fmgr_fwobj_address – Allows the management of firewall objects in FortiManager¶
New in version 2.8.
Synopsis¶
Allows for the management of IPv4, IPv6, and multicast address objects within FortiManager.
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
adom
-
|
Default: "root"
|
The ADOM the configuration should belong to.
|
|
allow_routing
-
|
|
Enable/disable use of this address in the static route configuration.
|
|
associated_interface
-
|
Associated interface name.
|
|
|
cache_ttl
-
|
Minimal TTL of individual IP addresses in FQDN cache. Only applies when type = wildcard-fqdn.
|
|
|
color
-
|
Default: 22
|
Color of the object in FortiManager GUI.
Takes integers 1-32
|
|
comment
-
|
Comment for the object in FortiManager.
|
|
|
country
-
|
Country name. Required if type = geographic.
|
|
|
end_ip
-
|
End IP. Only used when ipv4 = iprange.
|
|
|
fqdn
-
|
Fully qualified domain name.
|
|
|
group_members
-
|
Address group member. If this is defined w/out group_name, the operation will fail.
|
|
|
group_name
-
|
Address group name. If this is defined in playbook task, all other options are ignored.
|
|
|
ipv4
-
|
|
Type of IPv4 Object.
Must not be specified with either multicast or IPv6 parameters.
|
|
ipv4addr
-
|
IP and network mask. If only defining one IP use this parameter. (i.e. 10.7.220.30/255.255.255.255)
Can also define subnets (i.e. 10.7.220.0/255.255.255.0)
Also accepts CIDR (i.e. 10.7.220.0/24)
If Netmask is omitted after IP address, /32 is assumed.
When multicast is set to Broadcast Subnet the ipv4addr parameter is used to specify the subnet.
|
|
|
ipv6
-
|
|
Puts module into IPv6 mode.
Must not be specified with either ipv4 or multicast parameters.
|
|
ipv6addr
-
|
IPv6 address in full. (i.e. 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
|
|
|
mode
-
|
|
Sets one of three modes for managing the object.
|
|
multicast
-
|
|
Manages Multicast Address Objects.
Sets either a Multicast IP Range or a Broadcast Subnet.
Must not be specified with either ipv4 or ipv6 parameters.
When set to Broadcast Subnet the ipv4addr parameter is used to specify the subnet.
Can create IPv4 Multicast Objects (multicastrange and broadcastmask options -- uses start/end-ip and ipv4addr).
|
|
name
-
|
Friendly Name Address object name in FortiManager.
|
|
|
obj_id
-
|
Object ID for NSX.
|
|
|
start_ip
-
|
Start IP. Only used when ipv4 = iprange.
|
|
|
visibility
-
|
|
Enable/disable address visibility.
|
|
wildcard
-
|
IP address and wildcard netmask. Required if ipv4 = wildcard.
|
|
|
wildcard_fqdn
-
|
Wildcard FQDN. Required if ipv4 = wildcard-fqdn.
|
Notes¶
Note
Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples¶
- name: ADD IPv4 IP ADDRESS OBJECT
fmgr_fwobj_address:
ipv4: "ipmask"
ipv4addr: "10.7.220.30/32"
name: "ansible_v4Obj"
comment: "Created by Ansible"
color: "6"
- name: ADD IPv4 IP ADDRESS OBJECT MORE OPTIONS
fmgr_fwobj_address:
ipv4: "ipmask"
ipv4addr: "10.7.220.34/32"
name: "ansible_v4Obj_MORE"
comment: "Created by Ansible"
color: "6"
allow_routing: "enable"
cache_ttl: "180"
associated_interface: "port1"
obj_id: "123"
- name: ADD IPv4 IP ADDRESS SUBNET OBJECT
fmgr_fwobj_address:
ipv4: "ipmask"
ipv4addr: "10.7.220.0/255.255.255.128"
name: "ansible_subnet"
comment: "Created by Ansible"
mode: "set"
- name: ADD IPv4 IP ADDRESS RANGE OBJECT
fmgr_fwobj_address:
ipv4: "iprange"
start_ip: "10.7.220.1"
end_ip: "10.7.220.125"
name: "ansible_range"
comment: "Created by Ansible"
- name: ADD IPv4 IP ADDRESS WILDCARD OBJECT
fmgr_fwobj_address:
ipv4: "wildcard"
wildcard: "10.7.220.30/255.255.255.255"
name: "ansible_wildcard"
comment: "Created by Ansible"
- name: ADD IPv4 IP ADDRESS WILDCARD FQDN OBJECT
fmgr_fwobj_address:
ipv4: "wildcard-fqdn"
wildcard_fqdn: "*.myds.com"
name: "Synology myds DDNS service"
comment: "Created by Ansible"
- name: ADD IPv4 IP ADDRESS FQDN OBJECT
fmgr_fwobj_address:
ipv4: "fqdn"
fqdn: "ansible.com"
name: "ansible_fqdn"
comment: "Created by Ansible"
- name: ADD IPv4 IP ADDRESS GEO OBJECT
fmgr_fwobj_address:
ipv4: "geography"
country: "usa"
name: "ansible_geo"
comment: "Created by Ansible"
- name: ADD IPv6 ADDRESS
fmgr_fwobj_address:
ipv6: "ip"
ipv6addr: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
name: "ansible_v6Obj"
comment: "Created by Ansible"
- name: ADD IPv6 ADDRESS RANGE
fmgr_fwobj_address:
ipv6: "iprange"
start_ip: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
end_ip: "2001:0db8:85a3:0000:0000:8a2e:0370:7446"
name: "ansible_v6range"
comment: "Created by Ansible"
- name: ADD IPv4 IP ADDRESS GROUP
fmgr_fwobj_address:
ipv4: "group"
group_name: "ansibleIPv4Group"
group_members: "ansible_fqdn, ansible_wildcard, ansible_range"
- name: ADD IPv6 IP ADDRESS GROUP
fmgr_fwobj_address:
ipv6: "group"
group_name: "ansibleIPv6Group"
group_members: "ansible_v6Obj, ansible_v6range"
- name: ADD MULTICAST RANGE
fmgr_fwobj_address:
multicast: "multicastrange"
start_ip: "224.0.0.251"
end_ip: "224.0.0.251"
name: "ansible_multicastrange"
comment: "Created by Ansible"
- name: ADD BROADCAST SUBNET
fmgr_fwobj_address:
multicast: "broadcastmask"
ipv4addr: "10.7.220.0/24"
name: "ansible_broadcastSubnet"
comment: "Created by Ansible"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
api_result
string
|
always |
full API response, includes status code and message
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]