fortinet.fortios.fortios_firewall_mms_profile module – Configure MMS profiles in Fortinet’s FortiOS and FortiGate.

Note

This module is part of the fortinet.fortios collection (version 2.1.6).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_firewall_mms_profile.

New in version 2.0.0: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter

Comments

access_token

string

Token-based authentication. Generated from GUI of Fortigate.

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • no ← (default)

  • yes

firewall_mms_profile

dictionary

Configure MMS profiles.

avnotificationtable

integer

AntiVirus notification table ID. Source antivirus.notification.id.

bwordtable

integer

MMS banned word table ID. Source webfilter.content.id.

carrier_endpoint_prefix

string

Enable/disable prefixing of end point values.

Choices:

  • enable

  • disable

carrier_endpoint_prefix_range_max

integer

Maximum length of end point value that can be prefixed (1 - 48).

carrier_endpoint_prefix_range_min

integer

Minimum end point length to be prefixed (1 - 48).

carrier_endpoint_prefix_string

string

String with which to prefix End point values.

carrierendpointbwltable

integer

Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id.

comment

string

Comment.

dupe

list / elements=dictionary

Duplicate configuration.

action1

list / elements=string

Action to take when threshold reached.

Choices:

  • block

  • archive

  • log

  • archive-first

  • alert-notif

action2

list / elements=string

Action to take when threshold reached.

Choices:

  • block

  • archive

  • log

  • archive-first

  • alert-notif

action3

list / elements=string

Action to take when threshold reached.

Choices:

  • block

  • archive

  • log

  • archive-first

  • alert-notif

block_time1

integer

Duration for which action takes effect (0 - 35791 min).

block_time2

integer

Duration for which action takes effect (0 - 35791 min).

block_time3

integer

Duration action takes effect (0 - 35791 min).

limit1

integer

Maximum number of messages allowed.

limit2

integer

Maximum number of messages allowed.

limit3

integer

Maximum number of messages allowed.

protocol

string / required

Protocol.

status1

string

Enable/disable status1 detection.

Choices:

  • enable

  • disable

status2

string

Enable/disable status2 detection.

Choices:

  • enable

  • disable

status3

string

Enable/disable status3 detection.

Choices:

  • enable

  • disable

window1

integer

Window to count messages over (1 - 2880 min).

window2

integer

Window to count messages over (1 - 2880 min).

window3

integer

Window to count messages over (1 - 2880 min).

extended_utm_log

string

Enable/disable detailed UTM log messages.

flood

list / elements=dictionary

Flood configuration.

action1

list / elements=string

Action to take when threshold reached.

Choices:

  • block

  • archive

  • log

  • archive-first

  • alert-notif

action2

list / elements=string

Action to take when threshold reached.

Choices:

  • block

  • archive

  • log

  • archive-first

  • alert-notif

action3

list / elements=string

Action to take when threshold reached.

Choices:

  • block

  • archive

  • log

  • archive-first

  • alert-notif

block_time1

integer

Duration for which action takes effect (0 - 35791 min).

block_time2

integer

Duration for which action takes effect (0 - 35791 min).

block_time3

integer

Duration action takes effect (0 - 35791 min).

limit1

integer

Maximum number of messages allowed.

limit2

integer

Maximum number of messages allowed.

limit3

integer

Maximum number of messages allowed.

protocol

string / required

Protocol.

status1

string

Enable/disable status1 detection.

Choices:

  • enable

  • disable

status2

string

Enable/disable status2 detection.

Choices:

  • enable

  • disable

status3

string

Enable/disable status3 detection.

Choices:

  • enable

  • disable

window1

integer

Window to count messages over (1 - 2880 min).

window2

integer

Window to count messages over (1 - 2880 min).

window3

integer

Window to count messages over (1 - 2880 min).

mm1

list / elements=string

MM1 options.

Choices:

  • avmonitor

  • oversize

  • quarantine

  • scan

  • bannedword

  • chunkedbypass

  • clientcomfort

  • servercomfort

  • carrier-endpoint-bwl

  • remove-blocked

  • mms-checksum

mm1_addr_hdr

string

HTTP header field (for MM1) containing user address.

mm1_addr_source

string

Source for MM1 user address.

Choices:

  • http-header

  • cookie

mm1_convert_hex

string

Enable/disable converting user address from HEX string for MM1.

Choices:

  • enable

  • disable

mm1_outbreak_prevention

string

Enable Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

mm1_retr_dupe

string

Enable/disable duplicate scanning of MM1 retr.

