • +
              • gateway - Gateway IP address for this route. type: str + more... + +
                • +
              • geo_filter - Filter based on geographical location. Route will NOT be installed if the resolved IP address belongs to the country in the filter. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter settings. + fortios_webfilter_ips_urlfilter_setting: + vdom: "{{ vdom }}" + webfilter_ips_urlfilter_setting: + device: " (source system.interface.name)" + distance: "4" + gateway: "" + geo_filter: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_ips_urlfilter_setting6.rst b/gen/fortios_webfilter_ips_urlfilter_setting6.rst new file mode 100644 index 00000000..9feac495 --- /dev/null +++ b/gen/fortios_webfilter_ips_urlfilter_setting6.rst @@ -0,0 +1,397 @@ +:source: fortios_webfilter_ips_urlfilter_setting6.py + +:orphan: + +.. fortios_webfilter_ips_urlfilter_setting6: + +fortios_webfilter_ips_urlfilter_setting6 -- Configure IPS URL filter settings for IPv6 in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ips_urlfilter_setting6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_ips_urlfilter_setting6yesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • webfilter_ips_urlfilter_setting6 - Configure IPS URL filter settings for IPv6. type: dict + more... + +
              • +
                +
              • device - Interface for this route. Source system.interface.name. type: str + more... + +
                • +
              • distance - Administrative distance (1 - 255) for this route. type: int + more... + +
                • +
              • gateway6 - Gateway IPv6 address for this route. type: str + more... + +
                • +
              • geo_filter - Filter based on geographical location. Route will NOT be installed if the resolved IPv6 address belongs to the country in the filter. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter settings for IPv6. + fortios_webfilter_ips_urlfilter_setting6: + vdom: "{{ vdom }}" + webfilter_ips_urlfilter_setting6: + device: " (source system.interface.name)" + distance: "4" + gateway6: "" + geo_filter: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_override.rst b/gen/fortios_webfilter_override.rst new file mode 100644 index 00000000..3eff9a09 --- /dev/null +++ b/gen/fortios_webfilter_override.rst @@ -0,0 +1,836 @@ +:source: fortios_webfilter_override.py + +:orphan: + +.. fortios_webfilter_override: + +fortios_webfilter_override -- Configure FortiGuard Web Filter administrative overrides in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and override category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_overrideyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_override - Configure FortiGuard Web Filter administrative overrides. type: dict + more... + +
              • +
                +
              • expires - Override expiration date and time, from 5 minutes to 365 from now (format: yyyy/mm/dd hh:mm:ss). type: str + more... + +
                • +
              • id - Override rule ID. type: int required: true + more... + +
                • +
              • initiator - Initiating user of override (read-only setting). type: str + more... + +
                • +
              • ip - IPv4 address which the override applies. type: str + more... + +
                • +
              • ip6 - IPv6 address which the override applies. type: str + more... + +
                • +
              • new_profile - Name of the new web filter profile used by the override. Source webfilter.profile.name. type: str + more... + +
                • +
              • old_profile - Name of the web filter profile which the override applies. Source webfilter.profile.name. type: str + more... + +
                • +
              • scope - Override either the specific user, user group, IPv4 address, or IPv6 address. type: str choices: user, user-group, ip, ip6 + more... + +
                • +
              • status - Enable/disable override rule. type: str choices: enable, disable + more... + +
                • +
              • user - Name of the user which the override applies. type: str + more... + +
                • +
              • user_group - Specify the user group for which the override applies. Source user.group.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard Web Filter administrative overrides. + fortios_webfilter_override: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_override: + expires: "" + id: "4" + initiator: "" + ip: "" + ip6: "" + new_profile: " (source webfilter.profile.name)" + old_profile: " (source webfilter.profile.name)" + scope: "user" + status: "enable" + user: "" + user_group: " (source user.group.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_profile.rst b/gen/fortios_webfilter_profile.rst new file mode 100644 index 00000000..dbda5404 --- /dev/null +++ b/gen/fortios_webfilter_profile.rst @@ -0,0 +1,8603 @@ +:source: fortios_webfilter_profile.py + +:orphan: + +.. fortios_webfilter_profile: + +fortios_webfilter_profile -- Configure Web filter profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_profile - Configure Web filter profiles. type: dict + more... + +
              • +
                +
              • antiphish - AntiPhishing profile. type: dict + more... + +
                • +
                  +
                • authentication - Authentication methods. type: str choices: domain-controller, ldap + more... + +
                  • +
                • check_basic_auth - Enable/disable checking of HTTP Basic Auth field for known credentials. type: str choices: enable, disable + more... + +
                  • +
                • check_uri - Enable/disable checking of GET URI parameters for known credentials. type: str choices: enable, disable + more... + +
                  • +
                • check_username_only - Enable/disable username only matching of credentials. Action will be taken for valid usernames regardless of password validity. type: str choices: enable, disable + more... + +
                  • +
                • custom_patterns - Custom username and password regex patterns. type: list member_path: antiphish/custom_patterns:pattern + more... + +
                  • +
                    +
                  • category - Category that the pattern matches. type: str choices: username, password + more... + +
                    • +
                  • pattern - Target pattern. type: str required: true + more... + +
                    • +
                  • type - Pattern will be treated either as a regex pattern or literal string. type: str choices: regex, literal + more... + +
                    • +
                  +
                • default_action - Action to be taken when there is no matching rule. type: str choices: exempt, log, block + more... + +
                  • +
                • domain_controller - Domain for which to verify received credentials against. Source user.domain-controller.name credential-store.domain-controller .server-name. type: str + more... + +
                  • +
                • inspection_entries - AntiPhishing entries. type: list member_path: antiphish/inspection_entries:name + more... + +
                  • +
                    +
                  • action - Action to be taken upon an AntiPhishing match. type: str choices: exempt, log, block + more... + +
                    • +
                  • fortiguard_category - FortiGuard category to match. type: str + more... + +
                    • +
                  • name - Inspection target name. type: str required: true + more... + +
                    • +
                  +
                • ldap - LDAP server for which to verify received credentials against. Source user.ldap.name. type: str + more... + +
                  • +
                • max_body_len - Maximum size of a POST body to check for credentials. type: int + more... + +
                  • +
                • status - Toggle AntiPhishing functionality. type: str choices: enable, disable + more... + +
                  • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • extended_log - Enable/disable extended logging for web filtering. type: str choices: enable, disable + more... + +
                • +
              • feature_set - Flow/proxy feature set. type: str choices: flow, proxy + more... + +
                • +
              • file_filter - File filter. type: dict + more... + +
                • +
                  +
                • entries - File filter entries. type: list member_path: file_filter/entries:filter + more... + +
                  • +
                    +
                  • action - Action taken for matched file. type: str choices: log, block + more... + +
                    • +
                  • comment - Comment. type: str + more... + +
                    • +
                  • direction - Match files transmitted in the session"s originating or reply direction. type: str choices: incoming, outgoing, any + more... + +
                    • +
                  • file_type - Select file type. type: list member_path: file_filter/entries:filter/file_type:name + more... + +
                    • +
                      +
                    • name - File type name. Source antivirus.filetype.name. type: str required: true + more... + +
                      • +
                    +
                  • filter - Add a file filter. type: str required: true + more... + +
                    • +
                  • password_protected - Match password-protected files. type: str choices: True, any + more... + +
                    • +
                  • protocol - Protocols to apply with. type: str choices: http, ftp + more... + +
                    • +
                  +
                • log - Enable/disable file filter logging. type: str choices: enable, disable + more... + +
                  • +
                • scan_archive_contents - Enable/disable file filter archive contents scan. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable file filter. type: str choices: enable, disable + more... + +
                  • +
                +
              • ftgd_wf - FortiGuard Web Filter settings. type: dict + more... + +
                • +
                  +
                • exempt_quota - Do not stop quota for these categories. type: str + more... + +
                  • +
                • filters - FortiGuard filters. type: list member_path: ftgd_wf/filters:id + more... + +
                  • +
                    +
                  • action - Action to take for matches. type: str choices: block, authenticate, monitor, warning + more... + +
                    • +
                  • auth_usr_grp - Groups with permission to authenticate. type: str + more... + +
                    • +
                  • category - Categories and groups the filter examines. type: int + more... + +
                    • +
                  • id - ID number. type: int required: true + more... + +
                    • +
                  • log - Enable/disable logging. type: str choices: enable, disable + more... + +
                    • +
                  • override_replacemsg - Override replacement message. type: str + more... + +
                    • +
                  • warn_duration - Duration of warnings. type: str + more... + +
                    • +
                  • warning_duration_type - Re-display warning after closing browser or after a timeout. type: str choices: session, timeout + more... + +
                    • +
                  • warning_prompt - Warning prompts in each category or each domain. type: str choices: per-domain, per-category + more... + +
                    • +
                  +
                • max_quota_timeout - Maximum FortiGuard quota used by single page view in seconds (excludes streams). type: int + more... + +
                  • +
                • options - Options for FortiGuard Web Filter. type: str choices: error-allow, rate-server-ip, connect-request-bypass, ftgd-disable + more... + +
                  • +
                • ovrd - Allow web filter profile overrides. type: str + more... + +
                  • +
                • quota - FortiGuard traffic quota settings. type: list member_path: ftgd_wf/quota:id + more... + +
                  • +
                    +
                  • category - FortiGuard categories to apply quota to (category action must be set to monitor). type: str + more... + +
                    • +
                  • duration - Duration of quota. type: str + more... + +
                    • +
                  • id - ID number. type: int required: true + more... + +
                    • +
                  • override_replacemsg - Override replacement message. type: str + more... + +
                    • +
                  • type - Quota type. type: str choices: time, traffic + more... + +
                    • +
                  • unit - Traffic quota unit of measurement. type: str choices: B, KB, MB, GB + more... + +
                    • +
                  • value - Traffic quota value. type: int + more... + +
                    • +
                  +
                • rate_crl_urls - Enable/disable rating CRL by URL. type: str choices: disable, enable + more... + +
                  • +
                • rate_css_urls - Enable/disable rating CSS by URL. type: str choices: disable, enable + more... + +
                  • +
                • rate_image_urls - Enable/disable rating images by URL. type: str choices: disable, enable + more... + +
                  • +
                • rate_javascript_urls - Enable/disable rating JavaScript by URL. type: str choices: disable, enable + more... + +
                  • +
                +
              • https_replacemsg - Enable replacement messages for HTTPS. type: str choices: enable, disable + more... + +
                • +
              • inspection_mode - Web filtering inspection mode. type: str choices: proxy, flow-based + more... + +
                • +
              • log_all_url - Enable/disable logging all URLs visited. type: str choices: enable, disable + more... + +
                • +
              • name - Profile name. type: str required: true + more... + +
                • +
              • options - Options. type: list choices: activexfilter, cookiefilter, javafilter, block-invalid-url, jscript, js, vbs, unknown, intrinsic, wf-referer, wf-cookie, per-user-bal, per-user-bwl + more... + +
                • +
              • override - Web Filter override settings. type: dict + more... + +
                • +
                  +
                • ovrd_cookie - Allow/deny browser-based (cookie) overrides. type: str choices: allow, deny + more... + +
                  • +
                • ovrd_dur - Override duration. type: str + more... + +
                  • +
                • ovrd_dur_mode - Override duration mode. type: str choices: constant, ask + more... + +
                  • +
                • ovrd_scope - Override scope. type: str choices: user, user-group, ip, browser, ask + more... + +
                  • +
                • ovrd_user_group - User groups with permission to use the override. type: str + more... + +
                  • +
                • profile - Web filter profile with permission to create overrides. type: list member_path: override/profile:name + more... + +
                  • +
                    +
                  • name - Web profile. Source webfilter.profile.name. type: str required: true + more... + +
                    • +
                  +
                • profile_attribute - Profile attribute to retrieve from the RADIUS server. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id + more... + +
                  • +
                • profile_type - Override profile type. type: str choices: list, radius + more... + +
                  • +
                +
              • ovrd_perm - Permitted override types. type: list choices: bannedword-override, urlfilter-override, fortiguard-wf-override, contenttype-check-override + more... + +
                • +
              • post_action - Action taken for HTTP POST traffic. type: str choices: normal, block + more... + +
                • +
              • replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str + more... + +
                • +
              • url_extraction - Configure URL Extraction type: dict + more... + +
                • +
                  +
                • redirect_header - HTTP header name to use for client redirect on blocked requests type: str + more... + +
                  • +
                • redirect_no_content - Enable / Disable empty message-body entity in HTTP response type: str choices: enable, disable + more... + +
                  • +
                • redirect_url - HTTP header value to use for client redirect on blocked requests type: str + more... + +
                  • +
                • server_fqdn - URL extraction server FQDN (fully qualified domain name) type: str + more... + +
                  • +
                • status - Enable URL Extraction type: str choices: enable, disable + more... + +
                  • +
                +
              • web - Web content filtering settings. type: dict + more... + +
                • +
                  +
                • allowlist - FortiGuard allowlist settings. type: list choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others + more... + +
                  • +
                • blacklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str choices: enable, disable + more... + +
                  • +
                • blocklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. type: str choices: enable, disable + more... + +
                  • +
                • bword_table - Banned word table ID. Source webfilter.content.id. type: int + more... + +
                  • +
                • bword_threshold - Banned word score threshold. type: int + more... + +
                  • +
                • content_header_list - Content header list. Source webfilter.content-header.id. type: int + more... + +
                  • +
                • keyword_match - Search keywords to log when match is found. type: str + more... + +
                  • +
                • log_search - Enable/disable logging all search phrases. type: str choices: enable, disable + more... + +
                  • +
                • safe_search - Safe search type. type: list choices: url, header + more... + +
                  • +
                • urlfilter_table - URL filter table ID. Source webfilter.urlfilter.id. type: int + more... + +
                  • +
                • vimeo_restrict - Set Vimeo-restrict ("7" = don"t show mature content, "134" = don"t show unrated and mature content). A value of cookie "content_rating". type: str + more... + +
                  • +
                • whitelist - FortiGuard whitelist settings. type: list choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others + more... + +
                  • +
                • youtube_restrict - YouTube EDU filter level. type: str choices: none, strict, moderate + more... + +
                  • +
                +
              • web_antiphishing_log - Enable/disable logging of AntiPhishing checks. type: str choices: enable, disable + more... + +
                • +
              • web_content_log - Enable/disable logging logging blocked web content. type: str choices: enable, disable + more... + +
                • +
              • web_extended_all_action_log - Enable/disable extended any filter action logging for web filtering. type: str choices: enable, disable + more... + +
                • +
              • web_filter_activex_log - Enable/disable logging ActiveX. type: str choices: enable, disable + more... + +
                • +
              • web_filter_applet_log - Enable/disable logging Java applets. type: str choices: enable, disable + more... + +
                • +
              • web_filter_command_block_log - Enable/disable logging blocked commands. type: str choices: enable, disable + more... + +
                • +
              • web_filter_cookie_log - Enable/disable logging cookie filtering. type: str choices: enable, disable + more... + +
                • +
              • web_filter_cookie_removal_log - Enable/disable logging blocked cookies. type: str choices: enable, disable + more... + +
                • +
              • web_filter_js_log - Enable/disable logging Java scripts. type: str choices: enable, disable + more... + +
                • +
              • web_filter_jscript_log - Enable/disable logging JScripts. type: str choices: enable, disable + more... + +
                • +
              • web_filter_referer_log - Enable/disable logging referrers. type: str choices: enable, disable + more... + +
                • +
              • web_filter_unknown_log - Enable/disable logging unknown scripts. type: str choices: enable, disable + more... + +
                • +
              • web_filter_vbs_log - Enable/disable logging VBS scripts. type: str choices: enable, disable + more... + +
                • +
              • web_ftgd_err_log - Enable/disable logging rating errors. type: str choices: enable, disable + more... + +
                • +
              • web_ftgd_quota_usage - Enable/disable logging daily quota usage. type: str choices: enable, disable + more... + +
                • +
              • web_invalid_domain_log - Enable/disable logging invalid domain names. type: str choices: enable, disable + more... + +
                • +
              • web_url_log - Enable/disable logging URL filtering. type: str choices: enable, disable + more... + +
                • +
              • wisp - Enable/disable web proxy WISP. type: str choices: enable, disable + more... + +
                • +
              • wisp_algorithm - WISP server selection algorithm. type: str choices: primary-secondary, round-robin, auto-learning + more... + +
                • +
              • wisp_servers - WISP servers. type: list member_path: wisp_servers:name + more... + +
                • +
                  +
                • name - Server name. Source web-proxy.wisp.name. type: str required: true + more... + +
                  • +
                +
              • youtube_channel_filter - YouTube channel filter. type: list member_path: youtube_channel_filter:id + more... + +
                • +
                  +
                • channel_id - YouTube channel ID to be filtered. type: str + more... + +
                  • +
                • comment - Comment. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                +
              • youtube_channel_status - YouTube channel filter status. type: str choices: disable, blacklist, whitelist + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web filter profiles. + fortios_webfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_profile: + antiphish: + authentication: "domain-controller" + check_basic_auth: "enable" + check_uri: "enable" + check_username_only: "enable" + custom_patterns: + - + category: "username" + pattern: "" + type: "regex" + default_action: "exempt" + domain_controller: " (source user.domain-controller.name credential-store.domain-controller.server-name)" + inspection_entries: + - + action: "exempt" + fortiguard_category: "" + name: "default_name_17" + ldap: " (source user.ldap.name)" + max_body_len: "19" + status: "enable" + comment: "Optional comments." + extended_log: "enable" + feature_set: "flow" + file_filter: + entries: + - + action: "log" + comment: "Comment." + direction: "incoming" + file_type: + - + name: "default_name_30 (source antivirus.filetype.name)" + filter: "" + password_protected: "yes" + protocol: "http" + log: "enable" + scan_archive_contents: "enable" + status: "enable" + ftgd_wf: + exempt_quota: "" + filters: + - + action: "block" + auth_usr_grp: + - + name: "default_name_42 (source user.group.name)" + category: "43" + id: "44" + log: "enable" + override_replacemsg: "" + warn_duration: "" + warning_duration_type: "session" + warning_prompt: "per-domain" + max_quota_timeout: "50" + options: "error-allow" + ovrd: "" + quota: + - + category: "" + duration: "" + id: "56" + override_replacemsg: "" + type: "time" + unit: "B" + value: "60" + rate_crl_urls: "disable" + rate_css_urls: "disable" + rate_image_urls: "disable" + rate_javascript_urls: "disable" + https_replacemsg: "enable" + inspection_mode: "proxy" + log_all_url: "enable" + name: "default_name_68" + options: "activexfilter" + override: + ovrd_cookie: "allow" + ovrd_dur: "" + ovrd_dur_mode: "constant" + ovrd_scope: "user" + ovrd_user_group: + - + name: "default_name_76 (source user.group.name)" + profile: + - + name: "default_name_78 (source webfilter.profile.name)" + profile_attribute: "User-Name" + profile_type: "list" + ovrd_perm: "bannedword-override" + post_action: "normal" + replacemsg_group: " (source system.replacemsg-group.name)" + url_extraction: + redirect_header: "" + redirect_no_content: "enable" + redirect_url: "" + server_fqdn: "" + status: "enable" + web: + allowlist: "exempt-av" + blacklist: "enable" + blocklist: "enable" + bword_table: "94 (source webfilter.content.id)" + bword_threshold: "95" + content_header_list: "96 (source webfilter.content-header.id)" + keyword_match: + - + pattern: "" + log_search: "enable" + safe_search: "url" + urlfilter_table: "101 (source webfilter.urlfilter.id)" + vimeo_restrict: "" + whitelist: "exempt-av" + youtube_restrict: "none" + web_antiphishing_log: "enable" + web_content_log: "enable" + web_extended_all_action_log: "enable" + web_filter_activex_log: "enable" + web_filter_applet_log: "enable" + web_filter_command_block_log: "enable" + web_filter_cookie_log: "enable" + web_filter_cookie_removal_log: "enable" + web_filter_js_log: "enable" + web_filter_jscript_log: "enable" + web_filter_referer_log: "enable" + web_filter_unknown_log: "enable" + web_filter_vbs_log: "enable" + web_ftgd_err_log: "enable" + web_ftgd_quota_usage: "enable" + web_invalid_domain_log: "enable" + web_url_log: "enable" + wisp: "enable" + wisp_algorithm: "primary-secondary" + wisp_servers: + - + name: "default_name_125 (source web-proxy.wisp.name)" + youtube_channel_filter: + - + channel_id: "" + comment: "Comment." + id: "129" + youtube_channel_status: "disable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_search_engine.rst b/gen/fortios_webfilter_search_engine.rst new file mode 100644 index 00000000..f575d2b0 --- /dev/null +++ b/gen/fortios_webfilter_search_engine.rst @@ -0,0 +1,728 @@ +:source: fortios_webfilter_search_engine.py + +:orphan: + +.. fortios_webfilter_search_engine: + +fortios_webfilter_search_engine -- Configure web filter search engines in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and search_engine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_search_engineyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_search_engine - Configure web filter search engines. type: dict + more... + +
              • +
                +
              • charset - Search engine charset. type: str choices: utf-8, gb2312 + more... + +
                • +
              • hostname - Hostname (regular expression). type: str + more... + +
                • +
              • name - Search engine name. type: str required: true + more... + +
                • +
              • query - Code used to prefix a query (must end with an equals character). type: str + more... + +
                • +
              • safesearch - Safe search method. You can disable safe search, add the safe search string to URLs, or insert a safe search header. type: str choices: disable, url, header, translate, yt-pattern, yt-scan, yt-video, yt-channel + more... + +
                • +
              • safesearch_str - Safe search parameter used in the URL. type: str + more... + +
                • +
              • url - URL (regular expression). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web filter search engines. + fortios_webfilter_search_engine: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_search_engine: + charset: "utf-8" + hostname: "myhostname" + name: "default_name_5" + query: "" + safesearch: "disable" + safesearch_str: "" + url: "myurl.com" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_status.rst b/gen/fortios_webfilter_status.rst new file mode 100644 index 00000000..7d580fcc --- /dev/null +++ b/gen/fortios_webfilter_status.rst @@ -0,0 +1,235 @@ +:source: fortios_webfilter_status.py + +:orphan: + +.. fortios_webfilter_status: + +fortios_webfilter_status -- Display rating info in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_statusyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • webfilter_status - Display rating info. type: dict + more... + +
              • +
                +
              • - Frequency to refresh the server list (sec). type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Display rating info. + fortios_webfilter_status: + vdom: "{{ vdom }}" + webfilter_status: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_webfilter_urlfilter.rst b/gen/fortios_webfilter_urlfilter.rst new file mode 100644 index 00000000..1b4c6ba3 --- /dev/null +++ b/gen/fortios_webfilter_urlfilter.rst @@ -0,0 +1,1468 @@ +:source: fortios_webfilter_urlfilter.py + +:orphan: + +.. fortios_webfilter_urlfilter: + +fortios_webfilter_urlfilter -- Configure URL filter lists in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and urlfilter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_webfilter_urlfilteryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • webfilter_urlfilter - Configure URL filter lists. type: dict + more... + +
              • +
                +
              • comment - Optional comments. type: str + more... + +
                • +
              • entries - URL filter entries. type: list member_path: entries:id + more... + +
                • +
                  +
                • action - Action to take for URL filter matches. type: str choices: exempt, block, allow, monitor + more... + +
                  • +
                • antiphish_action - Action to take for AntiPhishing matches. type: str choices: block, log + more... + +
                  • +
                • dns_address_family - Resolve IPv4 address, IPv6 address, or both from DNS server. type: str choices: ipv4, ipv6, both + more... + +
                  • +
                • exempt - If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space. type: list choices: av, web-content, activex-java-cookie, dlp, fortiguard, range-block, pass, antiphish, all + more... + +
                  • +
                • id - Id. type: int required: true + more... + +
                  • +
                • referrer_host - Referrer host name. type: str + more... + +
                  • +
                • status - Enable/disable this URL filter. type: str choices: enable, disable + more... + +
                  • +
                • type - Filter type (simple, regex, or wildcard). type: str choices: simple, regex, wildcard + more... + +
                  • +
                • url - URL to be filtered. type: str + more... + +
                  • +
                • web_proxy_profile - Web proxy profile. Source web-proxy.profile.name. type: str + more... + +
                  • +
                +
              • id - ID. type: int required: true + more... + +
                • +
              • ip_addr_block - Enable/disable blocking URLs when the hostname appears as an IP address. type: str choices: enable, disable + more... + +
                • +
              • name - Name of URL filter list. type: str + more... + +
                • +
              • one_arm_ips_urlfilter - Enable/disable DNS resolver for one-arm IPS URL filter operation. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure URL filter lists. + fortios_webfilter_urlfilter: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_urlfilter: + comment: "Optional comments." + entries: + - + action: "exempt" + antiphish_action: "block" + dns_address_family: "ipv4" + exempt: "av" + id: "9" + referrer_host: "myhostname" + status: "enable" + type: "simple" + url: "myurl.com" + web_proxy_profile: " (source web-proxy.profile.name)" + id: "15" + ip_addr_block: "enable" + name: "default_name_17" + one_arm_ips_urlfilter: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_access_control_list.rst b/gen/fortios_wireless_controller_access_control_list.rst new file mode 100644 index 00000000..cf1dd2de --- /dev/null +++ b/gen/fortios_wireless_controller_access_control_list.rst @@ -0,0 +1,882 @@ +:source: fortios_wireless_controller_access_control_list.py + +:orphan: + +.. fortios_wireless_controller_access_control_list: + +fortios_wireless_controller_access_control_list -- Configure WiFi bridge access control list in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and access_control_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_access_control_listyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_access_control_list - Configure WiFi bridge access control list. type: dict + more... + +
              • +
                +
              • comment - Description. type: str + more... + +
                • +
              • layer3_ipv4_rules - AP ACL layer3 ipv4 rule list. type: list + more... + +
                • +
                  +
                • action - Policy action (allow | deny). type: str choices: allow, deny + more... + +
                  • +
                • comment - Description. type: str + more... + +
                  • +
                • dstaddr - Destination IP address (any | local-LAN | IPv4 address[/]). type: str + more... + +
                  • +
                • dstport - Destination port (0 - 65535). type: int + more... + +
                  • +
                • protocol - Protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                • rule_id - Rule ID (1 - 65535). type: int + more... + +
                  • +
                • srcaddr - Source IP address (any | local-LAN | IPv4 address[/]). type: str + more... + +
                  • +
                • srcport - Source port (0 - 65535). type: int + more... + +
                  • +
                +
              • layer3_ipv6_rules - AP ACL layer3 ipv6 rule list. type: list + more... + +
                • +
                  +
                • action - Policy action (allow | deny). type: str choices: allow, deny + more... + +
                  • +
                • comment - Description. type: str + more... + +
                  • +
                • dstaddr - Destination IPv6 address (any | local-LAN | IPv6 address[/prefix length]), default = any. type: str + more... + +
                  • +
                • dstport - Destination port (0 - 65535). type: int + more... + +
                  • +
                • protocol - Protocol type as defined by IANA (0 - 255). type: int + more... + +
                  • +
                • rule_id - Rule ID (1 - 65535). type: int + more... + +
                  • +
                • srcaddr - Source IPv6 address (any | local-LAN | IPv6 address[/prefix length]), default = any. type: str + more... + +
                  • +
                • srcport - Source port (0 - 65535). type: int + more... + +
                  • +
                +
              • name - AP access control list name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WiFi bridge access control list. + fortios_wireless_controller_access_control_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_access_control_list: + comment: "Description." + layer3_ipv4_rules: + - + action: "allow" + comment: "Description." + dstaddr: "" + dstport: "8" + protocol: "9" + rule_id: "10" + srcaddr: "" + srcport: "12" + layer3_ipv6_rules: + - + action: "allow" + comment: "Description." + dstaddr: "" + dstport: "17" + protocol: "18" + rule_id: "19" + srcaddr: "" + srcport: "21" + name: "default_name_22" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_address.rst b/gen/fortios_wireless_controller_address.rst new file mode 100644 index 00000000..cc29ba0a --- /dev/null +++ b/gen/fortios_wireless_controller_address.rst @@ -0,0 +1,356 @@ +:source: fortios_wireless_controller_address.py + +:orphan: + +.. fortios_wireless_controller_address: + +fortios_wireless_controller_address -- Configure the client with its MAC address in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_addressyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_address - Configure the client with its MAC address. type: dict + more... + +
              • +
                +
              • id - ID. type: str required: true + more... + +
                • +
              • mac - MAC address. type: str + more... + +
                • +
