fortinet.fortimanager.fmgr_pkg_header_policy6 module – Configure IPv6 policies.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_pkg_header_policy6.

New in fortinet.fortimanager 2.0.0

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: false ← (default) true
enable_log boolean	Enable/Disable logging for task. Choices: false ← (default) true
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
pkg string / required	The parameter (pkg) in requested url.
pkg_header_policy6 dictionary	The top level parameters set.
_policy_block integer	Assigned policy block.
action string	Action. Choices: "deny" "accept" "ipsec" "ssl-vpn"
anti_replay string	Anti replay. Choices: "disable" "enable"
app_category any	(list or str) App category.
app_group any	(list or str) App group.
application any	(list) Application.
application_charts list / elements=string	Application charts. Choices: "top10-app" "top10-p2p-user" "top10-media-user"
application_list any	(list or str) Application list.
auto_asic_offload string	Auto asic offload. Choices: "disable" "enable"
av_profile any	(list or str) Av profile.
casi_profile any	(list or str) Casi profile.
cgn_log_server_grp string	NP log server group name
cifs_profile any	(list or str) Cifs profile.
comments string	Comments.
custom_log_fields any	(list or str) Custom log fields.
decrypted_traffic_mirror any	(list or str) Decrypted traffic mirror.
deep_inspection_options any	(list or str) Deep inspection options.
device_detection_portal string	Device detection portal. Choices: "disable" "enable"
devices any	(list or str) Devices.
diffserv_forward string	Diffserv forward. Choices: "disable" "enable"
diffserv_reverse string	Diffserv reverse. Choices: "disable" "enable"
diffservcode_forward string	Diffservcode forward.
diffservcode_rev string	Diffservcode rev.
dlp_sensor any	(list or str) Dlp sensor.
dnsfilter_profile any	(list or str) Dnsfilter profile.
dscp_match string	Dscp match. Choices: "disable" "enable"
dscp_negate string	Dscp negate. Choices: "disable" "enable"
dscp_value string	Dscp value.
dsri string	Dsri. Choices: "disable" "enable"
dstaddr any	(list or str) Dstaddr.
dstaddr_negate string	Dstaddr negate. Choices: "disable" "enable"
dstintf any	(list or str) Dstintf.
dynamic_profile string	Dynamic profile. Choices: "disable" "enable"
dynamic_profile_access list / elements=string	Dynamic profile access. Choices: "imap" "smtp" "pop3" "http" "ftp" "im" "nntp" "imaps" "smtps" "pop3s" "https" "ftps"
dynamic_profile_group any	(list or str) Dynamic profile group.
email_collection_portal string	Email collection portal. Choices: "disable" "enable"
emailfilter_profile any	(list or str) Emailfilter profile.
file_filter_profile any	(list or str) File filter profile.
firewall_session_dirty string	Firewall session dirty. Choices: "check-all" "check-new"
fixedport string	Fixedport. Choices: "disable" "enable"
fsae string	Fsae. Choices: "disable" "enable"
fsso_groups any	(list or str) Fsso groups.
global_label string	Global label.
groups any	(list or str) Groups.
http_policy_redirect string	Http policy redirect. Choices: "disable" "enable"
icap_profile any	(list or str) Icap profile.
identity_based string	Identity based. Choices: "disable" "enable"
identity_based_policy6 list / elements=dictionary	Identity based policy6.
action string	Action. Choices: "deny" "accept"
application_list string	Application list.
av_profile string	Av profile.
deep_inspection_options string	Deep inspection options.
devices string	Devices.
dlp_sensor string	Dlp sensor.
endpoint_compliance string	Endpoint compliance. Choices: "disable" "enable"
groups string	Groups.
icap_profile string	Icap profile.
id integer	Id.
ips_sensor string	Ips sensor.
logtraffic string	Logtraffic. Choices: "disable" "enable" "all" "utm"
mms_profile string	Mms profile.
per_ip_shaper string	Per ip shaper.
profile_group string	Profile group.
profile_protocol_options string	Profile protocol options.
profile_type string	Profile type. Choices: "single" "group"
replacemsg_group string	Replacemsg group.
schedule string	Schedule.
send_deny_packet string	Send deny packet. Choices: "disable" "enable"
service string	Service.
service_negate string	Service negate. Choices: "disable" "enable"
spamfilter_profile string	Spamfilter profile.
sslvpn_portal string	Sslvpn portal.
sslvpn_realm string	Sslvpn realm.
traffic_shaper string	Traffic shaper.
traffic_shaper_reverse string	Traffic shaper reverse.
utm_status string	Utm status. Choices: "disable" "enable"
voip_profile string	Voip profile.
webfilter_profile string	Webfilter profile.
identity_from string	Identity from. Choices: "auth" "device"
inbound string	Inbound. Choices: "disable" "enable"
inspection_mode string	Inspection mode. Choices: "proxy" "flow"
ippool string	Ippool. Choices: "disable" "enable"
ips_sensor any	(list or str) Ips sensor.
