community.fortios.fmgr_device_provision_template – Manages Device Provisioning Templates in FortiManager.

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_device_provision_template.

Synopsis

  • Allows the editing and assignment of device provisioning templates in FortiManager.

Parameters

Parameter Choices/Defaults Comments
admin_enable_fortiguard
string
    Choices:
  • none
  • direct
  • this-fmg
Enables FortiGuard security updates to their default settings.
admin_fortianalyzer_target
string
Configures faz target.
admin_fortiguard_target
string
Configures fortiguard target.
admin_enable_fortiguard must be set to "direct".
admin_gui_theme
string
    Choices:
  • green
  • red
  • blue
  • melongene
  • mariner
Changes the admin gui theme.
admin_http_port
string
Non-SSL admin gui port number.
admin_https_port
string
SSL admin gui port number.
admin_https_redirect
string
    Choices:
  • enable
  • disable
Enables or disables https redirect from http.
admin_language
string
    Choices:
  • english
  • simch
  • japanese
  • korean
  • spanish
  • trach
  • french
  • portuguese
Sets the admin gui language.
admin_switch_controller
string
    Choices:
  • enable
  • disable
Enables or disables the switch controller.
admin_timeout
string
Admin timeout in minutes.
adom
string / required
The ADOM the configuration should belong to.
delete_provisioning_template
string
If specified, all other options are ignored. The specified provisioning template will be deleted.
device_unique_name
string / required
The unique device's name that you are editing.
dns_primary_ipv4
string
primary ipv4 dns forwarder.
dns_secondary_ipv4
string
secondary ipv4 dns forwarder.
dns_suffix
string
Sets the local dns domain suffix.
mode
string
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
ntp_auth
string
    Choices:
  • enable
  • disable
Enables or disables ntp authentication.
ntp_auth_pwd
string
Sets the ntp auth password.
ntp_server
string
Only used with custom ntp_type -- specifies IP of server to sync to -- comma separated ip addresses for multiples.
ntp_status
string
    Choices:
  • enable
  • disable
Enables or disables ntp.
ntp_sync_interval
string
Sets the interval in minutes for ntp sync.
ntp_type
string
    Choices:
  • fortiguard
  • custom
Enables fortiguard servers or custom servers are the ntp source.
ntp_v3
string
    Choices:
  • enable
  • disable
Enables or disables ntpv3 (default is ntpv4).
provision_targets
string / required
The friendly names of devices in FortiManager to assign the provisioning template to. CSV separated list.
provisioning_template
string / required
The provisioning template you want to apply (default = default).
smtp_conn_sec
string
    Choices:
  • none
  • starttls
  • smtps
defines the ssl level for smtp.
smtp_password
string
SMTP password.
smtp_port
string
SMTP port number.
smtp_replyto
string
SMTP reply to address.
smtp_server
string
SMTP server ipv4 address.
smtp_source_ipv4
string
SMTP source ip address.
smtp_username
string
SMTP auth username.
smtp_validate_cert
string
    Choices:
  • enable
  • disable
Enables or disables valid certificate checking for smtp.
snmp_status
string
    Choices:
  • enable
  • disable
Enables or disables SNMP globally.
snmp_v2c_id
string
Primary key for the snmp community. this must be unique!
snmp_v2c_name
string
Specifies the v2c community name.
snmp_v2c_query_hosts_ipv4
string
- IPv4 addresses or subnets that are allowed to query SNMP v2c, comma separated ("10.7.220.59 255.255.255.0, 10.7.220.0 255.255.255.0").
snmp_v2c_query_port
string
Sets the snmp v2c community query port.
snmp_v2c_query_status
string
    Choices:
  • enable
  • disable
Enables or disables the v2c community specified for queries.
snmp_v2c_status
string
    Choices:
  • enable
  • disable
Enables or disables the v2c community specified.
snmp_v2c_trap_hosts_ipv4
string
- IPv4 addresses of the hosts that should get SNMP v2c traps, comma separated, must include mask ("10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255").
snmp_v2c_trap_port
string
Sets the snmp v2c community trap port.
snmp_v2c_trap_src_ipv4
string
Source ip the traps should come from IPv4.
snmp_v2c_trap_status
string
    Choices:
  • enable
  • disable
Enables or disables the v2c community specified for traps.
snmpv3_auth_proto
string
    Choices:
  • md5
  • sha
SNMPv3 auth protocol.
snmpv3_auth_pwd
string
SNMPv3 auth pwd __ currently not encrypted! ensure this file is locked down permissions wise!
snmpv3_name
string
SNMPv3 user name.
snmpv3_notify_hosts
string
List of ipv4 hosts to send snmpv3 traps to. Comma separated IPv4 list.
snmpv3_priv_proto
string
    Choices:
  • aes
  • des
  • aes256
  • aes256cisco
SNMPv3 priv protocol.
snmpv3_priv_pwd
string
SNMPv3 priv pwd currently not encrypted! ensure this file is locked down permissions wise!
snmpv3_queries
string
    Choices:
  • enable
  • disable
Allow snmpv3_queries.
snmpv3_query_port
string
SNMPv3 query port.
snmpv3_security_level
string
    Choices:
  • no-auth-no-priv
  • auth-no-priv
  • auth-priv
SNMPv3 security level.
snmpv3_source_ip
string
SNMPv3 source ipv4 address for traps.
snmpv3_status
string
    Choices:
  • enable
  • disable
SNMPv3 user is enabled or disabled.
snmpv3_trap_rport
string
SNMPv3 trap remote port.
snmpv3_trap_status
string
    Choices:
  • enable
  • disable
SNMPv3 traps is enabled or disabled.
syslog_certificate
string
Certificate used to communicate with Syslog server if encryption on.
syslog_enc_algorithm
string
    Choices:
  • high
  • low
  • disable ←
  • high-medium
Enable/disable reliable syslogging with TLS encryption.
choice | high | SSL communication with high encryption algorithms.
choice | low | SSL communication with low encryption algorithms.
choice | disable | Disable SSL communication.
choice | high-medium | SSL communication with high and medium encryption algorithms.
syslog_facility
string
    Choices:
  • kernel
  • user
  • mail
  • daemon
  • auth
  • syslog ←
  • lpr
  • news
  • uucp
  • cron
  • authpriv
  • ftp
  • ntp
  • audit
  • alert
  • clock
  • local0
  • local1
  • local2
  • local3
  • local4
  • local5
  • local6
  • local7
Remote syslog facility.
choice | kernel | Kernel messages.
choice | user | Random user-level messages.
choice | mail | Mail system.
choice | daemon | System daemons.
choice | auth | Security/authorization messages.
choice | syslog | Messages generated internally by syslog.
choice | lpr | Line printer subsystem.
choice | news | Network news subsystem.
choice | uucp | Network news subsystem.
choice | cron | Clock daemon.
choice | authpriv | Security/authorization messages (private).
choice | ftp | FTP daemon.
choice | ntp | NTP daemon.
choice | audit | Log audit.
choice | alert | Log alert.
choice | clock | Clock daemon.
choice | local0 | Reserved for local use.
choice | local1 | Reserved for local use.
choice | local2 | Reserved for local use.
choice | local3 | Reserved for local use.
choice | local4 | Reserved for local use.
choice | local5 | Reserved for local use.
choice | local6 | Reserved for local use.
choice | local7 | Reserved for local use.
syslog_filter
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warning
  • notification
  • information
  • debug
Sets the logging level for syslog.
syslog_mode
string
    Choices:
  • udp ←
  • legacy-reliable
  • reliable
Remote syslog logging over UDP/Reliable TCP.
choice | udp | Enable syslogging over UDP.
choice | legacy-reliable | Enable legacy reliable syslogging by RFC3195 (Reliable Delivery for Syslog).
choice | reliable | Enable reliable syslogging by RFC6587 (Transmission of Syslog Messages over TCP).
syslog_port
string
Syslog port that will be set.
syslog_server
string
Server the syslogs will be sent to.
syslog_status
string
    Choices:
  • enable
  • disable
Enables or disables syslogs.