              • policy - Allow or block the client with this MAC address. type: str choices: allow, deny + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the client with its MAC address. + fortios_wireless_controller_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_address: + id: "3" + mac: "" + policy: "allow" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_addrgrp.rst b/gen/fortios_wireless_controller_addrgrp.rst new file mode 100644 index 00000000..52173951 --- /dev/null +++ b/gen/fortios_wireless_controller_addrgrp.rst @@ -0,0 +1,399 @@ +:source: fortios_wireless_controller_addrgrp.py + +:orphan: + +.. fortios_wireless_controller_addrgrp: + +fortios_wireless_controller_addrgrp -- Configure the MAC address group in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and addrgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_addrgrpyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_addrgrp - Configure the MAC address group. type: dict + more... + +
              • +
                +
              • addresses - Manually selected group of addresses. type: list member_path: addresses:id + more... + +
                • +
                  +
                • id - Address ID. Source wireless-controller.address.id. type: str required: true + more... + +
                  • +
                +
              • default_policy - Allow or block the clients with MAC addresses that are not in the group. type: str choices: allow, deny + more... + +
                • +
              • id - ID. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the MAC address group. + fortios_wireless_controller_addrgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_addrgrp: + addresses: + - + id: "4 (source wireless-controller.address.id)" + default_policy: "allow" + id: "6" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_ap_status.rst b/gen/fortios_wireless_controller_ap_status.rst new file mode 100644 index 00000000..fe9423c1 --- /dev/null +++ b/gen/fortios_wireless_controller_ap_status.rst @@ -0,0 +1,457 @@ +:source: fortios_wireless_controller_ap_status.py + +:orphan: + +.. fortios_wireless_controller_ap_status: + +fortios_wireless_controller_ap_status -- Configure access point status (rogue | accepted | suppressed) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and ap_status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_ap_statusyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_ap_status - Configure access point status (rogue | accepted | suppressed). type: dict + more... + +
              • +
                +
              • bssid - Access Point"s (AP"s) BSSID. type: str + more... + +
                • +
              • id - AP ID. type: int required: true + more... + +
                • +
              • ssid - Access Point"s (AP"s) SSID. type: str + more... + +
                • +
              • status - Access Point"s (AP"s) status: rogue, accepted, or supressed. type: str choices: rogue, accepted, suppressed + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure access point status (rogue | accepted | suppressed). + fortios_wireless_controller_ap_status: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_ap_status: + bssid: "" + id: "4" + ssid: "" + status: "rogue" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_apcfg_profile.rst b/gen/fortios_wireless_controller_apcfg_profile.rst new file mode 100644 index 00000000..fff6d32b --- /dev/null +++ b/gen/fortios_wireless_controller_apcfg_profile.rst @@ -0,0 +1,703 @@ +:source: fortios_wireless_controller_apcfg_profile.py + +:orphan: + +.. fortios_wireless_controller_apcfg_profile: + +fortios_wireless_controller_apcfg_profile -- Configure AP local configuration profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and apcfg_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_apcfg_profileyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_apcfg_profile - Configure AP local configuration profiles. type: dict + more... + +
              • +
                +
              • ac_ip - IP address of the validation controller that AP must be able to join after applying AP local configuration. type: str + more... + +
                • +
              • ac_port - Port of the validation controller that AP must be able to join after applying AP local configuration (1024 - 49150). type: int + more... + +
                • +
              • ac_timer - Maximum waiting time for the AP to join the validation controller after applying AP local configuration (3 - 30 min). type: int + more... + +
                • +
              • ac_type - Validation controller type . type: str choices: default, specify, apcfg + more... + +
                • +
              • ap_family - FortiAP family type . type: str choices: fap, fap-u, fap-c + more... + +
                • +
              • command_list - AP local configuration command list. type: list member_path: command_list:id + more... + +
                • +
                  +
                • id - Command ID. type: int required: true + more... + +
                  • +
                • name - AP local configuration command name. type: str + more... + +
                  • +
                • passwd_value - AP local configuration command password value. type: str + more... + +
                  • +
                • type - The command type . type: str choices: non-password, password + more... + +
                  • +
                • value - AP local configuration command value. type: str + more... + +
                  • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • name - AP local configuration profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AP local configuration profiles. + fortios_wireless_controller_apcfg_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_apcfg_profile: + ac_ip: "" + ac_port: "4" + ac_timer: "5" + ac_type: "default" + ap_family: "fap" + command_list: + - + id: "9" + name: "default_name_10" + passwd_value: "" + type: "non-password" + value: "" + comment: "Comment." + name: "default_name_15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_arrp_profile.rst b/gen/fortios_wireless_controller_arrp_profile.rst new file mode 100644 index 00000000..09916cc8 --- /dev/null +++ b/gen/fortios_wireless_controller_arrp_profile.rst @@ -0,0 +1,975 @@ +:source: fortios_wireless_controller_arrp_profile.py + +:orphan: + +.. fortios_wireless_controller_arrp_profile: + +fortios_wireless_controller_arrp_profile -- Configure WiFi Automatic Radio Resource Provisioning (ARRP) profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and arrp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_arrp_profileyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_arrp_profile - Configure WiFi Automatic Radio Resource Provisioning (ARRP) profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • darrp_optimize - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec). type: int + more... + +
                • +
              • darrp_optimize_schedules - Firewall schedules for DARRP running time. DARRP will run periodically based on darrp-optimize within the schedules. Separate multiple schedule names with a space. type: list member_path: darrp_optimize_schedules:name + more... + +
                • +
                  +
                • name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true + more... + +
                  • +
                +
              • include_dfs_channel - Enable/disable use of DFS channel in DARRP channel selection phase 1 . type: str choices: enable, disable, True, False + more... + +
                • +
              • include_weather_channel - Enable/disable use of weather channel in DARRP channel selection phase 1 . type: str choices: enable, disable, True, False + more... + +
                • +
              • monitor_period - Period in seconds to measure average transmit retries and receive errors . type: int + more... + +
                • +
              • name - WiFi ARRP profile name. type: str required: true + more... + +
                • +
              • override_darrp_optimize - Enable to override setting darrp-optimize and darrp-optimize-schedules . type: str choices: enable, disable + more... + +
                • +
              • selection_period - Period in seconds to measure average channel load, noise floor, spectral RSSI . type: int + more... + +
                • +
              • threshold_ap - Threshold to reject channel in DARRP channel selection phase 1 due to surrounding APs (0 - 500). type: int + more... + +
                • +
              • threshold_channel_load - Threshold in percentage to reject channel in DARRP channel selection phase 1 due to channel load (0 - 100). type: int + more... + +
                • +
              • threshold_noise_floor - Threshold in dBm to reject channel in DARRP channel selection phase 1 due to noise floor (-95 to -20). type: str + more... + +
                • +
              • threshold_rx_errors - Threshold in percentage for receive errors to trigger channel reselection in DARRP monitor stage (0 - 100). type: int + more... + +
                • +
              • threshold_spectral_rssi - Threshold in dBm to reject channel in DARRP channel selection phase 1 due to spectral RSSI (-95 to -20). type: str + more... + +
                • +
              • threshold_tx_retries - Threshold in percentage for transmit retries to trigger channel reselection in DARRP monitor stage (0 - 1000). type: int + more... + +
                • +
              • weight_channel_load - Weight in DARRP channel score calculation for channel load (0 - 2000). type: int + more... + +
                • +
              • weight_dfs_channel - Weight in DARRP channel score calculation for DFS channel (0 - 2000). type: int + more... + +
                • +
              • weight_managed_ap - Weight in DARRP channel score calculation for managed APs (0 - 2000). type: int + more... + +
                • +
              • weight_noise_floor - Weight in DARRP channel score calculation for noise floor (0 - 2000). type: int + more... + +
                • +
              • weight_rogue_ap - Weight in DARRP channel score calculation for rogue APs (0 - 2000). type: int + more... + +
                • +
              • weight_spectral_rssi - Weight in DARRP channel score calculation for spectral RSSI (0 - 2000). type: int + more... + +
                • +
              • weight_weather_channel - Weight in DARRP channel score calculation for weather channel (0 - 2000). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WiFi Automatic Radio Resource Provisioning (ARRP) profiles. + fortios_wireless_controller_arrp_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_arrp_profile: + comment: "Comment." + darrp_optimize: "4" + darrp_optimize_schedules: + - + name: "default_name_6 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + include_dfs_channel: "enable" + include_weather_channel: "enable" + monitor_period: "9" + name: "default_name_10" + override_darrp_optimize: "enable" + selection_period: "12" + threshold_ap: "13" + threshold_channel_load: "14" + threshold_noise_floor: "" + threshold_rx_errors: "16" + threshold_spectral_rssi: "" + threshold_tx_retries: "18" + weight_channel_load: "19" + weight_dfs_channel: "20" + weight_managed_ap: "21" + weight_noise_floor: "22" + weight_rogue_ap: "23" + weight_spectral_rssi: "24" + weight_weather_channel: "25" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_ble_profile.rst b/gen/fortios_wireless_controller_ble_profile.rst new file mode 100644 index 00000000..bab598c0 --- /dev/null +++ b/gen/fortios_wireless_controller_ble_profile.rst @@ -0,0 +1,1134 @@ +:source: fortios_wireless_controller_ble_profile.py + +:orphan: + +.. fortios_wireless_controller_ble_profile: + +fortios_wireless_controller_ble_profile -- Configure Bluetooth Low Energy profile in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and ble_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_ble_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_ble_profile - Configure Bluetooth Low Energy profile. type: dict + more... + +
              • +
                +
              • advertising - Advertising type. type: list choices: ibeacon, eddystone-uid, eddystone-url + more... + +
                • +
              • beacon_interval - Beacon interval . type: int + more... + +
                • +
              • ble_scanning - Enable/disable Bluetooth Low Energy (BLE) scanning. type: str choices: enable, disable + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • eddystone_instance - Eddystone instance ID. type: str + more... + +
                • +
              • eddystone_namespace - Eddystone namespace ID. type: str + more... + +
                • +
              • eddystone_url - Eddystone URL. type: str + more... + +
                • +
              • eddystone_url_encode_hex - Eddystone encoded URL hexadecimal string type: str + more... + +
                • +
              • ibeacon_uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • major_id - Major ID. type: int + more... + +
                • +
              • minor_id - Minor ID. type: int + more... + +
                • +
              • name - Bluetooth Low Energy profile name. type: str required: true + more... + +
                • +
              • txpower - Transmit power level . type: str choices: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Bluetooth Low Energy profile. + fortios_wireless_controller_ble_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_ble_profile: + advertising: "ibeacon" + beacon_interval: "4" + ble_scanning: "enable" + comment: "Comment." + eddystone_instance: "" + eddystone_namespace: "" + eddystone_url: "" + eddystone_url_encode_hex: "" + ibeacon_uuid: "" + major_id: "12" + minor_id: "13" + name: "default_name_14" + txpower: "0" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_bonjour_profile.rst b/gen/fortios_wireless_controller_bonjour_profile.rst new file mode 100644 index 00000000..27ef2095 --- /dev/null +++ b/gen/fortios_wireless_controller_bonjour_profile.rst @@ -0,0 +1,816 @@ +:source: fortios_wireless_controller_bonjour_profile.py + +:orphan: + +.. fortios_wireless_controller_bonjour_profile: + +fortios_wireless_controller_bonjour_profile -- Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to networks using Bonjour in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and bonjour_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_bonjour_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_bonjour_profile - Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to networks using Bonjour. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • name - Bonjour profile name. type: str required: true + more... + +
                • +
              • policy_list - Bonjour policy list. type: list + more... + +
                • +
                  +
                • description - Description. type: str + more... + +
                  • +
                • from_vlan - VLAN ID from which the Bonjour service is advertised (0 - 4094). type: str + more... + +
                  • +
                • policy_id - Policy ID. type: int + more... + +
                  • +
                • services - Bonjour services for the VLAN connecting to the Bonjour network. type: str choices: all, airplay, afp, bit-torrent, ftp, ichat, itunes, printers, samba, scanners, ssh, chromecast + more... + +
                  • +
                • to_vlan - VLAN ID to which the Bonjour service is made available (0 - 4094). type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to + networks using Bonjour. + fortios_wireless_controller_bonjour_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_bonjour_profile: + comment: "Comment." + name: "default_name_4" + policy_list: + - + description: "" + from_vlan: "" + policy_id: "8" + services: "all" + to_vlan: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_client_info.rst b/gen/fortios_wireless_controller_client_info.rst new file mode 100644 index 00000000..2d49c5eb --- /dev/null +++ b/gen/fortios_wireless_controller_client_info.rst @@ -0,0 +1,235 @@ +:source: fortios_wireless_controller_client_info.py + +:orphan: + +.. fortios_wireless_controller_client_info: + +fortios_wireless_controller_client_info -- Wireless controller client-info in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and client_info category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_client_infoyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_client_info - Wireless controller client-info. type: dict + more... + +
              • +
                +
              • - VFID. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Wireless controller client-info. + fortios_wireless_controller_client_info: + vdom: "{{ vdom }}" + wireless_controller_client_info: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_global.rst b/gen/fortios_wireless_controller_global.rst new file mode 100644 index 00000000..072dcb06 --- /dev/null +++ b/gen/fortios_wireless_controller_global.rst @@ -0,0 +1,1486 @@ +:source: fortios_wireless_controller_global.py + +:orphan: + +.. fortios_wireless_controller_global: + +fortios_wireless_controller_global -- Configure wireless controller global settings in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_globalyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_global - Configure wireless controller global settings. type: dict + more... + +
              • +
                +
              • ap_log_server - Enable/disable configuring FortiGate to redirect wireless event log messages or FortiAPs to send UTM log messages to a syslog server . type: str choices: enable, disable + more... + +
                • +
              • ap_log_server_ip - IP address that FortiGate or FortiAPs send log messages to. type: str + more... + +
                • +
              • ap_log_server_port - Port that FortiGate or FortiAPs send log messages to. type: int + more... + +
                • +
              • control_message_offload - Configure CAPWAP control message data channel offload. type: list choices: ebp-frame, aeroscout-tag, ap-list, sta-list, sta-cap-list, stats, aeroscout-mu, sta-health, spectral-analysis + more... + +
                • +
              • data_ethernet_II - Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode . type: str choices: enable, disable + more... + +
                • +
              • discovery_mc_addr - Multicast IP address for AP discovery . type: str + more... + +
                • +
              • fiapp_eth_type - Ethernet type for Fortinet Inter-Access Point Protocol (IAPP), or IEEE 802.11f, packets (0 - 65535). type: int + more... + +
                • +
              • image_download - Enable/disable WTP image download at join time. type: str choices: enable, disable + more... + +
                • +
              • ipsec_base_ip - Base IP address for IPsec VPN tunnels between the access points and the wireless controller . type: str + more... + +
                • +
              • link_aggregation - Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes . type: str choices: enable, disable + more... + +
                • +
              • location - Description of the location of the wireless controller. type: str + more... + +
                • +
              • max_clients - Maximum number of clients that can connect simultaneously . type: int + more... + +
                • +
              • max_retransmit - Maximum number of tunnel packet retransmissions (0 - 64). type: int + more... + +
                • +
              • mesh_eth_type - Mesh Ethernet identifier included in backhaul packets (0 - 65535). type: int + more... + +
                • +
              • nac_interval - Interval in seconds between two WiFi network access control (NAC) checks (10 - 600). type: int + more... + +
                • +
              • name - Name of the wireless controller. type: str + more... + +
                • +
              • rogue_scan_mac_adjacency - Maximum numerical difference between an AP"s Ethernet and wireless MAC values to match for rogue detection (0 - 31). type: int + more... + +
                • +
              • tunnel_mode - Compatible/strict tunnel mode. type: str choices: compatible, strict + more... + +
                • +
              • wtp_share - Enable/disable sharing of WTPs between VDOMs. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure wireless controller global settings. + fortios_wireless_controller_global: + vdom: "{{ vdom }}" + wireless_controller_global: + ap_log_server: "enable" + ap_log_server_ip: "" + ap_log_server_port: "5" + control_message_offload: "ebp-frame" + data_ethernet_II: "enable" + discovery_mc_addr: "" + fiapp_eth_type: "9" + image_download: "enable" + ipsec_base_ip: "" + link_aggregation: "enable" + location: "" + max_clients: "14" + max_retransmit: "15" + mesh_eth_type: "16" + nac_interval: "17" + name: "default_name_18" + rogue_scan_mac_adjacency: "19" + tunnel_mode: "compatible" + wtp_share: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.rst b/gen/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.rst new file mode 100644 index 00000000..6580a0de --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.rst @@ -0,0 +1,449 @@ +:source: fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_3gpp_cellular: + +fortios_wireless_controller_hotspot20_anqp_3gpp_cellular -- Configure 3GPP public land mobile network (PLMN) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_3gpp_cellular category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_3gpp_cellularyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_3gpp_cellular - Configure 3GPP public land mobile network (PLMN). type: dict + more... + +
              • +
                +
              • mcc_mnc_list - Mobile Country Code and Mobile Network Code configuration. type: list member_path: mcc_mnc_list:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • mcc - Mobile country code. type: str + more... + +
                  • +
                • mnc - Mobile network code. type: str + more... + +
                  • +
                +
              • name - 3GPP PLMN name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure 3GPP public land mobile network (PLMN). + fortios_wireless_controller_hotspot20_anqp_3gpp_cellular: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_3gpp_cellular: + mcc_mnc_list: + - + id: "4" + mcc: "" + mnc: "" + name: "default_name_7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_ip_address_type.rst b/gen/fortios_wireless_controller_hotspot20_anqp_ip_address_type.rst new file mode 100644 index 00000000..489eb6ad --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_ip_address_type.rst @@ -0,0 +1,563 @@ +:source: fortios_wireless_controller_hotspot20_anqp_ip_address_type.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_ip_address_type: + +fortios_wireless_controller_hotspot20_anqp_ip_address_type -- Configure IP address type availability in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_ip_address_type category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_ip_address_typeyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_ip_address_type - Configure IP address type availability. type: dict + more... + +
              • +
                +
              • ipv4_address_type - IPv4 address type. type: str choices: not-available, public, port-restricted, single-NATed-private, double-NATed-private, port-restricted-and-single-NATed, port-restricted-and-double-NATed, not-known + more... + +
                • +
              • ipv6_address_type - IPv6 address type. type: str choices: not-available, available, not-known + more... + +
                • +
              • name - IP type name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP address type availability. + fortios_wireless_controller_hotspot20_anqp_ip_address_type: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_ip_address_type: + ipv4_address_type: "not-available" + ipv6_address_type: "not-available" + name: "default_name_5" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_nai_realm.rst b/gen/fortios_wireless_controller_hotspot20_anqp_nai_realm.rst new file mode 100644 index 00000000..827d9533 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_nai_realm.rst @@ -0,0 +1,830 @@ +:source: fortios_wireless_controller_hotspot20_anqp_nai_realm.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_nai_realm: + +fortios_wireless_controller_hotspot20_anqp_nai_realm -- Configure network access identifier (NAI) realm in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_nai_realm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_nai_realmyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_nai_realm - Configure network access identifier (NAI) realm. type: dict + more... + +
              • +
                +
              • nai_list - NAI list. type: list member_path: nai_list:name + more... + +
                • +
                  +
                • eap_method - EAP Methods. type: list member_path: nai_list:name/eap_method:index + more... + +
                  • +
                    +
                  • auth_param - EAP auth param. type: str + more... + +
                    • +
                  • index - EAP method index. type: int required: true + more... + +
                    • +
                  • method - EAP method type. type: str choices: eap-identity, eap-md5, eap-tls, eap-ttls, eap-peap, eap-sim, eap-aka, eap-aka-prime + more... + +
                    • +
                  +
                • encoding - Enable/disable format in accordance with IETF RFC 4282. type: str choices: disable, enable + more... + +
                  • +
                • nai_realm - Configure NAI realms (delimited by a semi-colon character). type: str + more... + +
                  • +
                • name - NAI realm name. type: str required: true + more... + +
                  • +
                +
              • name - NAI realm list name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network access identifier (NAI) realm. + fortios_wireless_controller_hotspot20_anqp_nai_realm: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_nai_realm: + nai_list: + - + eap_method: + - + auth_param: + - + id: "6" + index: "7" + val: "eap-identity" + index: "9" + method: "eap-identity" + encoding: "disable" + nai_realm: "" + name: "default_name_13" + name: "default_name_14" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_network_auth_type.rst b/gen/fortios_wireless_controller_hotspot20_anqp_network_auth_type.rst new file mode 100644 index 00000000..dea2c61e --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_network_auth_type.rst @@ -0,0 +1,430 @@ +:source: fortios_wireless_controller_hotspot20_anqp_network_auth_type.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_network_auth_type: + +fortios_wireless_controller_hotspot20_anqp_network_auth_type -- Configure network authentication type in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_network_auth_type category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_network_auth_typeyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_network_auth_type - Configure network authentication type. type: dict + more... + +
              • +
                +
              • auth_type - Network authentication type. type: str choices: acceptance-of-terms, online-enrollment, http-redirection, dns-redirection + more... + +
                • +
              • name - Authentication type name. type: str required: true + more... + +
                • +
              • url - Redirect URL. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network authentication type. + fortios_wireless_controller_hotspot20_anqp_network_auth_type: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_network_auth_type: + auth_type: "acceptance-of-terms" + name: "default_name_4" + url: "myurl.com" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.rst b/gen/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.rst new file mode 100644 index 00000000..3fbb349d --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.rst @@ -0,0 +1,449 @@ +:source: fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_roaming_consortium: + +fortios_wireless_controller_hotspot20_anqp_roaming_consortium -- Configure roaming consortium in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_roaming_consortium category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_roaming_consortiumyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_roaming_consortium - Configure roaming consortium. type: dict + more... + +
              • +
                +
              • name - Roaming consortium name. type: str required: true + more... + +
                • +
              • oi_list - Organization identifier list. type: list member_path: oi_list:index + more... + +
                • +
                  +
                • comment - Comment. type: str + more... + +
                  • +
                • index - OI index. type: int required: true + more... + +
                  • +
                • oi - Organization identifier. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure roaming consortium. + fortios_wireless_controller_hotspot20_anqp_roaming_consortium: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_roaming_consortium: + name: "default_name_3" + oi_list: + - + comment: "Comment." + index: "6" + oi: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_venue_name.rst b/gen/fortios_wireless_controller_hotspot20_anqp_venue_name.rst new file mode 100644 index 00000000..705d3374 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_venue_name.rst @@ -0,0 +1,449 @@ +:source: fortios_wireless_controller_hotspot20_anqp_venue_name.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_venue_name: + +fortios_wireless_controller_hotspot20_anqp_venue_name -- Configure venue name duple in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_venue_name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_venue_nameyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_venue_name - Configure venue name duple. type: dict + more... + +
              • +
                +
              • name - Name of venue name duple. type: str required: true + more... + +
                • +
              • value_list - Name list. type: list member_path: value_list:index + more... + +
                • +
                  +
                • index - Value index. type: int required: true + more... + +
                  • +
                • lang - Language code. type: str + more... + +
                  • +
                • value - Venue name value. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure venue name duple. + fortios_wireless_controller_hotspot20_anqp_venue_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_venue_name: + name: "default_name_3" + value_list: + - + index: "5" + lang: "" + value: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_anqp_venue_url.rst b/gen/fortios_wireless_controller_hotspot20_anqp_venue_url.rst new file mode 100644 index 00000000..c24de001 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_anqp_venue_url.rst @@ -0,0 +1,281 @@ +:source: fortios_wireless_controller_hotspot20_anqp_venue_url.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_anqp_venue_url: + +fortios_wireless_controller_hotspot20_anqp_venue_url -- Configure venue URL in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_venue_url category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_anqp_venue_urlyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_anqp_venue_url - Configure venue URL. type: dict + more... + +
              • +
                +
              • name - Name of venue url. type: str required: true + more... + +
                • +
              • value_list - URL list. type: list member_path: value_list:index + more... + +
                • +
                  +
                • index - URL index. type: int required: true + more... + +
                  • +
                • number - Venue number. type: int + more... + +
                  • +
                • value - Venue URL value. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure venue URL. + fortios_wireless_controller_hotspot20_anqp_venue_url: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_venue_url: + name: "default_name_3" + value_list: + - + index: "5" + number: "6" + value: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_h2qp_conn_capability.rst b/gen/fortios_wireless_controller_hotspot20_h2qp_conn_capability.rst new file mode 100644 index 00000000..6d1ca8b3 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_h2qp_conn_capability.rst @@ -0,0 +1,1395 @@ +:source: fortios_wireless_controller_hotspot20_h2qp_conn_capability.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_h2qp_conn_capability: + +fortios_wireless_controller_hotspot20_h2qp_conn_capability -- Configure connection capability in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_conn_capability category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_h2qp_conn_capabilityyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_h2qp_conn_capability - Configure connection capability. type: dict + more... + +
              • +
                +
              • esp_port - Set ESP port service (used by IPsec VPNs) status. type: str choices: closed, open, unknown + more... + +
                • +
              • ftp_port - Set FTP port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • http_port - Set HTTP port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • icmp_port - Set ICMP port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • ikev2_port - Set IKEv2 port service for IPsec VPN status. type: str choices: closed, open, unknown + more... + +
                • +
              • ikev2_xx_port - Set UDP port 4500 (which may be used by IKEv2 for IPsec VPN) service status. type: str choices: closed, open, unknown + more... + +
                • +
              • name - Connection capability name. type: str required: true + more... + +
                • +
              • pptp_vpn_port - Set Point to Point Tunneling Protocol (PPTP) VPN port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • ssh_port - Set SSH port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • tls_port - Set TLS VPN (HTTPS) port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • voip_tcp_port - Set VoIP TCP port service status. type: str choices: closed, open, unknown + more... + +
                • +
              • voip_udp_port - Set VoIP UDP port service status. type: str choices: closed, open, unknown + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure connection capability. + fortios_wireless_controller_hotspot20_h2qp_conn_capability: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_conn_capability: + esp_port: "closed" + ftp_port: "closed" + http_port: "closed" + icmp_port: "closed" + ikev2_port: "closed" + ikev2_xx_port: "closed" + name: "default_name_9" + pptp_vpn_port: "closed" + ssh_port: "closed" + tls_port: "closed" + voip_tcp_port: "closed" + voip_udp_port: "closed" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_h2qp_operator_name.rst b/gen/fortios_wireless_controller_hotspot20_h2qp_operator_name.rst new file mode 100644 index 00000000..3e2afa02 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_h2qp_operator_name.rst @@ -0,0 +1,449 @@ +:source: fortios_wireless_controller_hotspot20_h2qp_operator_name.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_h2qp_operator_name: + +fortios_wireless_controller_hotspot20_h2qp_operator_name -- Configure operator friendly name in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_operator_name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_h2qp_operator_nameyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_h2qp_operator_name - Configure operator friendly name. type: dict + more... + +
              • +
                +
              • name - Friendly name ID. type: str required: true + more... + +
                • +
              • value_list - Name list. type: list member_path: value_list:index + more... + +
                • +
                  +
                • index - Value index. type: int required: true + more... + +
                  • +
                • lang - Language code. type: str + more... + +
                  • +
                • value - Friendly name value. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure operator friendly name. + fortios_wireless_controller_hotspot20_h2qp_operator_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_operator_name: + name: "default_name_3" + value_list: + - + index: "5" + lang: "" + value: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_h2qp_osu_provider.rst b/gen/fortios_wireless_controller_hotspot20_h2qp_osu_provider.rst new file mode 100644 index 00000000..4a2e2e90 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_h2qp_osu_provider.rst @@ -0,0 +1,877 @@ +:source: fortios_wireless_controller_hotspot20_h2qp_osu_provider.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_h2qp_osu_provider: + +fortios_wireless_controller_hotspot20_h2qp_osu_provider -- Configure online sign up (OSU) provider list in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_osu_provider category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_h2qp_osu_provideryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_h2qp_osu_provider - Configure online sign up (OSU) provider list. type: dict + more... + +
              • +
                +
              • friendly_name - OSU provider friendly name. type: list member_path: friendly_name:index + more... + +
                • +
