fortinet.fortios.fortios_firewall_mms_profile module – Configure MMS profiles in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.1.6).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_firewall_mms_profile
.
New in version 2.0.0: of fortinet.fortios
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.9.0
Parameters
Parameter |
Comments |
---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Enable/Disable logging for task. Choices:
|
|
Configure MMS profiles. |
|
AntiVirus notification table ID. Source antivirus.notification.id. |
|
MMS banned word table ID. Source webfilter.content.id. |
|
Enable/disable prefixing of end point values. Choices:
|
|
Maximum length of end point value that can be prefixed (1 - 48). |
|
Minimum end point length to be prefixed (1 - 48). |
|
String with which to prefix End point values. |
|
Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id. |
|
Comment. |
|
Duplicate configuration. |
|
Action to take when threshold reached. Choices:
|
|
Action to take when threshold reached. Choices:
|
|
Action to take when threshold reached. Choices:
|
|
Duration for which action takes effect (0 - 35791 min). |
|
Duration for which action takes effect (0 - 35791 min). |
|
Duration action takes effect (0 - 35791 min). |
|
Maximum number of messages allowed. |
|
Maximum number of messages allowed. |
|
Maximum number of messages allowed. |
|
Protocol. |
|
Enable/disable status1 detection. Choices:
|
|
Enable/disable status2 detection. Choices:
|
|
Enable/disable status3 detection. Choices:
|
|
Window to count messages over (1 - 2880 min). |
|
Window to count messages over (1 - 2880 min). |
|
Window to count messages over (1 - 2880 min). |
|
Enable/disable detailed UTM log messages. |
|
Flood configuration. |
|
Action to take when threshold reached. Choices:
|
|
Action to take when threshold reached. Choices:
|
|
Action to take when threshold reached. Choices:
|
|
Duration for which action takes effect (0 - 35791 min). |
|
Duration for which action takes effect (0 - 35791 min). |
|
Duration action takes effect (0 - 35791 min). |
|
Maximum number of messages allowed. |
|
Maximum number of messages allowed. |
|
Maximum number of messages allowed. |
|
Protocol. |
|
Enable/disable status1 detection. Choices:
|
|
Enable/disable status2 detection. Choices:
|
|
Enable/disable status3 detection. Choices:
|
|
Window to count messages over (1 - 2880 min). |
|
Window to count messages over (1 - 2880 min). |
|
Window to count messages over (1 - 2880 min). |
|
MM1 options. Choices:
|
|
HTTP header field (for MM1) containing user address. |
|
Source for MM1 user address. Choices:
|
|
Enable/disable converting user address from HEX string for MM1. Choices:
|
|
Enable Virus Outbreak Prevention service. Choices:
|
|
Enable/disable duplicate scanning of MM1 retr. Choices:
|
|
Enable/disable scanning on MM1 retrieve configuration messages. Choices:
|
|
MM1 comfort amount (0 - 4294967295). |
|
MM1 comfort interval (0 - 4294967295). |
|
Maximum file size to scan (1 - 819200 kB). |
|
MM3 options. Choices:
|
|
Enable Virus Outbreak Prevention service. Choices:
|
|
Maximum file size to scan (1 - 819200 kB). |
|
MM4 options. Choices:
|
|
Enable Virus Outbreak Prevention service. Choices:
|
|
Maximum file size to scan (1 - 819200 kB). |
|
MM7 options. Choices:
|
|
HTTP header field (for MM7) containing user address. |
|
Source for MM7 user address. Choices:
|
|
Enable/disable conversion of user address from HEX string for MM7. Choices:
|
|
Enable Virus Outbreak Prevention service. Choices:
|
|
MM7 comfort amount (0 - 4294967295). |
|
MM7 comfort interval (0 - 4294967295). |
|
Maximum file size to scan (1 - 819200 kB). |
|
Enable/disable logging for MMS antispam mass. Choices:
|
|
