fortinet.fortimanager.fmgr_pkg_header_policy module – Configure IPv4/IPv6 policies.

Note

This module is part of the fortinet.fortimanager collection (version 2.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_pkg_header_policy.

New in fortinet.fortimanager 2.0.0

Synopsis 

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters 

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: `false` ← (default) `true`
enable_log boolean	Enable/Disable logging for task. Choices: `false` ← (default) `true`
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
pkg string / required	The parameter (pkg) in requested url.
pkg_header_policy dictionary	The top level parameters set.
_policy_block integer	Assigned policy block.
access-proxy any	(list) Deprecated, please rename it to access_proxy. Access proxy.
action string	Action. Choices: `"deny"` `"accept"` `"ipsec"` `"ssl-vpn"` `"redirect"` `"isolate"`
active-auth-method string	Deprecated, please rename it to active_auth_method. Active auth method. Choices: `"ntlm"` `"basic"` `"digest"` `"form"`
anti-replay string	Deprecated, please rename it to anti_replay. Anti replay. Choices: `"disable"` `"enable"`
app-category any	(list or str) Deprecated, please rename it to app_category. App category.
app-group any	(list or str) Deprecated, please rename it to app_group. App group.
application any	(list) Application.
application-charts list / elements=string	Deprecated, please rename it to application_charts. Application charts. Choices: `"top10-app"` `"top10-p2p-user"` `"top10-media-user"`
application-list string	Deprecated, please rename it to application_list. Application list.
auth-cert string	Deprecated, please rename it to auth_cert. Auth cert.
auth-method string	Deprecated, please rename it to auth_method. Auth method. Choices: `"basic"` `"digest"` `"ntlm"` `"fsae"` `"form"` `"fsso"` `"rsso"`
auth-path string	Deprecated, please rename it to auth_path. Auth path. Choices: `"disable"` `"enable"`
auth-portal string	Deprecated, please rename it to auth_portal. Auth portal. Choices: `"disable"` `"enable"`
auth-redirect-addr string	Deprecated, please rename it to auth_redirect_addr. Auth redirect addr.
auto-asic-offload string	Deprecated, please rename it to auto_asic_offload. Auto asic offload. Choices: `"disable"` `"enable"`
av-profile string	Deprecated, please rename it to av_profile. Av profile.
bandwidth string	Bandwidth. Choices: `"disable"` `"enable"`
best-route string	Deprecated, please rename it to best_route. Best route. Choices: `"disable"` `"enable"`
block-notification string	Deprecated, please rename it to block_notification. Block notification. Choices: `"disable"` `"enable"`
captive-portal-exempt string	Deprecated, please rename it to captive_portal_exempt. Captive portal exempt. Choices: `"disable"` `"enable"`
capture-packet string	Deprecated, please rename it to capture_packet. Capture packet. Choices: `"disable"` `"enable"`
casb-profile string	Deprecated, please rename it to casb_profile. Name of an existing CASB profile.
casi-profile any	(list or str) Deprecated, please rename it to casi_profile. Casi profile.
central-nat string	Deprecated, please rename it to central_nat. Central nat. Choices: `"disable"` `"enable"`
cgn-eif string	Deprecated, please rename it to cgn_eif. Enable/Disable CGN endpoint independent filtering. Choices: `"disable"` `"enable"`
cgn-eim string	Deprecated, please rename it to cgn_eim. Enable/Disable CGN endpoint independent mapping Choices: `"disable"` `"enable"`
cgn-log-server-grp any	(list or str) Deprecated, please rename it to cgn_log_server_grp. NP log server group name
cgn-resource-quota integer	Deprecated, please rename it to cgn_resource_quota. Resource quota
cgn-session-quota integer	Deprecated, please rename it to cgn_session_quota. Session quota
cgn-sw-eif-ctrl string	Deprecated, please rename it to cgn_sw_eif_ctrl. Enable/disable software endpoint independent filtering control. Choices: `"disable"` `"enable"`
cifs-profile string	Deprecated, please rename it to cifs_profile. Cifs profile.
client-reputation string	Deprecated, please rename it to client_reputation. Client reputation. Choices: `"disable"` `"enable"`
client-reputation-mode string	Deprecated, please rename it to client_reputation_mode. Client reputation mode. Choices: `"learning"` `"monitoring"`
comments any	(dict or str) Comments.
custom-log-fields any	(list or str) Deprecated, please rename it to custom_log_fields. Custom log fields.
