Documentation

fortios_ipv4_policy - Manage fortios firewall IPv4 policy objects

New in version 2.3.

Synopsis

  • This module provides management of firewall IPv4 policies on FortiOS devices.

Options

parameter required default choices comments
application_list
no
Specifies Application Control name.
av_profile
no
Specifies Antivirus profile name.
backup
no
  • yes
  • no
This argument will cause the module to create a backup of the current running-config from the remote device before any changes are made. The backup file is written to the i(backup) folder.
backup_filename
no
Specifies the backup filename. If omitted filename will be formated like [email protected]:MM:SS
backup_path
no
Specifies where to store backup files. Required if backup=yes.
comment
no
free text to describe policy.
dst_addr
yes
Specifies destination address (or group) object name(s).
dst_addr_negate
no
  • true
  • false
Negate destination address param.
dst_intf
no any
Specifies destination interface name.
fixedport
no
  • true
  • false
Use fixed port for nat.
host
yes
Specifies the DNS hostname or IP address for connecting to the remote fortios device.
id
yes
Policy ID.
ips_sensor
no
Specifies IPS Sensor profile name.
nat
no
  • true
  • false
Enable or disable Nat.
password
yes
Specifies the password used to authenticate to the remote device.
policy_action
yes
  • accept
  • deny
Specifies accept or deny action policy.

aliases: action
poolname
no
Specifies NAT pool name.
schedule
no always
defines policy schedule.
service
yes
Specifies policy service(s), could be a list (ex: ['MAIL','DNS']).

aliases: services
service_negate
no
  • true
  • false
Negate policy service(s) defined in service value.
src_addr
yes
Specifies source address (or group) object name(s).
src_addr_negate
no
  • true
  • false
Negate source address param.
src_intf
no any
Specifies source interface name.
state
no present
  • present
  • absent
Specifies if address need to be added or deleted.
timeout
no 60
Timeout in seconds for connecting to the remote device.
username
yes
Configures the username used to authenticate to the remote device.
vdom
no
Specifies on which vdom to apply configuration
webfilter_profile
no
Specifies Webfilter profile name.

Examples

- name: Allow external DNS call
  fortios_ipv4_policy:
    host: 192.168.0.254
    username: admin
    password: password
    id: 42
    srcaddr: internal_network
    dstaddr: all
    service: dns
    nat: True
    state: present
    policy_action: accept

- name: Public Web
  fortios_ipv4_policy:
    host: 192.168.0.254
    username: admin
    password: password
    id: 42
    srcaddr: all
    dstaddr: webservers
    services:
      - http
      - https
    state: present
    policy_action: accept

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
firewall_address_config full firewall adresses config string always string
change_string The commands executed by the module only if config changed string
msg_error_list List of errors returned by CLI (use -vvv for better readability). only when error string


Notes

Note

  • This module requires pyFG library.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.