community.fortios.fmgr_fwpol_package – Manages FortiManager Firewall Policies Packages.

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_fwpol_package.

Synopsis

  • Manages FortiManager Firewall Policies Packages. Policy Packages contain one or more Firewall Policies/Rules and are distritbuted via FortiManager to Fortigates.

  • This module controls the creation/edit/delete/assign of these packages.

Parameters

Parameter Choices/Defaults Comments
adom
string
Default:
"root"
The ADOM the configuration should belong to.
central_nat
string
    Choices:
  • enable
  • disable ←
Central NAT setting.
fwpolicy6_implicit_log
string
    Choices:
  • enable
  • disable ←
Implicit Log setting for all IPv6 policies in package.
fwpolicy_implicit_log
string
    Choices:
  • enable
  • disable ←
Implicit Log setting for all IPv4 policies in package.
inspection_mode
string
    Choices:
  • flow ←
  • proxy
Inspection mode setting for the policies flow or proxy.
mode
string
    Choices:
  • add ←
  • set
  • delete
Sets one of three modes for managing the object.
name
string / required
Name of the FortiManager package or folder.
ngfw_mode
string
    Choices:
  • profile-based ←
  • policy-based
NGFW mode setting for the policies flow or proxy.
object_type
string / required
    Choices:
  • pkg
  • folder
  • install
Are we managing packages or folders, or installing packages?
package_folder
string
Name of the folder you want to put the package into.
parent_folder
string
The parent folder name you want to add this object under.
scope_members
string
The devices or scope that you want to assign this policy package to.
scope_members_vdom
string
Default:
"root"
The members VDOM you want to assign the package to.
ssl_ssh_profile
string
if policy-based ngfw-mode, refer to firewall ssl-ssh-profile.

Examples

- name: CREATE BASIC POLICY PACKAGE
  community.fortios.fmgr_fwpol_package:
    adom: "ansible"
    mode: "add"
    name: "testPackage"
    object_type: "pkg"

- name: ADD PACKAGE WITH TARGETS
  community.fortios.fmgr_fwpol_package:
    mode: "add"
    adom: "ansible"
    name: "ansibleTestPackage1"
    object_type: "pkg"
    inspection_mode: "flow"
    ngfw_mode: "profile-based"
    scope_members: "seattle-fgt02, seattle-fgt03"

- name: ADD FOLDER
  community.fortios.fmgr_fwpol_package:
    mode: "add"
    adom: "ansible"
    name: "ansibleTestFolder1"
    object_type: "folder"

- name: ADD PACKAGE INTO PARENT FOLDER
  community.fortios.fmgr_fwpol_package:
    mode: "set"
    adom: "ansible"
    name: "ansibleTestPackage2"
    object_type: "pkg"
    parent_folder: "ansibleTestFolder1"

- name: ADD FOLDER INTO PARENT FOLDER
  community.fortios.fmgr_fwpol_package:
    mode: "set"
    adom: "ansible"
    name: "ansibleTestFolder2"
    object_type: "folder"
    parent_folder: "ansibleTestFolder1"

- name: INSTALL PACKAGE
  community.fortios.fmgr_fwpol_package:
    mode: "set"
    adom: "ansible"
    name: "ansibleTestPackage1"
    object_type: "install"
    scope_members: "seattle-fgt03, seattle-fgt02"

- name: REMOVE PACKAGE
  community.fortios.fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestPackage1"
    object_type: "pkg"

- name: REMOVE NESTED PACKAGE
  community.fortios.fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestPackage2"
    object_type: "pkg"
    parent_folder: "ansibleTestFolder1"

- name: REMOVE NESTED FOLDER
  community.fortios.fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestFolder2"
    object_type: "folder"
    parent_folder: "ansibleTestFolder1"

- name: REMOVE FOLDER
  community.fortios.fmgr_fwpol_package:
    mode: "delete"
    adom: "ansible"
    name: "ansibleTestFolder1"
    object_type: "folder"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)