label string	Label.
logtraffic string	Logtraffic. Choices: "disable" "enable" "all" "utm"
logtraffic_start string	Logtraffic start. Choices: "disable" "enable"
mms_profile any	(list or str) Mms profile.
name string	Name.
nat string	Nat. Choices: "disable" "enable"
natinbound string	Natinbound. Choices: "disable" "enable"
natoutbound string	Natoutbound. Choices: "disable" "enable"
np_accelation string	Np accelation. Choices: "disable" "enable"
np_acceleration string	Np acceleration. Choices: "disable" "enable"
outbound string	Outbound. Choices: "disable" "enable"
per_ip_shaper any	(list or str) Per ip shaper.
policy_offload string	Enable/disable offloading policy configuration to CP processors. Choices: "disable" "enable"
policyid integer / required	Policyid.
poolname any	(list or str) Poolname.
profile_group any	(list or str) Profile group.
profile_protocol_options any	(list or str) Profile protocol options.
profile_type string	Profile type. Choices: "single" "group"
replacemsg_group any	(list or str) Replacemsg group.
replacemsg_override_group any	(list or str) Replacemsg override group.
rsso string	Rsso. Choices: "disable" "enable"
schedule any	(list or str) Schedule.
send_deny_packet string	Send deny packet. Choices: "disable" "enable"
service any	(list or str) Service.
service_negate string	Service negate. Choices: "disable" "enable"
session_ttl any	(int or str) Session ttl.
spamfilter_profile any	(list or str) Spamfilter profile.
srcaddr any	(list or str) Srcaddr.
srcaddr_negate string	Srcaddr negate. Choices: "disable" "enable"
srcintf any	(list or str) Srcintf.
ssh_filter_profile any	(list or str) Ssh filter profile.
ssh_policy_redirect string	Ssh policy redirect. Choices: "disable" "enable"
ssl_mirror string	Ssl mirror. Choices: "disable" "enable"
ssl_mirror_intf any	(list or str) Ssl mirror intf.
ssl_ssh_profile any	(list or str) Ssl ssh profile.
sslvpn_auth string	Sslvpn auth. Choices: "any" "local" "radius" "ldap" "tacacs+"
sslvpn_ccert string	Sslvpn ccert. Choices: "disable" "enable"
sslvpn_cipher string	Sslvpn cipher. Choices: "any" "high" "medium"
status string	Status. Choices: "disable" "enable"
tags any	(list or str) Tags.
tcp_mss_receiver integer	Tcp mss receiver.
tcp_mss_sender integer	Tcp mss sender.
tcp_session_without_syn string	Tcp session without syn. Choices: "all" "data-only" "disable"
timeout_send_rst string	Timeout send rst. Choices: "disable" "enable"
tos string	Tos.
tos_mask string	Tos mask.
tos_negate string	Tos negate. Choices: "disable" "enable"
traffic_shaper any	(list or str) Traffic shaper.
traffic_shaper_reverse any	(list or str) Traffic shaper reverse.
url_category any	(list or str) Url category.
users any	(list or str) Users.
utm_inspection_mode string	Utm inspection mode. Choices: "proxy" "flow"
utm_status string	Utm status. Choices: "disable" "enable"
uuid string	Uuid.
vlan_cos_fwd integer	Vlan cos fwd.
vlan_cos_rev integer	Vlan cos rev.
vlan_filter string	Vlan filter.
voip_profile any	(list or str) Voip profile.
vpntunnel any	(list or str) Vpntunnel.
waf_profile any	(list or str) Waf profile.
webcache string	Webcache. Choices: "disable" "enable"
webcache_https string	Webcache https. Choices: "disable" "enable"
webfilter_profile any	(list or str) Webfilter profile.
webproxy_forward_server any	(list or str) Webproxy forward server.
webproxy_profile any	(list or str) Webproxy profile.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: "update" "set" "add"
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: "present" "absent"
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: 300

Notes

Note

• Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure IPv6 header policies.
      fortinet.fortimanager.fmgr_pkg_header_policy6:
        bypass_validation: false
        pkg: ansible
        state: present
        pkg_header_policy6:
          action: accept # <value in [deny, accept, ipsec, ...]>
          comments: ansible-comment
          dstaddr: gall
          dstintf: any
          name: ansible-test2-header
          policyid: 1073741827 # must larger than 2^30(1074741824), since header/footer policy is a special policy
          schedule: galways
          service: gALL
          srcaddr: gall
          srcintf: any
          status: enable

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the IPv6 header policies
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "pkg_header_policy6"
          params:
            pkg: "ansible"
            policy6: "your_value"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: "/sys/login/user"
response_code integer	The status of api request. Returned: always Sample: 0
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: "OK."
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: 0
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)