fortinet.fortimanager.fmgr_system_fortiguard – Configure FortiGuard services.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_fortiguard.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

adom

string / required

the parameter (adom) in requested url

bypass_validation

boolean

only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters

Choices:

  • no ← (default)

  • yes

enable_log

boolean

Enable/Disable logging for task

Choices:

  • no ← (default)

  • yes

proposed_method

string

The overridden method for the underlying Json RPC request

Choices:

  • update

  • set

  • add

rc_failed

list / elements=string

the rc codes list with which the conditions to fail will be overriden

rc_succeeded

list / elements=string

the rc codes list with which the conditions to succeed will be overriden

state

string / required

the directive to create, update or delete an object

Choices:

  • present

  • absent

system_fortiguard

dictionary

the top level parameters set

antispam-cache

string

Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance.

Choices:

  • disable

  • enable

antispam-cache-mpercent

integer

Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%).

antispam-cache-ttl

integer

Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve …

antispam-expiration

integer

Antispam-Expiration.

antispam-force-off

string

Enable/disable turning off the FortiGuard antispam service.

Choices:

  • disable

  • enable

antispam-license

integer

Antispam-License.

antispam-timeout

integer

Antispam query time out (1 - 30 sec, default = 7).

anycast-sdns-server-ip

string

IP address of the FortiGuard anycast DNS rating server.

anycast-sdns-server-port

integer

Port to connect to on the FortiGuard anycast DNS rating server.

auto-join-forticloud

string

Automatically connect to and login to FortiCloud.

Choices:

  • disable

  • enable

ddns-server-ip

string

IP address of the FortiDDNS server.

ddns-server-port

integer

Port used to communicate with FortiDDNS servers.

fortiguard-anycast

string

Enable/disable use of FortiGuards anycast network.

Choices:

  • disable

  • enable

fortiguard-anycast-source

string

Configure which of Fortinets servers to provide FortiGuard services in FortiGuards anycast network. Default is Fortinet.

Choices:

  • fortinet

  • aws

  • debug

interface

string

Specify outgoing interface to reach server.

interface-select-method

string

Specify how to select outgoing interface to reach server.

Choices:

  • auto

  • sdwan

  • specify

load-balance-servers

integer

Number of servers to alternate between as first FortiGuard option.

outbreak-prevention-cache

string

Enable/disable FortiGuard Virus Outbreak Prevention cache.

Choices:

  • disable

  • enable

outbreak-prevention-cache-mpercent

integer

Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%, default = 2).

outbreak-prevention-cache-ttl

integer

Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec, default = 300).

outbreak-prevention-expiration

integer

Outbreak-Prevention-Expiration.

outbreak-prevention-force-off

string

Turn off FortiGuard Virus Outbreak Prevention service.

Choices:

  • disable

  • enable

outbreak-prevention-license

integer

Outbreak-Prevention-License.

outbreak-prevention-timeout

integer

FortiGuard Virus Outbreak Prevention time out (1 - 30 sec, default = 7).

persistent-connection

string

Enable/disable use of persistent connection to receive update notification from FortiGuard.

Choices:

  • disable

  • enable

port

string

Port used to communicate with the FortiGuard servers.

Choices:

  • 53

  • 80

  • 8888

  • 443

protocol

string

Protocol used to communicate with the FortiGuard servers.

Choices:

  • udp

  • http

  • https

proxy-password

string

Proxy user password.

proxy-server-ip

string

IP address of the proxy server.

proxy-server-port

integer

Port used to communicate with the proxy server.

proxy-username

string

Proxy user name.

sandbox-region

string

Cloud sandbox region.

sdns-options

list / elements=string

Customization options for the FortiGuard DNS service.

Choices:

  • include-question-section

sdns-server-ip

string

IP address of the FortiDNS server.

sdns-server-port

integer

Port used to communicate with FortiDNS servers.

service-account-id

string

Service account ID.

source-ip

string

Source IPv4 address used to communicate with FortiGuard.

source-ip6

string

Source IPv6 address used to communicate with FortiGuard.

update-build-proxy

string

Enable/disable proxy dictionary rebuild.