Examples

- name: SET SNMP SYSTEM INFO
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"

- name: SET SNMP SYSTEM INFO ANSIBLE ADOM
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"

- name: SET SNMP SYSTEM INFO different template (SNMPv2)
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmp_v2c_query_port: "162"
    snmp_v2c_trap_port: "161"
    snmp_v2c_status: "enable"
    snmp_v2c_trap_status: "enable"
    snmp_v2c_query_status: "enable"
    snmp_v2c_name: "ansibleV2c"
    snmp_v2c_id: "1"
    snmp_v2c_trap_src_ipv4: "10.7.220.41"
    snmp_v2c_trap_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255"
    snmp_v2c_query_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.0 255.255.255.0"

- name: SET SNMP SYSTEM INFO different template (SNMPv3)
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmpv3_auth_proto: "sha"
    snmpv3_auth_pwd: "fortinet"
    snmpv3_name: "ansibleSNMPv3"
    snmpv3_notify_hosts: "10.7.220.59,10.7.220.60"
    snmpv3_priv_proto: "aes256"
    snmpv3_priv_pwd: "fortinet"
    snmpv3_queries: "enable"
    snmpv3_query_port: "161"
    snmpv3_security_level: "auth_priv"
    snmpv3_source_ip: "0.0.0.0"
    snmpv3_status: "enable"
    snmpv3_trap_rport: "162"
    snmpv3_trap_status: "enable"

- name: SET SYSLOG INFO
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    syslog_server: "10.7.220.59"
    syslog_port: "514"
    syslog_mode: "disable"
    syslog_status: "enable"
    syslog_filter: "information"

- name: SET NTP TO FORTIGUARD
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    type: "fortiguard"

- name: SET NTP TO CUSTOM SERVER
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    ntp_type: "custom"
    ntp_server: "10.7.220.32,10.7.220.1"
    ntp_auth: "enable"
    ntp_auth_pwd: "fortinet"
    ntp_v3: "disable"

- name: SET ADMIN GLOBAL SETTINGS
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    admin_https_redirect: "enable"
    admin_https_port: "4433"
    admin_http_port: "8080"
    admin_timeout: "30"
    admin_language: "english"
    admin_switch_controller: "enable"
    admin_gui_theme: "blue"
    admin_enable_fortiguard: "direct"
    admin_fortiguard_target: "10.7.220.128"
    admin_fortianalyzer_target: "10.7.220.61"

- name: SET CUSTOM SMTP SERVER
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    smtp_username: "ansible"
    smtp_password: "fortinet"
    smtp_port: "25"
    smtp_replyto: "[email protected]"
    smtp_conn_sec: "starttls"
    smtp_server: "10.7.220.32"
    smtp_source_ipv4: "0.0.0.0"
    smtp_validate_cert: "disable"

- name: SET DNS SERVERS
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    dns_suffix: "ansible.local"
    dns_primary_ipv4: "8.8.8.8"
    dns_secondary_ipv4: "4.4.4.4"

- name: SET PROVISIONING TEMPLATE DEVICE TARGETS IN FORTIMANAGER
  community.fortios.fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    provision_targets: "FGT1, FGT2"

- name: DELETE ENTIRE PROVISIONING TEMPLATE
  community.fortios.fmgr_device_provision_template:
    delete_provisioning_template: "ansibleTest"
    mode: "delete"
    adom: "ansible"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)