fortios_firewall_sniffer – Configure sniffer in Fortinet’s FortiOS and FortiGate¶

New in version 2.8.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status

Synopsis ¶

This module is able to configure a FortiGate or FortiOS by allowing the user to configure firewall feature and sniffer category. Examples includes all options and need to be adjusted to datasources before usage. Tested with FOS v6.0.2

Requirements ¶

The below requirements are needed on the host that executes this module.

fortiosapi>=0.9.8

Parameters ¶

Parameter			Choices/Defaults	Comments
firewall_sniffer -			Default: null	Configure sniffer.
	anomaly -			Configuration method to edit Denial of Service (DoS) anomaly settings.
		action -	Choices: pass block	Action taken when the threshold is reached.
		log -	Choices: enable disable	Enable/disable anomaly logging.
		name - / required		Anomaly name.
		quarantine -	Choices: none attacker	Quarantine method.
		quarantine-expiry -		Duration of quarantine. (Format
		quarantine-log -	Choices: disable enable	Enable/disable quarantine logging.
		status -	Choices: disable enable	Enable/disable this anomaly.
		threshold -		Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.
		threshold(default) -		Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it.
	application-list -			Name of an existing application list. Source application.list.name.
	application-list-status -		Choices: enable disable	Enable/disable application control profile.
	av-profile -			Name of an existing antivirus profile. Source antivirus.profile.name.
	av-profile-status -		Choices: enable disable	Enable/disable antivirus profile.
	dlp-sensor -			Name of an existing DLP sensor. Source dlp.sensor.name.
	dlp-sensor-status -		Choices: enable disable	Enable/disable DLP sensor.
	dsri -		Choices: enable disable	Enable/disable DSRI.
	host -			Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).
	id - / required			Sniffer ID.
	interface -			Interface name that traffic sniffing will take place on. Source system.interface.name.
	ips-dos-status -		Choices: enable disable	Enable/disable IPS DoS anomaly detection.
	ips-sensor -			Name of an existing IPS sensor. Source ips.sensor.name.
	ips-sensor-status -		Choices: enable disable	Enable/disable IPS sensor.
	ipv6 -		Choices: enable disable	Enable/disable sniffing IPv6 packets.
	logtraffic -		Choices: all utm disable	Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.
	max-packet-count -			Maximum packet count (1 - 1000000, default = 10000).
	non-ip -		Choices: enable disable	Enable/disable sniffing non-IP packets.
	port -			Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).
	protocol -			Integer value for the protocol type as defined by IANA (0 - 255).
	scan-botnet-connections -		Choices: disable block monitor	Enable/disable scanning of connections to Botnet servers.
	spamfilter-profile -			Name of an existing spam filter profile. Source spamfilter.profile.name.
	spamfilter-profile-status -		Choices: enable disable	Enable/disable spam filter.
	state -		Choices: present absent	Indicates whether to create or remove the object
	status -		Choices: enable disable	Enable/disable the active status of the sniffer.
	vlan -			List of VLANs to sniff.
	webfilter-profile -			Name of an existing web filter profile. Source webfilter.profile.name.
	webfilter-profile-status -		Choices: enable disable	Enable/disable web filter profile.
host - / required				FortiOS or FortiGate ip adress.
https boolean			Choices: no yes ←	Indicates if the requests towards FortiGate must use HTTPS protocol
password -			Default: ""	FortiOS or FortiGate password.
username - / required				FortiOS or FortiGate username.
vdom -			Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes ¶

Note

Requires fortiosapi library developed by Fortinet
Run as a local_action in your playbook

Examples ¶

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure sniffer.
    fortios_firewall_sniffer:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      firewall_sniffer:
        state: "present"
        anomaly:
         -
            action: "pass"
            log: "enable"
            name: "default_name_6"
            quarantine: "none"
            quarantine-expiry: "<your_own_value>"
            quarantine-log: "disable"
            status: "disable"
            threshold: "11"
            threshold(default): "12"
        application-list: "<your_own_value> (source application.list.name)"
        application-list-status: "enable"
        av-profile: "<your_own_value> (source antivirus.profile.name)"
        av-profile-status: "enable"
        dlp-sensor: "<your_own_value> (source dlp.sensor.name)"
        dlp-sensor-status: "enable"
        dsri: "enable"
        host: "myhostname"
        id:  "21"
        interface: "<your_own_value> (source system.interface.name)"
        ips-dos-status: "enable"
        ips-sensor: "<your_own_value> (source ips.sensor.name)"
        ips-sensor-status: "enable"
        ipv6: "enable"
        logtraffic: "all"
        max-packet-count: "28"
        non-ip: "enable"
        port: "<your_own_value>"
        protocol: "<your_own_value>"
        scan-botnet-connections: "disable"
        spamfilter-profile: "<your_own_value> (source spamfilter.profile.name)"
        spamfilter-profile-status: "enable"
        status: "enable"
        vlan: "<your_own_value>"
        webfilter-profile: "<your_own_value> (source webfilter.profile.name)"
        webfilter-profile-status: "enable"

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Status ¶

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors¶

Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

fortios_firewall_sniffer – Configure sniffer in Fortinet’s FortiOS and FortiGate¶

Synopsis¶

Requirements¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Status¶