Enable/disable logging for MMS antivirus file blocking. Choices:
|
|
Enable/disable logging for MMS antivirus oversize file blocking. Choices:
|
|
Enable/disable logging for MMS antivirus scanning. Choices:
|
|
Enable/disable logging for MMS end point filter blocking. Choices:
|
|
Enable/disable MMS content checksum logging. Choices:
|
|
MMS content checksum table ID. Source antivirus.mms-checksum.id. |
|
Enable/disable logging for MMS notification messages. Choices:
|
|
Enable/disable logging for MMS web content blocking. Choices:
|
|
MMS banned word threshold. |
|
Profile name. |
|
Notification for MSISDNs. |
|
Recipient MSISDN. |
|
Thresholds on which this MSISDN will receive an alert. Choices:
|
|
Notification configuration. |
|
Alert notification send interval. |
|
Alert notification interval mode. Choices:
|
|
Specify from address for alert messages. |
|
Alert notification status. Choices:
|
|
Banned word notification send interval. |
|
Banned word notification interval mode. Choices:
|
|
Banned word notification status. Choices:
|
|
Carrier end point black/white list notification send interval. |
|
Carrier end point black/white list notification interval mode. Choices:
|
|
Carrier end point black/white list notification status. Choices:
|
|
Weekdays on which notification messages may be sent. Choices:
|
|
Enable/disable automatic server address determination. Choices:
|
|
Duplicate notification send interval. |
|
Duplicate notification interval mode. Choices:
|
|
Duplicate notification status. Choices:
|
|
File block notification send interval. |
|
File block notification interval mode. Choices:
|
|
File block notification status. Choices:
|
|
Flood notification send interval. |
|
Flood notification interval mode. Choices:
|
|
Flood notification status. Choices:
|
|
Enable/disable insertion of from address in HTTP header. Choices:
|
|
MMS checksum notification send interval. |
|
MMS checksum notification interval mode. Choices:
|
|
MMS checksum notification status. Choices:
|
|
Host name or IP address of the MMSC. |
|
Password required for authentication with the MMSC. |
|
Port used on the MMSC for sending MMS messages (1 - 65535). |
|
URL used on the MMSC for sending MMS messages. |
|
User name required for authentication with the MMSC. |
|
Protocol to use for sending notification messages. Choices:
|
|
MM7 message type. Choices:
|
|
Protocol. |
|
Rate limit for sending notification messages (0 - 250). |
|
Time of day window duration. |
|
Obsolete. |
|
Time of day window start. |
|
Domain name to which the user addresses belong. |
|
VAS identifier. |
|
VASP identifier. |
|
Virus notification send interval. |
|
Virus notification interval mode. Choices:
|
|
Virus notification status. Choices:
|
|
Configure Virus Outbreak Prevention settings. |
|
Enable/disable external malware blocklist. Choices:
|
|
Enable/disable FortiGuard Virus outbreak prevention service. Choices:
|
|
Enable/disable MMS replacement of blocked file constant length. Choices:
|
|
Replacement message group. Source system.replacemsg-group.name. |
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Indicates whether to create or remove the object. Choices:
|
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: “root” |
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure MMS profiles.
fortios_firewall_mms_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_mms_profile:
avnotificationtable: "3 (source antivirus.notification.id)"
bwordtable: "4 (source webfilter.content.id)"
carrier_endpoint_prefix: "enable"
carrier_endpoint_prefix_range_max: "6"
carrier_endpoint_prefix_range_min: "7"
carrier_endpoint_prefix_string: "<your_own_value>"
carrierendpointbwltable: "9 (source firewall.carrier-endpoint-bwl.id)"
comment: "Comment."
