fmgr_fwpol_package – Manages FortiManager Firewall Policies Packages

New in version 2.8.

Synopsis

  • Manages FortiManager Firewall Policies Packages. Policy Packages contain one or more Firewall Policies/Rules and are distritbuted via FortiManager to Fortigates.

  • This module controls the creation/edit/delete/assign of these packages.

Parameters

Parameter Choices/Defaults Comments
adom
-
Default:
"root"
The ADOM the configuration should belong to.
central_nat
-
    Choices:
  • enable
  • disable ←
Central NAT setting.
fwpolicy6_implicit_log
-
    Choices:
  • enable
  • disable ←
Implicit Log setting for all IPv6 policies in package.
fwpolicy_implicit_log
-
    Choices:
  • enable
  • disable ←
Implicit Log setting for all IPv4 policies in package.
inspection_mode
-
    Choices:
  • flow ←
  • proxy
Inspection mode setting for the policies flow or proxy.
mode
-
    Choices:
  • add ←
  • set
  • delete
Sets one of three modes for managing the object.
name
- / required
Name of the FortiManager package or folder.
ngfw_mode
-
    Choices:
  • profile-based ←
  • policy-based
NGFW mode setting for the policies flow or proxy.
object_type
- / required
    Choices:
  • pkg
  • folder
  • install
Are we managing packages or folders, or installing packages?
package_folder
-
Name of the folder you want to put the package into.
parent_folder
-
The parent folder name you want to add this object under.
scope_members
-
The devices or scope that you want to assign this policy package to.
scope_members_vdom
-
Default:
"root"
The members VDOM you want to assign the package to.
ssl_ssh_profile
-
if policy-based ngfw-mode, refer to firewall ssl-ssh-profile.

Notes

Note

Examples

- name: CREATE BASIC POLICY PACKAGE
  fmgr_fwpol_package:
    adom: "ansible"
    mode: "add"
    name: "testPackage"
    object_type: "pkg"

- name: ADD PACKAGE WITH TARGETS
  fmgr_fwpol_package:
    mode: "add"
    adom: "ansible"
    name: "ansibleTestPackage1"
    object_type: "pkg"
    inspection_mode: "flow"
    ngfw_mode: "profile-based"
    scope_members: "seattle-fgt02, seattle-fgt03"

- name: ADD FOLDER
  fmgr_fwpol_package:
    mode: "add"
    adom: "ansible"
    name: "ansibleTestFolder1"
    object_type: "folder"

- name: ADD PACKAGE INTO PARENT FOLDER
  fmgr_fwpol_package:
    mode: "set"
    adom: "ansible"
    name: "ansibleTestPackage2"
    object_type: "pkg"
    parent_folder: "ansibleTestFolder1"

- name: ADD FOLDER INTO PARENT FOLDER
  fmgr_fwpol_package:
    mode: "set"
    adom: "ansible"
    name: "ansibleTestFolder2"
    object_type: "folder"
    parent_folder: "ansibleTestFolder1"

- name: INSTALL PACKAGE
  fmgr_fwpol_package:
    mode: "set"
    adom: "ansible"
    name: "ansibleTestPackage1"
    object_type: "install"
    scope_members: "seattle-fgt03, seattle-fgt02"

- name: REMOVE PACKAGE
  fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestPackage1"
    object_type: "pkg"

- name: REMOVE NESTED PACKAGE
  fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestPackage2"
    object_type: "pkg"
    parent_folder: "ansibleTestFolder1"

- name: REMOVE NESTED FOLDER
  fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestFolder2"
    object_type: "folder"
    parent_folder: "ansibleTestFolder1"

- name: REMOVE FOLDER
  fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestFolder1"
    object_type: "folder"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
 always
full API response, includes status code and message


Status

Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.