community.fortios.fmgr_secprof_ips – Managing IPS security profiles in FortiManager
Note
This plugin is part of the community.fortios collection (version 1.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.fortios
.
To use it in a playbook, specify: community.fortios.fmgr_secprof_ips
.
Parameters
Parameter |
Comments |
---|---|
The ADOM the configuration should belong to. Default: “root” |
|
Enable/disable malicious URL blocking. Choices:
|
|
Comment. |
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS |
|
Action taken with traffic in which signatures are detected. Choices:
|
|
Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. |
|
Destination IP address and netmask. |
|
Source IP address and netmask. |
|
Protect client or server traffic. |
|
Enable/disable logging of signatures included in filter. Choices:
|
|
Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer. Choices:
|
|
Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. Choices:
|
|
Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. |
|
Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. |
|
Quarantine method. Choices:
|
|
Duration of quarantine. |
|
Enable/disable quarantine logging. Choices:
|
|
Count of the rate. |
|
Duration (sec) of the rate. |
|
Rate limit mode. Choices:
|
|
Track the packet protocol field. Choices:
|
|
Identifies the predefined or custom IPS signatures to add to the sensor. |
|
Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. |
|
Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. Choices:
|
|
Enable/disable extended logging. Choices:
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS |
|
Action of selected rules. Choices:
|
|
Vulnerable application filter. |
|
Vulnerability location filter. |
|
Enable/disable logging of selected rules. Choices:
|
|
Enable/disable packet logging of selected rules. Choices:
|
|
Filter name. |
|
Vulnerable OS filter. |
|
Vulnerable protocol filter. |
|
Quarantine IP or interface. Choices:
|
|
Duration of quarantine in minute. |
|
Enable/disable logging of selected quarantine. Choices:
|
|
Vulnerability severity filter. |
|
Selected rules status. Choices:
|
|
Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values Choices:
|
|
Sensor name. |
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS |
|
Action of override rule. Choices:
|
|
Destination IP address and netmask. |
|
Source IP address and netmask. |
|
Enable/disable logging. Choices:
|
|
Enable/disable packet logging. Choices:
|
|
Quarantine IP or interface. Choices:
|
|
Duration of quarantine in minute. |
|
Enable/disable logging of selected quarantine. Choices:
|
|
Override rule ID. |
|
Enable/disable status of override rule. Choices:
|
|
Replacement message group. |
Notes
Note
Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile
community.fortios.fmgr_secprof_ips:
name: "Ansible_IPS_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
community.fortios.fmgr_secprof_ips:
name: "Ansible_IPS_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
block_malicious_url: "enable"
entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
full API response, includes status code and message Returned: always |
Authors
Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)