dupe:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "15"
block_time2: "16"
block_time3: "17"
limit1: "18"
limit2: "19"
limit3: "20"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "25"
window2: "26"
window3: "27"
extended_utm_log: "<your_own_value>"
flood:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "33"
block_time2: "34"
block_time3: "35"
limit1: "36"
limit2: "37"
limit3: "38"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "43"
window2: "44"
window3: "45"
mm1: "avmonitor"
mm1_addr_hdr: "<your_own_value>"
mm1_addr_source: "http-header"
mm1_convert_hex: "enable"
mm1_outbreak_prevention: "disabled"
mm1_retr_dupe: "enable"
mm1_retrieve_scan: "enable"
mm1comfortamount: "53"
mm1comfortinterval: "54"
mm1oversizelimit: "55"
mm3: "avmonitor"
mm3_outbreak_prevention: "disabled"
mm3oversizelimit: "58"
mm4: "avmonitor"
mm4_outbreak_prevention: "disabled"
mm4oversizelimit: "61"
mm7: "avmonitor"
mm7_addr_hdr: "<your_own_value>"
mm7_addr_source: "http-header"
mm7_convert_hex: "enable"
mm7_outbreak_prevention: "disabled"
mm7comfortamount: "67"
mm7comfortinterval: "68"
mm7oversizelimit: "69"
mms_antispam_mass_log: "enable"
mms_av_block_log: "enable"
mms_av_oversize_log: "enable"
mms_av_virus_log: "enable"
mms_carrier_endpoint_filter_log: "enable"
mms_checksum_log: "enable"
mms_checksum_table: "76 (source antivirus.mms-checksum.id)"
mms_notification_log: "enable"
mms_web_content_log: "enable"
mmsbwordthreshold: "79"
name: "default_name_80"
notif_msisdn:
-
msisdn: "<your_own_value>"
threshold: "flood-thresh-1"
notification:
-
alert_int: "85"
alert_int_mode: "hours"
alert_src_msisdn: "<your_own_value>"
alert_status: "enable"
bword_int: "89"
bword_int_mode: "hours"
bword_status: "enable"
carrier_endpoint_bwl_int: "92"
carrier_endpoint_bwl_int_mode: "hours"
carrier_endpoint_bwl_status: "enable"
days_allowed: "sunday"
detect_server: "enable"
dupe_int: "97"
dupe_int_mode: "hours"
dupe_status: "enable"
file_block_int: "100"
file_block_int_mode: "hours"
file_block_status: "enable"
flood_int: "103"
flood_int_mode: "hours"
flood_status: "enable"
from_in_header: "enable"
mms_checksum_int: "107"
mms_checksum_int_mode: "hours"
mms_checksum_status: "enable"
mmsc_hostname: "myhostname"
mmsc_password: "<your_own_value>"
mmsc_port: "112"
mmsc_url: "<your_own_value>"
mmsc_username: "<your_own_value>"
msg_protocol: "mm1"
msg_type: "submit-req"
protocol: "<your_own_value>"
rate_limit: "118"
tod_window_duration: "<your_own_value>"
tod_window_end: "<your_own_value>"
tod_window_start: "<your_own_value>"
user_domain: "<your_own_value>"
vas_id: "<your_own_value>"
vasp_id: "<your_own_value>"
virus_int: "125"
virus_int_mode: "hours"
virus_status: "enable"
outbreak_prevention:
external_blocklist: "disable"
ftgd_service: "disable"
remove_blocked_const_length: "enable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Build number of the fortigate image Returned: always Sample: “1547” |
|
Last method used to provision the content into FortiGate Returned: always Sample: “PUT” |
|
Last result given by FortiGate on last operation applied Returned: always Sample: “200” |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: “id” |
|
Name of the table used to fulfill the request Returned: always Sample: “urlfilter” |
|
Path of the table used to fulfill the request Returned: always Sample: “webfilter” |
|
Internal revision number Returned: always Sample: “17.0.2.10658” |
|
Serial number of the unit Returned: always Sample: “FGVMEVYYQT3AB5352” |
|
Indication of the operation’s result Returned: always Sample: “success” |
|
Virtual domain used Returned: always Sample: “root” |
|
Version of the FortiGate Returned: always Sample: “v5.6.3” |
Authors
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)