                  +
                • friendly_name - OSU provider friendly name. type: str + more... + +
                  • +
                • index - OSU provider friendly name index. type: int required: true + more... + +
                  • +
                • lang - Language code. type: str + more... + +
                  • +
                +
              • icon - OSU provider icon. Source wireless-controller.hotspot20.icon.name. type: str + more... + +
                • +
              • name - OSU provider ID. type: str required: true + more... + +
                • +
              • osu_method - OSU method list. type: list choices: oma-dm, soap-xml-spp, reserved + more... + +
                • +
              • osu_nai - OSU NAI. type: str + more... + +
                • +
              • server_uri - Server URI. type: str + more... + +
                • +
              • service_description - OSU service name. type: list + more... + +
                • +
                  +
                • lang - Language code. type: str + more... + +
                  • +
                • service_description - Service description. type: str + more... + +
                  • +
                • service_id - OSU service ID. type: int + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure online sign up (OSU) provider list. + fortios_wireless_controller_hotspot20_h2qp_osu_provider: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_osu_provider: + friendly_name: + - + friendly_name: "" + index: "5" + lang: "" + icon: " (source wireless-controller.hotspot20.icon.name)" + name: "default_name_8" + osu_method: "oma-dm" + osu_nai: "" + server_uri: "" + service_description: + - + lang: "" + service_description: "" + service_id: "15" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_h2qp_wan_metric.rst b/gen/fortios_wireless_controller_hotspot20_h2qp_wan_metric.rst new file mode 100644 index 00000000..ef03e6e4 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_h2qp_wan_metric.rst @@ -0,0 +1,763 @@ +:source: fortios_wireless_controller_hotspot20_h2qp_wan_metric.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_h2qp_wan_metric: + +fortios_wireless_controller_hotspot20_h2qp_wan_metric -- Configure WAN metrics in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_wan_metric category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_h2qp_wan_metricyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_h2qp_wan_metric - Configure WAN metrics. type: dict + more... + +
              • +
                +
              • downlink_load - Downlink load. type: int + more... + +
                • +
              • downlink_speed - Downlink speed (in kilobits/s). type: int + more... + +
                • +
              • link_at_capacity - Link at capacity. type: str choices: enable, disable + more... + +
                • +
              • link_status - Link status. type: str choices: up, down, in-test + more... + +
                • +
              • load_measurement_duration - Load measurement duration (in tenths of a second). type: int + more... + +
                • +
              • name - WAN metric name. type: str required: true + more... + +
                • +
              • symmetric_wan_link - WAN link symmetry. type: str choices: symmetric, asymmetric + more... + +
                • +
              • uplink_load - Uplink load. type: int + more... + +
                • +
              • uplink_speed - Uplink speed (in kilobits/s). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN metrics. + fortios_wireless_controller_hotspot20_h2qp_wan_metric: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_wan_metric: + downlink_load: "3" + downlink_speed: "4" + link_at_capacity: "enable" + link_status: "up" + load_measurement_duration: "7" + name: "default_name_8" + symmetric_wan_link: "symmetric" + uplink_load: "10" + uplink_speed: "11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_hs_profile.rst b/gen/fortios_wireless_controller_hotspot20_hs_profile.rst new file mode 100644 index 00000000..adc59f47 --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_hs_profile.rst @@ -0,0 +1,3774 @@ +:source: fortios_wireless_controller_hotspot20_hs_profile.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_hs_profile: + +fortios_wireless_controller_hotspot20_hs_profile -- Configure hotspot profile in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and hs_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_hs_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_hs_profile - Configure hotspot profile. type: dict + more... + +
              • +
                +
              • plmn_3gpp - 3GPP PLMN name. Source wireless-controller.hotspot20.anqp-3gpp-cellular.name. type: str
                • +
              • access_network_asra - Enable/disable additional step required for access (ASRA). type: str choices: enable, disable + more... + +
                • +
              • access_network_esr - Enable/disable emergency services reachable (ESR). type: str choices: enable, disable + more... + +
                • +
              • access_network_internet - Enable/disable connectivity to the Internet. type: str choices: enable, disable + more... + +
                • +
              • access_network_type - Access network type. type: str choices: private-network, private-network-with-guest-access, chargeable-public-network, free-public-network, personal-device-network, emergency-services-only-network, test-or-experimental, wildcard + more... + +
                • +
              • access_network_uesa - Enable/disable unauthenticated emergency service accessible (UESA). type: str choices: enable, disable + more... + +
                • +
              • advice_of_charge - Advice of charge. Source wireless-controller.hotspot20.h2qp-advice-of-charge.name. type: str + more... + +
                • +
              • anqp_domain_id - ANQP Domain ID (0-65535). type: int + more... + +
                • +
              • bss_transition - Enable/disable basic service set (BSS) transition Support. type: str choices: enable, disable + more... + +
                • +
              • conn_cap - Connection capability name. Source wireless-controller.hotspot20.h2qp-conn-capability.name. type: str + more... + +
                • +
              • deauth_request_timeout - Deauthentication request timeout (in seconds). type: int + more... + +
                • +
              • dgaf - Enable/disable downstream group-addressed forwarding (DGAF). type: str choices: enable, disable + more... + +
                • +
              • domain_name - Domain name. type: str + more... + +
                • +
              • gas_comeback_delay - GAS comeback delay (0 or 100 - 10000 milliseconds). type: int + more... + +
                • +
              • gas_fragmentation_limit - GAS fragmentation limit (512 - 4096). type: int + more... + +
                • +
              • hessid - Homogeneous extended service set identifier (HESSID). type: str + more... + +
                • +
              • ip_addr_type - IP address type name. Source wireless-controller.hotspot20.anqp-ip-address-type.name. type: str + more... + +
                • +
              • l2tif - Enable/disable Layer 2 traffic inspection and filtering. type: str choices: enable, disable + more... + +
                • +
              • nai_realm - NAI realm list name. Source wireless-controller.hotspot20.anqp-nai-realm.name. type: str + more... + +
                • +
              • name - Hotspot profile name. type: str required: true + more... + +
                • +
              • network_auth - Network authentication name. Source wireless-controller.hotspot20.anqp-network-auth-type.name. type: str + more... + +
                • +
              • oper_friendly_name - Operator friendly name. Source wireless-controller.hotspot20.h2qp-operator-name.name. type: str + more... + +
                • +
              • oper_icon - Operator icon. Source wireless-controller.hotspot20.icon.name. type: str + more... + +
                • +
              • osu_provider - Manually selected list of OSU provider(s). type: list member_path: osu_provider:name + more... + +
                • +
                  +
                • name - OSU provider name. Source wireless-controller.hotspot20.h2qp-osu-provider.name. type: str required: true + more... + +
                  • +
                +
              • osu_provider_nai - OSU Provider NAI. Source wireless-controller.hotspot20.h2qp-osu-provider-nai.name. type: str + more... + +
                • +
              • osu_ssid - Online sign up (OSU) SSID. type: str + more... + +
                • +
              • pame_bi - Enable/disable Pre-Association Message Exchange BSSID Independent (PAME-BI). type: str choices: disable, enable + more... + +
                • +
              • proxy_arp - Enable/disable Proxy ARP. type: str choices: enable, disable + more... + +
                • +
              • qos_map - QoS MAP set ID. Source wireless-controller.hotspot20.qos-map.name. type: str + more... + +
                • +
              • release - Hotspot 2.0 Release number (1, 2, 3). type: int + more... + +
                • +
              • roaming_consortium - Roaming consortium list name. Source wireless-controller.hotspot20.anqp-roaming-consortium.name. type: str + more... + +
                • +
              • terms_and_conditions - Terms and conditions. Source wireless-controller.hotspot20.h2qp-terms-and-conditions.name. type: str + more... + +
                • +
              • venue_group - Venue group. type: str choices: unspecified, assembly, business, educational, factory, institutional, mercantile, residential, storage, utility, vehicular, outdoor + more... + +
                • +
              • venue_name - Venue name. Source wireless-controller.hotspot20.anqp-venue-name.name. type: str + more... + +
                • +
              • venue_type - Venue type. type: str choices: unspecified, arena, stadium, passenger-terminal, amphitheater, amusement-park, place-of-worship, convention-center, library, museum, restaurant, theater, bar, coffee-shop, zoo-or-aquarium, emergency-center, doctor-office, bank, fire-station, police-station, post-office, professional-office, research-facility, attorney-office, primary-school, secondary-school, university-or-college, factory, hospital, long-term-care-facility, rehab-center, group-home, prison-or-jail, retail-store, grocery-market, auto-service-station, shopping-mall, gas-station, private, hotel-or-motel, dormitory, boarding-house, automobile, airplane, bus, ferry, ship-or-boat, train, motor-bike, muni-mesh-network, city-park, rest-area, traffic-control, bus-stop, kiosk + more... + +
                • +
              • venue_url - Venue name. Source wireless-controller.hotspot20.anqp-venue-url.name. type: str + more... + +
                • +
              • wan_metrics - WAN metric name. Source wireless-controller.hotspot20.h2qp-wan-metric.name. type: str + more... + +
                • +
              • wnm_sleep_mode - Enable/disable wireless network management (WNM) sleep mode. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure hotspot profile. + fortios_wireless_controller_hotspot20_hs_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_hs_profile: + plmn_3gpp: " (source wireless-controller.hotspot20.anqp-3gpp-cellular.name)" + access_network_asra: "enable" + access_network_esr: "enable" + access_network_internet: "enable" + access_network_type: "private-network" + access_network_uesa: "enable" + advice_of_charge: " (source wireless-controller.hotspot20.h2qp-advice-of-charge.name)" + anqp_domain_id: "10" + bss_transition: "enable" + conn_cap: " (source wireless-controller.hotspot20.h2qp-conn-capability.name)" + deauth_request_timeout: "13" + dgaf: "enable" + domain_name: "" + gas_comeback_delay: "16" + gas_fragmentation_limit: "17" + hessid: "" + ip_addr_type: " (source wireless-controller.hotspot20.anqp-ip-address-type.name)" + l2tif: "enable" + nai_realm: " (source wireless-controller.hotspot20.anqp-nai-realm.name)" + name: "default_name_22" + network_auth: " (source wireless-controller.hotspot20.anqp-network-auth-type.name)" + oper_friendly_name: " (source wireless-controller.hotspot20.h2qp-operator-name.name)" + oper_icon: " (source wireless-controller.hotspot20.icon.name)" + osu_provider: + - + name: "default_name_27 (source wireless-controller.hotspot20.h2qp-osu-provider.name)" + osu_provider_nai: " (source wireless-controller.hotspot20.h2qp-osu-provider-nai.name)" + osu_ssid: "" + pame_bi: "disable" + proxy_arp: "enable" + qos_map: " (source wireless-controller.hotspot20.qos-map.name)" + release: "33" + roaming_consortium: " (source wireless-controller.hotspot20.anqp-roaming-consortium.name)" + terms_and_conditions: " (source wireless-controller.hotspot20.h2qp-terms-and-conditions.name)" + venue_group: "unspecified" + venue_name: " (source wireless-controller.hotspot20.anqp-venue-name.name)" + venue_type: "unspecified" + venue_url: " (source wireless-controller.hotspot20.anqp-venue-url.name)" + wan_metrics: " (source wireless-controller.hotspot20.h2qp-wan-metric.name)" + wnm_sleep_mode: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_icon.rst b/gen/fortios_wireless_controller_hotspot20_icon.rst new file mode 100644 index 00000000..7a93dfbc --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_icon.rst @@ -0,0 +1,682 @@ +:source: fortios_wireless_controller_hotspot20_icon.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_icon: + +fortios_wireless_controller_hotspot20_icon -- Configure OSU provider icon in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and icon category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_iconyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_icon - Configure OSU provider icon. type: dict + more... + +
              • +
                +
              • icon_list - Icon list. type: list member_path: icon_list:name + more... + +
                • +
                  +
                • file - Icon file. type: str + more... + +
                  • +
                • height - Icon height. type: int + more... + +
                  • +
                • lang - Language code. type: str + more... + +
                  • +
                • name - Icon name. type: str required: true + more... + +
                  • +
                • type - Icon type. type: str choices: bmp, gif, jpeg, png, tiff + more... + +
                  • +
                • width - Icon width. type: int + more... + +
                  • +
                +
              • name - Icon list ID. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure OSU provider icon. + fortios_wireless_controller_hotspot20_icon: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_icon: + icon_list: + - + file: "" + height: "5" + lang: "" + name: "default_name_7" + type: "bmp" + width: "9" + name: "default_name_10" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_hotspot20_qos_map.rst b/gen/fortios_wireless_controller_hotspot20_qos_map.rst new file mode 100644 index 00000000..1222b1dd --- /dev/null +++ b/gen/fortios_wireless_controller_hotspot20_qos_map.rst @@ -0,0 +1,682 @@ +:source: fortios_wireless_controller_hotspot20_qos_map.py + +:orphan: + +.. fortios_wireless_controller_hotspot20_qos_map: + +fortios_wireless_controller_hotspot20_qos_map -- Configure QoS map set in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and qos_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_hotspot20_qos_mapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_hotspot20_qos_map - Configure QoS map set. type: dict + more... + +
              • +
                +
              • dscp_except - Differentiated Services Code Point (DSCP) exceptions. type: list member_path: dscp_except:index + more... + +
                • +
                  +
                • dscp - DSCP value. type: int + more... + +
                  • +
                • index - DSCP exception index. type: int required: true + more... + +
                  • +
                • up - User priority. type: int + more... + +
                  • +
                +
              • dscp_range - Differentiated Services Code Point (DSCP) ranges. type: list member_path: dscp_range:index + more... + +
                • +
                  +
                • high - DSCP high value. type: int + more... + +
                  • +
                • index - DSCP range index. type: int required: true + more... + +
                  • +
                • low - DSCP low value. type: int + more... + +
                  • +
                • up - User priority. type: int + more... + +
                  • +
                +
              • name - QOS-MAP name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure QoS map set. + fortios_wireless_controller_hotspot20_qos_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_qos_map: + dscp_except: + - + dscp: "4" + index: "5" + up: "6" + dscp_range: + - + high: "8" + index: "9" + low: "10" + up: "11" + name: "default_name_12" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_inter_controller.rst b/gen/fortios_wireless_controller_inter_controller.rst new file mode 100644 index 00000000..e21ec3a5 --- /dev/null +++ b/gen/fortios_wireless_controller_inter_controller.rst @@ -0,0 +1,809 @@ +:source: fortios_wireless_controller_inter_controller.py + +:orphan: + +.. fortios_wireless_controller_inter_controller: + +fortios_wireless_controller_inter_controller -- Configure inter wireless controller operation in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and inter_controller category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_inter_controlleryesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_inter_controller - Configure inter wireless controller operation. type: dict + more... + +
              • +
                +
              • fast_failover_max - Maximum number of retransmissions for fast failover HA messages between peer wireless controllers (3 - 64). type: int + more... + +
                • +
              • fast_failover_wait - Minimum wait time before an AP transitions from secondary controller to primary controller (10 - 86400 sec). type: int + more... + +
                • +
              • inter_controller_key - Secret key for inter-controller communications. type: str + more... + +
                • +
              • inter_controller_mode - Configure inter-controller mode (disable, l2-roaming, 1+1). type: str choices: disable, l2-roaming, 1+1 + more... + +
                • +
              • inter_controller_peer - Fast failover peer wireless controller list. type: list member_path: inter_controller_peer:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • peer_ip - Peer wireless controller"s IP address. type: str + more... + +
                  • +
                • peer_port - Port used by the wireless controller"s for inter-controller communications (1024 - 49150). type: int + more... + +
                  • +
                • peer_priority - Peer wireless controller"s priority (primary or secondary). type: str choices: primary, secondary + more... + +
                  • +
                +
              • inter_controller_pri - Configure inter-controller"s priority (primary or secondary). type: str choices: primary, secondary + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure inter wireless controller operation. + fortios_wireless_controller_inter_controller: + vdom: "{{ vdom }}" + wireless_controller_inter_controller: + fast_failover_max: "3" + fast_failover_wait: "4" + inter_controller_key: "" + inter_controller_mode: "disable" + inter_controller_peer: + - + id: "8" + peer_ip: "" + peer_port: "10" + peer_priority: "primary" + inter_controller_pri: "primary" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_log.rst b/gen/fortios_wireless_controller_log.rst new file mode 100644 index 00000000..7757e117 --- /dev/null +++ b/gen/fortios_wireless_controller_log.rst @@ -0,0 +1,2121 @@ +:source: fortios_wireless_controller_log.py + +:orphan: + +.. fortios_wireless_controller_log: + +fortios_wireless_controller_log -- Configure wireless controller event log filters in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and log category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_logyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_log - Configure wireless controller event log filters. type: dict + more... + +
              • +
                +
              • addrgrp_log - Lowest severity level to log address group message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • ble_log - Lowest severity level to log BLE detection message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • clb_log - Lowest severity level to log client load balancing message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • dhcp_starv_log - Lowest severity level to log DHCP starvation event message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • led_sched_log - Lowest severity level to log LED schedule event message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • radio_event_log - Lowest severity level to log radio event message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • rogue_event_log - Lowest severity level to log rogue AP event message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sta_event_log - Lowest severity level to log station event message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • sta_locate_log - Lowest severity level to log station locate message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • status - Enable/disable wireless event logging. type: str choices: enable, disable + more... + +
                • +
              • wids_log - Lowest severity level to log WIDS message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              • wtp_event_log - Lowest severity level to log WTP event message. type: str choices: emergency, alert, critical, error, warning, notification, information, debug + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure wireless controller event log filters. + fortios_wireless_controller_log: + vdom: "{{ vdom }}" + wireless_controller_log: + addrgrp_log: "emergency" + ble_log: "emergency" + clb_log: "emergency" + dhcp_starv_log: "emergency" + led_sched_log: "emergency" + radio_event_log: "emergency" + rogue_event_log: "emergency" + sta_event_log: "emergency" + sta_locate_log: "emergency" + status: "enable" + wids_log: "emergency" + wtp_event_log: "emergency" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_mpsk_profile.rst b/gen/fortios_wireless_controller_mpsk_profile.rst new file mode 100644 index 00000000..fc640659 --- /dev/null +++ b/gen/fortios_wireless_controller_mpsk_profile.rst @@ -0,0 +1,698 @@ +:source: fortios_wireless_controller_mpsk_profile.py + +:orphan: + +.. fortios_wireless_controller_mpsk_profile: + +fortios_wireless_controller_mpsk_profile -- Configure MPSK profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and mpsk_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + +
            v6.4.0 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_mpsk_profileyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_mpsk_profile - Configure MPSK profile. type: dict + more... + +
              • +
                +
              • mpsk_concurrent_clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535). type: int + more... + +
                • +
              • mpsk_group - List of multiple PSK groups. type: list member_path: mpsk_group:name + more... + +
                • +
                  +
                • mpsk_key - List of multiple PSK entries. type: list member_path: mpsk_group:name/mpsk_key:name + more... + +
                  • +
                    +
                  • comment - Comment. type: str + more... + +
                    • +
                  • concurrent_client_limit_type - MPSK client limit type options. type: str choices: default, unlimited, specified + more... + +
                    • +
                  • concurrent_clients - Number of clients that can connect using this pre-shared key (1 - 65535). type: int + more... + +
                    • +
                  • mac - MAC address. type: str + more... + +
                    • +
                  • mpsk_schedules - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. type: list member_path: mpsk_group:name/mpsk_key:name/mpsk_schedules:name + more... + +
                    • +
                      +
                    • name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime .name. type: str required: true + more... + +
                      • +
                    +
                  • name - Pre-shared key name. type: str required: true + more... + +
                    • +
                  • passphrase - WPA Pre-shared key. type: str + more... + +
                    • +
                  +
                • name - MPSK group name. type: str required: true + more... + +
                  • +
                • vlan_id - Optional VLAN ID. type: int + more... + +
                  • +
                • vlan_type - MPSK group VLAN options. type: str choices: no-vlan, fixed-vlan + more... + +
                  • +
                +
              • name - MPSK profile name. type: str required: true + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MPSK profile. + fortios_wireless_controller_mpsk_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_mpsk_profile: + mpsk_concurrent_clients: "3" + mpsk_group: + - + mpsk_key: + - + comment: "Comment." + concurrent_client_limit_type: "default" + concurrent_clients: "8" + mac: "" + mpsk_schedules: + - + name: "default_name_11 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + name: "default_name_12" + passphrase: "" + name: "default_name_14" + vlan_id: "15" + vlan_type: "no-vlan" + name: "default_name_17" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_nac_profile.rst b/gen/fortios_wireless_controller_nac_profile.rst new file mode 100644 index 00000000..e2c41577 --- /dev/null +++ b/gen/fortios_wireless_controller_nac_profile.rst @@ -0,0 +1,254 @@ +:source: fortios_wireless_controller_nac_profile.py + +:orphan: + +.. fortios_wireless_controller_nac_profile: + +fortios_wireless_controller_nac_profile -- Configure WiFi network access control (NAC) profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and nac_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_nac_profileyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_nac_profile - Configure WiFi network access control (NAC) profiles. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • onboarding_vlan - VLAN interface name. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WiFi network access control (NAC) profiles. + fortios_wireless_controller_nac_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_nac_profile: + comment: "Comment." + name: "default_name_4" + onboarding_vlan: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_qos_profile.rst b/gen/fortios_wireless_controller_qos_profile.rst new file mode 100644 index 00000000..de573722 --- /dev/null +++ b/gen/fortios_wireless_controller_qos_profile.rst @@ -0,0 +1,1736 @@ +:source: fortios_wireless_controller_qos_profile.py + +:orphan: + +.. fortios_wireless_controller_qos_profile: + +fortios_wireless_controller_qos_profile -- Configure WiFi quality of service (QoS) profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and qos_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_qos_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_qos_profile - Configure WiFi quality of service (QoS) profiles. type: dict + more... + +
              • +
                +
              • bandwidth_admission_control - Enable/disable WMM bandwidth admission control. type: str choices: enable, disable + more... + +
                • +
              • bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int + more... + +
                • +
              • burst - Enable/disable client rate burst. type: str choices: enable, disable + more... + +
                • +
              • call_admission_control - Enable/disable WMM call admission control. type: str choices: enable, disable + more... + +
                • +
              • call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones allowed (0 - 60). type: int + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • downlink - Maximum downlink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). type: int + more... + +
                • +
              • downlink_sta - Maximum downlink bandwidth for clients (0 - 2097152 Kbps). type: int + more... + +
                • +
              • dscp_wmm_be - DSCP mapping for best effort access . type: list member_path: dscp_wmm_be:id + more... + +
                • +
                  +
                • id - DSCP WMM mapping numbers (0 - 63). type: int required: true + more... + +
                  • +
                +
              • dscp_wmm_bk - DSCP mapping for background access . type: list member_path: dscp_wmm_bk:id + more... + +
                • +
                  +
                • id - DSCP WMM mapping numbers (0 - 63). type: int required: true + more... + +
                  • +
                +
              • dscp_wmm_mapping - Enable/disable Differentiated Services Code Point (DSCP) mapping. type: str choices: enable, disable + more... + +
                • +
              • dscp_wmm_vi - DSCP mapping for video access . type: list member_path: dscp_wmm_vi:id + more... + +
                • +
                  +
                • id - DSCP WMM mapping numbers (0 - 63). type: int required: true + more... + +
                  • +
                +
              • dscp_wmm_vo - DSCP mapping for voice access . type: list member_path: dscp_wmm_vo:id + more... + +
                • +
                  +
                • id - DSCP WMM mapping numbers (0 - 63). type: int required: true + more... + +
                  • +
                +
              • name - WiFi QoS profile name. type: str required: true + more... + +
                • +
              • uplink - Maximum uplink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). type: int + more... + +
                • +
              • uplink_sta - Maximum uplink bandwidth for clients (0 - 2097152 Kbps). type: int + more... + +
                • +
              • wmm - Enable/disable WiFi multi-media (WMM) control. type: str choices: enable, disable + more... + +
                • +
              • wmm_be_dscp - DSCP marking for best effort access . type: int + more... + +
                • +
              • wmm_bk_dscp - DSCP marking for background access . type: int + more... + +
                • +
              • wmm_dscp_marking - Enable/disable WMM Differentiated Services Code Point (DSCP) marking. type: str choices: enable, disable + more... + +
                • +
              • wmm_uapsd - Enable/disable WMM Unscheduled Automatic Power Save Delivery (U-APSD) power save mode. type: str choices: enable, disable + more... + +
                • +
              • wmm_vi_dscp - DSCP marking for video access . type: int + more... + +
                • +
              • wmm_vo_dscp - DSCP marking for voice access . type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WiFi quality of service (QoS) profiles. + fortios_wireless_controller_qos_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_qos_profile: + bandwidth_admission_control: "enable" + bandwidth_capacity: "4" + burst: "enable" + call_admission_control: "enable" + call_capacity: "7" + comment: "Comment." + downlink: "9" + downlink_sta: "10" + dscp_wmm_be: + - + id: "12" + dscp_wmm_bk: + - + id: "14" + dscp_wmm_mapping: "enable" + dscp_wmm_vi: + - + id: "17" + dscp_wmm_vo: + - + id: "19" + name: "default_name_20" + uplink: "21" + uplink_sta: "22" + wmm: "enable" + wmm_be_dscp: "24" + wmm_bk_dscp: "25" + wmm_dscp_marking: "enable" + wmm_uapsd: "enable" + wmm_vi_dscp: "28" + wmm_vo_dscp: "29" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_region.rst b/gen/fortios_wireless_controller_region.rst new file mode 100644 index 00000000..9030d22a --- /dev/null +++ b/gen/fortios_wireless_controller_region.rst @@ -0,0 +1,429 @@ +:source: fortios_wireless_controller_region.py + +:orphan: + +.. fortios_wireless_controller_region: + +fortios_wireless_controller_region -- Configure FortiAP regions (for floor plans and maps) in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and region category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_regionyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_region - Configure FortiAP regions (for floor plans and maps). type: dict + more... + +
              • +
                +
              • comments - Comments. type: str + more... + +
                • +
              • grayscale - Region image grayscale. type: str choices: enable, disable + more... + +
                • +
              • image_type - FortiAP region image type (png|jpeg|gif). type: str choices: png, jpeg, gif + more... + +
                • +
              • name - FortiAP region name. type: str required: true + more... + +
                • +
              • opacity - Region image opacity (0 - 100). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiAP regions (for floor plans and maps). + fortios_wireless_controller_region: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_region: + comments: "" + grayscale: "enable" + image_type: "png" + name: "default_name_6" + opacity: "7" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_rf_analysis.rst b/gen/fortios_wireless_controller_rf_analysis.rst new file mode 100644 index 00000000..222716f0 --- /dev/null +++ b/gen/fortios_wireless_controller_rf_analysis.rst @@ -0,0 +1,235 @@ +:source: fortios_wireless_controller_rf_analysis.py + +:orphan: + +.. fortios_wireless_controller_rf_analysis: + +fortios_wireless_controller_rf_analysis -- Wireless controller rf-analysis in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and rf_analysis category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_rf_analysisyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_rf_analysis - Wireless controller rf-analysis. type: dict + more... + +
              • +
                +
              • - WTP ID. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Wireless controller rf-analysis. + fortios_wireless_controller_rf_analysis: + vdom: "{{ vdom }}" + wireless_controller_rf_analysis: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_setting.rst b/gen/fortios_wireless_controller_setting.rst new file mode 100644 index 00000000..d3b6e0f7 --- /dev/null +++ b/gen/fortios_wireless_controller_setting.rst @@ -0,0 +1,4950 @@ +:source: fortios_wireless_controller_setting.py + +:orphan: + +.. fortios_wireless_controller_setting: + +fortios_wireless_controller_setting -- VDOM wireless controller configuration in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_settingyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_setting - VDOM wireless controller configuration. type: dict + more... + +
              • +
                +
              • account_id - FortiCloud customer account ID. type: str + more... + +
                • +
              • country - Country or region in which the FortiGate is located. The country determines the 802.11 bands and channels that are available. type: str choices: --, AF, AL, DZ, AS, AO, AR, AM, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BA, BW, BR, BN, BG, BF, KH, CM, KY, CF, TD, CL, CN, CX, CO, CG, CD, CR, HR, CY, CZ, DK, DM, DO, EC, EG, SV, ET, EE, GF, PF, FO, FJ, FI, FR, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GY, HT, HN, HK, HU, IS, IN, ID, IQ, IE, IM, IL, IT, CI, JM, JO, KZ, KE, KR, KW, LA, LV, LB, LS, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MA, MZ, MM, NA, NP, NL, AN, AW, NZ, NI, NE, False, MP, OM, PK, PW, PA, PG, PY, PE, PH, PL, PT, PR, QA, RE, RO, RU, RW, BL, KN, LC, MF, PM, VC, SA, SN, RS, ME, SL, SG, SK, SI, ZA, ES, LK, SE, SR, CH, TW, TZ, TH, TG, TT, TN, TR, TM, AE, TC, UG, UA, GB, US, PS, UY, UZ, VU, VE, VN, VI, WF, YE, ZM, ZW, JP, CA, IR, KP, SD, SY, ZB + more... + +
                • +
              • darrp_optimize - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec). type: int + more... + +
                • +
              • darrp_optimize_schedules - Firewall schedules for DARRP running time. DARRP will run periodically based on darrp-optimize within the schedules. Separate multiple schedule names with a space. type: list member_path: darrp_optimize_schedules:name + more... + +
                • +
                  +
                • name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true + more... + +
                  • +
                +
              • device_holdoff - Lower limit of creation time of device for identification in minutes (0 - 60). type: int + more... + +
                • +
              • device_idle - Upper limit of idle time of device for identification in minutes (0 - 14400). type: int + more... + +
                • +
              • device_weight - Upper limit of confidence of device for identification (0 - 255). type: int + more... + +
                • +
