community.fortios.fmgr_device_provision_template module – Manages Device Provisioning Templates in FortiManager.
Note
This module is part of the community.fortios collection (version 1.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.fortios
.
To use it in a playbook, specify: community.fortios.fmgr_device_provision_template
.
Parameters
Parameter |
Comments |
---|---|
Enables FortiGuard security updates to their default settings. Choices:
|
|
Configures faz target. |
|
Configures fortiguard target. admin_enable_fortiguard must be set to “direct”. |
|
Changes the admin gui theme. Choices:
|
|
Non-SSL admin gui port number. |
|
SSL admin gui port number. |
|
Enables or disables https redirect from http. Choices:
|
|
Sets the admin gui language. Choices:
|
|
Enables or disables the switch controller. Choices:
|
|
Admin timeout in minutes. |
|
The ADOM the configuration should belong to. |
|
If specified, all other options are ignored. The specified provisioning template will be deleted. |
|
The unique device’s name that you are editing. |
|
primary ipv4 dns forwarder. |
|
secondary ipv4 dns forwarder. |
|
Sets the local dns domain suffix. |
|
Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values. Choices:
|
|
Enables or disables ntp authentication. Choices:
|
|
Sets the ntp auth password. |
|
Only used with custom ntp_type – specifies IP of server to sync to – comma separated ip addresses for multiples. |
|
Enables or disables ntp. Choices:
|
|
Sets the interval in minutes for ntp sync. |
|
Enables fortiguard servers or custom servers are the ntp source. Choices:
|
|
Enables or disables ntpv3 (default is ntpv4). Choices:
|
|
The friendly names of devices in FortiManager to assign the provisioning template to. CSV separated list. |
|
The provisioning template you want to apply (default = default). |
|
defines the ssl level for smtp. Choices:
|
|
SMTP password. |
|
SMTP port number. |
|
SMTP reply to address. |
|
SMTP server ipv4 address. |
|
SMTP source ip address. |
|
SMTP auth username. |
|
Enables or disables valid certificate checking for smtp. Choices:
|
|
Enables or disables SNMP globally. Choices:
|
|
Primary key for the snmp community. this must be unique! |
|
Specifies the v2c community name. |
|
|
|
Sets the snmp v2c community query port. |
|
Enables or disables the v2c community specified for queries. Choices:
|
|
Enables or disables the v2c community specified. Choices:
|
|
|
|
Sets the snmp v2c community trap port. |
|
Source ip the traps should come from IPv4. |
|
Enables or disables the v2c community specified for traps. Choices:
|
|
SNMPv3 auth protocol. Choices:
|
|
SNMPv3 auth pwd __ currently not encrypted! ensure this file is locked down permissions wise! |
|
SNMPv3 user name. |
|
List of ipv4 hosts to send snmpv3 traps to. Comma separated IPv4 list. |
|
SNMPv3 priv protocol. Choices:
|
|
SNMPv3 priv pwd currently not encrypted! ensure this file is locked down permissions wise! |
|
Allow snmpv3_queries. Choices:
|
|
SNMPv3 query port. |
|
SNMPv3 security level. Choices:
|
|
SNMPv3 source ipv4 address for traps. |
|
SNMPv3 user is enabled or disabled. Choices:
|
|
SNMPv3 trap remote port. |
|
SNMPv3 traps is enabled or disabled. Choices:
|
|
Certificate used to communicate with Syslog server if encryption on. |
|
Enable/disable reliable syslogging with TLS encryption. choice | high | SSL communication with high encryption algorithms. choice | low | SSL communication with low encryption algorithms. choice | disable | Disable SSL communication. choice | high-medium | SSL communication with high and medium encryption algorithms. Choices:
|
|
Remote syslog facility. choice | kernel | Kernel messages. choice | user | Random user-level messages. choice | mail | Mail system. choice | daemon | System daemons. choice | auth | Security/authorization messages. choice | syslog | Messages generated internally by syslog. choice | lpr | Line printer subsystem. choice | news | Network news subsystem. choice | uucp | Network news subsystem. choice | cron | Clock daemon. choice | authpriv | Security/authorization messages (private). choice | ftp | FTP daemon. choice | ntp | NTP daemon. choice | audit | Log audit. choice | alert | Log alert. choice | clock | Clock daemon. choice | local0 | Reserved for local use. choice | local1 | Reserved for local use. choice | local2 | Reserved for local use. choice | local3 | Reserved for local use. choice | local4 | Reserved for local use. choice | local5 | Reserved for local use. choice | local6 | Reserved for local use. choice | local7 | Reserved for local use. Choices:
