fortinet.fortimanager.fmgr_pkg_footer_policy6 module – Configure IPv6 policies.

Note

This module is part of the fortinet.fortimanager collection (version 2.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_pkg_footer_policy6.

New in fortinet.fortimanager 2.0.0

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: false ← (default) true
enable_log boolean	Enable/Disable logging for task. Choices: false ← (default) true
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
pkg string / required	The parameter (pkg) in requested url.
pkg_footer_policy6 dictionary	The top level parameters set.
_policy_block integer	Assigned policy block.
action string	Action. Choices: "deny" "accept" "ipsec" "ssl-vpn"
anti-replay string	Deprecated, please rename it to anti_replay. Anti replay. Choices: "disable" "enable"
app-category any	(list or str) Deprecated, please rename it to app_category. App category.
app-group any	(list or str) Deprecated, please rename it to app_group. App group.
application any	(list) Application.
application-charts list / elements=string	Deprecated, please rename it to application_charts. Application charts. Choices: "top10-app" "top10-p2p-user" "top10-media-user"
application-list any	(list or str) Deprecated, please rename it to application_list. Application list.
auto-asic-offload string	Deprecated, please rename it to auto_asic_offload. Auto asic offload. Choices: "disable" "enable"
av-profile any	(list or str) Deprecated, please rename it to av_profile. Av profile.
casi-profile any	(list or str) Deprecated, please rename it to casi_profile. Casi profile.
cgn-log-server-grp string	Deprecated, please rename it to cgn_log_server_grp. NP log server group name
cifs-profile any	(list or str) Deprecated, please rename it to cifs_profile. Cifs profile.
comments string	Comments.
custom-log-fields any	(list or str) Deprecated, please rename it to custom_log_fields. Custom log fields.
decrypted-traffic-mirror any	(list or str) Deprecated, please rename it to decrypted_traffic_mirror. Decrypted traffic mirror.
deep-inspection-options any	(list or str) Deprecated, please rename it to deep_inspection_options. Deep inspection options.
device-detection-portal string	Deprecated, please rename it to device_detection_portal. Device detection portal. Choices: "disable" "enable"
devices any	(list or str) Devices.
diffserv-forward string	Deprecated, please rename it to diffserv_forward. Diffserv forward. Choices: "disable" "enable"
diffserv-reverse string	Deprecated, please rename it to diffserv_reverse. Diffserv reverse. Choices: "disable" "enable"
diffservcode-forward string	Deprecated, please rename it to diffservcode_forward. Diffservcode forward.
diffservcode-rev string	Deprecated, please rename it to diffservcode_rev. Diffservcode rev.
dlp-sensor any	(list or str) Deprecated, please rename it to dlp_sensor. Dlp sensor.
dnsfilter-profile any	(list or str) Deprecated, please rename it to dnsfilter_profile. Dnsfilter profile.
dscp-match string	Deprecated, please rename it to dscp_match. Dscp match. Choices: "disable" "enable"
dscp-negate string	Deprecated, please rename it to dscp_negate. Dscp negate. Choices: "disable" "enable"
dscp-value string	Deprecated, please rename it to dscp_value. Dscp value.
dsri string	Dsri. Choices: "disable" "enable"
dstaddr any	(list or str) Dstaddr.
dstaddr-negate string	Deprecated, please rename it to dstaddr_negate. Dstaddr negate. Choices: "disable" "enable"
dstintf any	(list or str) Dstintf.
dynamic-profile string	Deprecated, please rename it to dynamic_profile. Dynamic profile. Choices: "disable" "enable"
dynamic-profile-access list / elements=string	Deprecated, please rename it to dynamic_profile_access. Dynamic profile access. Choices: "imap" "smtp" "pop3" "http" "ftp" "im" "nntp" "imaps" "smtps" "pop3s" "https" "ftps"
dynamic-profile-group any	(list or str) Deprecated, please rename it to dynamic_profile_group. Dynamic profile group.
email-collection-portal string	Deprecated, please rename it to email_collection_portal. Email collection portal. Choices: "disable" "enable"
emailfilter-profile any	(list or str) Deprecated, please rename it to emailfilter_profile. Emailfilter profile.
file-filter-profile any	(list or str) Deprecated, please rename it to file_filter_profile. File filter profile.
firewall-session-dirty string	Deprecated, please rename it to firewall_session_dirty. Firewall session dirty. Choices: "check-all" "check-new"
fixedport string	Fixedport. Choices: "disable" "enable"
fsae string	Fsae. Choices: "disable" "enable"
fsso-groups any	(list or str) Deprecated, please rename it to fsso_groups. Fsso groups.
global-label string	Deprecated, please rename it to global_label. Global label.
groups any	(list or str) Groups.
http-policy-redirect string	Deprecated, please rename it to http_policy_redirect. Http policy redirect. Choices: "disable" "enable"
icap-profile any	(list or str) Deprecated, please rename it to icap_profile. Icap profile.