              • duplicate_ssid - Enable/disable allowing Virtual Access Points (VAPs) to use the same SSID name in the same VDOM. type: str choices: enable, disable + more... + +
                • +
              • fake_ssid_action - Actions taken for detected fake SSID. type: list choices: log, suppress + more... + +
                • +
              • fapc_compatibility - Enable/disable FAP-C series compatibility. type: str choices: enable, disable + more... + +
                • +
              • firmware_provision_on_authorization - Enable/disable automatic provisioning of latest firmware on authorization. type: str choices: enable, disable + more... + +
                • +
              • offending_ssid - Configure offending SSID. type: list member_path: offending_ssid:id + more... + +
                • +
                  +
                • action - Actions taken for detected offending SSID. type: str choices: log, suppress + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                • ssid_pattern - Define offending SSID pattern (case insensitive). For example, word, word*, *word, wo*rd. type: str + more... + +
                  • +
                +
              • phishing_ssid_detect - Enable/disable phishing SSID detection. type: str choices: enable, disable + more... + +
                • +
              • wfa_compatibility - Enable/disable WFA compatibility. type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: VDOM wireless controller configuration. + fortios_wireless_controller_setting: + vdom: "{{ vdom }}" + wireless_controller_setting: + account_id: "" + country: "--" + darrp_optimize: "5" + darrp_optimize_schedules: + - + name: "default_name_7 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + device_holdoff: "8" + device_idle: "9" + device_weight: "10" + duplicate_ssid: "enable" + fake_ssid_action: "log" + fapc_compatibility: "enable" + firmware_provision_on_authorization: "enable" + offending_ssid: + - + action: "log" + id: "17" + ssid_pattern: "" + phishing_ssid_detect: "enable" + wfa_compatibility: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_snmp.rst b/gen/fortios_wireless_controller_snmp.rst new file mode 100644 index 00000000..8aa58f9a --- /dev/null +++ b/gen/fortios_wireless_controller_snmp.rst @@ -0,0 +1,1612 @@ +:source: fortios_wireless_controller_snmp.py + +:orphan: + +.. fortios_wireless_controller_snmp: + +fortios_wireless_controller_snmp -- Configure SNMP in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and snmp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_snmpyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_snmp - Configure SNMP. type: dict + more... + +
              • +
                +
              • community - SNMP Community Configuration. type: list member_path: community:id + more... + +
                • +
                  +
                • hosts - Configure IPv4 SNMP managers (hosts). type: list member_path: community:id/hosts:id + more... + +
                  • +
                    +
                  • id - Host entry ID. type: int required: true + more... + +
                    • +
                  • ip - IPv4 address of the SNMP manager (host). type: str + more... + +
                    • +
                  +
                • id - Community ID. type: int required: true + more... + +
                  • +
                • name - Community name. type: str + more... + +
                  • +
                • query_v1_status - Enable/disable SNMP v1 queries. type: str choices: enable, disable + more... + +
                  • +
                • query_v2c_status - Enable/disable SNMP v2c queries. type: str choices: enable, disable + more... + +
                  • +
                • status - Enable/disable this SNMP community. type: str choices: enable, disable + more... + +
                  • +
                • trap_v1_status - Enable/disable SNMP v1 traps. type: str choices: enable, disable + more... + +
                  • +
                • trap_v2c_status - Enable/disable SNMP v2c traps. type: str choices: enable, disable + more... + +
                  • +
                +
              • contact_info - Contact Information. type: str + more... + +
                • +
              • engine_id - AC SNMP engineID string (maximum 24 characters). type: str + more... + +
                • +
              • trap_high_cpu_threshold - CPU usage when trap is sent. type: int + more... + +
                • +
              • trap_high_mem_threshold - Memory usage when trap is sent. type: int + more... + +
                • +
              • user - SNMP User Configuration. type: list member_path: user:name + more... + +
                • +
                  +
                • auth_proto - Authentication protocol. type: str choices: md5, sha + more... + +
                  • +
                • auth_pwd - Password for authentication protocol. type: str + more... + +
                  • +
                • name - SNMP user name. type: str required: true + more... + +
                  • +
                • notify_hosts - Configure SNMP User Notify Hosts. type: list
                  • +
                • priv_proto - Privacy (encryption) protocol. type: str choices: aes, des, aes256, aes256cisco + more... + +
                  • +
                • priv_pwd - Password for privacy (encryption) protocol. type: str + more... + +
                  • +
                • queries - Enable/disable SNMP queries for this user. type: str choices: enable, disable + more... + +
                  • +
                • security_level - Security level for message authentication and encryption. type: str choices: no-auth-no-priv, auth-no-priv, auth-priv + more... + +
                  • +
                • status - SNMP user enable. type: str choices: enable, disable + more... + +
                  • +
                • trap_status - Enable/disable traps for this SNMP user. type: str choices: enable, disable + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SNMP. + fortios_wireless_controller_snmp: + vdom: "{{ vdom }}" + wireless_controller_snmp: + community: + - + hosts: + - + id: "5" + ip: "" + id: "7" + name: "default_name_8" + query_v1_status: "enable" + query_v2c_status: "enable" + status: "enable" + trap_v1_status: "enable" + trap_v2c_status: "enable" + contact_info: "" + engine_id: "" + trap_high_cpu_threshold: "16" + trap_high_mem_threshold: "17" + user: + - + auth_proto: "md5" + auth_pwd: "" + name: "default_name_21" + notify_hosts: "" + priv_proto: "aes" + priv_pwd: "" + queries: "enable" + security_level: "no-auth-no-priv" + status: "enable" + trap_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_spectral_info.rst b/gen/fortios_wireless_controller_spectral_info.rst new file mode 100644 index 00000000..90452706 --- /dev/null +++ b/gen/fortios_wireless_controller_spectral_info.rst @@ -0,0 +1,199 @@ +:source: fortios_wireless_controller_spectral_info.py + +:orphan: + +.. fortios_wireless_controller_spectral_info: + +fortios_wireless_controller_spectral_info -- Wireless controller spectrum analysis in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and spectral_info category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_spectral_infoyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_spectral_info - Wireless controller spectrum analysis. type: dict + more... + +
              • +
                +
              • set_wtp_id - WTP ID. type: str
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Wireless controller spectrum analysis. + fortios_wireless_controller_spectral_info: + vdom: "{{ vdom }}" + wireless_controller_spectral_info: + set_wtp_id: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_ssid_policy.rst b/gen/fortios_wireless_controller_ssid_policy.rst new file mode 100644 index 00000000..78092f30 --- /dev/null +++ b/gen/fortios_wireless_controller_ssid_policy.rst @@ -0,0 +1,254 @@ +:source: fortios_wireless_controller_ssid_policy.py + +:orphan: + +.. fortios_wireless_controller_ssid_policy: + +fortios_wireless_controller_ssid_policy -- Configure WiFi SSID policies in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and ssid_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + +
            v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_ssid_policyyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_ssid_policy - Configure WiFi SSID policies. type: dict + more... + +
              • +
                +
              • description - Description. type: str + more... + +
                • +
              • name - Name. type: str required: true + more... + +
                • +
              • vlan - VLAN interface name. Source system.interface.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WiFi SSID policies. + fortios_wireless_controller_ssid_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_ssid_policy: + description: "" + name: "default_name_4" + vlan: " (source system.interface.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_status.rst b/gen/fortios_wireless_controller_status.rst new file mode 100644 index 00000000..a66dae46 --- /dev/null +++ b/gen/fortios_wireless_controller_status.rst @@ -0,0 +1,199 @@ +:source: fortios_wireless_controller_status.py + +:orphan: + +.. fortios_wireless_controller_status: + +fortios_wireless_controller_status -- Wireless controller status in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_statusyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_status - Wireless controller status. type: dict + more... + +
              • +
                +
              • set_1_2 - Verbose. type: str
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Wireless controller status. + fortios_wireless_controller_status: + vdom: "{{ vdom }}" + wireless_controller_status: + set_1_2: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_syslog_profile.rst b/gen/fortios_wireless_controller_syslog_profile.rst new file mode 100644 index 00000000..82e31ccf --- /dev/null +++ b/gen/fortios_wireless_controller_syslog_profile.rst @@ -0,0 +1,428 @@ +:source: fortios_wireless_controller_syslog_profile.py + +:orphan: + +.. fortios_wireless_controller_syslog_profile: + +fortios_wireless_controller_syslog_profile -- Configure Wireless Termination Points (WTP) system log server profile in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and syslog_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + +
            v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_syslog_profileyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_syslog_profile - Configure Wireless Termination Points (WTP) system log server profile. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • log_level - Lowest level of log messages that FortiAP units send to this server . type: str choices: emergency, alert, critical, error, warning, notification, information, debugging + more... + +
                • +
              • name - WTP system log server profile name. type: str required: true + more... + +
                • +
              • server_addr_type - Syslog server address type . type: str choices: fqdn, ip + more... + +
                • +
              • server_fqdn - FQDN of syslog server that FortiAP units send log messages to. type: str + more... + +
                • +
              • server_ip - IP address of syslog server that FortiAP units send log messages to. type: str + more... + +
                • +
              • server_port - Port number of syslog server that FortiAP units send log messages to . type: int + more... + +
                • +
              • server_status - Enable/disable FortiAP units to send log messages to a syslog server . type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Wireless Termination Points (WTP) system log server profile. + fortios_wireless_controller_syslog_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_syslog_profile: + comment: "Comment." + log_level: "emergency" + name: "default_name_5" + server_addr_type: "fqdn" + server_fqdn: "" + server_ip: "" + server_port: "9" + server_status: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_timers.rst b/gen/fortios_wireless_controller_timers.rst new file mode 100644 index 00000000..eba42ca9 --- /dev/null +++ b/gen/fortios_wireless_controller_timers.rst @@ -0,0 +1,936 @@ +:source: fortios_wireless_controller_timers.py + +:orphan: + +.. fortios_wireless_controller_timers: + +fortios_wireless_controller_timers -- Configure CAPWAP timers in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and timers category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_timersyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_timers - Configure CAPWAP timers. type: dict + more... + +
              • +
                +
              • ble_scan_report_intv - Time between running Bluetooth Low Energy (BLE) reports (10 - 3600 sec). type: int + more... + +
                • +
              • client_idle_timeout - Time after which a client is considered idle and times out (20 - 3600 sec). type: int + more... + +
                • +
              • darrp_day - Weekday on which to run DARRP optimization. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              • darrp_optimize - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec). type: int + more... + +
                • +
              • darrp_time - Time at which DARRP optimizations run (you can add up to 8 times). type: list member_path: darrp_time:time + more... + +
                • +
                  +
                • time - Time. type: str required: true + more... + +
                  • +
                +
              • discovery_interval - Time between discovery requests (2 - 180 sec). type: int + more... + +
                • +
              • drma_interval - Dynamic radio mode assignment (DRMA) schedule interval in minutes (10 - 1440). type: int + more... + +
                • +
              • echo_interval - Time between echo requests sent by the managed WTP, AP, or FortiAP (1 - 255 sec). type: int + more... + +
                • +
              • fake_ap_log - Time between recording logs about fake APs if periodic fake AP logging is configured (0 - 1440 min). type: int + more... + +
                • +
              • ipsec_intf_cleanup - Time period to keep IPsec VPN interfaces up after WTP sessions are disconnected (30 - 3600 sec). type: int + more... + +
                • +
              • radio_stats_interval - Time between running radio reports (1 - 255 sec). type: int + more... + +
                • +
              • rogue_ap_log - Time between logging rogue AP messages if periodic rogue AP logging is configured (0 - 1440 min). type: int + more... + +
                • +
              • sta_capability_interval - Time between running station capability reports (1 - 255 sec). type: int + more... + +
                • +
              • sta_locate_timer - Time between running client presence flushes to remove clients that are listed but no longer present (0 - 86400 sec). type: int + more... + +
                • +
              • sta_stats_interval - Time between running client (station) reports (1 - 255 sec). type: int + more... + +
                • +
              • vap_stats_interval - Time between running Virtual Access Point (VAP) reports (1 - 255 sec). type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure CAPWAP timers. + fortios_wireless_controller_timers: + vdom: "{{ vdom }}" + wireless_controller_timers: + ble_scan_report_intv: "3" + client_idle_timeout: "4" + darrp_day: "sunday" + darrp_optimize: "6" + darrp_time: + - + time: "" + discovery_interval: "9" + drma_interval: "10" + echo_interval: "11" + fake_ap_log: "12" + ipsec_intf_cleanup: "13" + radio_stats_interval: "14" + rogue_ap_log: "15" + sta_capability_interval: "16" + sta_locate_timer: "17" + sta_stats_interval: "18" + vap_stats_interval: "19" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_utm_profile.rst b/gen/fortios_wireless_controller_utm_profile.rst new file mode 100644 index 00000000..90baf167 --- /dev/null +++ b/gen/fortios_wireless_controller_utm_profile.rst @@ -0,0 +1,679 @@ +:source: fortios_wireless_controller_utm_profile.py + +:orphan: + +.. fortios_wireless_controller_utm_profile: + +fortios_wireless_controller_utm_profile -- Configure UTM (Unified Threat Management) profile in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and utm_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_utm_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_utm_profile - Configure UTM (Unified Threat Management) profile. type: dict + more... + +
              • +
                +
              • antivirus_profile - AntiVirus profile name. Source antivirus.profile.name. type: str + more... + +
                • +
              • application_list - Application control list name. Source application.list.name. type: str + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • ips_sensor - IPS sensor name. Source ips.sensor.name. type: str + more... + +
                • +
              • name - UTM profile name. type: str required: true + more... + +
                • +
              • scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, monitor, block + more... + +
                • +
              • utm_log - Enable/disable UTM logging. type: str choices: enable, disable + more... + +
                • +
              • webfilter_profile - WebFilter profile name. Source webfilter.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure UTM (Unified Threat Management) profile. + fortios_wireless_controller_utm_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_utm_profile: + antivirus_profile: " (source antivirus.profile.name)" + application_list: " (source application.list.name)" + comment: "Comment." + ips_sensor: " (source ips.sensor.name)" + name: "default_name_7" + scan_botnet_connections: "disable" + utm_log: "enable" + webfilter_profile: " (source webfilter.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_vap.rst b/gen/fortios_wireless_controller_vap.rst new file mode 100644 index 00000000..d82fd4cc --- /dev/null +++ b/gen/fortios_wireless_controller_vap.rst @@ -0,0 +1,15986 @@ +:source: fortios_wireless_controller_vap.py + +:orphan: + +.. fortios_wireless_controller_vap: + +fortios_wireless_controller_vap -- Configure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_vapyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_vap - Configure Virtual Access Points (VAPs). type: dict + more... + +
              • +
                +
              • access_control_list - Profile name for access-control-list. Source wireless-controller.access-control-list.name. type: str + more... + +
                • +
              • acct_interim_interval - WiFi RADIUS accounting interim interval (60 - 86400 sec). type: int + more... + +
                • +
              • additional_akms - Additional AKMs. type: list choices: akm6 + more... + +
                • +
              • address_group - Address group ID. Source wireless-controller.addrgrp.id. type: str + more... + +
                • +
              • alias - Alias. type: str + more... + +
                • +
              • antivirus_profile - AntiVirus profile name. Source antivirus.profile.name. type: str + more... + +
                • +
              • application_list - Application control list name. Source application.list.name. type: str + more... + +
                • +
              • atf_weight - Airtime weight in percentage . type: int + more... + +
                • +
              • auth - Authentication protocol. type: str choices: psk, radius, usergroup + more... + +
                • +
              • auth_cert - HTTPS server certificate. Source vpn.certificate.local.name. type: str + more... + +
                • +
              • auth_portal_addr - Address of captive portal. type: str + more... + +
                • +
              • beacon_advertising - Fortinet beacon advertising IE data . type: list choices: name, model, serial-number + more... + +
                • +
              • broadcast_ssid - Enable/disable broadcasting the SSID . type: str choices: enable, disable + more... + +
                • +
              • broadcast_suppression - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. type: list choices: dhcp-up, dhcp-down, dhcp-starvation, dhcp-ucast, arp-known, arp-unknown, arp-reply, arp-poison, arp-proxy, netbios-ns, netbios-ds, ipv6, all-other-mc, all-other-bc + more... + +
                • +
              • bss_color_partial - Enable/disable 802.11ax partial BSS color . type: str choices: enable, disable + more... + +
                • +
              • bstm_disassociation_imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached . type: str choices: enable, disable + more... + +
                • +
              • bstm_load_balancing_disassoc_timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30). type: int + more... + +
                • +
              • bstm_rssi_disassoc_timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000). type: int + more... + +
                • +
              • captive_portal_ac_name - Local-bridging captive portal ac-name. type: str + more... + +
                • +
              • captive_portal_auth_timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec). type: int + more... + +
                • +
              • captive_portal_macauth_radius_secret - Secret key to access the macauth RADIUS server. type: str + more... + +
                • +
              • captive_portal_macauth_radius_server - Captive portal external RADIUS server domain name or IP address. type: str + more... + +
                • +
              • captive_portal_radius_secret - Secret key to access the RADIUS server. type: str + more... + +
                • +
              • captive_portal_radius_server - Captive portal RADIUS server domain name or IP address. type: str + more... + +
                • +
              • captive_portal_session_timeout_interval - Session timeout interval (0 - 864000 sec). type: int + more... + +
                • +
              • dhcp_address_enforcement - Enable/disable DHCP address enforcement . type: str choices: enable, disable + more... + +
                • +
              • dhcp_lease_time - DHCP lease time in seconds for NAT IP address. type: int + more... + +
                • +
              • dhcp_option43_insertion - Enable/disable insertion of DHCP option 43 . type: str choices: enable, disable + more... + +
                • +
              • dhcp_option82_circuit_id_insertion - Enable/disable DHCP option 82 circuit-id insert . type: str choices: style-1, style-2, style-3, disable + more... + +
                • +
              • dhcp_option82_insertion - Enable/disable DHCP option 82 insert . type: str choices: enable, disable + more... + +
                • +
              • dhcp_option82_remote_id_insertion - Enable/disable DHCP option 82 remote-id insert . type: str choices: style-1, disable + more... + +
                • +
              • dynamic_vlan - Enable/disable dynamic VLAN assignment. type: str choices: enable, disable + more... + +
                • +
              • eap_reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: enable, disable + more... + +
                • +
              • eap_reauth_intv - EAP re-authentication interval (1800 - 864000 sec). type: int + more... + +
                • +
              • eapol_key_retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . type: str choices: disable, enable + more... + +
                • +
              • encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: TKIP, AES, TKIP-AES + more... + +
                • +
              • external_fast_roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . type: str choices: enable, disable + more... + +
                • +
              • external_logout - URL of external authentication logout server. type: str + more... + +
                • +
              • external_web - URL of external authentication web server. type: str + more... + +
                • +
              • external_web_format - URL query parameter detection . type: str choices: auto-detect, no-query-string, partial-query-string + more... + +
                • +
              • fast_bss_transition - Enable/disable 802.11r Fast BSS Transition (FT) . type: str choices: disable, enable + more... + +
                • +
              • fast_roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients . type: str choices: enable, disable + more... + +
                • +
              • ft_mobility_domain - Mobility domain identifier in FT (1 - 65535). type: int + more... + +
                • +
              • ft_over_ds - Enable/disable FT over the Distribution System (DS). type: str choices: disable, enable + more... + +
                • +
              • ft_r0_key_lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int + more... + +
                • +
              • gas_comeback_delay - GAS comeback delay (0 or 100 - 10000 milliseconds). type: int + more... + +
                • +
              • gas_fragmentation_limit - GAS fragmentation limit (512 - 4096). type: int + more... + +
                • +
              • gtk_rekey - Enable/disable GTK rekey for WPA security. type: str choices: enable, disable + more... + +
                • +
              • gtk_rekey_intv - GTK rekey interval (1800 - 864000 sec). type: int + more... + +
                • +
              • high_efficiency - Enable/disable 802.11ax high efficiency . type: str choices: enable, disable + more... + +
                • +
              • hotspot20_profile - Hotspot 2.0 profile name. Source wireless-controller.hotspot20.hs-profile.name. type: str + more... + +
                • +
              • igmp_snooping - Enable/disable IGMP snooping. type: str choices: enable, disable + more... + +
                • +
              • intra_vap_privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . type: str choices: enable, disable + more... + +
                • +
              • ip - IP address and subnet mask for the local standalone NAT subnet. type: str + more... + +
                • +
              • ips_sensor - IPS sensor name. Source ips.sensor.name. type: str + more... + +
                • +
              • ipv6_rules - Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. type: list choices: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad + more... + +
                • +
              • key - WEP Key. type: str + more... + +
                • +
              • keyindex - WEP key index (1 - 4). type: int + more... + +
                • +
              • ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: disable, rx, tx, rxtx + more... + +
                • +
              • local_authentication - Enable/disable AP local authentication. type: str choices: enable, disable + more... + +
                • +
              • local_bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . type: str choices: enable, disable + more... + +
                • +
              • local_lan - Allow/deny traffic destined for a Class A, B, or C private IP address . type: str choices: allow, deny + more... + +
                • +
              • local_standalone - Enable/disable AP local standalone . type: str choices: enable, disable + more... + +
                • +
              • local_standalone_dns - Enable/disable AP local standalone DNS. type: str choices: enable, disable + more... + +
                • +
              • local_standalone_dns_ip - IPv4 addresses for the local standalone DNS. type: list
                • +
              • local_standalone_nat - Enable/disable AP local standalone NAT mode. type: str choices: enable, disable + more... + +
                • +
              • mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: enable, disable + more... + +
                • +
              • mac_called_station_delimiter - MAC called station delimiter . type: str choices: hyphen, single-hyphen, colon, none + more... + +
                • +
              • mac_calling_station_delimiter - MAC calling station delimiter . type: str choices: hyphen, single-hyphen, colon, none + more... + +
                • +
              • mac_case - MAC case . type: str choices: uppercase, lowercase + more... + +
                • +
              • mac_filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: enable, disable + more... + +
                • +
              • mac_filter_list - Create a list of MAC addresses for MAC address filtering. type: list member_path: mac_filter_list:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • mac - MAC address. type: str + more... + +
                  • +
                • mac_filter_policy - Deny or allow the client with this MAC address. type: str choices: allow, deny + more... + +
                  • +
                +
              • mac_filter_policy_other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: allow, deny + more... + +
                • +
              • mac_password_delimiter - MAC authentication password delimiter . type: str choices: hyphen, single-hyphen, colon, none + more... + +
                • +
              • mac_username_delimiter - MAC authentication username delimiter . type: str choices: hyphen, single-hyphen, colon, none + more... + +
                • +
              • max_clients - Maximum number of clients that can connect simultaneously to the VAP . type: int + more... + +
                • +
              • max_clients_ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio . type: int + more... + +
                • +
              • mbo - Enable/disable Multiband Operation . type: str choices: disable, enable + more... + +
                • +
              • mbo_cell_data_conn_pref - MBO cell data connection preference (0, 1, or 255). type: str choices: excluded, prefer-not, prefer-use + more... + +
                • +
              • me_disable_thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int + more... + +
                • +
              • mesh_backhaul - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. type: str choices: enable, disable + more... + +
                • +
              • mpsk - Enable/disable multiple PSK authentication. type: str choices: enable, disable + more... + +
                • +
              • mpsk_concurrent_clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535). type: int + more... + +
                • +
              • mpsk_key - List of multiple PSK entries. type: list + more... + +
                • +
                  +
                • comment - Comment. type: str + more... + +
                  • +
                • concurrent_clients - Number of clients that can connect using this pre-shared key. type: str + more... + +
                  • +
                • key_name - Pre-shared key name. type: str + more... + +
                  • +
                • mpsk_schedules - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. type: list member_path: mpsk_schedules:name + more... + +
                  • +
                    +
                  • name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true + more... + +
                    • +
                  +
                • passphrase - WPA Pre-shared key. type: str + more... + +
                  • +
                +
              • mpsk_profile - MPSK profile name. Source wireless-controller.mpsk-profile.name. type: str + more... + +
                • +
              • mu_mimo - Enable/disable Multi-user MIMO . type: str choices: enable, disable + more... + +
                • +
              • multicast_enhance - Enable/disable converting multicast to unicast to improve performance . type: str choices: enable, disable + more... + +
                • +
              • multicast_rate - Multicast rate (0, 6000, 12000, or 24000 kbps). type: str choices: 0, 6000, 12000, 24000 + more... + +
                • +
              • nac - Enable/disable network access control. type: str choices: enable, disable + more... + +
                • +
              • nac_profile - NAC profile name. Source wireless-controller.nac-profile.name. type: str + more... + +
                • +
              • name - Virtual AP name. type: str required: true + more... + +
                • +
              • neighbor_report_dual_band - Enable/disable dual-band neighbor report . type: str choices: disable, enable + more... + +
                • +
              • okc - Enable/disable Opportunistic Key Caching (OKC) . type: str choices: disable, enable + more... + +
                • +
              • osen - Enable/disable OSEN as part of key management . type: str choices: enable, disable + more... + +
                • +
              • owe_groups - OWE-Groups. type: list choices: 19, 20, 21 + more... + +
                • +
              • owe_transition - Enable/disable OWE transition mode support. type: str choices: disable, enable + more... + +
                • +
              • owe_transition_ssid - OWE transition mode peer SSID. type: str + more... + +
                • +
              • passphrase - WPA pre-shared key (PSK) to be used to authenticate WiFi users. type: str + more... + +
                • +
              • pmf - Protected Management Frames (PMF) support . type: str choices: disable, enable, optional + more... + +
                • +
              • pmf_assoc_comeback_timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int + more... + +
                • +
              • pmf_sa_query_retry_timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int + more... + +
                • +
              • port_macauth - Enable/disable LAN port MAC authentication . type: str choices: disable, radius, address-group + more... + +
                • +
              • port_macauth_reauth_timeout - LAN port MAC authentication re-authentication timeout value . type: int + more... + +
                • +
              • port_macauth_timeout - LAN port MAC authentication idle timeout value . type: int + more... + +
                • +
              • portal_message_override_group - Replacement message group for this VAP (only available when security is set to a captive portal type). Source system.replacemsg-group .name. type: str + more... + +
                • +
              • portal_message_overrides - Individual message overrides. type: dict + more... + +
                • +
                  +
                • auth_disclaimer_page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                • auth_login_failed_page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                • auth_login_page - Override auth-login-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                • auth_reject_page - Override auth-reject-page message with message from portal-message-overrides group. type: str + more... + +
                  • +
                +
              • portal_type - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. type: str choices: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth + more... + +
                • +
              • primary_wag_profile - Primary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str + more... + +
                • +
              • probe_resp_suppression - Enable/disable probe response suppression (to ignore weak signals) . type: str choices: enable, disable + more... + +
                • +
              • probe_resp_threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). type: str + more... + +
                • +
              • ptk_rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: enable, disable + more... + +
                • +
              • ptk_rekey_intv - PTK rekey interval (1800 - 864000 sec). type: int + more... + +
                • +
              • qos_profile - Quality of service profile name. Source wireless-controller.qos-profile.name. type: str + more... + +
                • +
              • quarantine - Enable/disable station quarantine . type: str choices: enable, disable + more... + +
                • +
              • radio_2g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20). type: str + more... + +
                • +
              • radio_5g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20). type: str + more... + +
                • +
              • radio_sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) . type: str choices: enable, disable + more... + +
                • +
              • radius_mac_auth - Enable/disable RADIUS-based MAC authentication of clients . type: str choices: enable, disable + more... + +
                • +
              • radius_mac_auth_server - RADIUS-based MAC authentication server. Source user.radius.name. type: str + more... + +
                • +
              • radius_mac_auth_usergroups - Selective user groups that are permitted for RADIUS mac authentication. type: list member_path: radius_mac_auth_usergroups:name + more... + +
                • +
                  +
                • name - User group name. type: str required: true + more... + +
                  • +
                +
              • radius_mac_mpsk_auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication . type: str choices: enable, disable + more... + +