decrypted-traffic-mirror string	Deprecated, please rename it to decrypted_traffic_mirror. Decrypted traffic mirror.
deep-inspection-options any	(list or str) Deprecated, please rename it to deep_inspection_options. Deep inspection options.
delay-tcp-npu-session string	Deprecated, please rename it to delay_tcp_npu_session. Delay tcp npu session. Choices: `"disable"` `"enable"`
delay-tcp-npu-sessoin string	Deprecated, please rename it to delay_tcp_npu_sessoin. Delay tcp npu sessoin. Choices: `"disable"` `"enable"`
detect-https-in-http-request string	Deprecated, please rename it to detect_https_in_http_request. Detect https in http request. Choices: `"disable"` `"enable"`
device-detection-portal string	Deprecated, please rename it to device_detection_portal. Device detection portal. Choices: `"disable"` `"enable"`
device-ownership string	Deprecated, please rename it to device_ownership. Device ownership. Choices: `"disable"` `"enable"`
devices any	(list or str) Devices.
diameter-filter-profile string	Deprecated, please rename it to diameter_filter_profile. Name of an existing Diameter filter profile.
diffserv-copy string	Deprecated, please rename it to diffserv_copy. Enable to copy packets DiffServ values from sessions original direction to … Choices: `"disable"` `"enable"`
diffserv-forward string	Deprecated, please rename it to diffserv_forward. Diffserv forward. Choices: `"disable"` `"enable"`
diffserv-reverse string	Deprecated, please rename it to diffserv_reverse. Diffserv reverse. Choices: `"disable"` `"enable"`
diffservcode-forward string	Deprecated, please rename it to diffservcode_forward. Diffservcode forward.
diffservcode-rev string	Deprecated, please rename it to diffservcode_rev. Diffservcode rev.
disclaimer string	Disclaimer. Choices: `"disable"` `"enable"` `"user"` `"domain"` `"policy"`
dlp-profile string	Deprecated, please rename it to dlp_profile. Name of an existing DLP profile.
dlp-sensor any	(list or str) Deprecated, please rename it to dlp_sensor. Dlp sensor.
dnsfilter-profile string	Deprecated, please rename it to dnsfilter_profile. Dnsfilter profile.
dponly string	Dponly. Choices: `"disable"` `"enable"`
dscp-match string	Deprecated, please rename it to dscp_match. Dscp match. Choices: `"disable"` `"enable"`
dscp-negate string	Deprecated, please rename it to dscp_negate. Dscp negate. Choices: `"disable"` `"enable"`
dscp-value string	Deprecated, please rename it to dscp_value. Dscp value.
dsri string	Dsri. Choices: `"disable"` `"enable"`
dstaddr any	(list or str) Dstaddr.
dstaddr-negate string	Deprecated, please rename it to dstaddr_negate. Dstaddr negate. Choices: `"disable"` `"enable"`
dstaddr6 any	(list or str) Dstaddr6.
dstaddr6-negate string	Deprecated, please rename it to dstaddr6_negate. When enabled dstaddr6 specifies what the destination address must NOT be. Choices: `"disable"` `"enable"`
dstintf any	(list or str) Dstintf.
dynamic-bypass string	Deprecated, please rename it to dynamic_bypass. Dynamic bypass. Choices: `"disable"` `"enable"`
dynamic-profile string	Deprecated, please rename it to dynamic_profile. Dynamic profile. Choices: `"disable"` `"enable"`
dynamic-profile-access list / elements=string	Deprecated, please rename it to dynamic_profile_access. Dynamic profile access. Choices: `"imap"` `"smtp"` `"pop3"` `"http"` `"ftp"` `"im"` `"nntp"` `"imaps"` `"smtps"` `"pop3s"` `"https"` `"ftps"` `"ssh"`
dynamic-profile-fallthrough string	Deprecated, please rename it to dynamic_profile_fallthrough. Dynamic profile fallthrough. Choices: `"disable"` `"enable"`
dynamic-profile-group any	(list or str) Deprecated, please rename it to dynamic_profile_group. Dynamic profile group.
dynamic-shaping string	Deprecated, please rename it to dynamic_shaping. Enable/disable dynamic RADIUS defined traffic shaping. Choices: `"disable"` `"enable"`
eif-check string	Deprecated, please rename it to eif_check. Enable/Disable check endpoint-independent-filtering pinhole. Choices: `"disable"` `"enable"`
eif-learn string	Deprecated, please rename it to eif_learn. Enable/Disable learning of end-point-independent filtering pinhole. Choices: `"disable"` `"enable"`
email-collect string	Deprecated, please rename it to email_collect. Email collect. Choices: `"disable"` `"enable"`
email-collection-portal string	Deprecated, please rename it to email_collection_portal. Email collection portal. Choices: `"disable"` `"enable"`
emailfilter-profile string	Deprecated, please rename it to emailfilter_profile. Emailfilter profile.