identity-based string	Deprecated, please rename it to identity_based. Identity based. Choices: "disable" "enable"
identity-based-policy6 list / elements=dictionary	Deprecated, please rename it to identity_based_policy6. Identity based policy6.
action string	Action. Choices: "deny" "accept"
application-list string	Deprecated, please rename it to application_list. Application list.
av-profile string	Deprecated, please rename it to av_profile. Av profile.
deep-inspection-options string	Deprecated, please rename it to deep_inspection_options. Deep inspection options.
devices string	Devices.
dlp-sensor string	Deprecated, please rename it to dlp_sensor. Dlp sensor.
endpoint-compliance string	Deprecated, please rename it to endpoint_compliance. Endpoint compliance. Choices: "disable" "enable"
groups string	Groups.
icap-profile string	Deprecated, please rename it to icap_profile. Icap profile.
id integer	Id.
ips-sensor string	Deprecated, please rename it to ips_sensor. Ips sensor.
logtraffic string	Logtraffic. Choices: "disable" "enable" "all" "utm"
mms-profile string	Deprecated, please rename it to mms_profile. Mms profile.
per-ip-shaper string	Deprecated, please rename it to per_ip_shaper. Per ip shaper.
profile-group string	Deprecated, please rename it to profile_group. Profile group.
profile-protocol-options string	Deprecated, please rename it to profile_protocol_options. Profile protocol options.
profile-type string	Deprecated, please rename it to profile_type. Profile type. Choices: "single" "group"
replacemsg-group string	Deprecated, please rename it to replacemsg_group. Replacemsg group.
schedule string	Schedule.
send-deny-packet string	Deprecated, please rename it to send_deny_packet. Send deny packet. Choices: "disable" "enable"
service string	Service.
service-negate string	Deprecated, please rename it to service_negate. Service negate. Choices: "disable" "enable"
spamfilter-profile string	Deprecated, please rename it to spamfilter_profile. Spamfilter profile.
sslvpn-portal string	Deprecated, please rename it to sslvpn_portal. Sslvpn portal.
sslvpn-realm string	Deprecated, please rename it to sslvpn_realm. Sslvpn realm.
traffic-shaper string	Deprecated, please rename it to traffic_shaper. Traffic shaper.
traffic-shaper-reverse string	Deprecated, please rename it to traffic_shaper_reverse. Traffic shaper reverse.
utm-status string	Deprecated, please rename it to utm_status. Utm status. Choices: "disable" "enable"
voip-profile string	Deprecated, please rename it to voip_profile. Voip profile.
webfilter-profile string	Deprecated, please rename it to webfilter_profile. Webfilter profile.
identity-from string	Deprecated, please rename it to identity_from. Identity from. Choices: "auth" "device"
inbound string	Inbound. Choices: "disable" "enable"
inspection-mode string	Deprecated, please rename it to inspection_mode. Inspection mode. Choices: "proxy" "flow"
ippool string	Ippool. Choices: "disable" "enable"
ips-sensor any	(list or str) Deprecated, please rename it to ips_sensor. Ips sensor.
label string	Label.
logtraffic string	Logtraffic. Choices: "disable" "enable" "all" "utm"
logtraffic-start string	Deprecated, please rename it to logtraffic_start. Logtraffic start. Choices: "disable" "enable"
mms-profile any	(list or str) Deprecated, please rename it to mms_profile. Mms profile.
name string	Name.
nat string	Nat. Choices: "disable" "enable"
natinbound string	Natinbound. Choices: "disable" "enable"
natoutbound string	Natoutbound. Choices: "disable" "enable"
np-accelation string	Deprecated, please rename it to np_accelation. Np accelation. Choices: "disable" "enable"
np-acceleration string	Deprecated, please rename it to np_acceleration. Np acceleration. Choices: "disable" "enable"
outbound string	Outbound. Choices: "disable" "enable"
per-ip-shaper any	(list or str) Deprecated, please rename it to per_ip_shaper. Per ip shaper.
policy-offload string	Deprecated, please rename it to policy_offload. Enable/disable offloading policy configuration to CP processors. Choices: "disable" "enable"
policyid integer / required	Policyid.
poolname any	(list or str) Poolname.
profile-group any	(list or str) Deprecated, please rename it to profile_group. Profile group.
profile-protocol-options any	(list or str) Deprecated, please rename it to profile_protocol_options. Profile protocol options.
profile-type string	Deprecated, please rename it to profile_type. Profile type. Choices: "single" "group"
replacemsg-group any	(list or str) Deprecated, please rename it to replacemsg_group. Replacemsg group.
replacemsg-override-group any	(list or str) Deprecated, please rename it to replacemsg_override_group. Replacemsg override group.
rsso string	Rsso. Choices: "disable" "enable"
schedule any	(list or str) Schedule.
send-deny-packet string	Deprecated, please rename it to send_deny_packet. Send deny packet. Choices: "disable" "enable"
service any	(list or str) Service.
service-negate string	Deprecated, please rename it to service_negate. Service negate. Choices: "disable" "enable"
