fmgr_device_provision_template – Manages Device Provisioning Templates in FortiManager

New in version 2.8.

Synopsis

  • Allows the editing and assignment of device provisioning templates in FortiManager.

Parameters

Parameter Choices/Defaults Comments
admin_enable_fortiguard
-
    Choices:
  • none
  • direct
  • this-fmg
Enables FortiGuard security updates to their default settings.
admin_fortianalyzer_target
-
Configures faz target.
admin_fortiguard_target
-
Configures fortiguard target.
admin_enable_fortiguard must be set to "direct".
admin_gui_theme
-
    Choices:
  • green
  • red
  • blue
  • melongene
  • mariner
Changes the admin gui theme.
admin_http_port
-
Non-SSL admin gui port number.
admin_https_port
-
SSL admin gui port number.
admin_https_redirect
-
    Choices:
  • enable
  • disable
Enables or disables https redirect from http.
admin_language
-
    Choices:
  • english
  • simch
  • japanese
  • korean
  • spanish
  • trach
  • french
  • portuguese
Sets the admin gui language.
admin_switch_controller
-
    Choices:
  • enable
  • disable
Enables or disables the switch controller.
admin_timeout
-
Admin timeout in minutes.
adom
- / required
The ADOM the configuration should belong to.
delete_provisioning_template
-
If specified, all other options are ignored. The specified provisioning template will be deleted.
device_unique_name
- / required
The unique device's name that you are editing.
dns_primary_ipv4
-
primary ipv4 dns forwarder.
dns_secondary_ipv4
-
secondary ipv4 dns forwarder.
dns_suffix
-
Sets the local dns domain suffix.
mode
-
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
ntp_auth
-
    Choices:
  • enable
  • disable
Enables or disables ntp authentication.
ntp_auth_pwd
-
Sets the ntp auth password.
ntp_server
-
Only used with custom ntp_type -- specifies IP of server to sync to -- comma separated ip addresses for multiples.
ntp_status
-
    Choices:
  • enable
  • disable
Enables or disables ntp.
ntp_sync_interval
-
Sets the interval in minutes for ntp sync.
ntp_type
-
    Choices:
  • fortiguard
  • custom
Enables fortiguard servers or custom servers are the ntp source.
ntp_v3
-
    Choices:
  • enable
  • disable
Enables or disables ntpv3 (default is ntpv4).
provision_targets
- / required
The friendly names of devices in FortiManager to assign the provisioning template to. Comma separated list.
provisioning_template
- / required
The provisioning template you want to apply (default = default).
smtp_conn_sec
-
    Choices:
  • none
  • starttls
  • smtps
defines the ssl level for smtp.
smtp_password
-
SMTP password.
smtp_port
-
SMTP port number.
smtp_replyto
-
SMTP reply to address.
smtp_server
-
SMTP server ipv4 address.
smtp_source_ipv4
-
SMTP source ip address.
smtp_username
-
SMTP auth username.
smtp_validate_cert
-
    Choices:
  • enable
  • disable
Enables or disables valid certificate checking for smtp.
snmp_status
-
    Choices:
  • enable
  • disable
Enables or disables SNMP globally.
snmp_v2c_id
-
Primary key for the snmp community. this must be unique!
snmp_v2c_name
-
Specifies the v2c community name.
snmp_v2c_query_hosts_ipv4
-
- IPv4 addresses or subnets that are allowed to query SNMP v2c, comma separated ("10.7.220.59 255.255.255.0, 10.7.220.0 255.255.255.0").
snmp_v2c_query_port
-
Sets the snmp v2c community query port.
snmp_v2c_query_status
-
    Choices:
  • enable
  • disable
Enables or disables the v2c community specified for queries.
snmp_v2c_status
-
    Choices:
  • enable
  • disable
Enables or disables the v2c community specified.
snmp_v2c_trap_hosts_ipv4
-
- IPv4 addresses of the hosts that should get SNMP v2c traps, comma separated, must include mask ("10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255").
snmp_v2c_trap_port
-
Sets the snmp v2c community trap port.
snmp_v2c_trap_src_ipv4
-
Source ip the traps should come from IPv4.
snmp_v2c_trap_status
-
    Choices:
  • enable
  • disable
Enables or disables the v2c community specified for traps.
snmpv3_auth_proto
-
    Choices:
  • md5
  • sha
SNMPv3 auth protocol.
snmpv3_auth_pwd
-
SNMPv3 auth pwd __ currently not encrypted! ensure this file is locked down permissions wise!
snmpv3_name
-
SNMPv3 user name.
snmpv3_notify_hosts
-
List of ipv4 hosts to send snmpv3 traps to. Comma separated IPv4 list.
snmpv3_priv_proto
-
    Choices:
  • aes
  • des
  • aes256
  • aes256cisco
SNMPv3 priv protocol.
snmpv3_priv_pwd
-
SNMPv3 priv pwd currently not encrypted! ensure this file is locked down permissions wise!
snmpv3_queries
-
    Choices:
  • enable
  • disable
Allow snmpv3_queries.
snmpv3_query_port
-
SNMPv3 query port.
snmpv3_security_level
-
    Choices:
  • no-auth-no-priv
  • auth-no-priv
  • auth-priv
SNMPv3 security level.
snmpv3_source_ip
-
SNMPv3 source ipv4 address for traps.
snmpv3_status
-
    Choices:
  • enable
  • disable
SNMPv3 user is enabled or disabled.
snmpv3_trap_rport
-
SNMPv3 trap remote port.
snmpv3_trap_status
-
    Choices:
  • enable
  • disable
SNMPv3 traps is enabled or disabled.
syslog_certificate
-
Certificate used to communicate with Syslog server if encryption on.
syslog_enc_algorithm
-
    Choices:
  • high
  • low
  • disable ←
  • high-medium
Enable/disable reliable syslogging with TLS encryption.
choice | high | SSL communication with high encryption algorithms.
choice | low | SSL communication with low encryption algorithms.
choice | disable | Disable SSL communication.
choice | high-medium | SSL communication with high and medium encryption algorithms.
syslog_facility
-
    Choices:
  • kernel
  • user
  • mail
  • daemon
  • auth
  • syslog ←
  • lpr
  • news
  • uucp
  • cron
  • authpriv
  • ftp
  • ntp
  • audit
  • alert
  • clock
  • local0
  • local1
  • local2
  • local3
  • local4
  • local5
  • local6
  • local7
Remote syslog facility.
choice | kernel | Kernel messages.
choice | user | Random user-level messages.
choice | mail | Mail system.
choice | daemon | System daemons.
choice | auth | Security/authorization messages.
choice | syslog | Messages generated internally by syslog.
choice | lpr | Line printer subsystem.
choice | news | Network news subsystem.
choice | uucp | Network news subsystem.
choice | cron | Clock daemon.
choice | authpriv | Security/authorization messages (private).
choice | ftp | FTP daemon.
choice | ntp | NTP daemon.
choice | audit | Log audit.
choice | alert | Log alert.
choice | clock | Clock daemon.
choice | local0 | Reserved for local use.
choice | local1 | Reserved for local use.
choice | local2 | Reserved for local use.
choice | local3 | Reserved for local use.
choice | local4 | Reserved for local use.
choice | local5 | Reserved for local use.
choice | local6 | Reserved for local use.
choice | local7 | Reserved for local use.
syslog_filter
-
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warning
  • notification
  • information
  • debug
Sets the logging level for syslog.
syslog_mode
-
    Choices:
  • udp ←
  • legacy-reliable
  • reliable
Remote syslog logging over UDP/Reliable TCP.
choice | udp | Enable syslogging over UDP.
choice | legacy-reliable | Enable legacy reliable syslogging by RFC3195 (Reliable Delivery for Syslog).
choice | reliable | Enable reliable syslogging by RFC6587 (Transmission of Syslog Messages over TCP).
syslog_port
-
Syslog port that will be set.
syslog_server
-
Server the syslogs will be sent to.
syslog_status
-
    Choices:
  • enable
  • disable
Enables or disables syslogs.

