fmgr_device_provision_template – Manages Device Provisioning Templates in FortiManager¶

New in version 2.8.

Synopsis
Parameters
Notes
Examples
Return Values
Status

Synopsis ¶

Allows the editing and assignment of device provisioning templates in FortiManager.

Parameters ¶

Parameter	Choices/Defaults	Comments
admin_enable_fortiguard -	Choices: none direct this-fmg	Enables FortiGuard security updates to their default settings.
admin_fortianalyzer_target -		Configures faz target.
admin_fortiguard_target -		Configures fortiguard target. admin_enable_fortiguard must be set to "direct".
admin_gui_theme -	Choices: green red blue melongene mariner	Changes the admin gui theme.
admin_http_port -		Non-SSL admin gui port number.
admin_https_port -		SSL admin gui port number.
admin_https_redirect -	Choices: enable disable	Enables or disables https redirect from http.
admin_language -	Choices: english simch japanese korean spanish trach french portuguese	Sets the admin gui language.
admin_switch_controller -	Choices: enable disable	Enables or disables the switch controller.
admin_timeout -		Admin timeout in minutes.
adom - / required		The ADOM the configuration should belong to.
delete_provisioning_template -		If specified, all other options are ignored. The specified provisioning template will be deleted.
device_unique_name - / required		The unique device's name that you are editing.
dns_primary_ipv4 -		primary ipv4 dns forwarder.
dns_secondary_ipv4 -		secondary ipv4 dns forwarder.
dns_suffix -		Sets the local dns domain suffix.
mode -	Choices: add ← set delete update	Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values.
ntp_auth -	Choices: enable disable	Enables or disables ntp authentication.
ntp_auth_pwd -		Sets the ntp auth password.
ntp_server -		Only used with custom ntp_type -- specifies IP of server to sync to -- comma separated ip addresses for multiples.
ntp_status -	Choices: enable disable	Enables or disables ntp.
ntp_sync_interval -		Sets the interval in minutes for ntp sync.
ntp_type -	Choices: fortiguard custom	Enables fortiguard servers or custom servers are the ntp source.
ntp_v3 -	Choices: enable disable	Enables or disables ntpv3 (default is ntpv4).
provision_targets - / required		The friendly names of devices in FortiManager to assign the provisioning template to. Comma separated list.
provisioning_template - / required		The provisioning template you want to apply (default = default).
smtp_conn_sec -	Choices: none starttls smtps	defines the ssl level for smtp.
smtp_password -		SMTP password.
smtp_port -		SMTP port number.
smtp_replyto -		SMTP reply to address.
smtp_server -		SMTP server ipv4 address.
smtp_source_ipv4 -		SMTP source ip address.
smtp_username -		SMTP auth username.
smtp_validate_cert -	Choices: enable disable	Enables or disables valid certificate checking for smtp.
snmp_status -	Choices: enable disable	Enables or disables SNMP globally.
snmp_v2c_id -		Primary key for the snmp community. this must be unique!
snmp_v2c_name -		Specifies the v2c community name.
snmp_v2c_query_hosts_ipv4 -		- IPv4 addresses or subnets that are allowed to query SNMP v2c, comma separated ("10.7.220.59 255.255.255.0, 10.7.220.0 255.255.255.0").
snmp_v2c_query_port -		Sets the snmp v2c community query port.
snmp_v2c_query_status -	Choices: enable disable	Enables or disables the v2c community specified for queries.
snmp_v2c_status -	Choices: enable disable	Enables or disables the v2c community specified.
snmp_v2c_trap_hosts_ipv4 -		- IPv4 addresses of the hosts that should get SNMP v2c traps, comma separated, must include mask ("10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255").
snmp_v2c_trap_port -		Sets the snmp v2c community trap port.
snmp_v2c_trap_src_ipv4 -		Source ip the traps should come from IPv4.
snmp_v2c_trap_status -	Choices: enable disable	Enables or disables the v2c community specified for traps.
snmpv3_auth_proto -	Choices: md5 sha	SNMPv3 auth protocol.
snmpv3_auth_pwd -		SNMPv3 auth pwd __ currently not encrypted! ensure this file is locked down permissions wise!
snmpv3_name -		SNMPv3 user name.
snmpv3_notify_hosts -		List of ipv4 hosts to send snmpv3 traps to. Comma separated IPv4 list.
snmpv3_priv_proto -	Choices: aes des aes256 aes256cisco	SNMPv3 priv protocol.
snmpv3_priv_pwd -		SNMPv3 priv pwd currently not encrypted! ensure this file is locked down permissions wise!
snmpv3_queries -	Choices: enable disable	Allow snmpv3_queries.
snmpv3_query_port -		SNMPv3 query port.
snmpv3_security_level -	Choices: no-auth-no-priv auth-no-priv auth-priv	SNMPv3 security level.
snmpv3_source_ip -		SNMPv3 source ipv4 address for traps.
snmpv3_status -	Choices: enable disable	SNMPv3 user is enabled or disabled.
snmpv3_trap_rport -		SNMPv3 trap remote port.
snmpv3_trap_status -	Choices: enable disable	SNMPv3 traps is enabled or disabled.
syslog_certificate -		Certificate used to communicate with Syslog server if encryption on.
syslog_enc_algorithm -	Choices: high low disable ← high-medium	Enable/disable reliable syslogging with TLS encryption. choice \| high \| SSL communication with high encryption algorithms. choice \| low \| SSL communication with low encryption algorithms. choice \| disable \| Disable SSL communication. choice \| high-medium \| SSL communication with high and medium encryption algorithms.
syslog_facility -	Choices: kernel user mail daemon auth syslog ← lpr news uucp cron authpriv ftp ntp audit alert clock local0 local1 local2 local3 local4 local5 local6 local7	Remote syslog facility. choice \| kernel \| Kernel messages. choice \| user \| Random user-level messages. choice \| mail \| Mail system. choice \| daemon \| System daemons. choice \| auth \| Security/authorization messages. choice \| syslog \| Messages generated internally by syslog. choice \| lpr \| Line printer subsystem. choice \| news \| Network news subsystem. choice \| uucp \| Network news subsystem. choice \| cron \| Clock daemon. choice \| authpriv \| Security/authorization messages (private). choice \| ftp \| FTP daemon. choice \| ntp \| NTP daemon. choice \| audit \| Log audit. choice \| alert \| Log alert. choice \| clock \| Clock daemon. choice \| local0 \| Reserved for local use. choice \| local1 \| Reserved for local use. choice \| local2 \| Reserved for local use. choice \| local3 \| Reserved for local use. choice \| local4 \| Reserved for local use. choice \| local5 \| Reserved for local use. choice \| local6 \| Reserved for local use. choice \| local7 \| Reserved for local use.
syslog_filter -	Choices: emergency alert critical error warning notification information debug	Sets the logging level for syslog.
syslog_mode -	Choices: udp ← legacy-reliable reliable	Remote syslog logging over UDP/Reliable TCP. choice \| udp \| Enable syslogging over UDP. choice \| legacy-reliable \| Enable legacy reliable syslogging by RFC3195 (Reliable Delivery for Syslog). choice \| reliable \| Enable reliable syslogging by RFC6587 (Transmission of Syslog Messages over TCP).
syslog_port -		Syslog port that will be set.
syslog_server -		Server the syslogs will be sent to.
syslog_status -	Choices: enable disable	Enables or disables syslogs.