endpoint-check string	Deprecated, please rename it to endpoint_check. Endpoint check. Choices: `"disable"` `"enable"`
endpoint-compliance string	Deprecated, please rename it to endpoint_compliance. Endpoint compliance. Choices: `"disable"` `"enable"`
endpoint-keepalive-interface any	(list or str) Deprecated, please rename it to endpoint_keepalive_interface. Endpoint keepalive interface.
endpoint-profile any	(list or str) Deprecated, please rename it to endpoint_profile. Endpoint profile.
extended-log string	Deprecated, please rename it to extended_log. Extended log. Choices: `"disable"` `"enable"`
failed-connection string	Deprecated, please rename it to failed_connection. Failed connection. Choices: `"disable"` `"enable"`
fall-through-unauthenticated string	Deprecated, please rename it to fall_through_unauthenticated. Fall through unauthenticated. Choices: `"disable"` `"enable"`
fec string	Enable/disable Forward Error Correction on traffic matching this policy on a FEC device. Choices: `"disable"` `"enable"`
file-filter-profile string	Deprecated, please rename it to file_filter_profile. File filter profile.
firewall-session-dirty string	Deprecated, please rename it to firewall_session_dirty. Firewall session dirty. Choices: `"check-all"` `"check-new"`
fixedport string	Fixedport. Choices: `"disable"` `"enable"`
force-proxy string	Deprecated, please rename it to force_proxy. Force proxy. Choices: `"disable"` `"enable"`
forticlient-compliance-devices list / elements=string	Deprecated, please rename it to forticlient_compliance_devices. Forticlient compliance devices. Choices: `"windows-pc"` `"mac"` `"iphone-ipad"` `"android"`
forticlient-compliance-enforcement-portal string	Deprecated, please rename it to forticlient_compliance_enforcement_portal. Forticlient compliance enforcement portal. Choices: `"disable"` `"enable"`
fsae string	Fsae. Choices: `"disable"` `"enable"`
fsae-server-for-ntlm any	(list or str) Deprecated, please rename it to fsae_server_for_ntlm. Fsae server for ntlm.
fsso string	Fsso. Choices: `"disable"` `"enable"`
fsso-agent-for-ntlm string	Deprecated, please rename it to fsso_agent_for_ntlm. Fsso agent for ntlm.
fsso-groups any	(list or str) Deprecated, please rename it to fsso_groups. Fsso groups.
geo-location string	Deprecated, please rename it to geo_location. Geo location. Choices: `"disable"` `"enable"`
geoip-anycast string	Deprecated, please rename it to geoip_anycast. Geoip anycast. Choices: `"disable"` `"enable"`
geoip-match string	Deprecated, please rename it to geoip_match. Geoip match. Choices: `"physical-location"` `"registered-location"`
global-label string	Deprecated, please rename it to global_label. Global label.
groups any	(list or str) Groups.
gtp-profile string	Deprecated, please rename it to gtp_profile. Gtp profile.
http-policy-redirect string	Deprecated, please rename it to http_policy_redirect. Http policy redirect. Choices: `"disable"` `"enable"`
http-tunnel-auth string	Deprecated, please rename it to http_tunnel_auth. Http tunnel auth. Choices: `"disable"` `"enable"`
ia-profile any	(list) Deprecated, please rename it to ia_profile. Ia profile.
icap-profile string	Deprecated, please rename it to icap_profile. Icap profile.
identity-based string	Deprecated, please rename it to identity_based. Identity based. Choices: `"disable"` `"enable"`
identity-based-policy list / elements=dictionary	Deprecated, please rename it to identity_based_policy. Identity based policy.
action string	Action. Choices: `"deny"` `"accept"`
application-charts list / elements=string	Deprecated, please rename it to application_charts. Application charts. Choices: `"top10-app"` `"top10-p2p-user"` `"top10-media-user"`
application-list string	Deprecated, please rename it to application_list. Application list.
av-profile string	Deprecated, please rename it to av_profile. Av profile.
capture-packet string	Deprecated, please rename it to capture_packet. Capture packet. Choices: `"disable"` `"enable"`
deep-inspection-options string	Deprecated, please rename it to deep_inspection_options. Deep inspection options.
devices string	Devices.
dlp-sensor string	Deprecated, please rename it to dlp_sensor. Dlp sensor.
dstaddr string	Dstaddr.
dstaddr-negate string	Deprecated, please rename it to dstaddr_negate. Dstaddr negate. Choices: `"disable"` `"enable"`
endpoint-compliance string	Deprecated, please rename it to endpoint_compliance. Endpoint compliance. Choices: `"disable"` `"enable"`
groups string	Groups.