Choices:

  • disable

  • enable

update-extdb

string

Enable/disable external resource update.

Choices:

  • disable

  • enable

update-ffdb

string

Enable/disable Internet Service Database update.

Choices:

  • disable

  • enable

update-server-location

string

Signature update server location.

Choices:

  • any

  • usa

update-uwdb

string

Enable/disable allowlist update.

Choices:

  • disable

  • enable

videofilter-expiration

integer

Videofilter-Expiration.

videofilter-license

integer

Videofilter-License.

webfilter-cache

string

Enable/disable FortiGuard web filter caching.

Choices:

  • disable

  • enable

webfilter-cache-ttl

integer

Time-to-live for web filter cache entries in seconds (300 - 86400).

webfilter-expiration

integer

Webfilter-Expiration.

webfilter-force-off

string

Enable/disable turning off the FortiGuard web filtering service.

Choices:

  • disable

  • enable

webfilter-license

integer

Webfilter-License.

webfilter-timeout

integer

Web filter query time out (1 - 30 sec, default = 7).

workspace_locking_adom

string

the adom to lock for FortiManager running in workspace mode, the value can be global and others including root

workspace_locking_timeout

integer

the maximum time in seconds to wait for other user to release the workspace lock

Default: 300

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure FortiGuard services.
     fmgr_system_fortiguard:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        system_fortiguard:
           antispam-cache: <value in [disable, enable]>
           antispam-cache-mpercent: <value of integer>
           antispam-cache-ttl: <value of integer>
           antispam-expiration: <value of integer>
           antispam-force-off: <value in [disable, enable]>
           antispam-license: <value of integer>
           antispam-timeout: <value of integer>
           auto-join-forticloud: <value in [disable, enable]>
           ddns-server-ip: <value of string>
           ddns-server-port: <value of integer>
           load-balance-servers: <value of integer>
           outbreak-prevention-cache: <value in [disable, enable]>
           outbreak-prevention-cache-mpercent: <value of integer>
           outbreak-prevention-cache-ttl: <value of integer>
           outbreak-prevention-expiration: <value of integer>
           outbreak-prevention-force-off: <value in [disable, enable]>
           outbreak-prevention-license: <value of integer>
           outbreak-prevention-timeout: <value of integer>
           port: <value in [53, 80, 8888, ...]>
           sdns-server-ip: <value of string>
           sdns-server-port: <value of integer>
           service-account-id: <value of string>
           source-ip: <value of string>
           source-ip6: <value of string>
           update-server-location: <value in [any, usa]>
           webfilter-cache: <value in [disable, enable]>
           webfilter-cache-ttl: <value of integer>
           webfilter-expiration: <value of integer>
           webfilter-force-off: <value in [disable, enable]>
           webfilter-license: <value of integer>
           webfilter-timeout: <value of integer>
           protocol: <value in [udp, http, https]>
           proxy-password: <value of string>
           proxy-server-ip: <value of string>
           proxy-server-port: <value of integer>
           proxy-username: <value of string>
           sandbox-region: <value of string>
           fortiguard-anycast: <value in [disable, enable]>
           fortiguard-anycast-source: <value in [fortinet, aws, debug]>
           interface: <value of string>
           interface-select-method: <value in [auto, sdwan, specify]>
           sdns-options:
             - include-question-section
           anycast-sdns-server-ip: <value of string>
           anycast-sdns-server-port: <value of integer>
           persistent-connection: <value in [disable, enable]>
           update-build-proxy: <value in [disable, enable]>
           update-extdb: <value in [disable, enable]>
           update-ffdb: <value in [disable, enable]>
           update-uwdb: <value in [disable, enable]>
           videofilter-expiration: <value of integer>
           videofilter-license: <value of integer>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

request_url

string

The full url requested

Returned: always

Sample: “/sys/login/user”

response_code

integer

The status of api request

Returned: always

Sample: 0

response_message

string

The descriptive message of the api response

Returned: always

Sample: “OK.”

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)