Choices:

  • enable

  • disable

mm1_retrieve_scan

string

Enable/disable scanning on MM1 retrieve configuration messages.

Choices:

  • enable

  • disable

mm1comfortamount

integer

MM1 comfort amount (0 - 4294967295).

mm1comfortinterval

integer

MM1 comfort interval (0 - 4294967295).

mm1oversizelimit

integer

Maximum file size to scan (1 - 819200 kB).

mm3

list / elements=string

MM3 options.

Choices:

  • avmonitor

  • oversize

  • quarantine

  • scan

  • bannedword

  • fragmail

  • splice

  • carrier-endpoint-bwl

  • remove-blocked

  • mms-checksum

mm3_outbreak_prevention

string

Enable Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

mm3oversizelimit

integer

Maximum file size to scan (1 - 819200 kB).

mm4

list / elements=string

MM4 options.

Choices:

  • avmonitor

  • oversize

  • quarantine

  • scan

  • bannedword

  • fragmail

  • splice

  • carrier-endpoint-bwl

  • remove-blocked

  • mms-checksum

mm4_outbreak_prevention

string

Enable Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

mm4oversizelimit

integer

Maximum file size to scan (1 - 819200 kB).

mm7

list / elements=string

MM7 options.

Choices:

  • avmonitor

  • oversize

  • quarantine

  • scan

  • bannedword

  • chunkedbypass

  • clientcomfort

  • servercomfort

  • carrier-endpoint-bwl

  • remove-blocked

  • mms-checksum

mm7_addr_hdr

string

HTTP header field (for MM7) containing user address.

mm7_addr_source

string

Source for MM7 user address.

Choices:

  • http-header

  • cookie

mm7_convert_hex

string

Enable/disable conversion of user address from HEX string for MM7.

Choices:

  • enable

  • disable

mm7_outbreak_prevention

string

Enable Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

mm7comfortamount

integer

MM7 comfort amount (0 - 4294967295).

mm7comfortinterval

integer

MM7 comfort interval (0 - 4294967295).

mm7oversizelimit

integer

Maximum file size to scan (1 - 819200 kB).

mms_antispam_mass_log

string

Enable/disable logging for MMS antispam mass.

Choices:

  • enable

  • disable

mms_av_block_log

string

Enable/disable logging for MMS antivirus file blocking.

Choices:

  • enable

  • disable

mms_av_oversize_log

string

Enable/disable logging for MMS antivirus oversize file blocking.

Choices:

  • enable

  • disable

mms_av_virus_log

string

Enable/disable logging for MMS antivirus scanning.

Choices:

  • enable

  • disable

mms_carrier_endpoint_filter_log

string

Enable/disable logging for MMS end point filter blocking.

Choices:

  • enable

  • disable

mms_checksum_log

string

Enable/disable MMS content checksum logging.

Choices:

  • enable

  • disable

mms_checksum_table

integer

MMS content checksum table ID. Source antivirus.mms-checksum.id.

mms_notification_log

string

Enable/disable logging for MMS notification messages.

Choices:

  • enable

  • disable

mms_web_content_log

string

Enable/disable logging for MMS web content blocking.

Choices:

  • enable

  • disable

mmsbwordthreshold

integer

MMS banned word threshold.

name

string / required

Profile name.

notif_msisdn

list / elements=dictionary

Notification for MSISDNs.

msisdn

string / required

Recipient MSISDN.

threshold

string

Thresholds on which this MSISDN will receive an alert.

Choices:

  • flood-thresh-1

  • flood-thresh-2

  • flood-thresh-3

  • dupe-thresh-1

  • dupe-thresh-2

  • dupe-thresh-3

notification

list / elements=dictionary

Notification configuration.

alert_int

integer

Alert notification send interval.

alert_int_mode

string

Alert notification interval mode.

Choices:

  • hours

  • minutes

alert_src_msisdn

string

Specify from address for alert messages.

alert_status

string

Alert notification status.

Choices:

  • enable

  • disable

bword_int

integer

Banned word notification send interval.

bword_int_mode

string

Banned word notification interval mode.

Choices:

  • hours

  • minutes

bword_status

string

Banned word notification status.

Choices:

  • enable

  • disable

carrier_endpoint_bwl_int

integer

Carrier end point black/white list notification send interval.

carrier_endpoint_bwl_int_mode

string

Carrier end point black/white list notification interval mode.

Choices:

  • hours

  • minutes

carrier_endpoint_bwl_status

string

Carrier end point black/white list notification status.

Choices:

  • enable

  • disable

days_allowed

list / elements=string

Weekdays on which notification messages may be sent.