Notes ¶

Note

Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples ¶

- name: SET SNMP SYSTEM INFO
  fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"

- name: SET SNMP SYSTEM INFO ANSIBLE ADOM
  fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"

- name: SET SNMP SYSTEM INFO different template (SNMPv2)
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmp_v2c_query_port: "162"
    snmp_v2c_trap_port: "161"
    snmp_v2c_status: "enable"
    snmp_v2c_trap_status: "enable"
    snmp_v2c_query_status: "enable"
    snmp_v2c_name: "ansibleV2c"
    snmp_v2c_id: "1"
    snmp_v2c_trap_src_ipv4: "10.7.220.41"
    snmp_v2c_trap_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255"
    snmp_v2c_query_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.0 255.255.255.0"

- name: SET SNMP SYSTEM INFO different template (SNMPv3)
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmpv3_auth_proto: "sha"
    snmpv3_auth_pwd: "fortinet"
    snmpv3_name: "ansibleSNMPv3"
    snmpv3_notify_hosts: "10.7.220.59,10.7.220.60"
    snmpv3_priv_proto: "aes256"
    snmpv3_priv_pwd: "fortinet"
    snmpv3_queries: "enable"
    snmpv3_query_port: "161"
    snmpv3_security_level: "auth_priv"
    snmpv3_source_ip: "0.0.0.0"
    snmpv3_status: "enable"
    snmpv3_trap_rport: "162"
    snmpv3_trap_status: "enable"

- name: SET SYSLOG INFO
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    syslog_server: "10.7.220.59"
    syslog_port: "514"
    syslog_mode: "disable"
    syslog_status: "enable"
    syslog_filter: "information"

- name: SET NTP TO FORTIGUARD
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    type: "fortiguard"

- name: SET NTP TO CUSTOM SERVER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    ntp_type: "custom"
    ntp_server: "10.7.220.32,10.7.220.1"
    ntp_auth: "enable"
    ntp_auth_pwd: "fortinet"
    ntp_v3: "disable"

- name: SET ADMIN GLOBAL SETTINGS
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    admin_https_redirect: "enable"
    admin_https_port: "4433"
    admin_http_port: "8080"
    admin_timeout: "30"
    admin_language: "english"
    admin_switch_controller: "enable"
    admin_gui_theme: "blue"
    admin_enable_fortiguard: "direct"
    admin_fortiguard_target: "10.7.220.128"
    admin_fortianalyzer_target: "10.7.220.61"

- name: SET CUSTOM SMTP SERVER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    smtp_username: "ansible"
    smtp_password: "fortinet"
    smtp_port: "25"
    smtp_replyto: "[email protected]"
    smtp_conn_sec: "starttls"
    smtp_server: "10.7.220.32"
    smtp_source_ipv4: "0.0.0.0"
    smtp_validate_cert: "disable"

- name: SET DNS SERVERS
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    dns_suffix: "ansible.local"
    dns_primary_ipv4: "8.8.8.8"
    dns_secondary_ipv4: "4.4.4.4"

- name: SET PROVISIONING TEMPLATE DEVICE TARGETS IN FORTIMANAGER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    provision_targets: "FGT1, FGT2"

- name: DELETE ENTIRE PROVISIONING TEMPLATE
  fmgr_device_provision_template:
    delete_provisioning_template: "ansibleTest"
    mode: "delete"
    adom: "ansible"

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Status ¶

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors¶

Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

fmgr_device_provision_template – Manages Device Provisioning Templates in FortiManager¶

Synopsis¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Status¶