icap-profile string	Deprecated, please rename it to icap_profile. Icap profile.
id integer	Id.
ips-sensor string	Deprecated, please rename it to ips_sensor. Ips sensor.
logtraffic string	Logtraffic. Choices: `"disable"` `"enable"` `"all"` `"utm"`
logtraffic-app string	Deprecated, please rename it to logtraffic_app. Logtraffic app. Choices: `"disable"` `"enable"`
logtraffic-start string	Deprecated, please rename it to logtraffic_start. Logtraffic start. Choices: `"disable"` `"enable"`
mms-profile string	Deprecated, please rename it to mms_profile. Mms profile.
per-ip-shaper string	Deprecated, please rename it to per_ip_shaper. Per ip shaper.
profile-group string	Deprecated, please rename it to profile_group. Profile group.
profile-protocol-options string	Deprecated, please rename it to profile_protocol_options. Profile protocol options.
profile-type string	Deprecated, please rename it to profile_type. Profile type. Choices: `"single"` `"group"`
replacemsg-group string	Deprecated, please rename it to replacemsg_group. Replacemsg group.
schedule string	Schedule.
send-deny-packet string	Deprecated, please rename it to send_deny_packet. Send deny packet. Choices: `"disable"` `"enable"`
service string	Service.
service-negate string	Deprecated, please rename it to service_negate. Service negate. Choices: `"disable"` `"enable"`
spamfilter-profile string	Deprecated, please rename it to spamfilter_profile. Spamfilter profile.
sslvpn-portal string	Deprecated, please rename it to sslvpn_portal. Sslvpn portal.
sslvpn-realm string	Deprecated, please rename it to sslvpn_realm. Sslvpn realm.
traffic-shaper string	Deprecated, please rename it to traffic_shaper. Traffic shaper.
traffic-shaper-reverse string	Deprecated, please rename it to traffic_shaper_reverse. Traffic shaper reverse.
users string	Users.
utm-status string	Deprecated, please rename it to utm_status. Utm status. Choices: `"disable"` `"enable"`
voip-profile string	Deprecated, please rename it to voip_profile. Voip profile.
webfilter-profile string	Deprecated, please rename it to webfilter_profile. Webfilter profile.
identity-based-route string	Deprecated, please rename it to identity_based_route. Identity based route.
identity-from string	Deprecated, please rename it to identity_from. Identity from. Choices: `"auth"` `"device"`
implicit-proxy-detection string	Deprecated, please rename it to implicit_proxy_detection. Implicit proxy detection. Choices: `"disable"` `"enable"`
inbound string	Inbound. Choices: `"disable"` `"enable"`
inspection-mode string	Deprecated, please rename it to inspection_mode. Inspection mode. Choices: `"proxy"` `"flow"`
internet-service string	Deprecated, please rename it to internet_service. Internet service. Choices: `"disable"` `"enable"`
internet-service-custom any	(list or str) Deprecated, please rename it to internet_service_custom. Internet service custom.
internet-service-custom-group any	(list or str) Deprecated, please rename it to internet_service_custom_group. Internet service custom group.
internet-service-group any	(list or str) Deprecated, please rename it to internet_service_group. Internet service group.
internet-service-id any	(list or str) Deprecated, please rename it to internet_service_id. Internet service id.
internet-service-name any	(list or str) Deprecated, please rename it to internet_service_name. Internet service name.
internet-service-negate string	Deprecated, please rename it to internet_service_negate. Internet service negate. Choices: `"disable"` `"enable"`
internet-service-src string	Deprecated, please rename it to internet_service_src. Internet service src. Choices: `"disable"` `"enable"`
internet-service-src-custom any	(list or str) Deprecated, please rename it to internet_service_src_custom. Internet service src custom.
internet-service-src-custom-group any	(list or str) Deprecated, please rename it to internet_service_src_custom_group. Internet service src custom group.
internet-service-src-group any	(list or str) Deprecated, please rename it to internet_service_src_group. Internet service src group.
internet-service-src-id any	(list or str) Deprecated, please rename it to internet_service_src_id. Internet service src id.
internet-service-src-name any	(list or str) Deprecated, please rename it to internet_service_src_name. Internet service src name.
internet-service-src-negate string	Deprecated, please rename it to internet_service_src_negate. Internet service src negate. Choices: `"disable"` `"enable"`
