fmgr_fwobj_ippool – Allows the editing of IP Pool Objects within FortiManager

New in version 2.8.

Synopsis

  • Allows users to add/edit/delete IP Pool Objects.

Parameters

Parameter Choices/Defaults Comments
adom
-
Default:
"root"
The ADOM the configuration should belong to.
arp_intf
-
Select an interface from available options that will reply to ARP requests. (If blank, any is selected).
arp_reply
-
    Choices:
  • disable
  • enable
Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable).
choice | disable | Disable ARP reply.
choice | enable | Enable ARP reply.
associated_interface
-
Associated interface name.
block_size
-
Number of addresses in a block (64 to 4096, default = 128).
comments
-
Comment.
dynamic_mapping
-
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameter.ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
dynamic_mapping_arp_intf
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_arp_reply
-
    Choices:
  • disable
  • enable
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_associated_interface
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_block_size
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_comments
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_endip
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_num_blocks_per_user
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_pba_timeout
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_permit_any_host
-
    Choices:
  • disable
  • enable
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_source_endip
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_source_startip
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_startip
-
Dynamic Mapping clone of original suffixed parameter.
dynamic_mapping_type
-
    Choices:
  • overload
  • one-to-one
  • fixed-port-range
  • port-block-allocation
Dynamic Mapping clone of original suffixed parameter.
endip
-
Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
mode
-
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
name
-
IP pool name.
num_blocks_per_user
-
Number of addresses blocks that can be used by a user (1 to 128, default = 8).
pba_timeout
-
Port block allocation timeout (seconds).
permit_any_host
-
    Choices:
  • disable
  • enable
Enable/disable full cone NAT.
choice | disable | Disable full cone NAT.
choice | enable | Enable full cone NAT.
source_endip
-
Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
source_startip
-
First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
startip
-
First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default| 0.0.0.0).
type
-
    Choices:
  • overload
  • one-to-one
  • fixed-port-range
  • port-block-allocation
IP pool type (overload, one-to-one, fixed port range, or port block allocation).
choice | overload | IP addresses in the IP pool can be shared by clients.
choice | one-to-one | One to one mapping.
choice | fixed-port-range | Fixed port range.
choice | port-block-allocation | Port block allocation.

Examples

- name: ADD FMGR_FIREWALL_IPPOOL Overload
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_overload"
    comments: "Created by ansible"
    type: "overload"

    # OPTIONS FOR ALL MODES
    startip: "10.10.10.10"
    endip: "10.10.10.100"
    arp_reply: "enable"

- name: ADD FMGR_FIREWALL_IPPOOL one-to-one
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_121"
    comments: "Created by ansible"
    type: "one-to-one"

    # OPTIONS FOR ALL MODES
    startip: "10.10.20.10"
    endip: "10.10.20.100"
    arp_reply: "enable"

- name: ADD FMGR_FIREWALL_IPPOOL FIXED PORT RANGE
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_fixed_port"
    comments: "Created by ansible"
    type: "fixed-port-range"

    # OPTIONS FOR ALL MODES
    startip: "10.10.40.10"
    endip: "10.10.40.100"
    arp_reply: "enable"
    # FIXED PORT RANGE OPTIONS
    source_startip: "192.168.20.1"
    source_endip: "192.168.20.20"

- name: ADD FMGR_FIREWALL_IPPOOL PORT BLOCK ALLOCATION
  fmgr_fwobj_ippool:
    mode: "add"
    adom: "ansible"
    name: "Ansible_pool4_port_block_allocation"
    comments: "Created by ansible"
    type: "port-block-allocation"

    # OPTIONS FOR ALL MODES
    startip: "10.10.30.10"
    endip: "10.10.30.100"
    arp_reply: "enable"
    # PORT BLOCK ALLOCATION OPTIONS
    block_size: "128"
    num_blocks_per_user: "1"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Status

Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.