fmgr_fwobj_address – Allows the management of firewall objects in FortiManager

New in version 2.8.

Synopsis

• Allows for the management of IPv4, IPv6, and multicast address objects within FortiManager.

Parameters

Parameter	Choices/Defaults	Comments
adom -	Default: "root"	The ADOM the configuration should belong to.
allow_routing -	Choices: enable disable ←	Enable/disable use of this address in the static route configuration.
associated_interface -		Associated interface name.
cache_ttl -		Minimal TTL of individual IP addresses in FQDN cache. Only applies when type = wildcard-fqdn.
color -	Default: 22	Color of the object in FortiManager GUI. Takes integers 1-32
comment -		Comment for the object in FortiManager.
country -		Country name. Required if type = geographic.
end_ip -		End IP. Only used when ipv4 = iprange.
fqdn -		Fully qualified domain name.
group_members -		Address group member. If this is defined w/out group_name, the operation will fail.
group_name -		Address group name. If this is defined in playbook task, all other options are ignored.
ipv4 -	Choices: ipmask iprange fqdn wildcard geography wildcard-fqdn group	Type of IPv4 Object. Must not be specified with either multicast or IPv6 parameters.
ipv4addr -		IP and network mask. If only defining one IP use this parameter. (i.e. 10.7.220.30/255.255.255.255) Can also define subnets (i.e. 10.7.220.0/255.255.255.0) Also accepts CIDR (i.e. 10.7.220.0/24) If Netmask is omitted after IP address, /32 is assumed. When multicast is set to Broadcast Subnet the ipv4addr parameter is used to specify the subnet.
ipv6 -	Choices: ip iprange group	Puts module into IPv6 mode. Must not be specified with either ipv4 or multicast parameters.
ipv6addr -		IPv6 address in full. (i.e. 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
mode -	Choices: add ← set delete	Sets one of three modes for managing the object.
multicast -	Choices: multicastrange broadcastmask ip6	Manages Multicast Address Objects. Sets either a Multicast IP Range or a Broadcast Subnet. Must not be specified with either ipv4 or ipv6 parameters. When set to Broadcast Subnet the ipv4addr parameter is used to specify the subnet. Can create IPv4 Multicast Objects (multicastrange and broadcastmask options -- uses start/end-ip and ipv4addr).
name -		Friendly Name Address object name in FortiManager.
obj_id -		Object ID for NSX.
start_ip -		Start IP. Only used when ipv4 = iprange.
visibility -	Choices: enable ← disable	Enable/disable address visibility.
wildcard -		IP address and wildcard netmask. Required if ipv4 = wildcard.
wildcard_fqdn -		Wildcard FQDN. Required if ipv4 = wildcard-fqdn.

Notes

Note

• Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples

- name: ADD IPv4 IP ADDRESS OBJECT
  fmgr_fwobj_address:
    ipv4: "ipmask"
    ipv4addr: "10.7.220.30/32"
    name: "ansible_v4Obj"
    comment: "Created by Ansible"
    color: "6"

- name: ADD IPv4 IP ADDRESS OBJECT MORE OPTIONS
  fmgr_fwobj_address:
    ipv4: "ipmask"
    ipv4addr: "10.7.220.34/32"
    name: "ansible_v4Obj_MORE"
    comment: "Created by Ansible"
    color: "6"
    allow_routing: "enable"
    cache_ttl: "180"
    associated_interface: "port1"
    obj_id: "123"

- name: ADD IPv4 IP ADDRESS SUBNET OBJECT
  fmgr_fwobj_address:
    ipv4: "ipmask"
    ipv4addr: "10.7.220.0/255.255.255.128"
    name: "ansible_subnet"
    comment: "Created by Ansible"
    mode: "set"

- name: ADD IPv4 IP ADDRESS RANGE OBJECT
  fmgr_fwobj_address:
    ipv4: "iprange"
    start_ip: "10.7.220.1"
    end_ip: "10.7.220.125"
    name: "ansible_range"
    comment: "Created by Ansible"

- name: ADD IPv4 IP ADDRESS WILDCARD OBJECT
  fmgr_fwobj_address:
    ipv4: "wildcard"
    wildcard: "10.7.220.30/255.255.255.255"
    name: "ansible_wildcard"
    comment: "Created by Ansible"

- name: ADD IPv4 IP ADDRESS WILDCARD FQDN OBJECT
  fmgr_fwobj_address:
    ipv4: "wildcard-fqdn"
    wildcard_fqdn: "*.myds.com"
    name: "Synology myds DDNS service"
    comment: "Created by Ansible"

- name: ADD IPv4 IP ADDRESS FQDN OBJECT
  fmgr_fwobj_address:
    ipv4: "fqdn"
    fqdn: "ansible.com"
    name: "ansible_fqdn"
    comment: "Created by Ansible"

- name: ADD IPv4 IP ADDRESS GEO OBJECT
  fmgr_fwobj_address:
    ipv4: "geography"
    country: "usa"
    name: "ansible_geo"
    comment: "Created by Ansible"

- name: ADD IPv6 ADDRESS
  fmgr_fwobj_address:
    ipv6: "ip"
    ipv6addr: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
    name: "ansible_v6Obj"
    comment: "Created by Ansible"

- name: ADD IPv6 ADDRESS RANGE
  fmgr_fwobj_address:
    ipv6: "iprange"
    start_ip: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
    end_ip: "2001:0db8:85a3:0000:0000:8a2e:0370:7446"
    name: "ansible_v6range"
    comment: "Created by Ansible"

- name: ADD IPv4 IP ADDRESS GROUP
  fmgr_fwobj_address:
    ipv4: "group"
    group_name: "ansibleIPv4Group"
    group_members: "ansible_fqdn, ansible_wildcard, ansible_range"

- name: ADD IPv6 IP ADDRESS GROUP
  fmgr_fwobj_address:
    ipv6: "group"
    group_name: "ansibleIPv6Group"
    group_members: "ansible_v6Obj, ansible_v6range"

- name: ADD MULTICAST RANGE
  fmgr_fwobj_address:
    multicast: "multicastrange"
    start_ip: "224.0.0.251"
    end_ip: "224.0.0.251"
    name: "ansible_multicastrange"
    comment: "Created by Ansible"

- name: ADD BROADCAST SUBNET
  fmgr_fwobj_address:
    multicast: "broadcastmask"
    ipv4addr: "10.7.220.0/24"
    name: "ansible_broadcastSubnet"
    comment: "Created by Ansible"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by the Ansible Community. [community]

Authors

• Luke Weighall (@lweighall)

• Andrew Welsh (@Ghilli3)

• Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.