fmgr_secprof_ips – Managing IPS security profiles in FortiManager

New in version 2.8.

Synopsis

  • Managing IPS security profiles in FortiManager

Parameters

Parameter Choices/Defaults Comments
adom
-
Default:
"root"
The ADOM the configuration should belong to.
block_malicious_url
-
    Choices:
  • disable
  • enable
Enable/disable malicious URL blocking.
comment
-
Comment.
entries
-
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
entries_action
-
    Choices:
  • pass
  • block
  • reset
  • default
Action taken with traffic in which signatures are detected.
entries_application
-
Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.
entries_exempt_ip_dst_ip
-
Destination IP address and netmask.
entries_exempt_ip_src_ip
-
Source IP address and netmask.
entries_location
-
Protect client or server traffic.
entries_log
-
    Choices:
  • disable
  • enable
Enable/disable logging of signatures included in filter.
entries_log_attack_context
-
    Choices:
  • disable
  • enable
Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer.
entries_log_packet
-
    Choices:
  • disable
  • enable
Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.
entries_os
-
Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.
entries_protocol
-
Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.
entries_quarantine
-
    Choices:
  • none
  • attacker
Quarantine method.
entries_quarantine_expiry
-
Duration of quarantine.
entries_quarantine_log
-
    Choices:
  • disable
  • enable
Enable/disable quarantine logging.
entries_rate_count
-
Count of the rate.
entries_rate_duration
-
Duration (sec) of the rate.
entries_rate_mode
-
    Choices:
  • periodical
  • continuous
Rate limit mode.
entries_rate_track
-
    Choices:
  • none
  • src-ip
  • dest-ip
  • dhcp-client-mac
  • dns-domain
Track the packet protocol field.
entries_rule
-
Identifies the predefined or custom IPS signatures to add to the sensor.
entries_severity
-
Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.
entries_status
-
    Choices:
  • disable
  • enable
  • default
Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.
extended_log
-
    Choices:
  • disable
  • enable
Enable/disable extended logging.
filter
-
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
filter_action
-
    Choices:
  • pass
  • block
  • default
  • reset
Action of selected rules.
filter_application
-
Vulnerable application filter.
filter_location
-
Vulnerability location filter.
filter_log
-
    Choices:
  • disable
  • enable
Enable/disable logging of selected rules.
filter_log_packet
-
    Choices:
  • disable
  • enable
Enable/disable packet logging of selected rules.
filter_name
-
Filter name.
filter_os
-
Vulnerable OS filter.
filter_protocol
-
Vulnerable protocol filter.
filter_quarantine
-
    Choices:
  • none
  • attacker
Quarantine IP or interface.
filter_quarantine_expiry
-
Duration of quarantine in minute.
filter_quarantine_log
-
    Choices:
  • disable
  • enable
Enable/disable logging of selected quarantine.
filter_severity
-
Vulnerability severity filter.
filter_status
-
    Choices:
  • disable
  • enable
  • default
Selected rules status.
mode
-
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
name
-
Sensor name.
override
-
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
override_action
-
    Choices:
  • pass
  • block
  • reset
Action of override rule.
override_exempt_ip_dst_ip
-
Destination IP address and netmask.
override_exempt_ip_src_ip
-
Source IP address and netmask.
override_log
-
    Choices:
  • disable
  • enable
Enable/disable logging.
override_log_packet
-
    Choices:
  • disable
  • enable
Enable/disable packet logging.
override_quarantine
-
    Choices:
  • none
  • attacker
Quarantine IP or interface.
override_quarantine_expiry
-
Duration of quarantine in minute.
override_quarantine_log
-
    Choices:
  • disable
  • enable
Enable/disable logging of selected quarantine.
override_rule_id
-
Override rule ID.
override_status
-
    Choices:
  • disable
  • enable
Enable/disable status of override rule.
replacemsg_group
-
Replacement message group.

Notes

Examples

- name: DELETE Profile
  fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_malicious_url: "enable"
    entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Status

Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.