session-ttl any	(int or str) Deprecated, please rename it to session_ttl. Session ttl.
spamfilter-profile any	(list or str) Deprecated, please rename it to spamfilter_profile. Spamfilter profile.
srcaddr any	(list or str) Srcaddr.
srcaddr-negate string	Deprecated, please rename it to srcaddr_negate. Srcaddr negate. Choices: "disable" "enable"
srcintf any	(list or str) Srcintf.
ssh-filter-profile any	(list or str) Deprecated, please rename it to ssh_filter_profile. Ssh filter profile.
ssh-policy-redirect string	Deprecated, please rename it to ssh_policy_redirect. Ssh policy redirect. Choices: "disable" "enable"
ssl-mirror string	Deprecated, please rename it to ssl_mirror. Ssl mirror. Choices: "disable" "enable"
ssl-mirror-intf any	(list or str) Deprecated, please rename it to ssl_mirror_intf. Ssl mirror intf.
ssl-ssh-profile any	(list or str) Deprecated, please rename it to ssl_ssh_profile. Ssl ssh profile.
sslvpn-auth string	Deprecated, please rename it to sslvpn_auth. Sslvpn auth. Choices: "any" "local" "radius" "ldap" "tacacs+"
sslvpn-ccert string	Deprecated, please rename it to sslvpn_ccert. Sslvpn ccert. Choices: "disable" "enable"
sslvpn-cipher string	Deprecated, please rename it to sslvpn_cipher. Sslvpn cipher. Choices: "any" "high" "medium"
status string	Status. Choices: "disable" "enable"
tags any	(list or str) Tags.
tcp-mss-receiver integer	Deprecated, please rename it to tcp_mss_receiver. Tcp mss receiver.
tcp-mss-sender integer	Deprecated, please rename it to tcp_mss_sender. Tcp mss sender.
tcp-session-without-syn string	Deprecated, please rename it to tcp_session_without_syn. Tcp session without syn. Choices: "all" "data-only" "disable"
timeout-send-rst string	Deprecated, please rename it to timeout_send_rst. Timeout send rst. Choices: "disable" "enable"
tos string	Tos.
tos-mask string	Deprecated, please rename it to tos_mask. Tos mask.
tos-negate string	Deprecated, please rename it to tos_negate. Tos negate. Choices: "disable" "enable"
traffic-shaper any	(list or str) Deprecated, please rename it to traffic_shaper. Traffic shaper.
traffic-shaper-reverse any	(list or str) Deprecated, please rename it to traffic_shaper_reverse. Traffic shaper reverse.
url-category any	(list or str) Deprecated, please rename it to url_category. Url category.
users any	(list or str) Users.
utm-inspection-mode string	Deprecated, please rename it to utm_inspection_mode. Utm inspection mode. Choices: "proxy" "flow"
utm-status string	Deprecated, please rename it to utm_status. Utm status. Choices: "disable" "enable"
uuid string	Uuid.
vlan-cos-fwd integer	Deprecated, please rename it to vlan_cos_fwd. Vlan cos fwd.
vlan-cos-rev integer	Deprecated, please rename it to vlan_cos_rev. Vlan cos rev.
vlan-filter string	Deprecated, please rename it to vlan_filter. Vlan filter.
voip-profile any	(list or str) Deprecated, please rename it to voip_profile. Voip profile.
vpntunnel any	(list or str) Vpntunnel.
waf-profile any	(list or str) Deprecated, please rename it to waf_profile. Waf profile.
webcache string	Webcache. Choices: "disable" "enable"
webcache-https string	Deprecated, please rename it to webcache_https. Webcache https. Choices: "disable" "enable"
webfilter-profile any	(list or str) Deprecated, please rename it to webfilter_profile. Webfilter profile.
webproxy-forward-server any	(list or str) Deprecated, please rename it to webproxy_forward_server. Webproxy forward server.
webproxy-profile any	(list or str) Deprecated, please rename it to webproxy_profile. Webproxy profile.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: "update" "set" "add"
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: "present" "absent"
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: 300

Notes

Note

• Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure IPv6 footer policies.
      fortinet.fortimanager.fmgr_pkg_footer_policy6:
        bypass_validation: false
        pkg: ansible
        state: present
        pkg_footer_policy6:
          action: accept # <value in [deny, accept, ipsec, ...]>
          comments: ansible-comment
          dstaddr: gall
          dstintf: any
          name: ansible-test-footer
          policyid: 1074741836 # must larger than 2^30(1074741824), since header/footer policy is a special policy
          schedule: galways
          service: gALL
          srcaddr: gall
          srcintf: any
          status: disable

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the IPv6 footer policies
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "pkg_footer_policy6"
          params:
            pkg: "ansible"
            policy6: "your_value"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: "/sys/login/user"
response_code integer	The status of api request. Returned: always Sample: 0
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: "OK."
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: 0
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)