internet-service6 string	Deprecated, please rename it to internet_service6. Enable/disable use of IPv6 Internet Services for this policy. Choices: `"disable"` `"enable"`
internet-service6-custom any	(list) Deprecated, please rename it to internet_service6_custom. Custom IPv6 Internet Service name.
internet-service6-custom-group any	(list) Deprecated, please rename it to internet_service6_custom_group. Custom Internet Service6 group name.
internet-service6-group any	(list) Deprecated, please rename it to internet_service6_group. Internet Service group name.
internet-service6-name any	(list) Deprecated, please rename it to internet_service6_name. IPv6 Internet Service name.
internet-service6-negate string	Deprecated, please rename it to internet_service6_negate. When enabled internet-service6 specifies what the service must N… Choices: `"disable"` `"enable"`
internet-service6-src string	Deprecated, please rename it to internet_service6_src. Enable/disable use of IPv6 Internet Services in source for this policy. Choices: `"disable"` `"enable"`
internet-service6-src-custom any	(list) Deprecated, please rename it to internet_service6_src_custom. Custom IPv6 Internet Service source name.
internet-service6-src-custom-group any	(list) Deprecated, please rename it to internet_service6_src_custom_group. Custom Internet Service6 source group name.
internet-service6-src-group any	(list) Deprecated, please rename it to internet_service6_src_group. Internet Service6 source group name.
internet-service6-src-name any	(list) Deprecated, please rename it to internet_service6_src_name. IPv6 Internet Service source name.
internet-service6-src-negate string	Deprecated, please rename it to internet_service6_src_negate. When enabled internet-service6-src specifies what the servic… Choices: `"disable"` `"enable"`
ip-based string	Deprecated, please rename it to ip_based. Ip based. Choices: `"disable"` `"enable"`
ip-version-type string	Deprecated, please rename it to ip_version_type. IP version of the policy.
ippool string	Ippool. Choices: `"disable"` `"enable"`
ips-sensor string	Deprecated, please rename it to ips_sensor. Ips sensor.
ips-voip-filter string	Deprecated, please rename it to ips_voip_filter. Name of an existing VoIP
isolator-profile any	(list) Deprecated, please rename it to isolator_profile. Isolator profile.
isolator-server any	(list) Deprecated, please rename it to isolator_server. Isolator server.
label string	Label.
learning-mode string	Deprecated, please rename it to learning_mode. Learning mode. Choices: `"disable"` `"enable"`
log-http-transaction string	Deprecated, please rename it to log_http_transaction. Log http transaction. Choices: `"disable"` `"enable"` `"all"` `"utm"`
log-unmatched-traffic string	Deprecated, please rename it to log_unmatched_traffic. Log unmatched traffic. Choices: `"disable"` `"enable"`
logtraffic string	Logtraffic. Choices: `"disable"` `"enable"` `"all"` `"utm"`
logtraffic-app string	Deprecated, please rename it to logtraffic_app. Logtraffic app. Choices: `"disable"` `"enable"`
logtraffic-start string	Deprecated, please rename it to logtraffic_start. Logtraffic start. Choices: `"disable"` `"enable"`
match-vip string	Deprecated, please rename it to match_vip. Match vip. Choices: `"disable"` `"enable"`
match-vip-only string	Deprecated, please rename it to match_vip_only. Match vip only. Choices: `"disable"` `"enable"`
max-session-per-user integer	Deprecated, please rename it to max_session_per_user. Max session per user.
mms-profile any	(list or str) Deprecated, please rename it to mms_profile. Mms profile.
name string	Name.
nat string	Nat. Choices: `"disable"` `"enable"`
nat46 string	Enable/disable NAT46. Choices: `"disable"` `"enable"`
nat64 string	Enable/disable NAT64. Choices: `"disable"` `"enable"`
natinbound string	Natinbound. Choices: `"disable"` `"enable"`
natip string	Natip.
natoutbound string	Natoutbound. Choices: `"disable"` `"enable"`
network-service-dynamic any	(list) Deprecated, please rename it to network_service_dynamic. Dynamic Network Service name.
network-service-src-dynamic any	(list) Deprecated, please rename it to network_service_src_dynamic. Dynamic Network Service source name.
np-accelation string	Deprecated, please rename it to np_accelation. Np accelation. Choices: `"disable"` `"enable"`
np-acceleration string	Deprecated, please rename it to np_acceleration. Np acceleration. Choices: `"disable"` `"enable"`
ntlm string	Ntlm. Choices: `"disable"` `"enable"`
