fmgr_fwobj_ippool – Allows the editing of IP Pool Objects within FortiManager

New in version 2.8.

Synopsis

• Allows users to add/edit/delete IP Pool Objects.

Parameters

Parameter	Choices/Defaults	Comments
adom -	Default: "root"	The ADOM the configuration should belong to.
arp_intf -		Select an interface from available options that will reply to ARP requests. (If blank, any is selected).
arp_reply -	Choices: disable enable	Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable). choice | disable | Disable ARP reply. choice | enable | Enable ARP reply.
associated_interface -		Associated interface name.
block_size -		Number of addresses in a block (64 to 4096, default = 128).
comments -		Comment.
dynamic_mapping -		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameter.ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
dynamic_mapping_arp_intf -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_arp_reply -	Choices: disable enable	Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_associated_interface -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_block_size -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_comments -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_endip -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_num_blocks_per_user -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_pba_timeout -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_permit_any_host -	Choices: disable enable	Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_source_endip -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_source_startip -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_startip -		Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_type -	Choices: overload one-to-one fixed-port-range port-block-allocation	Dynamic Mapping clone of original suffixed parameter.
endip -		Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
mode -	Choices: add ← set delete update	Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values
name -		IP pool name.
num_blocks_per_user -		Number of addresses blocks that can be used by a user (1 to 128, default = 8).
pba_timeout -		Port block allocation timeout (seconds).
permit_any_host -	Choices: disable enable	Enable/disable full cone NAT. choice | disable | Disable full cone NAT. choice | enable | Enable full cone NAT.
source_endip -		Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
source_startip -		First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
startip -		First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
type -	Choices: overload one-to-one fixed-port-range port-block-allocation	IP pool type (overload, one-to-one, fixed port range, or port block allocation). choice | overload | IP addresses in the IP pool can be shared by clients. choice | one-to-one | One to one mapping. choice | fixed-port-range | Fixed port range. choice | port-block-allocation | Port block allocation.

Notes

Note

• Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples

- name: ADD FMGR_FIREWALL_IPPOOL Overload
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_overload"
    comments: "Created by ansible"
    type: "overload"

    # OPTIONS FOR ALL MODES
    startip: "10.10.10.10"
    endip: "10.10.10.100"
    arp_reply: "enable"

- name: ADD FMGR_FIREWALL_IPPOOL one-to-one
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_121"
    comments: "Created by ansible"
    type: "one-to-one"

    # OPTIONS FOR ALL MODES
    startip: "10.10.20.10"
    endip: "10.10.20.100"
    arp_reply: "enable"

- name: ADD FMGR_FIREWALL_IPPOOL FIXED PORT RANGE
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_fixed_port"
    comments: "Created by ansible"
    type: "fixed-port-range"

    # OPTIONS FOR ALL MODES
    startip: "10.10.40.10"
    endip: "10.10.40.100"
    arp_reply: "enable"
    # FIXED PORT RANGE OPTIONS
    source_startip: "192.168.20.1"
    source_endip: "192.168.20.20"

- name: ADD FMGR_FIREWALL_IPPOOL PORT BLOCK ALLOCATION
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_port_block_allocation"
    comments: "Created by ansible"
    type: "port-block-allocation"

    # OPTIONS FOR ALL MODES
    startip: "10.10.30.10"
    endip: "10.10.30.100"
    arp_reply: "enable"
    # PORT BLOCK ALLOCATION OPTIONS
    block_size: "128"
    num_blocks_per_user: "1"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by the Ansible Community. [community]

Authors

• Luke Weighall (@lweighall)

• Andrew Welsh (@Ghilli3)

• Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.