                • +
              • radius_mac_mpsk_timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000). type: int + more... + +
                • +
              • radius_server - RADIUS server to be used to authenticate WiFi users. Source user.radius.name. type: str + more... + +
                • +
              • rates_11a - Allowed data rates for 802.11a. type: list choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic + more... + +
                • +
              • rates_11ac_ss12 - Allowed data rates for 802.11ac with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2 + more... + +
                • +
              • rates_11ac_ss34 - Allowed data rates for 802.11ac with 3 or 4 spatial streams. type: list choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4 + more... + +
                • +
              • rates_11ax_ss12 - Allowed data rates for 802.11ax with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2 + more... + +
                • +
              • rates_11ax_ss34 - Allowed data rates for 802.11ax with 3 or 4 spatial streams. type: list choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4 + more... + +
                • +
              • rates_11bg - Allowed data rates for 802.11b/g. type: list choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic + more... + +
                • +
              • rates_11n_ss12 - Allowed data rates for 802.11n with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2 + more... + +
                • +
              • rates_11n_ss34 - Allowed data rates for 802.11n with 3 or 4 spatial streams. type: list choices: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4 + more... + +
                • +
              • sae_groups - SAE-Groups. type: list choices: 19, 20, 21, 1, 2, 5, 14, 15, 16, 17, 18, 27, 28, 29, 30, 31 + more... + +
                • +
              • sae_password - WPA3 SAE password to be used to authenticate WiFi users. type: str + more... + +
                • +
              • scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, monitor, block + more... + +
                • +
              • schedule - Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space. type: str + more... + +
                • +
              • secondary_wag_profile - Secondary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str + more... + +
                • +
              • security - Security mode for the wireless interface . type: str choices: open, captive-portal, wep64, wep128, wpa-personal, wpa-personal+captive-portal, wpa-enterprise, wpa-only-personal, wpa-only-personal+captive-portal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-personal+captive-portal, wpa2-only-enterprise, wpa3-enterprise, wpa3-only-enterprise, wpa3-enterprise-transition, wpa3-sae, wpa3-sae-transition, owe, osen + more... + +
                • +
              • security_exempt_list - Optional security exempt list for captive portal authentication. Source user.security-exempt-list.name. type: str + more... + +
                • +
              • security_obsolete_option - Enable/disable obsolete security options. type: str choices: enable, disable + more... + +
                • +
              • security_redirect_url - Optional URL for redirecting users after they pass captive portal authentication. type: str + more... + +
                • +
              • selected_usergroups - Selective user groups that are permitted to authenticate. type: list member_path: selected_usergroups:name + more... + +
                • +
                  +
                • name - User group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • split_tunneling - Enable/disable split tunneling . type: str choices: enable, disable + more... + +
                • +
              • ssid - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. type: str + more... + +
                • +
              • sticky_client_remove - Enable/disable sticky client remove to maintain good signal level clients in SSID . type: str choices: enable, disable + more... + +
                • +
              • sticky_client_threshold_2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20). type: str + more... + +
                • +
              • sticky_client_threshold_5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20). type: str + more... + +
                • +
              • target_wake_time - Enable/disable 802.11ax target wake time . type: str choices: enable, disable + more... + +
                • +
              • tkip_counter_measure - Enable/disable TKIP counter measure. type: str choices: enable, disable + more... + +
                • +
              • tunnel_echo_interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec). type: int + more... + +
                • +
              • tunnel_fallback_interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec). type: int + more... + +
                • +
              • usergroup - Firewall user group to be used to authenticate WiFi users. type: list member_path: usergroup:name + more... + +
                • +
                  +
                • name - User group name. Source user.group.name. type: str required: true + more... + +
                  • +
                +
              • utm_log - Enable/disable UTM logging. type: str choices: enable, disable + more... + +
                • +
              • utm_profile - UTM profile name. Source wireless-controller.utm-profile.name. type: str + more... + +
                • +
              • utm_status - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. type: str choices: enable, disable + more... + +
                • +
              • vdom - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. type: str + more... + +
                • +
              • vlan_auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: enable, disable + more... + +
                • +
              • vlan_name - Table for mapping VLAN name to VLAN ID. type: list member_path: vlan_name:name + more... + +
                • +
                  +
                • name - VLAN name. type: str required: true + more... + +
                  • +
                • vlan_id - VLAN ID. type: int + more... + +
                  • +
                +
              • vlan_pool - VLAN pool. type: list member_path: vlan_pool:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • wtp_group - WTP group name. Source wireless-controller.wtp-group.name. type: str + more... + +
                  • +
                +
              • vlan_pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. type: str choices: wtp-group, round-robin, hash, disable + more... + +
                • +
              • vlanid - Optional VLAN ID. type: int + more... + +
                • +
              • voice_enterprise - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . type: str choices: disable, enable + more... + +
                • +
              • webfilter_profile - WebFilter profile name. Source webfilter.profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Virtual Access Points (VAPs). + fortios_wireless_controller_vap: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_vap: + access_control_list: " (source wireless-controller.access-control-list.name)" + acct_interim_interval: "4" + additional_akms: "akm6" + address_group: " (source wireless-controller.addrgrp.id)" + alias: "" + antivirus_profile: " (source antivirus.profile.name)" + application_list: " (source application.list.name)" + atf_weight: "10" + auth: "psk" + auth_cert: " (source vpn.certificate.local.name)" + auth_portal_addr: "" + beacon_advertising: "name" + broadcast_ssid: "enable" + broadcast_suppression: "dhcp-up" + bss_color_partial: "enable" + bstm_disassociation_imminent: "enable" + bstm_load_balancing_disassoc_timer: "19" + bstm_rssi_disassoc_timer: "20" + captive_portal_ac_name: "" + captive_portal_auth_timeout: "22" + captive_portal_macauth_radius_secret: "" + captive_portal_macauth_radius_server: "" + captive_portal_radius_secret: "" + captive_portal_radius_server: "" + captive_portal_session_timeout_interval: "27" + dhcp_address_enforcement: "enable" + dhcp_lease_time: "29" + dhcp_option43_insertion: "enable" + dhcp_option82_circuit_id_insertion: "style-1" + dhcp_option82_insertion: "enable" + dhcp_option82_remote_id_insertion: "style-1" + dynamic_vlan: "enable" + eap_reauth: "enable" + eap_reauth_intv: "36" + eapol_key_retries: "disable" + encrypt: "TKIP" + external_fast_roaming: "enable" + external_logout: "" + external_web: "" + external_web_format: "auto-detect" + fast_bss_transition: "disable" + fast_roaming: "enable" + ft_mobility_domain: "45" + ft_over_ds: "disable" + ft_r0_key_lifetime: "47" + gas_comeback_delay: "48" + gas_fragmentation_limit: "49" + gtk_rekey: "enable" + gtk_rekey_intv: "51" + high_efficiency: "enable" + hotspot20_profile: " (source wireless-controller.hotspot20.hs-profile.name)" + igmp_snooping: "enable" + intra_vap_privacy: "enable" + ip: "" + ips_sensor: " (source ips.sensor.name)" + ipv6_rules: "drop-icmp6ra" + key: "" + keyindex: "60" + ldpc: "disable" + local_authentication: "enable" + local_bridging: "enable" + local_lan: "allow" + local_standalone: "enable" + local_standalone_dns: "enable" + local_standalone_dns_ip: "" + local_standalone_nat: "enable" + mac_auth_bypass: "enable" + mac_called_station_delimiter: "hyphen" + mac_calling_station_delimiter: "hyphen" + mac_case: "uppercase" + mac_filter: "enable" + mac_filter_list: + - + id: "75" + mac: "" + mac_filter_policy: "allow" + mac_filter_policy_other: "allow" + mac_password_delimiter: "hyphen" + mac_username_delimiter: "hyphen" + max_clients: "81" + max_clients_ap: "82" + mbo: "disable" + mbo_cell_data_conn_pref: "excluded" + me_disable_thresh: "85" + mesh_backhaul: "enable" + mpsk: "enable" + mpsk_concurrent_clients: "88" + mpsk_key: + - + comment: "Comment." + concurrent_clients: "" + key_name: "" + mpsk_schedules: + - + name: "default_name_94 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + passphrase: "" + mpsk_profile: " (source wireless-controller.mpsk-profile.name)" + mu_mimo: "enable" + multicast_enhance: "enable" + multicast_rate: "0" + nac: "enable" + nac_profile: " (source wireless-controller.nac-profile.name)" + name: "default_name_102" + neighbor_report_dual_band: "disable" + okc: "disable" + osen: "enable" + owe_groups: "19" + owe_transition: "disable" + owe_transition_ssid: "" + passphrase: "" + pmf: "disable" + pmf_assoc_comeback_timeout: "111" + pmf_sa_query_retry_timeout: "112" + port_macauth: "disable" + port_macauth_reauth_timeout: "114" + port_macauth_timeout: "115" + portal_message_override_group: " (source system.replacemsg-group.name)" + portal_message_overrides: + auth_disclaimer_page: "" + auth_login_failed_page: "" + auth_login_page: "" + auth_reject_page: "" + portal_type: "auth" + primary_wag_profile: " (source wireless-controller.wag-profile.name)" + probe_resp_suppression: "enable" + probe_resp_threshold: "" + ptk_rekey: "enable" + ptk_rekey_intv: "127" + qos_profile: " (source wireless-controller.qos-profile.name)" + quarantine: "enable" + radio_2g_threshold: "" + radio_5g_threshold: "" + radio_sensitivity: "enable" + radius_mac_auth: "enable" + radius_mac_auth_server: " (source user.radius.name)" + radius_mac_auth_usergroups: + - + name: "default_name_136" + radius_mac_mpsk_auth: "enable" + radius_mac_mpsk_timeout: "138" + radius_server: " (source user.radius.name)" + rates_11a: "1" + rates_11ac_ss12: "mcs0/1" + rates_11ac_ss34: "mcs0/3" + rates_11ax_ss12: "mcs0/1" + rates_11ax_ss34: "mcs0/3" + rates_11bg: "1" + rates_11n_ss12: "mcs0/1" + rates_11n_ss34: "mcs16/3" + sae_groups: "19" + sae_password: "" + scan_botnet_connections: "disable" + schedule: + - + name: "default_name_152 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + secondary_wag_profile: " (source wireless-controller.wag-profile.name)" + security: "open" + security_exempt_list: " (source user.security-exempt-list.name)" + security_obsolete_option: "enable" + security_redirect_url: "" + selected_usergroups: + - + name: "default_name_159 (source user.group.name)" + split_tunneling: "enable" + ssid: "" + sticky_client_remove: "enable" + sticky_client_threshold_2g: "" + sticky_client_threshold_5g: "" + target_wake_time: "enable" + tkip_counter_measure: "enable" + tunnel_echo_interval: "167" + tunnel_fallback_interval: "168" + usergroup: + - + name: "default_name_170 (source user.group.name)" + utm_log: "enable" + utm_profile: " (source wireless-controller.utm-profile.name)" + utm_status: "enable" + vdom: " (source system.vdom.name)" + vlan_auto: "enable" + vlan_name: + - + name: "default_name_177" + vlan_id: "178" + vlan_pool: + - + id: "180" + wtp_group: " (source wireless-controller.wtp-group.name)" + vlan_pooling: "wtp-group" + vlanid: "183" + voice_enterprise: "disable" + webfilter_profile: " (source webfilter.profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_vap_group.rst b/gen/fortios_wireless_controller_vap_group.rst new file mode 100644 index 00000000..ff491586 --- /dev/null +++ b/gen/fortios_wireless_controller_vap_group.rst @@ -0,0 +1,403 @@ +:source: fortios_wireless_controller_vap_group.py + +:orphan: + +.. fortios_wireless_controller_vap_group: + +fortios_wireless_controller_vap_group -- Configure virtual Access Point (VAP) groups in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_vap_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_vap_group - Configure virtual Access Point (VAP) groups. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • name - Group Name. type: str required: true + more... + +
                • +
              • vaps - List of SSIDs to be included in the VAP group. type: list member_path: vaps:name + more... + +
                • +
                  +
                • name - VAP name. Source wireless-controller.vap.name. type: str required: true + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual Access Point (VAP) groups. + fortios_wireless_controller_vap_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_vap_group: + comment: "Comment." + name: "default_name_4" + vaps: + - + name: "default_name_6 (source wireless-controller.vap.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_vap_status.rst b/gen/fortios_wireless_controller_vap_status.rst new file mode 100644 index 00000000..185ae640 --- /dev/null +++ b/gen/fortios_wireless_controller_vap_status.rst @@ -0,0 +1,199 @@ +:source: fortios_wireless_controller_vap_status.py + +:orphan: + +.. fortios_wireless_controller_vap_status: + +fortios_wireless_controller_vap_status -- Wireless controller VAP-status in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap_status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_vap_statusyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_vap_status - Wireless controller VAP-status. type: dict + more... + +
              • +
                +
              • set_1 - Verbose. type: str
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Wireless controller VAP-status. + fortios_wireless_controller_vap_status: + vdom: "{{ vdom }}" + wireless_controller_vap_status: + set_1: "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_wag_profile.rst b/gen/fortios_wireless_controller_wag_profile.rst new file mode 100644 index 00000000..1269b9ae --- /dev/null +++ b/gen/fortios_wireless_controller_wag_profile.rst @@ -0,0 +1,596 @@ +:source: fortios_wireless_controller_wag_profile.py + +:orphan: + +.. fortios_wireless_controller_wag_profile: + +fortios_wireless_controller_wag_profile -- Configure wireless access gateway (WAG) profiles used for tunnels on AP in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wag_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_wag_profileyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_wag_profile - Configure wireless access gateway (WAG) profiles used for tunnels on AP. type: dict + more... + +
              • +
                +
              • comment - Comment. type: str + more... + +
                • +
              • dhcp_ip_addr - IP address of the monitoring DHCP request packet sent through the tunnel. type: str + more... + +
                • +
              • name - Tunnel profile name. type: str required: true + more... + +
                • +
              • ping_interval - Interval between two tunnel monitoring echo packets (1 - 65535 sec). type: int + more... + +
                • +
              • ping_number - Number of the tunnel monitoring echo packets (1 - 65535). type: int + more... + +
                • +
              • return_packet_timeout - Window of time for the return packets from the tunnel"s remote end (1 - 65535 sec). type: int + more... + +
                • +
              • tunnel_type - Tunnel type. type: str choices: l2tpv3, gre + more... + +
                • +
              • wag_ip - IP Address of the wireless access gateway. type: str + more... + +
                • +
              • wag_port - UDP port of the wireless access gateway. type: int + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure wireless access gateway (WAG) profiles used for tunnels on AP. + fortios_wireless_controller_wag_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wag_profile: + comment: "Comment." + dhcp_ip_addr: "" + name: "default_name_5" + ping_interval: "6" + ping_number: "7" + return_packet_timeout: "8" + tunnel_type: "l2tpv3" + wag_ip: "" + wag_port: "11" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_wids_profile.rst b/gen/fortios_wireless_controller_wids_profile.rst new file mode 100644 index 00000000..dcc5b04a --- /dev/null +++ b/gen/fortios_wireless_controller_wids_profile.rst @@ -0,0 +1,3348 @@ +:source: fortios_wireless_controller_wids_profile.py + +:orphan: + +.. fortios_wireless_controller_wids_profile: + +fortios_wireless_controller_wids_profile -- Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wids_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_wids_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_wids_profile - Configure wireless intrusion detection system (WIDS) profiles. type: dict + more... + +
              • +
                +
              • ap_auto_suppress - Enable/disable on-wire rogue AP auto-suppression . type: str choices: enable, disable + more... + +
                • +
              • ap_bgscan_disable_day - Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday + more... + +
                • +
              • ap_bgscan_disable_end - End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . type: str + more... + +
                • +
              • ap_bgscan_disable_schedules - Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space. type: list member_path: ap_bgscan_disable_schedules:name + more... + +
                • +
                  +
                • name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true + more... + +
                  • +
                +
              • ap_bgscan_disable_start - Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . type: str + more... + +
                • +
              • ap_bgscan_duration - Listen time on scanning a channel (10 - 1000 msec). type: int + more... + +
                • +
              • ap_bgscan_idle - Wait time for channel inactivity before scanning this channel (0 - 1000 msec). type: int + more... + +
                • +
              • ap_bgscan_intv - Period between successive channel scans (1 - 600 sec). type: int + more... + +
                • +
              • ap_bgscan_period - Period between background scans (10 - 3600 sec). type: int + more... + +
                • +
              • ap_bgscan_report_intv - Period between background scan reports (15 - 600 sec). type: int + more... + +
                • +
              • ap_fgscan_report_intv - Period between foreground scan reports (15 - 600 sec). type: int + more... + +
                • +
              • ap_scan - Enable/disable rogue AP detection. type: str choices: disable, enable + more... + +
                • +
              • ap_scan_passive - Enable/disable passive scanning. Enable means do not send probe request on any channels . type: str choices: enable, disable + more... + +
                • +
              • ap_scan_threshold - Minimum signal level/threshold in dBm required for the AP to report detected rogue AP (-95 to -20). type: str + more... + +
                • +
              • asleap_attack - Enable/disable asleap attack detection . type: str choices: enable, disable + more... + +
                • +
              • assoc_flood_thresh - The threshold value for association frame flooding. type: int + more... + +
                • +
              • assoc_flood_time - Number of seconds after which a station is considered not connected. type: int + more... + +
                • +
              • assoc_frame_flood - Enable/disable association frame flooding detection . type: str choices: enable, disable + more... + +
                • +
              • auth_flood_thresh - The threshold value for authentication frame flooding. type: int + more... + +
                • +
              • auth_flood_time - Number of seconds after which a station is considered not connected. type: int + more... + +
                • +
              • auth_frame_flood - Enable/disable authentication frame flooding detection . type: str choices: enable, disable + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • deauth_broadcast - Enable/disable broadcasting de-authentication detection . type: str choices: enable, disable + more... + +
                • +
              • deauth_unknown_src_thresh - Threshold value per second to deauth unknown src for DoS attack (0: no limit). type: int + more... + +
                • +
              • eapol_fail_flood - Enable/disable EAPOL-Failure flooding (to AP) detection . type: str choices: enable, disable + more... + +
                • +
              • eapol_fail_intv - The detection interval for EAPOL-Failure flooding (1 - 3600 sec). type: int + more... + +
                • +
              • eapol_fail_thresh - The threshold value for EAPOL-Failure flooding in specified interval. type: int + more... + +
                • +
              • eapol_logoff_flood - Enable/disable EAPOL-Logoff flooding (to AP) detection . type: str choices: enable, disable + more... + +
                • +
              • eapol_logoff_intv - The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). type: int + more... + +
                • +
              • eapol_logoff_thresh - The threshold value for EAPOL-Logoff flooding in specified interval. type: int + more... + +
                • +
              • eapol_pre_fail_flood - Enable/disable premature EAPOL-Failure flooding (to STA) detection . type: str choices: enable, disable + more... + +
                • +
              • eapol_pre_fail_intv - The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). type: int + more... + +
                • +
              • eapol_pre_fail_thresh - The threshold value for premature EAPOL-Failure flooding in specified interval. type: int + more... + +
                • +
              • eapol_pre_succ_flood - Enable/disable premature EAPOL-Success flooding (to STA) detection . type: str choices: enable, disable + more... + +
                • +
              • eapol_pre_succ_intv - The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). type: int + more... + +
                • +
              • eapol_pre_succ_thresh - The threshold value for premature EAPOL-Success flooding in specified interval. type: int + more... + +
                • +
              • eapol_start_flood - Enable/disable EAPOL-Start flooding (to AP) detection . type: str choices: enable, disable + more... + +
                • +
              • eapol_start_intv - The detection interval for EAPOL-Start flooding (1 - 3600 sec). type: int + more... + +
                • +
              • eapol_start_thresh - The threshold value for EAPOL-Start flooding in specified interval. type: int + more... + +
                • +
              • eapol_succ_flood - Enable/disable EAPOL-Success flooding (to AP) detection . type: str choices: enable, disable + more... + +
                • +
              • eapol_succ_intv - The detection interval for EAPOL-Success flooding (1 - 3600 sec). type: int + more... + +
                • +
              • eapol_succ_thresh - The threshold value for EAPOL-Success flooding in specified interval. type: int + more... + +
                • +
              • invalid_mac_oui - Enable/disable invalid MAC OUI detection. type: str choices: enable, disable + more... + +
                • +
              • long_duration_attack - Enable/disable long duration attack detection based on user configured threshold . type: str choices: enable, disable + more... + +
                • +
              • long_duration_thresh - Threshold value for long duration attack detection (1000 - 32767 usec). type: int + more... + +
                • +
              • name - WIDS profile name. type: str required: true + more... + +
                • +
              • null_ssid_probe_resp - Enable/disable null SSID probe response detection . type: str choices: enable, disable + more... + +
                • +
              • sensor_mode - Scan nearby WiFi stations . type: str choices: disable, foreign, both + more... + +
                • +
              • spoofed_deauth - Enable/disable spoofed de-authentication attack detection . type: str choices: enable, disable + more... + +
                • +
              • weak_wep_iv - Enable/disable weak WEP IV (Initialization Vector) detection . type: str choices: enable, disable + more... + +
                • +
              • wireless_bridge - Enable/disable wireless bridge detection . type: str choices: enable, disable + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure wireless intrusion detection system (WIDS) profiles. + fortios_wireless_controller_wids_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wids_profile: + ap_auto_suppress: "enable" + ap_bgscan_disable_day: "sunday" + ap_bgscan_disable_end: "" + ap_bgscan_disable_schedules: + - + name: "default_name_7 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + ap_bgscan_disable_start: "" + ap_bgscan_duration: "9" + ap_bgscan_idle: "10" + ap_bgscan_intv: "11" + ap_bgscan_period: "12" + ap_bgscan_report_intv: "13" + ap_fgscan_report_intv: "14" + ap_scan: "disable" + ap_scan_passive: "enable" + ap_scan_threshold: "" + asleap_attack: "enable" + assoc_flood_thresh: "19" + assoc_flood_time: "20" + assoc_frame_flood: "enable" + auth_flood_thresh: "22" + auth_flood_time: "23" + auth_frame_flood: "enable" + comment: "Comment." + deauth_broadcast: "enable" + deauth_unknown_src_thresh: "27" + eapol_fail_flood: "enable" + eapol_fail_intv: "29" + eapol_fail_thresh: "30" + eapol_logoff_flood: "enable" + eapol_logoff_intv: "32" + eapol_logoff_thresh: "33" + eapol_pre_fail_flood: "enable" + eapol_pre_fail_intv: "35" + eapol_pre_fail_thresh: "36" + eapol_pre_succ_flood: "enable" + eapol_pre_succ_intv: "38" + eapol_pre_succ_thresh: "39" + eapol_start_flood: "enable" + eapol_start_intv: "41" + eapol_start_thresh: "42" + eapol_succ_flood: "enable" + eapol_succ_intv: "44" + eapol_succ_thresh: "45" + invalid_mac_oui: "enable" + long_duration_attack: "enable" + long_duration_thresh: "48" + name: "default_name_49" + null_ssid_probe_resp: "enable" + sensor_mode: "disable" + spoofed_deauth: "enable" + weak_wep_iv: "enable" + wireless_bridge: "enable" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_wtp.rst b/gen/fortios_wireless_controller_wtp.rst new file mode 100644 index 00000000..6d73976e --- /dev/null +++ b/gen/fortios_wireless_controller_wtp.rst @@ -0,0 +1,11286 @@ +:source: fortios_wireless_controller_wtp.py + +:orphan: + +.. fortios_wireless_controller_wtp: + +fortios_wireless_controller_wtp -- Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_wtpyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_wtp - Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. type: dict + more... + +
              • +
                +
              • admin - Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP. type: str choices: discovered, disable, enable + more... + +
                • +
              • allowaccess - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. type: list choices: https, ssh, snmp, telnet, http + more... + +
                • +
              • apcfg_profile - AP local configuration profile name. Source wireless-controller.apcfg-profile.name. type: str + more... + +
                • +
              • bonjour_profile - Bonjour profile name. Source wireless-controller.bonjour-profile.name. type: str + more... + +
                • +
              • coordinate_enable - Enable/disable WTP coordinates (X,Y axis). type: str choices: enable, disable + more... + +
                • +
              • coordinate_latitude - WTP latitude coordinate. type: str + more... + +
                • +
              • coordinate_longitude - WTP longitude coordinate. type: str + more... + +
                • +
              • coordinate_x - X axis coordinate. type: str + more... + +
                • +
              • coordinate_y - Y axis coordinate. type: str + more... + +
                • +
              • firmware_provision - Firmware version to provision to this FortiAP on bootup (major.minor.build, i.e. 6.2.1234). type: str + more... + +
                • +
              • firmware_provision_latest - Enable/disable one-time automatic provisioning of the latest firmware version. type: str choices: disable, once + more... + +
                • +
              • image_download - Enable/disable WTP image download. type: str choices: enable, disable + more... + +
                • +
              • index - Index (0 - 4294967295). type: int + more... + +
                • +
              • ip_fragment_preventing - Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel . type: list choices: tcp-mss-adjust, icmp-unreachable + more... + +
                • +
              • lan - WTP LAN port mapping. type: dict + more... + +
                • +
                  +
                • port_esl_mode - ESL port mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port_esl_ssid - Bridge ESL port to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port_mode - LAN port mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port_ssid - Bridge LAN port to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port1_mode - LAN port 1 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port1_ssid - Bridge LAN port 1 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port2_mode - LAN port 2 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port2_ssid - Bridge LAN port 2 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port3_mode - LAN port 3 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port3_ssid - Bridge LAN port 3 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port4_mode - LAN port 4 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port4_ssid - Bridge LAN port 4 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port5_mode - LAN port 5 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port5_ssid - Bridge LAN port 5 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port6_mode - LAN port 6 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port6_ssid - Bridge LAN port 6 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port7_mode - LAN port 7 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port7_ssid - Bridge LAN port 7 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port8_mode - LAN port 8 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port8_ssid - Bridge LAN port 8 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                +
              • led_state - Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc. type: str choices: enable, disable + more... + +
                • +
              • location - Field for describing the physical location of the WTP, AP or FortiAP. type: str + more... + +
                • +
              • login_passwd - Set the managed WTP, FortiAP, or AP"s administrator password. type: str + more... + +
                • +
              • login_passwd_change - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). type: str choices: True, default, False + more... + +
                • +
              • mesh_bridge_enable - Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP. type: str choices: default, enable, disable + more... + +
                • +
              • name - WTP, AP or FortiAP configuration name. type: str + more... + +
                • +
              • override_allowaccess - Enable to override the WTP profile management access configuration. type: str choices: enable, disable + more... + +
                • +
              • override_ip_fragment - Enable/disable overriding the WTP profile IP fragment prevention setting. type: str choices: enable, disable + more... + +
                • +
              • override_lan - Enable to override the WTP profile LAN port setting. type: str choices: enable, disable + more... + +
                • +
              • override_led_state - Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP"s LEDs. type: str choices: enable, disable + more... + +
                • +
              • override_login_passwd_change - Enable to override the WTP profile login-password (administrator password) setting. type: str choices: enable, disable + more... + +
                • +
              • override_split_tunnel - Enable/disable overriding the WTP profile split tunneling setting. type: str choices: enable, disable + more... + +
                • +
              • override_wan_port_mode - Enable/disable overriding the wan-port-mode in the WTP profile. type: str choices: enable, disable + more... + +
                • +
              • radio_1 - Configuration options for radio 1. type: dict + more... + +
                • +
                  +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 1 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_1/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • drma_manual_mode - Radio mode to be used for DRMA manual mode . type: str choices: ap, monitor, ncf, ncf-peek + more... + +
                  • +
                • override_analysis - Enable to override the WTP profile spectrum analysis configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_band - Enable to override the WTP profile band setting. type: str choices: enable, disable + more... + +
                  • +
                • override_channel - Enable to override WTP profile channel settings. type: str choices: enable, disable + more... + +
                  • +
                • override_txpower - Enable to override the WTP profile power level configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_vaps - Enable to override WTP profile Virtual Access Point (VAP) settings. type: str choices: enable, disable + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • radio_id - radio-id type: int + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_1/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                +
              • radio_2 - Configuration options for radio 2. type: dict + more... + +
                • +
                  +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 2 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_2/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • drma_manual_mode - Radio mode to be used for DRMA manual mode . type: str choices: ap, monitor, ncf, ncf-peek + more... + +
                  • +
                • override_analysis - Enable to override the WTP profile spectrum analysis configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_band - Enable to override the WTP profile band setting. type: str choices: enable, disable + more... + +
                  • +
                • override_channel - Enable to override WTP profile channel settings. type: str choices: enable, disable + more... + +
                  • +
                • override_txpower - Enable to override the WTP profile power level configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_vaps - Enable to override WTP profile Virtual Access Point (VAP) settings. type: str choices: enable, disable + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • radio_id - radio-id type: int + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_2/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                +
              • radio_3 - Configuration options for radio 3. type: dict + more... + +
                • +
                  +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 3 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_3/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • drma_manual_mode - Radio mode to be used for DRMA manual mode . type: str choices: ap, monitor, ncf, ncf-peek + more... + +
                  • +
                • override_analysis - Enable to override the WTP profile spectrum analysis configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_band - Enable to override the WTP profile band setting. type: str choices: enable, disable + more... + +
                  • +