ntlm-enabled-browsers any	(list) Deprecated, please rename it to ntlm_enabled_browsers. Ntlm enabled browsers.
ntlm-guest string	Deprecated, please rename it to ntlm_guest. Ntlm guest. Choices: `"disable"` `"enable"`
outbound string	Outbound. Choices: `"disable"` `"enable"`
pass-through string	Deprecated, please rename it to pass_through. Pass through. Choices: `"disable"` `"enable"`
passive-wan-health-measurement string	Deprecated, please rename it to passive_wan_health_measurement. Enable/disable passive WAN health measurement. Choices: `"disable"` `"enable"`
pcp-inbound string	Deprecated, please rename it to pcp_inbound. Enable/disable PCP inbound DNAT. Choices: `"disable"` `"enable"`
pcp-outbound string	Deprecated, please rename it to pcp_outbound. Enable/disable PCP outbound SNAT. Choices: `"disable"` `"enable"`
pcp-poolname any	(list) Deprecated, please rename it to pcp_poolname. PCP pool names.
per-ip-shaper string	Deprecated, please rename it to per_ip_shaper. Per ip shaper.
permit-any-host string	Deprecated, please rename it to permit_any_host. Permit any host. Choices: `"disable"` `"enable"`
permit-stun-host string	Deprecated, please rename it to permit_stun_host. Permit stun host. Choices: `"disable"` `"enable"`
pfcp-profile string	Deprecated, please rename it to pfcp_profile. PFCP profile.
policy-behaviour-type string	Deprecated, please rename it to policy_behaviour_type. Behaviour of the policy.
policy-expiry string	Deprecated, please rename it to policy_expiry. Enable/disable policy expiry. Choices: `"disable"` `"enable"`
policy-expiry-date string	Deprecated, please rename it to policy_expiry_date. Policy expiry date
policy-expiry-date-utc string	Deprecated, please rename it to policy_expiry_date_utc. Policy expiry date and time, in epoch format.
policy-offload string	Deprecated, please rename it to policy_offload. Enable/Disable hardware session setup for CGNAT. Choices: `"disable"` `"enable"`
policyid integer / required	Policyid.
poolname any	(list or str) Poolname.
poolname6 any	(list or str) Poolname6.
port-preserve string	Deprecated, please rename it to port_preserve. Enable/disable preservation of the original source port from source NAT if … Choices: `"disable"` `"enable"`
profile-group string	Deprecated, please rename it to profile_group. Profile group.
profile-protocol-options string	Deprecated, please rename it to profile_protocol_options. Profile protocol options.
profile-type string	Deprecated, please rename it to profile_type. Profile type. Choices: `"single"` `"group"`
radius-ip-auth-bypass string	Deprecated, please rename it to radius_ip_auth_bypass. Enable IP authentication bypass. Choices: `"disable"` `"enable"`
radius-mac-auth-bypass string	Deprecated, please rename it to radius_mac_auth_bypass. Radius mac auth bypass. Choices: `"disable"` `"enable"`
redirect-profile any	(list) Deprecated, please rename it to redirect_profile. Redirect profile.
redirect-url string	Deprecated, please rename it to redirect_url. Redirect url.
replacemsg-group any	(list or str) Deprecated, please rename it to replacemsg_group. Replacemsg group.
replacemsg-override-group string	Deprecated, please rename it to replacemsg_override_group. Replacemsg override group.
reputation-direction string	Deprecated, please rename it to reputation_direction. Reputation direction. Choices: `"source"` `"destination"`
reputation-direction6 string	Deprecated, please rename it to reputation_direction6. Direction of the initial traffic for IPv6 reputation to take effect. Choices: `"source"` `"destination"`
reputation-minimum integer	Deprecated, please rename it to reputation_minimum. Reputation minimum.
reputation-minimum6 integer	Deprecated, please rename it to reputation_minimum6. IPv6 Minimum Reputation to take action.
require-tfa string	Deprecated, please rename it to require_tfa. Require tfa. Choices: `"disable"` `"enable"`
reverse-cache string	Deprecated, please rename it to reverse_cache. Reverse cache. Choices: `"disable"` `"enable"`
rsso string	Rsso. Choices: `"disable"` `"enable"`
rtp-addr any	(list or str) Deprecated, please rename it to rtp_addr. Rtp addr.
rtp-nat string	Deprecated, please rename it to rtp_nat. Rtp nat. Choices: `"disable"` `"enable"`
scan-botnet-connections string	Deprecated, please rename it to scan_botnet_connections. Scan botnet connections. Choices: `"disable"` `"block"` `"monitor"`
schedule string	Schedule.
schedule-timeout string	Deprecated, please rename it to schedule_timeout. Schedule timeout. Choices: `"disable"` `"enable"`