|
|
Sets the logging level for syslog. Choices:
|
|
Remote syslog logging over UDP/Reliable TCP. choice | udp | Enable syslogging over UDP. choice | legacy-reliable | Enable legacy reliable syslogging by RFC3195 (Reliable Delivery for Syslog). choice | reliable | Enable reliable syslogging by RFC6587 (Transmission of Syslog Messages over TCP). Choices:
|
|
Syslog port that will be set. |
|
Server the syslogs will be sent to. |
|
Enables or disables syslogs. Choices:
|
Notes
Note
Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: SET SNMP SYSTEM INFO
community.fortios.fmgr_device_provision_template:
provisioning_template: "default"
snmp_status: "enable"
mode: "set"
- name: SET SNMP SYSTEM INFO ANSIBLE ADOM
community.fortios.fmgr_device_provision_template:
provisioning_template: "default"
snmp_status: "enable"
mode: "set"
adom: "ansible"
- name: SET SNMP SYSTEM INFO different template (SNMPv2)
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
snmp_status: "enable"
mode: "set"
adom: "ansible"
snmp_v2c_query_port: "162"
snmp_v2c_trap_port: "161"
snmp_v2c_status: "enable"
snmp_v2c_trap_status: "enable"
snmp_v2c_query_status: "enable"
snmp_v2c_name: "ansibleV2c"
snmp_v2c_id: "1"
snmp_v2c_trap_src_ipv4: "10.7.220.41"
snmp_v2c_trap_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255"
snmp_v2c_query_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.0 255.255.255.0"
- name: SET SNMP SYSTEM INFO different template (SNMPv3)
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
snmp_status: "enable"
mode: "set"
adom: "ansible"
snmpv3_auth_proto: "sha"
snmpv3_auth_pwd: "fortinet"
snmpv3_name: "ansibleSNMPv3"
snmpv3_notify_hosts: "10.7.220.59,10.7.220.60"
snmpv3_priv_proto: "aes256"
snmpv3_priv_pwd: "fortinet"
snmpv3_queries: "enable"
snmpv3_query_port: "161"
snmpv3_security_level: "auth_priv"
snmpv3_source_ip: "0.0.0.0"
snmpv3_status: "enable"
snmpv3_trap_rport: "162"
snmpv3_trap_status: "enable"
- name: SET SYSLOG INFO
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
syslog_server: "10.7.220.59"
syslog_port: "514"
syslog_mode: "disable"
syslog_status: "enable"
syslog_filter: "information"
- name: SET NTP TO FORTIGUARD
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
ntp_status: "enable"
ntp_sync_interval: "60"
type: "fortiguard"
- name: SET NTP TO CUSTOM SERVER
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
ntp_status: "enable"
ntp_sync_interval: "60"
ntp_type: "custom"
ntp_server: "10.7.220.32,10.7.220.1"
ntp_auth: "enable"
ntp_auth_pwd: "fortinet"
ntp_v3: "disable"
- name: SET ADMIN GLOBAL SETTINGS
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
admin_https_redirect: "enable"
admin_https_port: "4433"
admin_http_port: "8080"
admin_timeout: "30"
admin_language: "english"
admin_switch_controller: "enable"
admin_gui_theme: "blue"
admin_enable_fortiguard: "direct"
admin_fortiguard_target: "10.7.220.128"
admin_fortianalyzer_target: "10.7.220.61"
- name: SET CUSTOM SMTP SERVER
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
smtp_username: "ansible"
smtp_password: "fortinet"
smtp_port: "25"
smtp_replyto: "[email protected]"
smtp_conn_sec: "starttls"
smtp_server: "10.7.220.32"
smtp_source_ipv4: "0.0.0.0"
smtp_validate_cert: "disable"
- name: SET DNS SERVERS
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
dns_suffix: "ansible.local"
dns_primary_ipv4: "8.8.8.8"
dns_secondary_ipv4: "4.4.4.4"
- name: SET PROVISIONING TEMPLATE DEVICE TARGETS IN FORTIMANAGER
community.fortios.fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
provision_targets: "FGT1, FGT2"
- name: DELETE ENTIRE PROVISIONING TEMPLATE
community.fortios.fmgr_device_provision_template:
delete_provisioning_template: "ansibleTest"
mode: "delete"
adom: "ansible"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
full API response, includes status code and message Returned: always |
Authors
Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)