                • override_channel - Enable to override WTP profile channel settings. type: str choices: enable, disable + more... + +
                  • +
                • override_txpower - Enable to override the WTP profile power level configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_vaps - Enable to override WTP profile Virtual Access Point (VAP) settings. type: str choices: enable, disable + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • radio_id - radio-id type: int + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_3/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                +
              • radio_4 - Configuration options for radio 4. type: dict + more... + +
                • +
                  +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 4 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_4/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • drma_manual_mode - Radio mode to be used for DRMA manual mode . type: str choices: ap, monitor, ncf, ncf-peek + more... + +
                  • +
                • override_analysis - Enable to override the WTP profile spectrum analysis configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_band - Enable to override the WTP profile band setting. type: str choices: enable, disable + more... + +
                  • +
                • override_channel - Enable to override WTP profile channel settings. type: str choices: enable, disable + more... + +
                  • +
                • override_txpower - Enable to override the WTP profile power level configuration. type: str choices: enable, disable + more... + +
                  • +
                • override_vaps - Enable to override WTP profile Virtual Access Point (VAP) settings. type: str choices: enable, disable + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_4/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                +
              • region - Region name WTP is associated with. Source wireless-controller.region.name. type: str + more... + +
                • +
              • region_x - Relative horizontal region coordinate (between 0 and 1). type: str + more... + +
                • +
              • region_y - Relative vertical region coordinate (between 0 and 1). type: str + more... + +
                • +
              • split_tunneling_acl - Split tunneling ACL filter list. type: list member_path: split_tunneling_acl:id + more... + +
                • +
                  +
                • dest_ip - Destination IP and mask for the split-tunneling subnet. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                +
              • split_tunneling_acl_local_ap_subnet - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . type: str choices: enable, disable + more... + +
                • +
              • split_tunneling_acl_path - Split tunneling ACL path is local/tunnel. type: str choices: tunnel, local + more... + +
                • +
              • tun_mtu_downlink - The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). type: int + more... + +
                • +
              • tun_mtu_uplink - The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). type: int + more... + +
                • +
              • uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str + more... + +
                • +
              • wan_port_mode - Enable/disable using the FortiAP WAN port as a LAN port. type: str choices: wan-lan, wan-only + more... + +
                • +
              • wtp_id - WTP ID. type: str + more... + +
                • +
              • wtp_mode - WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode. type: str choices: normal, remote + more... + +
                • +
              • wtp_profile - WTP profile name to apply to this WTP, AP or FortiAP. Source wireless-controller.wtp-profile.name. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. + fortios_wireless_controller_wtp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wtp: + admin: "discovered" + allowaccess: "https" + apcfg_profile: " (source wireless-controller.apcfg-profile.name)" + bonjour_profile: " (source wireless-controller.bonjour-profile.name)" + coordinate_enable: "enable" + coordinate_latitude: "" + coordinate_longitude: "" + coordinate_x: "" + coordinate_y: "" + firmware_provision: "" + firmware_provision_latest: "disable" + image_download: "enable" + index: "15" + ip_fragment_preventing: "tcp-mss-adjust" + lan: + port_esl_mode: "offline" + port_esl_ssid: " (source system.interface.name)" + port_mode: "offline" + port_ssid: " (source system.interface.name)" + port1_mode: "offline" + port1_ssid: " (source system.interface.name)" + port2_mode: "offline" + port2_ssid: " (source system.interface.name)" + port3_mode: "offline" + port3_ssid: " (source system.interface.name)" + port4_mode: "offline" + port4_ssid: " (source system.interface.name)" + port5_mode: "offline" + port5_ssid: " (source system.interface.name)" + port6_mode: "offline" + port6_ssid: " (source system.interface.name)" + port7_mode: "offline" + port7_ssid: " (source system.interface.name)" + port8_mode: "offline" + port8_ssid: " (source system.interface.name)" + led_state: "enable" + location: "" + login_passwd: "" + login_passwd_change: "yes" + mesh_bridge_enable: "default" + name: "default_name_43" + override_allowaccess: "enable" + override_ip_fragment: "enable" + override_lan: "enable" + override_led_state: "enable" + override_login_passwd_change: "enable" + override_split_tunnel: "enable" + override_wan_port_mode: "enable" + radio_1: + auto_power_high: "52" + auto_power_level: "enable" + auto_power_low: "54" + auto_power_target: "" + band: "802.11a" + channel: + - + chan: "" + drma_manual_mode: "ap" + override_analysis: "enable" + override_band: "enable" + override_channel: "enable" + override_txpower: "enable" + override_vaps: "enable" + power_level: "65" + power_mode: "dBm" + power_value: "67" + radio_id: "68" + spectrum_analysis: "enable" + vap_all: "tunnel" + vaps: + - + name: "default_name_72 (source wireless-controller.vap-group.name system.interface.name)" + radio_2: + auto_power_high: "74" + auto_power_level: "enable" + auto_power_low: "76" + auto_power_target: "" + band: "802.11a" + channel: + - + chan: "" + drma_manual_mode: "ap" + override_analysis: "enable" + override_band: "enable" + override_channel: "enable" + override_txpower: "enable" + override_vaps: "enable" + power_level: "87" + power_mode: "dBm" + power_value: "89" + radio_id: "90" + spectrum_analysis: "enable" + vap_all: "tunnel" + vaps: + - + name: "default_name_94 (source wireless-controller.vap-group.name system.interface.name)" + radio_3: + auto_power_high: "96" + auto_power_level: "enable" + auto_power_low: "98" + auto_power_target: "" + band: "802.11a" + channel: + - + chan: "" + drma_manual_mode: "ap" + override_analysis: "enable" + override_band: "enable" + override_channel: "enable" + override_txpower: "enable" + override_vaps: "enable" + power_level: "109" + power_mode: "dBm" + power_value: "111" + radio_id: "112" + spectrum_analysis: "enable" + vap_all: "tunnel" + vaps: + - + name: "default_name_116 (source wireless-controller.vap-group.name system.interface.name)" + radio_4: + auto_power_high: "118" + auto_power_level: "enable" + auto_power_low: "120" + auto_power_target: "" + band: "802.11a" + channel: + - + chan: "" + drma_manual_mode: "ap" + override_analysis: "enable" + override_band: "enable" + override_channel: "enable" + override_txpower: "enable" + override_vaps: "enable" + power_level: "131" + power_mode: "dBm" + power_value: "133" + spectrum_analysis: "enable" + vap_all: "tunnel" + vaps: + - + name: "default_name_137 (source wireless-controller.vap-group.name system.interface.name)" + region: " (source wireless-controller.region.name)" + region_x: "" + region_y: "" + split_tunneling_acl: + - + dest_ip: "" + id: "143" + split_tunneling_acl_local_ap_subnet: "enable" + split_tunneling_acl_path: "tunnel" + tun_mtu_downlink: "146" + tun_mtu_uplink: "147" + uuid: "" + wan_port_mode: "wan-lan" + wtp_id: "" + wtp_mode: "normal" + wtp_profile: " (source wireless-controller.wtp-profile.name)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_wtp_group.rst b/gen/fortios_wireless_controller_wtp_group.rst new file mode 100644 index 00000000..4a36daf7 --- /dev/null +++ b/gen/fortios_wireless_controller_wtp_group.rst @@ -0,0 +1,1657 @@ +:source: fortios_wireless_controller_wtp_group.py + +:orphan: + +.. fortios_wireless_controller_wtp_group: + +fortios_wireless_controller_wtp_group -- Configure WTP groups in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_wtp_groupyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_wtp_group - Configure WTP groups. type: dict + more... + +
              • +
                +
              • name - WTP group name. type: str required: true + more... + +
                • +
              • platform_type - FortiAP models to define the WTP group platform type. type: str choices: AP-11N, 220B, 210B, 222B, 112B, 320B, 11C, 14C, 223B, 28C, 320C, 221C, 25D, 222C, 224D, 214B, 21D, 24D, 112D, 223C, 321C, C220C, C225C, C23JD, C24JE, S321C, S322C, S323C, S311C, S313C, S321CR, S322CR, S323CR, S421E, S422E, S423E, 421E, 423E, 221E, 222E, 223E, 224E, 231E, S221E, S223E, 321E, 431F, 432F, 433F, 231F, 234F, 23JF, 831F, U421E, U422EV, U423E, U221EV, U223EV, U24JEV, U321EV, U323EV, U431F, U433F, U231F, U234F, U432F + more... + +
                • +
              • wtps - WTP list. type: list + more... + +
                • +
                  +
                • wtp_id - WTP ID. Source wireless-controller.wtp.wtp-id. type: str + more... + +
                  • +
                +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WTP groups. + fortios_wireless_controller_wtp_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wtp_group: + name: "default_name_3" + platform_type: "AP-11N" + wtps: + - + wtp_id: " (source wireless-controller.wtp.wtp-id)" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_wtp_profile.rst b/gen/fortios_wireless_controller_wtp_profile.rst new file mode 100644 index 00000000..daf9ed0f --- /dev/null +++ b/gen/fortios_wireless_controller_wtp_profile.rst @@ -0,0 +1,32117 @@ +:source: fortios_wireless_controller_wtp_profile.py + +:orphan: + +.. fortios_wireless_controller_wtp_profile: + +fortios_wireless_controller_wtp_profile -- Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_wtp_profileyesyesyesyesyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
              • +
            • wireless_controller_wtp_profile - Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. type: dict + more... + +
              • +
                +
              • allowaccess - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. type: list choices: https, ssh, snmp, telnet, http + more... + +
                • +
              • ap_country - Country in which this WTP, FortiAP, or AP will operate . type: str choices: --, AF, AL, DZ, AS, AO, AR, AM, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BA, BW, BR, BN, BG, BF, KH, CM, KY, CF, TD, CL, CN, CX, CO, CG, CD, CR, HR, CY, CZ, DK, DM, DO, EC, EG, SV, ET, EE, GF, PF, FO, FJ, FI, FR, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GY, HT, HN, HK, HU, IS, IN, ID, IQ, IE, IM, IL, IT, CI, JM, JO, KZ, KE, KR, KW, LA, LV, LB, LS, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MA, MZ, MM, NA, NP, NL, AN, AW, NZ, NI, NE, False, MP, OM, PK, PW, PA, PG, PY, PE, PH, PL, PT, PR, QA, RE, RO, RU, RW, BL, KN, LC, MF, PM, VC, SA, SN, RS, ME, SL, SG, SK, SI, ZA, ES, LK, SE, SR, CH, TW, TZ, TH, TG, TT, TN, TR, TM, AE, TC, UG, UA, GB, US, PS, UY, UZ, VU, VE, VN, VI, WF, YE, ZM, ZW, JP, CA, IR, KP, SD, SY, ZB + more... + +
                • +
              • ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable + more... + +
                • +
              • apcfg_profile - AP local configuration profile name. Source wireless-controller.apcfg-profile.name. type: str + more... + +
                • +
              • ble_profile - Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. type: str + more... + +
                • +
              • comment - Comment. type: str + more... + +
                • +
              • console_login - Enable/disable FortiAP console login access . type: str choices: enable, disable + more... + +
                • +
              • control_message_offload - Enable/disable CAPWAP control message data channel offload. type: list choices: ebp-frame, aeroscout-tag, ap-list, sta-list, sta-cap-list, stats, aeroscout-mu, sta-health, spectral-analysis + more... + +
                • +
              • deny_mac_list - List of MAC addresses that are denied access to this WTP, FortiAP, or AP. type: list member_path: deny_mac_list:id + more... + +
                • +
                  +
                • id - ID. type: int required: true + more... + +
                  • +
                • mac - A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. type: str + more... + +
                  • +
                +
              • dtls_in_kernel - Enable/disable data channel DTLS in kernel. type: str choices: enable, disable + more... + +
                • +
              • dtls_policy - WTP data channel DTLS policy . type: list choices: clear-text, dtls-enabled, ipsec-vpn + more... + +
                • +
              • energy_efficient_ethernet - Enable/disable use of energy efficient Ethernet on WTP. type: str choices: enable, disable + more... + +
                • +
              • esl_ses_dongle - ESL SES-imagotag dongle configuration. type: dict + more... + +
                • +
                  +
                • apc_addr_type - ESL SES-imagotag APC address type . type: str choices: fqdn, ip + more... + +
                  • +
                • apc_fqdn - FQDN of ESL SES-imagotag Access Point Controller (APC). type: str + more... + +
                  • +
                • apc_ip - IP address of ESL SES-imagotag Access Point Controller (APC). type: str + more... + +
                  • +
                • apc_port - Port of ESL SES-imagotag Access Point Controller (APC). type: int + more... + +
                  • +
                • coex_level - ESL SES-imagotag dongle coexistence level . type: str choices: none + more... + +
                  • +
                • compliance_level - Compliance levels for the ESL solution integration . type: str choices: compliance-level-2 + more... + +
                  • +
                • esl_channel - ESL SES-imagotag dongle channel . type: str choices: -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 127 + more... + +
                  • +
                • output_power - ESL SES-imagotag dongle output power . type: str choices: a, b, c, d, e, f, g, h + more... + +
                  • +
                • scd_enable - Enable/disable ESL SES-imagotag Serial Communication Daemon (SCD) . type: str choices: enable, disable + more... + +
                  • +
                • tls_cert_verification - Enable/disable TLS certificate verification . type: str choices: enable, disable + more... + +
                  • +
                • tls_fqdn_verification - Enable/disable TLS certificate verification . type: str choices: enable, disable + more... + +
                  • +
                +
              • ext_info_enable - Enable/disable station/VAP/radio extension information. type: str choices: enable, disable + more... + +
                • +
              • frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable + more... + +
                • +
              • handoff_roaming - Enable/disable client load balancing during roaming to avoid roaming delay . type: str choices: enable, disable + more... + +
                • +
              • handoff_rssi - Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). type: int + more... + +
                • +
              • handoff_sta_thresh - Threshold value for AP handoff. type: int + more... + +
                • +
              • indoor_outdoor_deployment - Set to allow indoor/outdoor-only channels under regulatory rules . type: str choices: platform-determined, outdoor, indoor + more... + +
                • +
              • ip_fragment_preventing - Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel . type: list choices: tcp-mss-adjust, icmp-unreachable + more... + +
                • +
              • lan - WTP LAN port mapping. type: dict + more... + +
                • +
                  +
                • port_esl_mode - ESL port mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port_esl_ssid - Bridge ESL port to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port_mode - LAN port mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port_ssid - Bridge LAN port to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port1_mode - LAN port 1 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port1_ssid - Bridge LAN port 1 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port2_mode - LAN port 2 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port2_ssid - Bridge LAN port 2 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port3_mode - LAN port 3 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port3_ssid - Bridge LAN port 3 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port4_mode - LAN port 4 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port4_ssid - Bridge LAN port 4 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port5_mode - LAN port 5 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port5_ssid - Bridge LAN port 5 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port6_mode - LAN port 6 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port6_ssid - Bridge LAN port 6 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port7_mode - LAN port 7 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port7_ssid - Bridge LAN port 7 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                • port8_mode - LAN port 8 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid + more... + +
                  • +
                • port8_ssid - Bridge LAN port 8 to SSID. Source system.interface.name. type: str + more... + +
                  • +
                +
              • lbs - Set various location based service (LBS) options. type: dict + more... + +
                • +
                  +
                • aeroscout - Enable/disable AeroScout Real Time Location Service (RTLS) support . type: str choices: enable, disable + more... + +
                  • +
                • aeroscout_ap_mac - Use BSSID or board MAC address as AP MAC address in AeroScout AP messages . type: str choices: bssid, board-mac + more... + +
                  • +
                • aeroscout_mmu_report - Enable/disable compounded AeroScout tag and MU report . type: str choices: enable, disable + more... + +
                  • +
                • aeroscout_mu - Enable/disable AeroScout Mobile Unit (MU) support . type: str choices: enable, disable + more... + +
                  • +
                • aeroscout_mu_factor - AeroScout MU mode dilution factor . type: int + more... + +
                  • +
                • aeroscout_mu_timeout - AeroScout MU mode timeout (0 - 65535 sec). type: int + more... + +
                  • +
                • aeroscout_server_ip - IP address of AeroScout server. type: str + more... + +
                  • +
                • aeroscout_server_port - AeroScout server UDP listening port. type: int + more... + +
                  • +
                • ekahau_blink_mode - Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags . type: str choices: enable, disable + more... + +
                  • +
                • ekahau_tag - WiFi frame MAC address or WiFi Tag. type: str + more... + +
                  • +
                • erc_server_ip - IP address of Ekahau RTLS Controller (ERC). type: str + more... + +
                  • +
                • erc_server_port - Ekahau RTLS Controller (ERC) UDP listening port. type: int + more... + +
                  • +
                • fortipresence - Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don"t connect to this WiFi network . type: str choices: foreign, both, disable + more... + +
                  • +
                • fortipresence_ble - Enable/disable FortiPresence finding and reporting BLE devices. type: str choices: enable, disable + more... + +
                  • +
                • fortipresence_frequency - FortiPresence report transmit frequency (5 - 65535 sec). type: int + more... + +
                  • +
                • fortipresence_port - UDP listening port of FortiPresence server . type: int + more... + +
                  • +
                • fortipresence_project - FortiPresence project name (max. 16 characters). type: str + more... + +
                  • +
                • fortipresence_rogue - Enable/disable FortiPresence finding and reporting rogue APs. type: str choices: enable, disable + more... + +
                  • +
                • fortipresence_secret - FortiPresence secret password (max. 16 characters). type: str + more... + +
                  • +
                • fortipresence_server - IP address of FortiPresence server. type: str + more... + +
                  • +
                • fortipresence_server_addr_type - FortiPresence server address type . type: str choices: ipv4, fqdn + more... + +
                  • +
                • fortipresence_server_fqdn - FQDN of FortiPresence server. type: str + more... + +
                  • +
                • fortipresence_unassoc - Enable/disable FortiPresence finding and reporting unassociated stations. type: str choices: enable, disable + more... + +
                  • +
                • station_locate - Enable/disable client station locating services for all clients, whether associated or not . type: str choices: enable, disable + more... + +
                  • +
                +
              • led_schedules - Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. type: list member_path: led_schedules:name + more... + +
                • +
                  +
                • name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true + more... + +
                  • +
                +
              • led_state - Enable/disable use of LEDs on WTP . type: str choices: enable, disable + more... + +
                • +
              • lldp - Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . type: str choices: enable, disable + more... + +
                • +
              • login_passwd - Set the managed WTP, FortiAP, or AP"s administrator password. type: str + more... + +
                • +
              • login_passwd_change - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). type: str choices: True, default, False + more... + +
                • +
              • max_clients - Maximum number of stations (STAs) supported by the WTP . type: int + more... + +
                • +
              • name - WTP (or FortiAP or AP) profile name. type: str required: true + more... + +
                • +
              • platform - WTP, FortiAP, or AP platform. type: dict + more... + +
                • +
                  +
                • ddscan - Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management. type: str choices: enable, disable + more... + +
                  • +
                • mode - Configure operation mode of 5G radios . type: str choices: single-5G, dual-5G + more... + +
                  • +
                • type - WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. type: str choices: AP-11N, 220B, 210B, 222B, 112B, 320B, 11C, 14C, 223B, 28C, 320C, 221C, 25D, 222C, 224D, 214B, 21D, 24D, 112D, 223C, 321C, C220C, C225C, C23JD, C24JE, S321C, S322C, S323C, S311C, S313C, S321CR, S322CR, S323CR, S421E, S422E, S423E, 421E, 423E, 221E, 222E, 223E, 224E, 231E, S221E, S223E, 321E, 431F, 432F, 433F, 231F, 234F, 23JF, 831F, U421E, U422EV, U423E, U221EV, U223EV, U24JEV, U321EV, U323EV, U431F, U433F, U231F, U234F, U432F + more... + +
                  • +
                +
              • poe_mode - Set the WTP, FortiAP, or AP"s PoE mode. type: str choices: auto, 8023af, 8023at, power-adapter, full, high, low + more... + +
                • +
              • radio_1 - Configuration options for radio 1. type: dict + more... + +
                • +
                  +
                • airtime_fairness - Enable/disable airtime fairness . type: str choices: enable, disable + more... + +
                  • +
                • amsdu - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str choices: enable, disable + more... + +
                  • +
                • ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_addr - MAC address to monitor. type: str + more... + +
                  • +
                • ap_sniffer_bufsize - Sniffer buffer size (1 - 32 MB). type: int + more... + +
                  • +
                • ap_sniffer_chan - Channel on which to operate the sniffer . type: int + more... + +
                  • +
                • ap_sniffer_ctl - Enable/disable sniffer on WiFi control frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_data - Enable/disable sniffer on WiFi data frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_beacon - Enable/disable sniffer on WiFi management Beacon frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_other - Enable/disable sniffer on WiFi management other frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_probe - Enable/disable sniffer on WiFi management probe frames . type: str choices: enable, disable + more... + +
                  • +
                • arrp_profile - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str + more... + +
                  • +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 1 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • band_5g_type - WiFi 5G band type. type: str choices: 5g-full, 5g-high, 5g-low + more... + +
                  • +
                • bandwidth_admission_control - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str choices: enable, disable + more... + +
                  • +
                • bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int + more... + +
                  • +
                • beacon_interval - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int + more... + +
                  • +
                • bss_color - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int + more... + +
                  • +
                • bss_color_mode - BSS color mode for this 11ax radio . type: str choices: auto, static + more... + +
                  • +
                • call_admission_control - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str choices: enable, disable + more... + +
                  • +
                • call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_1/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • channel_bonding - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. type: str choices: 160MHz, 80MHz, 40MHz, 20MHz + more... + +
                  • +
                • channel_utilization - Enable/disable measuring channel utilization. type: str choices: enable, disable + more... + +
                  • +
                • coexistence - Enable/disable allowing both HT20 and HT40 on the same radio . type: str choices: enable, disable + more... + +
                  • +
                • darrp - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str choices: enable, disable + more... + +
                  • +
                • drma - Enable/disable dynamic radio mode assignment (DRMA) . type: str choices: disable, enable + more... + +
                  • +
                • drma_sensitivity - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str choices: low, medium, high + more... + +
                  • +
                • dtim - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int + more... + +
                  • +
                • frag_threshold - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int + more... + +
                  • +
                • frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable + more... + +
                  • +
                • iperf_protocol - Iperf test protocol . type: str choices: udp, tcp + more... + +
                  • +
                • iperf_server_port - Iperf service port number. type: int + more... + +
                  • +
                • max_clients - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int + more... + +
                  • +
                • max_distance - Maximum expected distance between the AP and clients (0 - 54000 m). type: int + more... + +
                  • +
                • mode - Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str choices: disabled, ap, monitor, sniffer, sam + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • powersave_optimize - Enable client power-saving features such as TIM, AC VO, and OBSS etc. type: str choices: tim, ac-vo, no-obss-scan, no-11b-rate, client-rate-follow + more... + +
                  • +
                • protection_mode - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str choices: rtscts, ctsonly, disable + more... + +
                  • +
                • radio_id - radio-id type: int + more... + +
                  • +
                • rts_threshold - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int + more... + +
                  • +
                • sam_bssid - BSSID for WiFi network. type: str + more... + +
                  • +
                • sam_captive_portal - Enable/disable Captive Portal Authentication . type: str choices: enable, disable + more... + +
                  • +
                • sam_cwp_failure_string - Failure identification on the page after an incorrect login. type: str + more... + +
                  • +
                • sam_cwp_match_string - Identification string from the captive portal login form. type: str + more... + +
                  • +
                • sam_cwp_password - Password for captive portal authentication. type: str + more... + +
                  • +
                • sam_cwp_success_string - Success identification on the page after a successful login. type: str + more... + +
                  • +
                • sam_cwp_test_url - Website the client is trying to access. type: str + more... + +
                  • +
                • sam_cwp_username - Username for captive portal authentication. type: str + more... + +
                  • +
                • sam_password - Passphrase for WiFi network connection. type: str + more... + +
                  • +
                • sam_report_intv - SAM report interval (sec), 0 for a one-time report. type: int + more... + +
                  • +
                • sam_security_type - Select WiFi network security type . type: str choices: open, wpa-personal, wpa-enterprise + more... + +
                  • +
                • sam_server - SAM test server IP address or domain name. type: str + more... + +
                  • +
                • sam_server_fqdn - SAM test server domain name. type: str + more... + +
                  • +
                • sam_server_ip - SAM test server IP address. type: str + more... + +
                  • +
                • sam_server_type - Select SAM server type . type: str choices: ip, fqdn + more... + +
                  • +
                • sam_ssid - SSID for WiFi network. type: str + more... + +
                  • +
                • sam_test - Select SAM test type . type: str choices: ping, iperf + more... + +
                  • +
                • sam_username - Username for WiFi network connection. type: str + more... + +
                  • +
                • short_guard_interval - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str choices: enable, disable + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • transmit_optimize - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. type: str choices: disable, power-save, aggr-limit, retry-limit, send-bar + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_1/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                • wids_profile - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str + more... + +
                  • +
                • zero_wait_dfs - Enable/disable zero wait DFS on radio . type: str choices: enable, disable + more... + +
                  • +
                +
              • radio_2 - Configuration options for radio 2. type: dict + more... + +
                • +
                  +
                • airtime_fairness - Enable/disable airtime fairness . type: str choices: enable, disable + more... + +
                  • +
                • amsdu - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str choices: enable, disable + more... + +
                  • +
                • ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_addr - MAC address to monitor. type: str + more... + +
                  • +
                • ap_sniffer_bufsize - Sniffer buffer size (1 - 32 MB). type: int + more... + +
                  • +
                • ap_sniffer_chan - Channel on which to operate the sniffer . type: int + more... + +
                  • +
                • ap_sniffer_ctl - Enable/disable sniffer on WiFi control frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_data - Enable/disable sniffer on WiFi data frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_beacon - Enable/disable sniffer on WiFi management Beacon frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_other - Enable/disable sniffer on WiFi management other frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_probe - Enable/disable sniffer on WiFi management probe frames . type: str choices: enable, disable + more... + +
                  • +
                • arrp_profile - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str + more... + +
                  • +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 2 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • band_5g_type - WiFi 5G band type. type: str choices: 5g-full, 5g-high, 5g-low + more... + +
                  • +
                • bandwidth_admission_control - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str choices: enable, disable + more... + +
                  • +
                • bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int + more... + +
                  • +
                • beacon_interval - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int + more... + +
                  • +
                • bss_color - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int + more... + +
                  • +
                • bss_color_mode - BSS color mode for this 11ax radio . type: str choices: auto, static + more... + +
                  • +
                • call_admission_control - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str choices: enable, disable + more... + +
                  • +
                • call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_2/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • channel_bonding - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. type: str choices: 160MHz, 80MHz, 40MHz, 20MHz + more... + +
                  • +
                • channel_utilization - Enable/disable measuring channel utilization. type: str choices: enable, disable + more... + +
                  • +
                • coexistence - Enable/disable allowing both HT20 and HT40 on the same radio . type: str choices: enable, disable + more... + +
                  • +
                • darrp - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str choices: enable, disable + more... + +
                  • +
                • drma - Enable/disable dynamic radio mode assignment (DRMA) . type: str choices: disable, enable + more... + +
                  • +
                • drma_sensitivity - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str choices: low, medium, high + more... + +
                  • +
                • dtim - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int + more... + +
                  • +
                • frag_threshold - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int + more... + +
                  • +
                • frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable + more... + +
                  • +
                • iperf_protocol - Iperf test protocol . type: str choices: udp, tcp + more... + +
                  • +
                • iperf_server_port - Iperf service port number. type: int + more... + +
                  • +
                • max_clients - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int + more... + +
                  • +
                • max_distance - Maximum expected distance between the AP and clients (0 - 54000 m). type: int + more... + +
                  • +
                • mode - Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str choices: disabled, ap, monitor, sniffer, sam + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • powersave_optimize - Enable client power-saving features such as TIM, AC VO, and OBSS etc. type: str choices: tim, ac-vo, no-obss-scan, no-11b-rate, client-rate-follow + more... + +
                  • +