sctp-filter-profile string	Deprecated, please rename it to sctp_filter_profile. Name of an existing SCTP filter profile.
send-deny-packet string	Deprecated, please rename it to send_deny_packet. Send deny packet. Choices: `"disable"` `"enable"`
service any	(list or str) Service.
service-negate string	Deprecated, please rename it to service_negate. Service negate. Choices: `"disable"` `"enable"`
session-ttl any	(int or str) Deprecated, please rename it to session_ttl. Session ttl.
sessions string	Sessions. Choices: `"disable"` `"enable"`
sgt any	(list) Security group tags.
sgt-check string	Deprecated, please rename it to sgt_check. Enable/disable security group tags Choices: `"disable"` `"enable"`
spamfilter-profile any	(list or str) Deprecated, please rename it to spamfilter_profile. Spamfilter profile.
src-vendor-mac any	(list or str) Deprecated, please rename it to src_vendor_mac. Src vendor mac.
srcaddr any	(list or str) Srcaddr.
srcaddr-negate string	Deprecated, please rename it to srcaddr_negate. Srcaddr negate. Choices: `"disable"` `"enable"`
srcaddr6 any	(list or str) Srcaddr6.
srcaddr6-negate string	Deprecated, please rename it to srcaddr6_negate. When enabled srcaddr6 specifies what the source address must NOT be. Choices: `"disable"` `"enable"`
srcintf any	(list or str) Srcintf.
ssh-filter-profile string	Deprecated, please rename it to ssh_filter_profile. Ssh filter profile.
ssh-policy-check string	Deprecated, please rename it to ssh_policy_check. Ssh policy check. Choices: `"disable"` `"enable"`
ssh-policy-redirect string	Deprecated, please rename it to ssh_policy_redirect. Ssh policy redirect. Choices: `"disable"` `"enable"`
ssl-mirror string	Deprecated, please rename it to ssl_mirror. Ssl mirror. Choices: `"disable"` `"enable"`
ssl-mirror-intf any	(list or str) Deprecated, please rename it to ssl_mirror_intf. Ssl mirror intf.
ssl-ssh-profile string	Deprecated, please rename it to ssl_ssh_profile. Ssl ssh profile.
sslvpn-auth string	Deprecated, please rename it to sslvpn_auth. Sslvpn auth. Choices: `"any"` `"local"` `"radius"` `"ldap"` `"tacacs+"`
sslvpn-ccert string	Deprecated, please rename it to sslvpn_ccert. Sslvpn ccert. Choices: `"disable"` `"enable"`
sslvpn-cipher string	Deprecated, please rename it to sslvpn_cipher. Sslvpn cipher. Choices: `"any"` `"high"` `"medium"`
sso-auth-method string	Deprecated, please rename it to sso_auth_method. Sso auth method. Choices: `"fsso"` `"rsso"`
status string	Status. Choices: `"disable"` `"enable"`
tags any	(list or str) Tags.
tcp-mss-receiver integer	Deprecated, please rename it to tcp_mss_receiver. Tcp mss receiver.
tcp-mss-sender integer	Deprecated, please rename it to tcp_mss_sender. Tcp mss sender.
tcp-reset string	Deprecated, please rename it to tcp_reset. Tcp reset. Choices: `"disable"` `"enable"`
tcp-session-without-syn string	Deprecated, please rename it to tcp_session_without_syn. Tcp session without syn. Choices: `"all"` `"data-only"` `"disable"`
tcp-timeout-pid any	(list) Deprecated, please rename it to tcp_timeout_pid. TCP timeout profile ID
timeout-send-rst string	Deprecated, please rename it to timeout_send_rst. Timeout send rst. Choices: `"disable"` `"enable"`
tos string	Tos.
tos-mask string	Deprecated, please rename it to tos_mask. Tos mask.
tos-negate string	Deprecated, please rename it to tos_negate. Tos negate. Choices: `"disable"` `"enable"`
traffic-shaper string	Deprecated, please rename it to traffic_shaper. Traffic shaper.
traffic-shaper-reverse string	Deprecated, please rename it to traffic_shaper_reverse. Traffic shaper reverse.
transaction-based string	Deprecated, please rename it to transaction_based. Transaction based. Choices: `"disable"` `"enable"`
transparent string	Transparent. Choices: `"disable"` `"enable"`
type string	Type. Choices: `"explicit-web"` `"transparent"` `"explicit-ftp"` `"ssh-tunnel"` `"ssh"` `"wanopt"` `"access-proxy"`
udp-timeout-pid any	(list) Deprecated, please rename it to udp_timeout_pid. UDP timeout profile ID
url-category any	(list or str) Deprecated, please rename it to url_category. Url category.
users any	(list or str) Users.
utm-inspection-mode string	Deprecated, please rename it to utm_inspection_mode. Utm inspection mode. Choices: `"proxy"` `"flow"`
utm-status string	Deprecated, please rename it to utm_status. Utm status. Choices: `"disable"` `"enable"`
uuid string	Uuid.
uuid-idx integer	Deprecated, please rename it to uuid_idx. Uuid idx.
vendor-mac any	(list or str) Deprecated, please rename it to vendor_mac. Vendor mac.
