fortinet.fortios.fortios_system_csf – Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 1.1.8).

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_system_csf.

New in version 2.9: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and csf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter Choices/Defaults Comments
access_token
string
Token-based authentication. Generated from GUI of Fortigate.
system_csf
dictionary
Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
configuration_sync
string
    Choices:
  • default
  • local
Configuration sync mode.
fabric_device
list / elements=string
Fabric device configuration.
device_ip
string
Device IP.
device_type
string
    Choices:
  • fortimail
Device type.
login
string
Device login name.
name
string / required
Device name.
password
string
Device login password.
fixed_key
string
Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.)
group_name
string
Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.
group_password
string
Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.
management_ip
string
Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
status
string
    Choices:
  • enable
  • disable
Enable/disable Security Fabric.
trusted_list
list / elements=string
Pre-authorized and blocked security fabric nodes.
action
string
    Choices:
  • accept
  • deny
Security fabric authorization action.
downstream_authorization
string
    Choices:
  • enable
  • disable
Trust authorizations by this node"s administrator.
ha_members
string
HA members.
serial
string / required
Serial.
upstream_ip
string
IP address of the FortiGate upstream from this FortiGate in the Security Fabric.
upstream_port
integer
The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric .
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
    fortios_system_csf:
      vdom:  "{{ vdom }}"
      system_csf:
        configuration_sync: "default"
        fabric_device:
         -
            device_ip: "<your_own_value>"
            device_type: "fortimail"
            login: "<your_own_value>"
            name: "default_name_8"
            password: "<your_own_value>"
        fixed_key: "<your_own_value>"
        group_name: "<your_own_value>"
        group_password: "<your_own_value>"
        management_ip: "<your_own_value>"
        status: "enable"
        trusted_list:
         -
            action: "accept"
            downstream_authorization: "enable"
            ha_members: "<your_own_value>"
            serial: "<your_own_value>"
        upstream_ip: "<your_own_value>"
        upstream_port: "21"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)