Choices:

  • sunday

  • monday

  • tuesday

  • wednesday

  • thursday

  • friday

  • saturday

detect_server

string

Enable/disable automatic server address determination.

Choices:

  • enable

  • disable

dupe_int

integer

Duplicate notification send interval.

dupe_int_mode

string

Duplicate notification interval mode.

Choices:

  • hours

  • minutes

dupe_status

string

Duplicate notification status.

Choices:

  • enable

  • disable

file_block_int

integer

File block notification send interval.

file_block_int_mode

string

File block notification interval mode.

Choices:

  • hours

  • minutes

file_block_status

string

File block notification status.

Choices:

  • enable

  • disable

flood_int

integer

Flood notification send interval.

flood_int_mode

string

Flood notification interval mode.

Choices:

  • hours

  • minutes

flood_status

string

Flood notification status.

Choices:

  • enable

  • disable

from_in_header

string

Enable/disable insertion of from address in HTTP header.

Choices:

  • enable

  • disable

mms_checksum_int

integer

MMS checksum notification send interval.

mms_checksum_int_mode

string

MMS checksum notification interval mode.

Choices:

  • hours

  • minutes

mms_checksum_status

string

MMS checksum notification status.

Choices:

  • enable

  • disable

mmsc_hostname

string

Host name or IP address of the MMSC.

mmsc_password

string

Password required for authentication with the MMSC.

mmsc_port

integer

Port used on the MMSC for sending MMS messages (1 - 65535).

mmsc_url

string

URL used on the MMSC for sending MMS messages.

mmsc_username

string

User name required for authentication with the MMSC.

msg_protocol

string

Protocol to use for sending notification messages.

Choices:

  • mm1

  • mm3

  • mm4

  • mm7

msg_type

string

MM7 message type.

Choices:

  • submit-req

  • deliver-req

protocol

string / required

Protocol.

rate_limit

integer

Rate limit for sending notification messages (0 - 250).

tod_window_duration

string

Time of day window duration.

tod_window_end

string

Obsolete.

tod_window_start

string

Time of day window start.

user_domain

string

Domain name to which the user addresses belong.

vas_id

string

VAS identifier.

vasp_id

string

VASP identifier.

virus_int

integer

Virus notification send interval.

virus_int_mode

string

Virus notification interval mode.

Choices:

  • hours

  • minutes

virus_status

string

Virus notification status.

Choices:

  • enable

  • disable

outbreak_prevention

dictionary

Configure Virus Outbreak Prevention settings.

external_blocklist

string

Enable/disable external malware blocklist.

Choices:

  • disable

  • enable

ftgd_service

string

Enable/disable FortiGuard Virus outbreak prevention service.

Choices:

  • disable

  • enable

remove_blocked_const_length

string

Enable/disable MMS replacement of blocked file constant length.

Choices:

  • enable

  • disable

replacemsg_group

string

Replacement message group. Source system.replacemsg-group.name.

member_path

string

Member attribute path to operate on.

Delimited by a slash character if there are more than one attribute.

Parameter marked with member_path is legitimate for doing member operation.

member_state

string

Add or delete a member under specified attribute path.

When member_state is specified, the state option is ignored.

Choices:

  • present

  • absent

state

string / required

Indicates whether to create or remove the object.

Choices:

  • present

  • absent

vdom

string

Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Default: “root”

