community.fortios.fmgr_secprof_ips – Managing IPS security profiles in FortiManager

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_secprof_ips.

Synopsis

  • Managing IPS security profiles in FortiManager

Parameters

Parameter

Comments

adom

string

The ADOM the configuration should belong to.

Default: “root”

block_malicious_url

string

Enable/disable malicious URL blocking.

Choices:

  • disable

  • enable

comment

string

Comment.

entries

string

EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!

List of multiple child objects to be added. Expects a list of dictionaries.

Dictionaries must use FortiManager API parameters, not the ansible ones listed below.

If submitted, all other prefixed sub-parameters ARE IGNORED.

This object is MUTUALLY EXCLUSIVE with its options.

We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.

WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS

entries_action

string

Action taken with traffic in which signatures are detected.

Choices:

  • pass

  • block

  • reset

  • default

entries_application

string

Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.

entries_exempt_ip_dst_ip

string

Destination IP address and netmask.

entries_exempt_ip_src_ip

string

Source IP address and netmask.

entries_location

string

Protect client or server traffic.

entries_log

string

Enable/disable logging of signatures included in filter.

Choices:

  • disable

  • enable

entries_log_attack_context

string

Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer.

Choices:

  • disable

  • enable

entries_log_packet

string

Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.

Choices:

  • disable

  • enable

entries_os

string

Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.

entries_protocol

string

Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.

entries_quarantine

string

Quarantine method.

Choices:

  • none

  • attacker

entries_quarantine_expiry

string

Duration of quarantine.

entries_quarantine_log

string

Enable/disable quarantine logging.

Choices:

  • disable

  • enable

entries_rate_count

string

Count of the rate.

entries_rate_duration

string

Duration (sec) of the rate.

entries_rate_mode

string

Rate limit mode.

Choices:

  • periodical

  • continuous

entries_rate_track

string

Track the packet protocol field.

Choices:

  • none

  • src-ip

  • dest-ip

  • dhcp-client-mac

  • dns-domain

entries_rule

string

Identifies the predefined or custom IPS signatures to add to the sensor.

entries_severity

string

Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.

entries_status

string

Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.

Choices:

  • disable

  • enable

  • default

extended_log

string

Enable/disable extended logging.

Choices:

  • disable

  • enable

filter

string

EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!

List of multiple child objects to be added. Expects a list of dictionaries.

Dictionaries must use FortiManager API parameters, not the ansible ones listed below.

If submitted, all other prefixed sub-parameters ARE IGNORED.

This object is MUTUALLY EXCLUSIVE with its options.

We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.

WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS

filter_action

string

Action of selected rules.

Choices:

  • pass

  • block

  • default

  • reset

filter_application

string

Vulnerable application filter.

filter_location

string

Vulnerability location filter.

filter_log

string

Enable/disable logging of selected rules.

Choices:

  • disable

  • enable

filter_log_packet

string

Enable/disable packet logging of selected rules.

Choices:

  • disable

  • enable

filter_name

string

Filter name.

filter_os

string

Vulnerable OS filter.

filter_protocol

string

Vulnerable protocol filter.

filter_quarantine

string

Quarantine IP or interface.

Choices:

  • none

  • attacker

filter_quarantine_expiry

string

Duration of quarantine in minute.

filter_quarantine_log

string

Enable/disable logging of selected quarantine.

Choices:

  • disable

  • enable

filter_severity

string

Vulnerability severity filter.

filter_status

string

Selected rules status.

Choices:

  • disable

  • enable

  • default

mode

string

Sets one of three modes for managing the object.

Allows use of soft-adds instead of overwriting existing values

Choices:

  • add ← (default)

  • set

  • delete

  • update

name

string

Sensor name.

override

string

EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!

List of multiple child objects to be added. Expects a list of dictionaries.

Dictionaries must use FortiManager API parameters, not the ansible ones listed below.

If submitted, all other prefixed sub-parameters ARE IGNORED.

This object is MUTUALLY EXCLUSIVE with its options.

We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.

WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS

override_action

string

Action of override rule.

Choices:

  • pass

  • block

  • reset

override_exempt_ip_dst_ip

string

Destination IP address and netmask.

override_exempt_ip_src_ip

string

Source IP address and netmask.

override_log

string

Enable/disable logging.

Choices:

  • disable

  • enable

override_log_packet

string

Enable/disable packet logging.

Choices:

  • disable

  • enable

override_quarantine

string

Quarantine IP or interface.

Choices:

  • none

  • attacker

override_quarantine_expiry

string

Duration of quarantine in minute.

override_quarantine_log

string

Enable/disable logging of selected quarantine.

Choices:

  • disable

  • enable

override_rule_id

string

Override rule ID.

override_status

string

Enable/disable status of override rule.

Choices:

  • disable

  • enable

replacemsg_group

string

Replacement message group.

Examples

- name: DELETE Profile
  community.fortios.fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  community.fortios.fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_malicious_url: "enable"
    entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_result

string

full API response, includes status code and message

Returned: always

Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)