videofilter-profile string	Deprecated, please rename it to videofilter_profile. Name of an existing VideoFilter profile.
virtual-patch-profile string	Deprecated, please rename it to virtual_patch_profile. Name of an existing virtual-patch profile.
vlan-cos-fwd integer	Deprecated, please rename it to vlan_cos_fwd. Vlan cos fwd.
vlan-cos-rev integer	Deprecated, please rename it to vlan_cos_rev. Vlan cos rev.
vlan-filter string	Deprecated, please rename it to vlan_filter. Vlan filter.
voip-profile string	Deprecated, please rename it to voip_profile. Voip profile.
vpntunnel string	Vpntunnel.
waf-profile string	Deprecated, please rename it to waf_profile. Waf profile.
wanopt string	Wanopt. Choices: `"disable"` `"enable"`
wanopt-detection string	Deprecated, please rename it to wanopt_detection. Wanopt detection. Choices: `"active"` `"passive"` `"off"`
wanopt-passive-opt string	Deprecated, please rename it to wanopt_passive_opt. Wanopt passive opt. Choices: `"default"` `"transparent"` `"non-transparent"`
wanopt-peer string	Deprecated, please rename it to wanopt_peer. Wanopt peer.
wanopt-profile string	Deprecated, please rename it to wanopt_profile. Wanopt profile.
wccp string	Wccp. Choices: `"disable"` `"enable"`
web-auth-cookie string	Deprecated, please rename it to web_auth_cookie. Web auth cookie. Choices: `"disable"` `"enable"`
webcache string	Webcache. Choices: `"disable"` `"enable"`
webcache-https string	Deprecated, please rename it to webcache_https. Webcache https. Choices: `"disable"` `"ssl-server"` `"any"` `"enable"`
webfilter-profile string	Deprecated, please rename it to webfilter_profile. Webfilter profile.
webproxy-forward-server string	Deprecated, please rename it to webproxy_forward_server. Webproxy forward server.
webproxy-profile string	Deprecated, please rename it to webproxy_profile. Webproxy profile.
wsso string	Wsso. Choices: `"disable"` `"enable"`
ztna-device-ownership string	Deprecated, please rename it to ztna_device_ownership. Enable/disable zero trust device ownership. Choices: `"disable"` `"enable"`
ztna-ems-tag any	(list or str) Deprecated, please rename it to ztna_ems_tag. Source ztna-ems-tag names.
ztna-ems-tag-secondary any	(list) Deprecated, please rename it to ztna_ems_tag_secondary. Source ztna-ems-tag-secondary names.
ztna-geo-tag any	(list or str) Deprecated, please rename it to ztna_geo_tag. Source ztna-geo-tag names.
ztna-policy-redirect string	Deprecated, please rename it to ztna_policy_redirect. Redirect ZTNA traffic to matching Access-Proxy proxy-policy. Choices: `"disable"` `"enable"`
ztna-status string	Deprecated, please rename it to ztna_status. Enable/disable zero trust access. Choices: `"disable"` `"enable"`
ztna-tags-match-logic string	Deprecated, please rename it to ztna_tags_match_logic. Ztna tags match logic. Choices: `"or"` `"and"`
proposed_method string	The overridden method for the underlying Json RPC request. Choices: `"update"` `"set"` `"add"`
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: `"present"` `"absent"`
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: `300`

Notes 

Note

Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure IPv4 header policies.
      fortinet.fortimanager.fmgr_pkg_header_policy:
        bypass_validation: false
        pkg: ansible
        state: present
        pkg_header_policy:
          action: accept # <value in [deny, accept, ipsec, ...]>
          comments: "ansible-comment"
          dstaddr: gall
          dstintf: any
          name: ansible-test-header
          policyid: 1073741826 # must larger than 2^30(1074741824), since header/footer policy is a special policy
          schedule: galways
          service: gALL
          srcaddr: gall
          srcintf: any
          status: disable

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the IPv4 header policies
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "pkg_header_policy"
          params:
            pkg: "ansible"
            policy: "your_value"

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: `"/sys/login/user"`
response_code integer	The status of api request. Returned: always Sample: `0`
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: `"OK."`
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: `0`
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

fortinet.fortimanager.fmgr_pkg_header_policy module – Configure IPv4/IPv6 policies.

Synopsis

Parameters

Notes

Examples

Return Values