fmgr_fwobj_service – Manages FortiManager Firewall Service Objects¶

New in version 2.8.

Synopsis
Parameters
Notes
Examples
Return Values
Status

Synopsis ¶

Manages FortiManager Firewall Service Objects.

Parameters ¶

Parameter	Choices/Defaults	Comments
adom -	Default: "root"	-The ADOM the configuration should belong to.
app_category -		Application category ID.
app_service_type -		Application service type.
application -		Application ID.
category -		Service category.
check_reset_range -		Enable disable RST check.
color -	Default: 22	GUI icon color.
comment -		Comment.
custom_type -	Choices: tcp_udp_sctp icmp icmp6 ip http ftp connect socks_tcp socks_udp all ←	Tells module what kind of custom service to be added.
explicit_proxy -	Choices: enable disable ←	Enable/disable explicit web proxy service.
fqdn -	Default: ""	Fully qualified domain name.
group_member -		Comma-Seperated list of members' names.
group_name -		Name of the Service Group.
icmp_code -		ICMP code.
icmp_type -		ICMP type.
iprange -	Default: "0.0.0.0"	Start IP-End IP.
mode -	Choices: add ← set delete	Sets one of three modes for managing the object.
name -		Custom service name.
object_type -	Choices: custom group category	Tells module if we are adding a custom service, category, or group.
protocol -		Protocol type.
protocol_number -		IP protocol number.
sctp_portrange -		Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80'). Syntax is <destPort:sourcePort> If no sourcePort is defined, it assumes all of them. Ranges can be defined with a hyphen - Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000). String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
session_ttl -	Default: 0	Session TTL (300 - 604800, 0 = default).
tcp_halfclose_timer -	Default: 0	TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_halfopen_timer -	Default: 0	TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_portrange -		Comma separated list of destination ports to add (i.e. '443,80'). Syntax is <destPort:sourcePort> If no sourcePort is defined, it assumes all of them. Ranges can be defined with a hyphen - Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000). String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
tcp_timewait_timer -	Default: 0	TCP half close timeout (1 - 300 sec, 0 = default).
udp_idle_timer -	Default: 0	TCP half close timeout (0 - 86400 sec, 0 = default).
udp_portrange -		Comma separated list of destination ports to add (i.e. '443,80'). Syntax is <destPort:sourcePort> If no sourcePort is defined, it assumes all of them. Ranges can be defined with a hyphen - Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000). String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
visibility -	Choices: enable ← disable	Enable/disable service visibility.

Notes ¶

Note

Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples ¶

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Status ¶

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors¶

Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

fmgr_fwobj_service – Manages FortiManager Firewall Service Objects¶

Synopsis¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Status¶