community.fortios.fmgr_fwobj_service – Manages FortiManager Firewall Service Objects.

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_fwobj_service.

Synopsis

  • Manages FortiManager Firewall Service Objects.

Parameters

Parameter Choices/Defaults Comments
adom
string
Default:
"root"
-The ADOM the configuration should belong to.
app_category
string
Application category ID.
app_service_type
string
Application service type.
application
string
Application ID.
category
string
Service category.
check_reset_range
string
Enable disable RST check.
color
string
Default:
22
GUI icon color.
comment
string
Comment.
custom_type
string
    Choices:
  • tcp_udp_sctp
  • icmp
  • icmp6
  • ip
  • http
  • ftp
  • connect
  • socks_tcp
  • socks_udp
  • all ←
Tells module what kind of custom service to be added.
explicit_proxy
string
    Choices:
  • enable
  • disable ←
Enable/disable explicit web proxy service.
fqdn
string
Default:
""
Fully qualified domain name.
group_member
string
Comma-Seperated list of members' names.
group_name
string
Name of the Service Group.
icmp_code
string
ICMP code.
icmp_type
string
ICMP type.
iprange
string
Default:
"0.0.0.0"
Start IP-End IP.
mode
string
    Choices:
  • add ←
  • set
  • delete
Sets one of three modes for managing the object.
name
string
Custom service name.
object_type
string
    Choices:
  • custom
  • group
  • category
Tells module if we are adding a custom service, category, or group.
protocol
string
Protocol type.
protocol_number
string
IP protocol number.
sctp_portrange
string
Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
session_ttl
string
Default:
0
Session TTL (300 - 604800, 0 = default).
tcp_halfclose_timer
string
Default:
0
TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_halfopen_timer
string
Default:
0
TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_portrange
string
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
tcp_timewait_timer
string
Default:
0
TCP half close timeout (1 - 300 sec, 0 = default).
udp_idle_timer
string
Default:
0
TCP half close timeout (0 - 86400 sec, 0 = default).
udp_portrange
string
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
visibility
string
    Choices:
  • enable ←
  • disable
Enable/disable service visibility.

Examples

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  community.fortios.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  community.fortios.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  community.fortios.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  community.fortios.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  community.fortios.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  community.fortios.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)