                • protection_mode - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str choices: rtscts, ctsonly, disable + more... + +
                  • +
                • radio_id - radio-id type: int + more... + +
                  • +
                • rts_threshold - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int + more... + +
                  • +
                • sam_bssid - BSSID for WiFi network. type: str + more... + +
                  • +
                • sam_captive_portal - Enable/disable Captive Portal Authentication . type: str choices: enable, disable + more... + +
                  • +
                • sam_cwp_failure_string - Failure identification on the page after an incorrect login. type: str + more... + +
                  • +
                • sam_cwp_match_string - Identification string from the captive portal login form. type: str + more... + +
                  • +
                • sam_cwp_password - Password for captive portal authentication. type: str + more... + +
                  • +
                • sam_cwp_success_string - Success identification on the page after a successful login. type: str + more... + +
                  • +
                • sam_cwp_test_url - Website the client is trying to access. type: str + more... + +
                  • +
                • sam_cwp_username - Username for captive portal authentication. type: str + more... + +
                  • +
                • sam_password - Passphrase for WiFi network connection. type: str + more... + +
                  • +
                • sam_report_intv - SAM report interval (sec), 0 for a one-time report. type: int + more... + +
                  • +
                • sam_security_type - Select WiFi network security type . type: str choices: open, wpa-personal, wpa-enterprise + more... + +
                  • +
                • sam_server - SAM test server IP address or domain name. type: str + more... + +
                  • +
                • sam_server_fqdn - SAM test server domain name. type: str + more... + +
                  • +
                • sam_server_ip - SAM test server IP address. type: str + more... + +
                  • +
                • sam_server_type - Select SAM server type . type: str choices: ip, fqdn + more... + +
                  • +
                • sam_ssid - SSID for WiFi network. type: str + more... + +
                  • +
                • sam_test - Select SAM test type . type: str choices: ping, iperf + more... + +
                  • +
                • sam_username - Username for WiFi network connection. type: str + more... + +
                  • +
                • short_guard_interval - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str choices: enable, disable + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • transmit_optimize - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. type: str choices: disable, power-save, aggr-limit, retry-limit, send-bar + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_2/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                • wids_profile - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str + more... + +
                  • +
                • zero_wait_dfs - Enable/disable zero wait DFS on radio . type: str choices: enable, disable + more... + +
                  • +
                +
              • radio_3 - Configuration options for radio 3. type: dict + more... + +
                • +
                  +
                • airtime_fairness - Enable/disable airtime fairness . type: str choices: enable, disable + more... + +
                  • +
                • amsdu - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str choices: enable, disable + more... + +
                  • +
                • ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_addr - MAC address to monitor. type: str + more... + +
                  • +
                • ap_sniffer_bufsize - Sniffer buffer size (1 - 32 MB). type: int + more... + +
                  • +
                • ap_sniffer_chan - Channel on which to operate the sniffer . type: int + more... + +
                  • +
                • ap_sniffer_ctl - Enable/disable sniffer on WiFi control frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_data - Enable/disable sniffer on WiFi data frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_beacon - Enable/disable sniffer on WiFi management Beacon frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_other - Enable/disable sniffer on WiFi management other frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_probe - Enable/disable sniffer on WiFi management probe frames . type: str choices: enable, disable + more... + +
                  • +
                • arrp_profile - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str + more... + +
                  • +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 3 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • band_5g_type - WiFi 5G band type. type: str choices: 5g-full, 5g-high, 5g-low + more... + +
                  • +
                • bandwidth_admission_control - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str choices: enable, disable + more... + +
                  • +
                • bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int + more... + +
                  • +
                • beacon_interval - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int + more... + +
                  • +
                • bss_color - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int + more... + +
                  • +
                • bss_color_mode - BSS color mode for this 11ax radio . type: str choices: auto, static + more... + +
                  • +
                • call_admission_control - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str choices: enable, disable + more... + +
                  • +
                • call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_3/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • channel_bonding - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. type: str choices: 160MHz, 80MHz, 40MHz, 20MHz + more... + +
                  • +
                • channel_utilization - Enable/disable measuring channel utilization. type: str choices: enable, disable + more... + +
                  • +
                • coexistence - Enable/disable allowing both HT20 and HT40 on the same radio . type: str choices: enable, disable + more... + +
                  • +
                • darrp - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str choices: enable, disable + more... + +
                  • +
                • drma - Enable/disable dynamic radio mode assignment (DRMA) . type: str choices: disable, enable + more... + +
                  • +
                • drma_sensitivity - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str choices: low, medium, high + more... + +
                  • +
                • dtim - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int + more... + +
                  • +
                • frag_threshold - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int + more... + +
                  • +
                • frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable + more... + +
                  • +
                • iperf_protocol - Iperf test protocol . type: str choices: udp, tcp + more... + +
                  • +
                • iperf_server_port - Iperf service port number. type: int + more... + +
                  • +
                • max_clients - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int + more... + +
                  • +
                • max_distance - Maximum expected distance between the AP and clients (0 - 54000 m). type: int + more... + +
                  • +
                • mode - Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str choices: disabled, ap, monitor, sniffer, sam + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • powersave_optimize - Enable client power-saving features such as TIM, AC VO, and OBSS etc. type: str choices: tim, ac-vo, no-obss-scan, no-11b-rate, client-rate-follow + more... + +
                  • +
                • protection_mode - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str choices: rtscts, ctsonly, disable + more... + +
                  • +
                • radio_id - radio-id type: int + more... + +
                  • +
                • rts_threshold - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int + more... + +
                  • +
                • sam_bssid - BSSID for WiFi network. type: str + more... + +
                  • +
                • sam_captive_portal - Enable/disable Captive Portal Authentication . type: str choices: enable, disable + more... + +
                  • +
                • sam_cwp_failure_string - Failure identification on the page after an incorrect login. type: str + more... + +
                  • +
                • sam_cwp_match_string - Identification string from the captive portal login form. type: str + more... + +
                  • +
                • sam_cwp_password - Password for captive portal authentication. type: str + more... + +
                  • +
                • sam_cwp_success_string - Success identification on the page after a successful login. type: str + more... + +
                  • +
                • sam_cwp_test_url - Website the client is trying to access. type: str + more... + +
                  • +
                • sam_cwp_username - Username for captive portal authentication. type: str + more... + +
                  • +
                • sam_password - Passphrase for WiFi network connection. type: str + more... + +
                  • +
                • sam_report_intv - SAM report interval (sec), 0 for a one-time report. type: int + more... + +
                  • +
                • sam_security_type - Select WiFi network security type . type: str choices: open, wpa-personal, wpa-enterprise + more... + +
                  • +
                • sam_server - SAM test server IP address or domain name. type: str + more... + +
                  • +
                • sam_server_fqdn - SAM test server domain name. type: str + more... + +
                  • +
                • sam_server_ip - SAM test server IP address. type: str + more... + +
                  • +
                • sam_server_type - Select SAM server type . type: str choices: ip, fqdn + more... + +
                  • +
                • sam_ssid - SSID for WiFi network. type: str + more... + +
                  • +
                • sam_test - Select SAM test type . type: str choices: ping, iperf + more... + +
                  • +
                • sam_username - Username for WiFi network connection. type: str + more... + +
                  • +
                • short_guard_interval - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str choices: enable, disable + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • transmit_optimize - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. type: str choices: disable, power-save, aggr-limit, retry-limit, send-bar + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_3/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                • wids_profile - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str + more... + +
                  • +
                • zero_wait_dfs - Enable/disable zero wait DFS on radio . type: str choices: enable, disable + more... + +
                  • +
                +
              • radio_4 - Configuration options for radio 4. type: dict + more... + +
                • +
                  +
                • airtime_fairness - Enable/disable airtime fairness . type: str choices: enable, disable + more... + +
                  • +
                • amsdu - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str choices: enable, disable + more... + +
                  • +
                • ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_addr - MAC address to monitor. type: str + more... + +
                  • +
                • ap_sniffer_bufsize - Sniffer buffer size (1 - 32 MB). type: int + more... + +
                  • +
                • ap_sniffer_chan - Channel on which to operate the sniffer . type: int + more... + +
                  • +
                • ap_sniffer_ctl - Enable/disable sniffer on WiFi control frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_data - Enable/disable sniffer on WiFi data frame . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_beacon - Enable/disable sniffer on WiFi management Beacon frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_other - Enable/disable sniffer on WiFi management other frames . type: str choices: enable, disable + more... + +
                  • +
                • ap_sniffer_mgmt_probe - Enable/disable sniffer on WiFi management probe frames . type: str choices: enable, disable + more... + +
                  • +
                • arrp_profile - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str + more... + +
                  • +
                • auto_power_high - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable + more... + +
                  • +
                • auto_power_low - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int + more... + +
                  • +
                • auto_power_target - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str + more... + +
                  • +
                • band - WiFi band that Radio 3 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11ax-5G, 802.11ax, 802.11ac-2G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only, 802.11ax,ac-only, 802.11ax,ac,n-only, 802.11ax-5G-only, 802.11ax,n-only, 802.11ax,n,g-only, 802.11ax-only + more... + +
                  • +
                • band_5g_type - WiFi 5G band type. type: str choices: 5g-full, 5g-high, 5g-low + more... + +
                  • +
                • bandwidth_admission_control - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str choices: enable, disable + more... + +
                  • +
                • bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int + more... + +
                  • +
                • beacon_interval - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int + more... + +
                  • +
                • bss_color - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int + more... + +
                  • +
                • bss_color_mode - BSS color mode for this 11ax radio . type: str choices: auto, static + more... + +
                  • +
                • call_admission_control - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str choices: enable, disable + more... + +
                  • +
                • call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int + more... + +
                  • +
                • channel - Selected list of wireless radio channels. type: list member_path: radio_4/channel:chan + more... + +
                  • +
                    +
                  • chan - Channel number. type: str required: true + more... + +
                    • +
                  +
                • channel_bonding - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. type: str choices: 160MHz, 80MHz, 40MHz, 20MHz + more... + +
                  • +
                • channel_utilization - Enable/disable measuring channel utilization. type: str choices: enable, disable + more... + +
                  • +
                • coexistence - Enable/disable allowing both HT20 and HT40 on the same radio . type: str choices: enable, disable + more... + +
                  • +
                • darrp - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str choices: enable, disable + more... + +
                  • +
                • drma - Enable/disable dynamic radio mode assignment (DRMA) . type: str choices: disable, enable + more... + +
                  • +
                • drma_sensitivity - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str choices: low, medium, high + more... + +
                  • +
                • dtim - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int + more... + +
                  • +
                • frag_threshold - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int + more... + +
                  • +
                • frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable + more... + +
                  • +
                • iperf_protocol - Iperf test protocol . type: str choices: udp, tcp + more... + +
                  • +
                • iperf_server_port - Iperf service port number. type: int + more... + +
                  • +
                • max_clients - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int + more... + +
                  • +
                • max_distance - Maximum expected distance between the AP and clients (0 - 54000 m). type: int + more... + +
                  • +
                • mode - Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str choices: disabled, ap, monitor, sniffer, sam + more... + +
                  • +
                • power_level - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int + more... + +
                  • +
                • power_mode - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str choices: dBm, percentage + more... + +
                  • +
                • power_value - Radio EIRP power in dBm (1 - 33). type: int + more... + +
                  • +
                • powersave_optimize - Enable client power-saving features such as TIM, AC VO, and OBSS etc. type: str choices: tim, ac-vo, no-obss-scan, no-11b-rate, client-rate-follow + more... + +
                  • +
                • protection_mode - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str choices: rtscts, ctsonly, disable + more... + +
                  • +
                • rts_threshold - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int + more... + +
                  • +
                • sam_bssid - BSSID for WiFi network. type: str + more... + +
                  • +
                • sam_captive_portal - Enable/disable Captive Portal Authentication . type: str choices: enable, disable + more... + +
                  • +
                • sam_cwp_failure_string - Failure identification on the page after an incorrect login. type: str + more... + +
                  • +
                • sam_cwp_match_string - Identification string from the captive portal login form. type: str + more... + +
                  • +
                • sam_cwp_password - Password for captive portal authentication. type: str + more... + +
                  • +
                • sam_cwp_success_string - Success identification on the page after a successful login. type: str + more... + +
                  • +
                • sam_cwp_test_url - Website the client is trying to access. type: str + more... + +
                  • +
                • sam_cwp_username - Username for captive portal authentication. type: str + more... + +
                  • +
                • sam_password - Passphrase for WiFi network connection. type: str + more... + +
                  • +
                • sam_report_intv - SAM report interval (sec), 0 for a one-time report. type: int + more... + +
                  • +
                • sam_security_type - Select WiFi network security type . type: str choices: open, wpa-personal, wpa-enterprise + more... + +
                  • +
                • sam_server - SAM test server IP address or domain name. type: str + more... + +
                  • +
                • sam_server_fqdn - SAM test server domain name. type: str + more... + +
                  • +
                • sam_server_ip - SAM test server IP address. type: str + more... + +
                  • +
                • sam_server_type - Select SAM server type . type: str choices: ip, fqdn + more... + +
                  • +
                • sam_ssid - SSID for WiFi network. type: str + more... + +
                  • +
                • sam_test - Select SAM test type . type: str choices: ping, iperf + more... + +
                  • +
                • sam_username - Username for WiFi network connection. type: str + more... + +
                  • +
                • short_guard_interval - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str choices: enable, disable + more... + +
                  • +
                • spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, scan-only, disable + more... + +
                  • +
                • transmit_optimize - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. type: str choices: disable, power-save, aggr-limit, retry-limit, send-bar + more... + +
                  • +
                • vap_all - Configure method for assigning SSIDs to this FortiAP . type: str choices: tunnel, bridge, manual, enable, disable + more... + +
                  • +
                • vaps - Manually selected list of Virtual Access Points (VAPs). type: list member_path: radio_4/vaps:name + more... + +
                  • +
                    +
                  • name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. type: str required: true + more... + +
                    • +
                  +
                • wids_profile - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str + more... + +
                  • +
                • zero_wait_dfs - Enable/disable zero wait DFS on radio . type: str choices: enable, disable + more... + +
                  • +
                +
              • split_tunneling_acl - Split tunneling ACL filter list. type: list member_path: split_tunneling_acl:id + more... + +
                • +
                  +
                • dest_ip - Destination IP and mask for the split-tunneling subnet. type: str + more... + +
                  • +
                • id - ID. type: int required: true + more... + +
                  • +
                +
              • split_tunneling_acl_local_ap_subnet - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . type: str choices: enable, disable + more... + +
                • +
              • split_tunneling_acl_path - Split tunneling ACL path is local/tunnel. type: str choices: tunnel, local + more... + +
                • +
              • syslog_profile - System log server configuration profile name. Source wireless-controller.syslog-profile.name. type: str + more... + +
                • +
              • tun_mtu_downlink - The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). type: int + more... + +
                • +
              • tun_mtu_uplink - The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). type: int + more... + +
                • +
              • wan_port_auth - Set WAN port authentication mode . type: str choices: none, 802.1x + more... + +
                • +
              • wan_port_auth_methods - WAN port 802.1x supplicant EAP methods . type: str choices: all, EAP-FAST, EAP-TLS, EAP-PEAP + more... + +
                • +
              • wan_port_auth_password - Set WAN port 802.1x supplicant password. type: str + more... + +
                • +
              • wan_port_auth_usrname - Set WAN port 802.1x supplicant user name. type: str + more... + +
                • +
              • wan_port_mode - Enable/disable using a WAN port as a LAN port. type: str choices: wan-lan, wan-only + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. + fortios_wireless_controller_wtp_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wtp_profile: + allowaccess: "https" + ap_country: "--" + ap_handoff: "enable" + apcfg_profile: " (source wireless-controller.apcfg-profile.name)" + ble_profile: " (source wireless-controller.ble-profile.name)" + comment: "Comment." + console_login: "enable" + control_message_offload: "ebp-frame" + deny_mac_list: + - + id: "12" + mac: "" + dtls_in_kernel: "enable" + dtls_policy: "clear-text" + energy_efficient_ethernet: "enable" + esl_ses_dongle: + apc_addr_type: "fqdn" + apc_fqdn: "" + apc_ip: "" + apc_port: "21" + coex_level: "none" + compliance_level: "compliance-level-2" + esl_channel: "-1" + output_power: "a" + scd_enable: "enable" + tls_cert_verification: "enable" + tls_fqdn_verification: "enable" + ext_info_enable: "enable" + frequency_handoff: "enable" + handoff_roaming: "enable" + handoff_rssi: "32" + handoff_sta_thresh: "33" + indoor_outdoor_deployment: "platform-determined" + ip_fragment_preventing: "tcp-mss-adjust" + lan: + port_esl_mode: "offline" + port_esl_ssid: " (source system.interface.name)" + port_mode: "offline" + port_ssid: " (source system.interface.name)" + port1_mode: "offline" + port1_ssid: " (source system.interface.name)" + port2_mode: "offline" + port2_ssid: " (source system.interface.name)" + port3_mode: "offline" + port3_ssid: " (source system.interface.name)" + port4_mode: "offline" + port4_ssid: " (source system.interface.name)" + port5_mode: "offline" + port5_ssid: " (source system.interface.name)" + port6_mode: "offline" + port6_ssid: " (source system.interface.name)" + port7_mode: "offline" + port7_ssid: " (source system.interface.name)" + port8_mode: "offline" + port8_ssid: " (source system.interface.name)" + lbs: + aeroscout: "enable" + aeroscout_ap_mac: "bssid" + aeroscout_mmu_report: "enable" + aeroscout_mu: "enable" + aeroscout_mu_factor: "62" + aeroscout_mu_timeout: "63" + aeroscout_server_ip: "" + aeroscout_server_port: "65" + ekahau_blink_mode: "enable" + ekahau_tag: "" + erc_server_ip: "" + erc_server_port: "69" + fortipresence: "foreign" + fortipresence_ble: "enable" + fortipresence_frequency: "72" + fortipresence_port: "73" + fortipresence_project: "" + fortipresence_rogue: "enable" + fortipresence_secret: "" + fortipresence_server: "" + fortipresence_server_addr_type: "ipv4" + fortipresence_server_fqdn: "" + fortipresence_unassoc: "enable" + station_locate: "enable" + led_schedules: + - + name: "default_name_83 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" + led_state: "enable" + lldp: "enable" + login_passwd: "" + login_passwd_change: "yes" + max_clients: "88" + name: "default_name_89" + platform: + ddscan: "enable" + mode: "single-5G" + type: "AP-11N" + poe_mode: "auto" + radio_1: + airtime_fairness: "enable" + amsdu: "enable" + ap_handoff: "enable" + ap_sniffer_addr: "" + ap_sniffer_bufsize: "100" + ap_sniffer_chan: "101" + ap_sniffer_ctl: "enable" + ap_sniffer_data: "enable" + ap_sniffer_mgmt_beacon: "enable" + ap_sniffer_mgmt_other: "enable" + ap_sniffer_mgmt_probe: "enable" + arrp_profile: " (source wireless-controller.arrp-profile.name)" + auto_power_high: "108" + auto_power_level: "enable" + auto_power_low: "110" + auto_power_target: "" + band: "802.11a" + band_5g_type: "5g-full" + bandwidth_admission_control: "enable" + bandwidth_capacity: "115" + beacon_interval: "116" + bss_color: "117" + bss_color_mode: "auto" + call_admission_control: "enable" + call_capacity: "120" + channel: + - + chan: "" + channel_bonding: "160MHz" + channel_utilization: "enable" + coexistence: "enable" + darrp: "enable" + drma: "disable" + drma_sensitivity: "low" + dtim: "129" + frag_threshold: "130" + frequency_handoff: "enable" + iperf_protocol: "udp" + iperf_server_port: "133" + max_clients: "134" + max_distance: "135" + mode: "disabled" + power_level: "137" + power_mode: "dBm" + power_value: "139" + powersave_optimize: "tim" + protection_mode: "rtscts" + radio_id: "142" + rts_threshold: "143" + sam_bssid: "" + sam_captive_portal: "enable" + sam_cwp_failure_string: "" + sam_cwp_match_string: "" + sam_cwp_password: "" + sam_cwp_success_string: "" + sam_cwp_test_url: "" + sam_cwp_username: "" + sam_password: "" + sam_report_intv: "153" + sam_security_type: "open" + sam_server: "" + sam_server_fqdn: "" + sam_server_ip: "" + sam_server_type: "ip" + sam_ssid: "" + sam_test: "ping" + sam_username: "" + short_guard_interval: "enable" + spectrum_analysis: "enable" + transmit_optimize: "disable" + vap_all: "tunnel" + vaps: + - + name: "default_name_167 (source wireless-controller.vap-group.name system.interface.name)" + wids_profile: " (source wireless-controller.wids-profile.name)" + zero_wait_dfs: "enable" + radio_2: + airtime_fairness: "enable" + amsdu: "enable" + ap_handoff: "enable" + ap_sniffer_addr: "" + ap_sniffer_bufsize: "175" + ap_sniffer_chan: "176" + ap_sniffer_ctl: "enable" + ap_sniffer_data: "enable" + ap_sniffer_mgmt_beacon: "enable" + ap_sniffer_mgmt_other: "enable" + ap_sniffer_mgmt_probe: "enable" + arrp_profile: " (source wireless-controller.arrp-profile.name)" + auto_power_high: "183" + auto_power_level: "enable" + auto_power_low: "185" + auto_power_target: "" + band: "802.11a" + band_5g_type: "5g-full" + bandwidth_admission_control: "enable" + bandwidth_capacity: "190" + beacon_interval: "191" + bss_color: "192" + bss_color_mode: "auto" + call_admission_control: "enable" + call_capacity: "195" + channel: + - + chan: "" + channel_bonding: "160MHz" + channel_utilization: "enable" + coexistence: "enable" + darrp: "enable" + drma: "disable" + drma_sensitivity: "low" + dtim: "204" + frag_threshold: "205" + frequency_handoff: "enable" + iperf_protocol: "udp" + iperf_server_port: "208" + max_clients: "209" + max_distance: "210" + mode: "disabled" + power_level: "212" + power_mode: "dBm" + power_value: "214" + powersave_optimize: "tim" + protection_mode: "rtscts" + radio_id: "217" + rts_threshold: "218" + sam_bssid: "" + sam_captive_portal: "enable" + sam_cwp_failure_string: "" + sam_cwp_match_string: "" + sam_cwp_password: "" + sam_cwp_success_string: "" + sam_cwp_test_url: "" + sam_cwp_username: "" + sam_password: "" + sam_report_intv: "228" + sam_security_type: "open" + sam_server: "" + sam_server_fqdn: "" + sam_server_ip: "" + sam_server_type: "ip" + sam_ssid: "" + sam_test: "ping" + sam_username: "" + short_guard_interval: "enable" + spectrum_analysis: "enable" + transmit_optimize: "disable" + vap_all: "tunnel" + vaps: + - + name: "default_name_242 (source wireless-controller.vap-group.name system.interface.name)" + wids_profile: " (source wireless-controller.wids-profile.name)" + zero_wait_dfs: "enable" + radio_3: + airtime_fairness: "enable" + amsdu: "enable" + ap_handoff: "enable" + ap_sniffer_addr: "" + ap_sniffer_bufsize: "250" + ap_sniffer_chan: "251" + ap_sniffer_ctl: "enable" + ap_sniffer_data: "enable" + ap_sniffer_mgmt_beacon: "enable" + ap_sniffer_mgmt_other: "enable" + ap_sniffer_mgmt_probe: "enable" + arrp_profile: " (source wireless-controller.arrp-profile.name)" + auto_power_high: "258" + auto_power_level: "enable" + auto_power_low: "260" + auto_power_target: "" + band: "802.11a" + band_5g_type: "5g-full" + bandwidth_admission_control: "enable" + bandwidth_capacity: "265" + beacon_interval: "266" + bss_color: "267" + bss_color_mode: "auto" + call_admission_control: "enable" + call_capacity: "270" + channel: + - + chan: "" + channel_bonding: "160MHz" + channel_utilization: "enable" + coexistence: "enable" + darrp: "enable" + drma: "disable" + drma_sensitivity: "low" + dtim: "279" + frag_threshold: "280" + frequency_handoff: "enable" + iperf_protocol: "udp" + iperf_server_port: "283" + max_clients: "284" + max_distance: "285" + mode: "disabled" + power_level: "287" + power_mode: "dBm" + power_value: "289" + powersave_optimize: "tim" + protection_mode: "rtscts" + radio_id: "292" + rts_threshold: "293" + sam_bssid: "" + sam_captive_portal: "enable" + sam_cwp_failure_string: "" + sam_cwp_match_string: "" + sam_cwp_password: "" + sam_cwp_success_string: "" + sam_cwp_test_url: "" + sam_cwp_username: "" + sam_password: "" + sam_report_intv: "303" + sam_security_type: "open" + sam_server: "" + sam_server_fqdn: "" + sam_server_ip: "" + sam_server_type: "ip" + sam_ssid: "" + sam_test: "ping" + sam_username: "" + short_guard_interval: "enable" + spectrum_analysis: "enable" + transmit_optimize: "disable" + vap_all: "tunnel" + vaps: + - + name: "default_name_317 (source wireless-controller.vap-group.name system.interface.name)" + wids_profile: " (source wireless-controller.wids-profile.name)" + zero_wait_dfs: "enable" + radio_4: + airtime_fairness: "enable" + amsdu: "enable" + ap_handoff: "enable" + ap_sniffer_addr: "" + ap_sniffer_bufsize: "325" + ap_sniffer_chan: "326" + ap_sniffer_ctl: "enable" + ap_sniffer_data: "enable" + ap_sniffer_mgmt_beacon: "enable" + ap_sniffer_mgmt_other: "enable" + ap_sniffer_mgmt_probe: "enable" + arrp_profile: " (source wireless-controller.arrp-profile.name)" + auto_power_high: "333" + auto_power_level: "enable" + auto_power_low: "335" + auto_power_target: "" + band: "802.11a" + band_5g_type: "5g-full" + bandwidth_admission_control: "enable" + bandwidth_capacity: "340" + beacon_interval: "341" + bss_color: "342" + bss_color_mode: "auto" + call_admission_control: "enable" + call_capacity: "345" + channel: + - + chan: "" + channel_bonding: "160MHz" + channel_utilization: "enable" + coexistence: "enable" + darrp: "enable" + drma: "disable" + drma_sensitivity: "low" + dtim: "354" + frag_threshold: "355" + frequency_handoff: "enable" + iperf_protocol: "udp" + iperf_server_port: "358" + max_clients: "359" + max_distance: "360" + mode: "disabled" + power_level: "362" + power_mode: "dBm" + power_value: "364" + powersave_optimize: "tim" + protection_mode: "rtscts" + rts_threshold: "367" + sam_bssid: "" + sam_captive_portal: "enable" + sam_cwp_failure_string: "" + sam_cwp_match_string: "" + sam_cwp_password: "" + sam_cwp_success_string: "" + sam_cwp_test_url: "" + sam_cwp_username: "" + sam_password: "" + sam_report_intv: "377" + sam_security_type: "open" + sam_server: "" + sam_server_fqdn: "" + sam_server_ip: "" + sam_server_type: "ip" + sam_ssid: "" + sam_test: "ping" + sam_username: "" + short_guard_interval: "enable" + spectrum_analysis: "enable" + transmit_optimize: "disable" + vap_all: "tunnel" + vaps: + - + name: "default_name_391 (source wireless-controller.vap-group.name system.interface.name)" + wids_profile: " (source wireless-controller.wids-profile.name)" + zero_wait_dfs: "enable" + split_tunneling_acl: + - + dest_ip: "" + id: "396" + split_tunneling_acl_local_ap_subnet: "enable" + split_tunneling_acl_path: "tunnel" + syslog_profile: " (source wireless-controller.syslog-profile.name)" + tun_mtu_downlink: "400" + tun_mtu_uplink: "401" + wan_port_auth: "none" + wan_port_auth_methods: "all" + wan_port_auth_password: "" + wan_port_auth_usrname: "" + wan_port_mode: "wan-lan" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/gen/fortios_wireless_controller_wtp_status.rst b/gen/fortios_wireless_controller_wtp_status.rst new file mode 100644 index 00000000..ceccab09 --- /dev/null +++ b/gen/fortios_wireless_controller_wtp_status.rst @@ -0,0 +1,235 @@ +:source: fortios_wireless_controller_wtp_status.py + +:orphan: + +.. fortios_wireless_controller_wtp_status: + +fortios_wireless_controller_wtp_status -- Wireless controller WTP-status in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.10 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- ansible>=2.9.0 + + +FortiOS Version Compatibility +----------------------------- + + +.. raw:: html + +
            + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            v6.2.0 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5
            fortios_wireless_controller_wtp_statusyesyesyesyesyesyesyesyesyesyesyesyes
            +

            + + + +Parameters +---------- + + +.. raw:: html + +

              +
            • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
              • +
            • enable_log - Enable/Disable logging for task. type: bool required: false default: False
              • +
            • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
              • +
            • member_path - Member attribute path to operate on. type: str
              • +
            • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
              • +
            • wireless_controller_wtp_status - Wireless controller WTP-status. type: dict + more... + +
              • +
                +
              • - WTP ID. type: str + more... + +
                • +
              +
            + + +Notes +----- + +.. note:: + + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + + + +Examples +-------- + +.. code-block:: yaml+jinja + + - hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Wireless controller WTP-status. + fortios_wireless_controller_wtp_status: + vdom: "{{ vdom }}" + wireless_controller_wtp_status: + : "" + + + +Return Values +------------- +Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: + +.. raw:: html + +
              + +
            • build - Build number of the fortigate image returned: always type: str sample: 1547
              • +
            • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
              • +
            • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
              • +
            • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
              • +
            • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
              • +
            • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
              • +
            • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
              • +
            • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