Examples

- name: SET SNMP SYSTEM INFO
  fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"

- name: SET SNMP SYSTEM INFO ANSIBLE ADOM
  fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"

- name: SET SNMP SYSTEM INFO different template (SNMPv2)
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmp_v2c_query_port: "162"
    snmp_v2c_trap_port: "161"
    snmp_v2c_status: "enable"
    snmp_v2c_trap_status: "enable"
    snmp_v2c_query_status: "enable"
    snmp_v2c_name: "ansibleV2c"
    snmp_v2c_id: "1"
    snmp_v2c_trap_src_ipv4: "10.7.220.41"
    snmp_v2c_trap_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255"
    snmp_v2c_query_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.0 255.255.255.0"

- name: SET SNMP SYSTEM INFO different template (SNMPv3)
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmpv3_auth_proto: "sha"
    snmpv3_auth_pwd: "fortinet"
    snmpv3_name: "ansibleSNMPv3"
    snmpv3_notify_hosts: "10.7.220.59,10.7.220.60"
    snmpv3_priv_proto: "aes256"
    snmpv3_priv_pwd: "fortinet"
    snmpv3_queries: "enable"
    snmpv3_query_port: "161"
    snmpv3_security_level: "auth_priv"
    snmpv3_source_ip: "0.0.0.0"
    snmpv3_status: "enable"
    snmpv3_trap_rport: "162"
    snmpv3_trap_status: "enable"

- name: SET SYSLOG INFO
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    syslog_server: "10.7.220.59"
    syslog_port: "514"
    syslog_mode: "disable"
    syslog_status: "enable"
    syslog_filter: "information"

- name: SET NTP TO FORTIGUARD
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    type: "fortiguard"

- name: SET NTP TO CUSTOM SERVER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    ntp_type: "custom"
    ntp_server: "10.7.220.32,10.7.220.1"
    ntp_auth: "enable"
    ntp_auth_pwd: "fortinet"
    ntp_v3: "disable"

- name: SET ADMIN GLOBAL SETTINGS
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    admin_https_redirect: "enable"
    admin_https_port: "4433"
    admin_http_port: "8080"
    admin_timeout: "30"
    admin_language: "english"
    admin_switch_controller: "enable"
    admin_gui_theme: "blue"
    admin_enable_fortiguard: "direct"
    admin_fortiguard_target: "10.7.220.128"
    admin_fortianalyzer_target: "10.7.220.61"

- name: SET CUSTOM SMTP SERVER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    smtp_username: "ansible"
    smtp_password: "fortinet"
    smtp_port: "25"
    smtp_replyto: "[email protected]"
    smtp_conn_sec: "starttls"
    smtp_server: "10.7.220.32"
    smtp_source_ipv4: "0.0.0.0"
    smtp_validate_cert: "disable"

- name: SET DNS SERVERS
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    dns_suffix: "ansible.local"
    dns_primary_ipv4: "8.8.8.8"
    dns_secondary_ipv4: "4.4.4.4"

- name: SET PROVISIONING TEMPLATE DEVICE TARGETS IN FORTIMANAGER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    provision_targets: "FGT1, FGT2"

- name: DELETE ENTIRE PROVISIONING TEMPLATE
  fmgr_device_provision_template:
    delete_provisioning_template: "ansibleTest"
    mode: "delete"
    adom: "ansible"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.