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure MMS profiles.
    fortios_firewall_mms_profile:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      firewall_mms_profile:
        avnotificationtable: "3 (source antivirus.notification.id)"
        bwordtable: "4 (source webfilter.content.id)"
        carrier_endpoint_prefix: "enable"
        carrier_endpoint_prefix_range_max: "6"
        carrier_endpoint_prefix_range_min: "7"
        carrier_endpoint_prefix_string: "<your_own_value>"
        carrierendpointbwltable: "9 (source firewall.carrier-endpoint-bwl.id)"
        comment: "Comment."
        dupe:
         -
            action1: "block"
            action2: "block"
            action3: "block"
            block_time1: "15"
            block_time2: "16"
            block_time3: "17"
            limit1: "18"
            limit2: "19"
            limit3: "20"
            protocol: "<your_own_value>"
            status1: "enable"
            status2: "enable"
            status3: "enable"
            window1: "25"
            window2: "26"
            window3: "27"
        extended_utm_log: "<your_own_value>"
        flood:
         -
            action1: "block"
            action2: "block"
            action3: "block"
            block_time1: "33"
            block_time2: "34"
            block_time3: "35"
            limit1: "36"
            limit2: "37"
            limit3: "38"
            protocol: "<your_own_value>"
            status1: "enable"
            status2: "enable"
            status3: "enable"
            window1: "43"
            window2: "44"
            window3: "45"
        mm1: "avmonitor"
        mm1_addr_hdr: "<your_own_value>"
        mm1_addr_source: "http-header"
        mm1_convert_hex: "enable"
        mm1_outbreak_prevention: "disabled"
        mm1_retr_dupe: "enable"
        mm1_retrieve_scan: "enable"
        mm1comfortamount: "53"
        mm1comfortinterval: "54"
        mm1oversizelimit: "55"
        mm3: "avmonitor"
        mm3_outbreak_prevention: "disabled"
        mm3oversizelimit: "58"
        mm4: "avmonitor"
        mm4_outbreak_prevention: "disabled"
        mm4oversizelimit: "61"
        mm7: "avmonitor"
        mm7_addr_hdr: "<your_own_value>"
        mm7_addr_source: "http-header"
        mm7_convert_hex: "enable"
        mm7_outbreak_prevention: "disabled"
        mm7comfortamount: "67"
        mm7comfortinterval: "68"
        mm7oversizelimit: "69"
        mms_antispam_mass_log: "enable"
        mms_av_block_log: "enable"
        mms_av_oversize_log: "enable"
        mms_av_virus_log: "enable"
        mms_carrier_endpoint_filter_log: "enable"
        mms_checksum_log: "enable"
        mms_checksum_table: "76 (source antivirus.mms-checksum.id)"
        mms_notification_log: "enable"
        mms_web_content_log: "enable"
        mmsbwordthreshold: "79"
        name: "default_name_80"
        notif_msisdn:
         -
            msisdn: "<your_own_value>"
            threshold: "flood-thresh-1"
        notification:
         -
            alert_int: "85"
            alert_int_mode: "hours"
            alert_src_msisdn: "<your_own_value>"
            alert_status: "enable"
            bword_int: "89"
            bword_int_mode: "hours"
            bword_status: "enable"
            carrier_endpoint_bwl_int: "92"
            carrier_endpoint_bwl_int_mode: "hours"
            carrier_endpoint_bwl_status: "enable"
            days_allowed: "sunday"
            detect_server: "enable"
            dupe_int: "97"
            dupe_int_mode: "hours"
            dupe_status: "enable"
            file_block_int: "100"
            file_block_int_mode: "hours"
            file_block_status: "enable"
            flood_int: "103"
            flood_int_mode: "hours"
            flood_status: "enable"
            from_in_header: "enable"
            mms_checksum_int: "107"
            mms_checksum_int_mode: "hours"
            mms_checksum_status: "enable"
            mmsc_hostname: "myhostname"
            mmsc_password: "<your_own_value>"
            mmsc_port: "112"
            mmsc_url: "<your_own_value>"
            mmsc_username: "<your_own_value>"
            msg_protocol: "mm1"
            msg_type: "submit-req"
            protocol: "<your_own_value>"
            rate_limit: "118"
            tod_window_duration: "<your_own_value>"
            tod_window_end: "<your_own_value>"
            tod_window_start: "<your_own_value>"
            user_domain: "<your_own_value>"
            vas_id: "<your_own_value>"
            vasp_id: "<your_own_value>"
            virus_int: "125"
            virus_int_mode: "hours"
            virus_status: "enable"
        outbreak_prevention:
            external_blocklist: "disable"
            ftgd_service: "disable"
        remove_blocked_const_length: "enable"
        replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

build

string

Build number of the fortigate image

Returned: always

Sample: “1547”

http_method

string

Last method used to provision the content into FortiGate

Returned: always

Sample: “PUT”

http_status

string

Last result given by FortiGate on last operation applied

Returned: always

Sample: “200”

mkey

string

Master key (id) used in the last call to FortiGate

Returned: success

Sample: “id”

name

string

Name of the table used to fulfill the request

Returned: always

Sample: “urlfilter”

path

string

Path of the table used to fulfill the request

Returned: always

Sample: “webfilter”

revision

string

Internal revision number

Returned: always

Sample: “17.0.2.10658”

serial

string

Serial number of the unit

Returned: always

Sample: “FGVMEVYYQT3AB5352”

status

string

Indication of the operation’s result

Returned: always

Sample: “success”

vdom

string

Virtual domain used

Returned: always

Sample: “root”

version

string

Version of the FortiGate

Returned: always

Sample: “v5.6.3”

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)