              • +
            • status - Indication of the operation's result returned: always type: str sample: success
              • +
            • vdom - Virtual domain used returned: always type: str sample: root
              • +
            • version - Version of the FortiGate returned: always type: str sample: v5.6.3
              • +
            + +Status +------ + +- This module is not guaranteed to have a backwards compatible interface. + + +Authors +------- + +- Link Zheng (@chillancezen) +- Jie Xue (@JieX19) +- Hongbin Lu (@fgtdev-hblu) +- Frank Shen (@frankshen01) +- Miguel Angel Munoz (@mamunozgonzalez) +- Nicolas Thomas (@thomnico) + + +.. hint:: + If you notice any issues in this documentation, you can create a pull request to improve it. diff --git a/generic.rst b/generic.rst new file mode 100644 index 00000000..dc59d49a --- /dev/null +++ b/generic.rst @@ -0,0 +1,13 @@ +Generic Modules +========================================= + +| + +The Modules to build flexible raw requests to FortiOS appliances. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_json_generic.rst diff --git a/help.rst b/help.rst new file mode 100644 index 00000000..414dfcb6 --- /dev/null +++ b/help.rst @@ -0,0 +1,23 @@ + +Get Help +======== + +| + +Technical and Commuity Support +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can get support from Fortinet `Technical Assistance Center`_. + +For Ansible common issue, you can also get support from the `community`_ + +Filing issues. +~~~~~~~~~~~~~~ + +You can get support from the community engineering team via filing an +issue in git `issues page`_ + +.. _Technical Assistance Center: https://www.fortinet.com/support/contact.html +.. _community: https://www.ansible.com/ +.. _issues page: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues + diff --git a/index.rst b/index.rst new file mode 100644 index 00000000..7aa0e920 --- /dev/null +++ b/index.rst @@ -0,0 +1,46 @@ +.. frankshen01 documentation master file, created by + sphinx-quickstart on Fri Nov 1 14:49:13 2019. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Welcome to Ansible Galaxy FortiOS Collection Documentation 2.1.5! +============================================================================ + +The FortiOS Ansible Collection provides Ansible modules for configuring FortiOS appliances. + +.. toctree:: + :glob: + :caption: FortiOS/Galaxy Version Mapping Guide + :maxdepth: 1 + + version.rst + + +.. toctree:: + :glob: + :caption: User's Guide + :maxdepth: 1 + + install.rst + playbook.rst + faq.rst + help.rst + +.. toctree:: + :glob: + :caption: modules index + :maxdepth: 1 + + modules.rst + monitor.rst + fact.rst + export.rst + generic.rst + +.. toctree:: + :glob: + :maxdepth: 1 + :caption: Appendices + + release.rst + diff --git a/install.rst b/install.rst new file mode 100644 index 00000000..3a17fc0d --- /dev/null +++ b/install.rst @@ -0,0 +1,36 @@ + +Install FortiOS Ansible Galaxy +============================== + +This document explains how to install the FortiOS Ansible Galaxy +Collection. + +-------------- + +Install Python3 +~~~~~~~~~~~~~~~ + +- Follow steps in https://www.python.org/ to install Python3 on your + host. + +Install Ansible Core +~~~~~~~~~~~~~~~~~~~~ + +- Follow instructions in + https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html + to install Ansible +- The Ansible core version requirement: >= 2.9.0 + +Install FortiOS Galaxy Collection +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The FortiOS Ansible Galaxy supports multilple FortiOS major releases, +you can install the latest collection by default via command +``ansible-galaxy collection install fortinet.fortios``. you can also +choose another galaxy version to match your FortiOS device. + +Please see the `versionig notes`_ for more recently released collections +and install the ones which are marked ``latest`` for your devices. + +.. _versionig notes: version.html + diff --git a/make.bat b/make.bat new file mode 100644 index 00000000..2119f510 --- /dev/null +++ b/make.bat @@ -0,0 +1,35 @@ +@ECHO OFF + +pushd %~dp0 + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set SOURCEDIR=. +set BUILDDIR=_build + +if "%1" == "" goto help + +%SPHINXBUILD% >NUL 2>NUL +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.http://sphinx-doc.org/ + exit /b 1 +) + +%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% +goto end + +:help +%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% + +:end +popd diff --git a/modules.rst b/modules.rst new file mode 100644 index 00000000..e095dd8b --- /dev/null +++ b/modules.rst @@ -0,0 +1,9 @@ + +Configuration Modules +=================================== + +.. toctree:: + :glob: + :maxdepth: 1 + + gen/* diff --git a/monitor.rst b/monitor.rst new file mode 100644 index 00000000..ddb08269 --- /dev/null +++ b/monitor.rst @@ -0,0 +1,13 @@ +Monitor Modules +========================================= + +| + +The Modules to build FortiOS monitor API requests to FortiOS appliances. + +.. toctree:: + :glob: + :maxdepth: 1 + + + fortios_monitor.rst diff --git a/playbook.rst b/playbook.rst new file mode 100644 index 00000000..845610c7 --- /dev/null +++ b/playbook.rst @@ -0,0 +1,81 @@ + +Run Your First Playbook +============================== + +This document explains how to run your first FortiOS Ansible playbook. + +-------------- + +With FortiOS Galaxy collection, you are always recommended to run +FortiOS module in ``httpapi`` manner. The first step is to prepare your +host inventory with which you can use ``ansible-vault`` to encrypt or +decrypt your secrets for the sake of confidentiality. + +Prepare host inventory +~~~~~~~~~~~~~~~~~~~~~~ + +in our case we create a file named ``hosts``: + +:: + + [fortigates] + fortigate01 ansible_host=192.168.190.130 ansible_user="admin" ansible_password="password" + fortigate02 ansible_host=192.168.190.131 ansible_user="admin" ansible_password="password" + fortigate03 ansible_host=192.168.190.132 fortios_access_token= + + [fortigates:vars] + ansible_network_os=fortinet.fortios.fortios + +FortiOS supports two ways to authenticate Ansible: ``ansible_user`` and ``ansible_password`` pair based; ``fortios_access_token`` access token based. +Access token based way is prefered as it is safer without any password explosure and access token guarantees request source location is wanted. + + +for how to generate an API token, visit page `FortiOS API Spec`_. + + +Write the playbook +~~~~~~~~~~~~~~~~~~ + +in the example: ``test.yml`` we are going to modify the fortigate +device’s hostname: + +:: + + - hosts: fortigate03 + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global attributes. + fortios_system_global: + vdom: "{{ vdom }}" + access_token: "{{ fortios_access_token }}" #if you prefer access token based authentication, add this line. + system_global: + hostname: 'CustomHostName' + +there are several options which might need you special care: + +- **connection** : ``httpapi`` is preferred. +- **collections** : The namespace must be ``fortinet.fortios`` +- **ansible_httpapi_use_ssl** and **ansible_httpapi_port**: by + default when your fortiOS device is licensed, the https is enabled. + there is one exception: uploading vmlicence to a newly installed FOS instance, where you should set + ``ansible_httpapi_use_ssl: no`` and ``ansible_httpapi_port: 80``. Please see `Import licence to FOS`_ for more details. + +Run the playbook +~~~~~~~~~~~~~~~~ + +:: + + ansible-playbook -i hosts test.yml + +you can also observe the verbose output by adding option at the tail: +``-vvv``. + +.. _Import licence to FOS: faq.html#how-to-import-a-license +.. _FortiOS API Spec: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/92/ diff --git a/release.rst b/release.rst new file mode 100644 index 00000000..8daa7e4c --- /dev/null +++ b/release.rst @@ -0,0 +1,692 @@ + +Release Notes +============================== + +| + +Release Galaxy 2.1.5 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.5 is based on 2.1.4 + +Features +^^^^^^^^^^^^^^^ +- Support FortiOS 7.0.2, 7.0.3, 7.0.4, 7.0.5. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix status issue in fortios_json_generic(). +- Fix issues in version mismatch logic. +- Fix the issue of inconsistent data types in different schemas. + +Release Galaxy 2.1.4 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.4 is based on 2.1.3 + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix bugs in the function of compare_ip_address on check_mode. +- Fix bugs when adding new members in some modules. + +Release Galaxy 2.1.3 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.3 is based on 2.1.2 + +Features +^^^^^^^^^^^^^^^ +- Collect the current configurations of the modules and convert them into playbooks. +- Support member operation (delete/add extra members) on an object that has a list of members in it. +- Add real-world use cases in the example section for some configuration modules. +- Support selectors feature in ``fortios_monitor_fact`` and ``fortios_log_fact``. +- Support FortiOS 7.0.1. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the filters error when fetching multiple facts with selectors for a configuration module (Github issue #138 ). +- Fix the corner cases that response does not have status in it. +- Fix Github issue #134 + +Release Galaxy 2.1.2 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.2 is based on 2.1.1 + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix a regression bug caused by non-required attributes. +- Fix an intentional exception for listed options. + +Release Galaxy 2.1.1 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.1 is based on 2.1.0 + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the KeyError caused by non-required multi-value attributes in an object. + +Release Galaxy 2.1.0 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.1.0 is based on 2.0.2 + +Features +^^^^^^^^^^^^^^^ +- Support Fortios 7.0. +- Support Log APIs. +- New module fortios_monitor_fact. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the unexpected warning caused by optinal params in ``fortios_monitor_fact`` and ``fortios_monitor``. +- Disable check_mode feature from all global objects of configuration modules due to 'state' issue. +- Fix a bug in IP_PREFIX.match(). +- Fix the issue that the ``server_type`` is not updated in ``fortios_system_central_management``. + +Release Galaxy 2.0.2 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.0.2 is based on 2.0.1 + +Features +^^^^^^^^^^^^^^^ +- Support ``check_mode`` in all cofigurationAPI-based modules. +- Improve ``fortios_configuration_fact`` to use multiple selectors concurrently. +- Support moving policy in ``firewall_central_snat_map``. +- Support filtering for fact gathering modules ``fortios_configuration_fact`` and ``fortios_monitor_fact``. +- Unify schemas for monitor API. + +Bug Fixes +^^^^^^^^^^^^^^^ +- Fix the authorization fails at log in with username and password in FOS7.0. +- Github Issue #103 +- Github Issue #105 + +Release Galaxy 2.0.1 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ +FortiOS Galaxy is based on ``2.0.0``. + +Features +^^^^^^^^^^^^^^^^^^ + - fixed ``pylint`` minor errors. + +Release Galaxy 2.0.0 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +FortiOS Galaxy 2.0.0 is a major ansible release for all v6.x.x FOS virtual and hardware platforms. + +Features +^^^^^^^^^^^^^^^^^^ +- Full support for gathering facts of both configuration(``fortios_configuration_fact``) and monitor(``fortios_monitor_fact``) objects or runtime data. +- Support for requesting Monitor API via module ``fortios_monitor``. +- Ported FortiOS generic module: ``fortios_json_generic``. +- Unified collections for all 6.x FOS releases, Ansible detects versioning mismatch at runtime. +- Explicit logging option: ``enable_log``. +- Deprecated second-layer ``state`` module parameter. + +Compatibility Notes +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +As a major release, it semantically breaks backward compability, some modules are removed as new full-fledged replacements come into being. + +- For deprecated modules, please find the alternatives in **Deprecated Modules** section. +- Other existing modules are kepted compatible. + + +Deprecated Modules +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- ``fortios_facts``: find full selectors in modules ``fortios_configuration_fact`` and ``fortios_monitor_fact``. +- ``fortios_registration_forticare``: replaced by module ``fortios_monitor``, see selector ``add-license.registration.forticare``. +- ``fortios_registration_vdom``: replaced by module ``fortios_monitor``, see selector ``add-license.registration.vdom``. +- ``fortios_system_vmlicense``: replaced by module ``fortios_monitor``, see selector ``upload.system.vmlicense``. +- ``fortios_system_config_backup_restore``: it was a complexed module. + - To backup the FOS system, use module ``fortios_monitor_fact`` and its selector ``system_config_backup``. + - To restore the configuration, use module ``fortios_monitor`` and its selector ``restore.system.config``. + + +-------------- + +Legacy Multiversions Note(Prior to 2.0.0) +------------------------------------------ +The FortiOS Galaxy namespace: ``fortinet.fortios`` hosts Ansible modules +for multiple FortiOS major releases. + +A mismatched Ansible collection version for a FortiOS device can cause a +warning: + +:: + + [WARNING]: Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv + +you can find more details with ``-vvv`` option when running a +playbook: + +:: + + ... + "version_check_warning": { + "ansible_collection_version": "v6.0.0 (galaxy: 1.0.13)", + "matched": false, + "message": "Please follow steps in FortiOS versioning notes: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/version.html", + "system_version": "v6.2.0" + } + ... + +**Simply installing a matched FortiOS collection can prevent potential +compatibility issues.** + +Release Galaxy 1.1.9 +-------------------- + +Release Targets +^^^^^^^^^^^^^^^ + +- fos\_v6.0.0/galaxy\_1.1.9 + +Bug Fixes +^^^^^^^^^ + +- Fix legacy module ``fortios_system_config_backup_restore`` + + +Release Galaxy 1.1.6 … 1.1.8 +----------------------------- + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.2.0/galaxy\_1.1.6 +- fos\_v6.4.0/galaxy\_1.1.7 +- fos\_v6.0.0/galaxy\_1.1.8 + +Bug Fixes +^^^^^^^^^ + +- Fixed module construction for legacy module ``fortios_facts``. +- Sorted selector list of module ``fortios_configuration_fact``. + + +Release Galaxy 1.1.3 … 1.1.5 +----------------------------- + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.2.0/galaxy\_1.1.3 +- fos\_v6.4.0/galaxy\_1.1.4 +- fos\_v6.0.0/galaxy\_1.1.5 + +Bug Fixes +^^^^^^^^^ + +- Fixed a fatal error: ``mkey`` not recognized in plugin due to wrong naming convention. + + + +Release Galaxy 1.1.0 … 1.1.2 +----------------------------- + +| + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.2.0/galaxy\_1.1.0 +- fos\_v6.4.0/galaxy\_1.1.1 +- fos\_v6.0.0/galaxy\_1.1.2 + + +Features +^^^^^^^^ + +- Support check mode for modules. +- Deprecate ``fortiosapi`` legacy connection mode. +- Support access token based authentication. +- Fully support fact gathering for all configuration API (``fortios_configuration_fact``). +- Suport Ansible 2.10 base framework. +- Support moving objects to different orders (``fortios_firewall_policy``). + +Bug Fixes +^^^^^^^^^ + +- Github Issue #65 + +Release Galaxy 1.0.10 … 10.0.13 +------------------------------- + +| + +Release Targets +^^^^^^^^^^^^^^^ +There are multiple Galaxy releases dedicated to different FortiOS major releases. + +- fos\_v6.0.0/galaxy\_1.0.13 +- fos\_v6.0.5/galaxy\_1.0.12 +- fos\_v6.4.0/galaxy\_1.0.11 +- fos\_v6.2.0/galaxy\_1.0.10 + + +New Modules +^^^^^^^^^^^ + ++-------+--------------------------------------------------------------+--------------+--------------+ +| # | Module Name | New in 6.2 | New in 6.4 | ++=======+==============================================================+==============+==============+ +| 1 | ``fortios_cifs_domain_controller`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 2 | ``fortios_cifs_profile`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 3 | ``fortios_dlp_sensitivity`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 4 | ``fortios_emailfilter_bwl`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 5 | ``fortios_emailfilter_bword`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 6 | ``fortios_emailfilter_dnsbl`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 7 | ``fortios_emailfilter_fortishield`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 8 | ``fortios_emailfilter_iptrust`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 9 | ``fortios_emailfilter_mheader`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 10 | ``fortios_emailfilter_options`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 11 | ``fortios_emailfilter_profile`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 12 | ``fortios_endpoint_control_fctems`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 13 | ``fortios_firewall_consolidated_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 14 | ``fortios_firewall_internet_service_addition`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 15 | ``fortios_firewall_internet_service_cat_definition`` | yes | no | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 16 | ``fortios_firewall_internet_service_definition`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 17 | ``fortios_firewall_internet_service_extension`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 18 | ``fortios_log_fortianalyzer2_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 19 | ``fortios_log_fortianalyzer2_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 20 | ``fortios_log_fortianalyzer3_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 21 | ``fortios_log_fortianalyzer3_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 22 | ``fortios_log_fortianalyzer_cloud_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 23 | ``fortios_log_fortianalyzer_cloud_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 24 | ``fortios_log_fortianalyzer_cloud_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 25 | ``fortios_log_fortianalyzer_cloud_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 26 | ``fortios_log_syslogd2_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 27 | ``fortios_log_syslogd2_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 28 | ``fortios_log_syslogd3_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 29 | ``fortios_log_syslogd3_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 30 | ``fortios_log_syslogd4_override_filter`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 31 | ``fortios_log_syslogd4_override_setting`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 32 | ``fortios_switch_controller_auto_config_custom`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 33 | ``fortios_switch_controller_auto_config_default`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 34 | ``fortios_switch_controller_auto_config_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 35 | ``fortios_switch_controller_flow_tracking`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 36 | ``fortios_switch_controller_location`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 37 | ``fortios_switch_controller_security_policy_local_access`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 38 | ``fortios_switch_controller_storm_control_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 39 | ``fortios_switch_controller_stp_instance`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 40 | ``fortios_switch_controller_traffic_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 41 | ``fortios_switch_controller_traffic_sniffer`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 42 | ``fortios_system_ipsec_aggregate`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 43 | ``fortios_system_lldp_network_policy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 44 | ``fortios_system_nd_proxy`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 45 | ``fortios_system_npu`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 46 | ``fortios_system_ptp`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 47 | ``fortios_system_saml`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 48 | ``fortios_system_speed_test_server`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 49 | ``fortios_system_sso_admin`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 50 | ``fortios_user_exchange`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 51 | ``fortios_wireless_controller_address`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 52 | ``fortios_wireless_controller_addrgrp`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 53 | ``fortios_wireless_controller_log`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 54 | ``fortios_wireless_controller_region`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 55 | ``fortios_wireless_controller_snmp`` | yes | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 56 | ``fortios_certificate_remote`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 57 | ``fortios_credential_store_domain_controller`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 58 | ``fortios_dpdk_cpus`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 59 | ``fortios_dpdk_global`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 60 | ``fortios_extender_modem_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 61 | ``fortios_extender_sys_info`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 62 | ``fortios_firewall_city`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 63 | ``fortios_firewall_country`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 64 | ``fortios_firewall_decrypted_traffic_mirror`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 65 | ``fortios_firewall_internet_service_botnet`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 66 | ``fortios_firewall_internet_service_ipbl_reason`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 67 | ``fortios_firewall_internet_service_ipbl_vendor`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 68 | ``fortios_firewall_internet_service_list`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 69 | ``fortios_firewall_internet_service_name`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 70 | ``fortios_firewall_internet_service_owner`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 71 | ``fortios_firewall_internet_service_reputation`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 72 | ``fortios_firewall_internet_service_sld`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 73 | ``fortios_firewall_iprope_list`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 74 | ``fortios_firewall_proute`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 75 | ``fortios_firewall_region`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 76 | ``fortios_firewall_security_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 77 | ``fortios_firewall_traffic_class`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 78 | ``fortios_firewall_vendor_mac`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 79 | ``fortios_hardware_nic`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 80 | ``fortios_ips_view_map`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 81 | ``fortios_switch_controller_initial_config_template`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 82 | ``fortios_switch_controller_initial_config_vlans`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 83 | ``fortios_switch_controller_mac_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 84 | ``fortios_switch_controller_nac_device`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 85 | ``fortios_switch_controller_nac_settings`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 86 | ``fortios_switch_controller_poe`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 87 | ``fortios_switch_controller_port_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 88 | ``fortios_switch_controller_remote_log`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 89 | ``fortios_switch_controller_snmp_community`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 90 | ``fortios_switch_controller_snmp_sysinfo`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 91 | ``fortios_switch_controller_snmp_trap_threshold`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 92 | ``fortios_switch_controller_snmp_user`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 93 | ``fortios_switch_controller_vlan_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 94 | ``fortios_system_geneve`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 95 | ``fortios_system_geoip_country`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 96 | ``fortios_system_performance_top`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 97 | ``fortios_system_standalone_cluster`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 98 | ``fortios_test_acd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 99 | ``fortios_test_acid`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 100 | ``fortios_test_autod`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 101 | ``fortios_test_awsd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 102 | ``fortios_test_azd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 103 | ``fortios_test_bfd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 104 | ``fortios_test_csfd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 105 | ``fortios_test_ddnscd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 106 | ``fortios_test_dhcp6c`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 107 | ``fortios_test_dhcp6r`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 108 | ``fortios_test_dhcprelay`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 109 | ``fortios_test_dlpfingerprint`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 110 | ``fortios_test_dlpfpcache`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 111 | ``fortios_test_dnsproxy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 112 | ``fortios_test_dsd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 113 | ``fortios_test_fas`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 114 | ``fortios_test_fcnacd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 115 | ``fortios_test_fnbamd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 116 | ``fortios_test_forticldd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 117 | ``fortios_test_forticron`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 118 | ``fortios_test_fsd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 119 | ``fortios_test_fsvrd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 120 | ``fortios_test_ftpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 121 | ``fortios_test_gcpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 122 | ``fortios_test_harelay`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 123 | ``fortios_test_hasync`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 124 | ``fortios_test_hatalk`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 125 | ``fortios_test_imap`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 126 | ``fortios_test_info_sslvpnd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 127 | ``fortios_test_init`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 128 | ``fortios_test_iotd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 129 | ``fortios_test_ipamd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 130 | ``fortios_test_ipldbd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 131 | ``fortios_test_ipsengine`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 132 | ``fortios_test_ipsmonitor`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 133 | ``fortios_test_ipsufd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 134 | ``fortios_test_kubed`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 135 | ``fortios_test_l2tpcd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 136 | ``fortios_test_lnkmtd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 137 | ``fortios_test_lted`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 138 | ``fortios_test_miglogd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 139 | ``fortios_test_mrd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 140 | ``fortios_test_netxd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 141 | ``fortios_test_nntp`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 142 | ``fortios_test_ocid`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 143 | ``fortios_test_openstackd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 144 | ``fortios_test_ovrd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 145 | ``fortios_test_pop3`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 146 | ``fortios_test_pptpcd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 147 | ``fortios_test_quarantined`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 148 | ``fortios_test_radius_das`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 149 | ``fortios_test_radiusd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 150 | ``fortios_test_radvd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 151 | ``fortios_test_reportd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 152 | ``fortios_test_sdncd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 153 | ``fortios_test_sepmd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 154 | ``fortios_test_sessionsync`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 155 | ``fortios_test_sflowd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 156 | ``fortios_test_smtp`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 157 | ``fortios_test_snmpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 158 | ``fortios_test_uploadd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 159 | ``fortios_test_urlfilter`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 160 | ``fortios_test_vmwd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 161 | ``fortios_test_wad`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 162 | ``fortios_test_wccpd`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 163 | ``fortios_test_wf_monitor`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 164 | ``fortios_test_zebos_launcher`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 165 | ``fortios_user_nac_policy`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 166 | ``fortios_user_saml`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 167 | ``fortios_vpn_ike_gateway`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 168 | ``fortios_webfilter_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 169 | ``fortios_wireless_controller_access_control_list`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 170 | ``fortios_wireless_controller_apcfg_profile`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 171 | ``fortios_wireless_controller_client_info`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 172 | ``fortios_wireless_controller_rf_analysis`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 173 | ``fortios_wireless_controller_spectral_info`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 174 | ``fortios_wireless_controller_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 175 | ``fortios_wireless_controller_vap_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 176 | ``fortios_wireless_controller_wag_profile`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ +| 177 | ``fortios_wireless_controller_wtp_status`` | no | yes | ++-------+--------------------------------------------------------------+--------------+--------------+ + +Features +^^^^^^^^ + +- Support special identifier validation and restoration in Ansible + modules. +- Support more valid identifiers: ``3gpp_plmn``, ``802_1X_settings``, + ``802.1_tlvs`` and ``802.3_tlvs``. +- Support ``revision_change`` in response since fortigate 6.2.3. +- Support Underscore to hypen conversion. +- Support licence modules: ``fortios_system_vmlicense``, + ``fortios_registration_forticare`` and ``fortios_registration_vdom``. +- Support raw json encoding for generic module. + +Bug Fixes +^^^^^^^^^ + +- Fix ``fgd_alert_subscription`` multiple choices problem for module + ``fortios_system_global``. +- Fix ``proposal`` exceptional multilist for module + ``fortios_vpn_ipsec_phase2_interface``. +- Fix issue #26 of ansible\_fgt\_modules. +- Fix issue #24 of ansible\_fgt\_modules. +- Fix ``events`` exceptional multilist for module + ``fortios_system_snmp_community``. +- Fix py2/py3 compability issue for httpapi plugin fortios. +- Fix the mkey encoding in fortios api URL. +- Fix ``banned_cipher`` exceptional multilist for module + ``fortios_vpn_ssl_settings``. + + + diff --git a/version.rst b/version.rst new file mode 100644 index 00000000..e35cc43a --- /dev/null +++ b/version.rst @@ -0,0 +1,72 @@ +FortiOS Galaxy Versioning +==================================== + +FortiOS Galaxy versions +~~~~~~~~~~~~~~~~~~~~~~~ + +From ``v2.0.0`` on, FortiOS galaxy collections are unified, there is only one sequential collection at any moment. users who install these collections +are expected to find the version compatibility information for each module and its parameters. + ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| FOS version | Galaxy Version | Release date | Path to Install | ++===============+=====================+================+=================================================================+ +| unified | 2.0.0 | 2021/4/6 | ``ansible-galaxy collection install fortinet.fortios:2.0.0`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.0.1 | 2021/4/7 | ``ansible-galaxy collection install fortinet.fortios:2.0.1`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.0.2 | 2021/5/14 | ``ansible-galaxy collection install fortinet.fortios:2.0.2`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.0 | 2021/6/25 | ``ansible-galaxy collection install fortinet.fortios:2.1.0`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.1 | 2021/6/29 | ``ansible-galaxy collection install fortinet.fortios:2.1.1`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.2 | 2021/7/15 | ``ansible-galaxy collection install fortinet.fortios:2.1.2`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.3 | 2021/11/11 | ``ansible-galaxy collection install fortinet.fortios:2.1.3`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.4 | 2022/2/7 | ``ansible-galaxy collection install fortinet.fortios:2.1.4`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| unified | 2.1.5 ``latest`` | 2022/4/22 | ``ansible-galaxy collection install fortinet.fortios:2.1.5`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ + + +Legacy FortiOS Galaxy Versions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Prior to FortiOS collection ``v2.0.0``, FortiOS Galaxy collections were built over three FOS major versions, i.e. ``v6.0``, ``v6.2`` and ``v6.4``, thus, users are expected to install +the collection according to the following table to avoid potential compatibility issues. + + ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| FOS version | Galaxy Version | Release date | Path to Install | ++===============+=====================+================+=================================================================+ +| 6.0.0 | 1.0.13 | 2020/5/26 | ``ansible-galaxy collection install fortinet.fortios:1.0.13`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.2 | 2020/12/4 | ``ansible-galaxy collection install fortinet.fortios:1.1.2`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.5 | 2020/12/7 | ``ansible-galaxy collection install fortinet.fortios:1.1.5`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.8 | 2020/12/21 | ``ansible-galaxy collection install fortinet.fortios:1.1.8`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.0.0 | 1.1.9 | 2020/3/1 | ``ansible-galaxy collection install fortinet.fortios:1.1.9`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.0.10 | 2020/5/6 | ``ansible-galaxy collection install fortinet.fortios:1.0.10`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.1.0 | 2020/12/4 | ``ansible-galaxy collection install fortinet.fortios:1.1.0`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.1.3 | 2020/12/7 | ``ansible-galaxy collection install fortinet.fortios:1.1.3`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.2.0 | 1.1.6 | 2020/12/21 | ``ansible-galaxy collection install fortinet.fortios:1.1.6`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.0.11 | 2020/5/11 | ``ansible-galaxy collection install fortinet.fortios:1.0.11`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.1.1 | 2020/12/4 | ``ansible-galaxy collection install fortinet.fortios:1.1.1`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.1.4 | 2020/12/7 | ``ansible-galaxy collection install fortinet.fortios:1.1.4`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ +| 6.4.0 | 1.1.7 | 2020/12/21 | ``ansible-galaxy collection install fortinet.fortios:1.1.7`` | ++---------------+---------------------+----------------+-----------------------------------------------------------------+ + +**Note**: Use ``-f`` option (i.e. +``ansible-galaxy collection install -f fortinet.fortios:x.x.x``) to +renew your existing local installation.