fortinet.fortimanager.fmgr_fmupdate_fdssetting – Configure FortiGuard settings.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fmupdate_fdssetting.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fmupdate_fdssetting
dictionary
the top level parameters set
fds-clt-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
The SSL protocols version for connecting fds server (default = tlsv1.2).
sslv3 - set SSLv3 as the client version.
tlsv1.0 - set TLSv1.0 as the client version.
tlsv1.1 - set TLSv1.1 as the client version.
tlsv1.2 - set TLSv1.2 as the client version (default).
fds-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
The SSL protocols version for receiving fgt connection (default = tlsv1.2).
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
fmtr-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info ←
  • debug
  • disable
fmtr log level
emergency - Log level - emergency
alert - Log level - alert
critical - Log level - critical
error - Log level - error
warn - Log level - warn
notice - Log level - notice
info - Log level - info
debug - Log level - debug
disable - Disable linkd log
fortiguard-anycast
string
    Choices:
  • disable ←
  • enable
Enable/disable use of FortiGuards anycast network
disable - Disable setting.
enable - Enable setting.
fortiguard-anycast-source
string
    Choices:
  • fortinet ←
  • aws
Configure which of Fortinets servers to provide FortiGuard services in FortiGuards anycast network. Default is Fortinet
fortinet - Use Fortinets servers to provide FortiGuard services in FortiGuards anycast network.
aws - Use Fortinets AWS servers to provide FortiGuard services in FortiGuards anycast network.
linkd-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info ←
  • debug
  • disable
The linkd log level (default = info).
emergency - Log level - emergency
alert - Log level - alert
critical - Log level - critical
error - Log level - error
warn - Log level - warn
notice - Log level - notice
info - Log level - info
debug - Log level - debug
disable - Disable linkd log
max-av-ips-version
integer
Default:
20
The maximum number of downloadable, full version AV/IPS packages (1 - 1000, default = 20).
max-work
integer
Default:
1
The maximum number of worker processing download requests (1 - 32, default = 1).
push-override
dictionary
no description
ip
string
Default:
"0.0.0.0"
External or virtual IP address of the NAT device that will forward push messages to the FortiManager unit.
port
integer
Default:
9443
Receiving port number on the NAT device (1 - 65535, default = 9443).
status
string
    Choices:
  • disable ←
  • enable
Enable/disable push updates for clients (default = disable).
disable - Disable setting.
enable - Enable setting.
push-override-to-client
dictionary
no description
announce-ip
list / elements=string
no description
id
integer
Default:
0
ID of the announce IP address (1 - 10).
ip
string
Default:
"0.0.0.0"
Announce IPv4 address.
port
integer
Default:
8890
Announce IP port (1 - 65535, default = 8890).
status
string
    Choices:
  • disable ←
  • enable
Enable/disable push updates (default = disable).
disable - Disable setting.
enable - Enable setting.
send_report
string
    Choices:
  • disable
  • enable ←
send report/fssi to fds server.
disable - Disable setting.
enable - Enable setting.
send_setup
string
    Choices:
  • disable ←
  • enable
forward setup to fds server.
disable - Disable setting.
enable - Enable setting.
server-override
dictionary
no description
servlist
list / elements=string
no description
id
integer
Default:
0
Override server ID (1 - 10).
ip
string
Default:
"0.0.0.0"
IPv4 address of the override server.
ip6
string
Default:
"::"
IPv6 address of the override server.
port
integer
Default:
443
Port number to use when contacting FortiGuard (1 - 65535, default = 443).
service-type
list / elements=string
    Choices:
  • fds
  • fct
no description
status
string
    Choices:
  • disable ←
  • enable
Override status.
disable - Disable setting.
enable - Enable setting.
system-support-fct
list / elements=string
    Choices:
  • 4.x
  • 5.0
  • 5.2
  • 5.4
  • 5.6
  • 6.0
  • 6.2
  • 6.4
no description
system-support-fgt
list / elements=string
    Choices:
  • 5.4
  • 5.6
  • 6.0
  • 6.2
  • 6.4
  • 7.0
no description
system-support-fml
list / elements=string
    Choices:
  • 4.x
  • 5.x
  • 6.x
no description
system-support-fsa
list / elements=string
    Choices:
  • 1.x
  • 2.x
  • 3.x
  • 4.x
no description
system-support-fsw
list / elements=string
    Choices:
  • 5.4
  • 5.6
  • 6.0
  • 6.2
  • 4.x
  • 5.0
  • 5.2
  • 6.4
no description
umsvc-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info ←
  • debug
  • disable
The um_service log level (default = info).
emergency - Log level - emergency
alert - Log level - alert
critical - Log level - critical
error - Log level - error
warn - Log level - warn
notice - Log level - notice
info - Log level - info
debug - Log level - debug
disable - Disable linkd log
unreg-dev-option
string
    Choices:
  • ignore
  • svc-only
  • add-service ←
set the option for unregister devices
ignore - Ignore all unregistered devices.
svc-only - Allow update requests without adding the device.
add-service - Add unregistered devices and allow update request.
update-schedule
dictionary
no description
day
string
    Choices:
  • Sunday
  • Monday ←
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
Configure the day the update will occur, if the freqnecy is weekly (Sunday - Saturday, default = Monday).
Sunday - Update every Sunday.
Monday - Update every Monday.
Tuesday - Update every Tuesday.
Wednesday - Update every Wednesday.
Thursday - Update every Thursday.
Friday - Update every Friday.
Saturday - Update every Saturday.
frequency
string
    Choices:
  • every ←
  • daily
  • weekly
Configure update frequency: every - time interval, daily - once a day, weekly - once a week (default = every).
every - Time interval.
daily - Every day.
weekly - Every week.
status
string
    Choices:
  • disable
  • enable ←
Enable/disable scheduled updates.
disable - Disable setting.
enable - Enable setting.
time
string
no description
User-Agent
string
Default:
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
Configure the user agent string.
wanip-query-mode
string
    Choices:
  • disable ←
  • ipify
public ip query mode
disable - Do not query public ip
ipify - Get public IP through https://api.ipify.org
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure FortiGuard settings.
     fmgr_fmupdate_fdssetting:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        fmupdate_fdssetting:
           User-Agent: <value of string>
           fds-clt-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           fds-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           fmtr-log: <value in [emergency, alert, critical, ...]>
           linkd-log: <value in [emergency, alert, critical, ...]>
           max-av-ips-version: <value of integer>
           max-work: <value of integer>
           push-override:
              ip: <value of string>
              port: <value of integer>
              status: <value in [disable, enable]>
           push-override-to-client:
              announce-ip:
                -
                    id: <value of integer>
                    ip: <value of string>
                    port: <value of integer>
              status: <value in [disable, enable]>
           send_report: <value in [disable, enable]>
           send_setup: <value in [disable, enable]>
           server-override:
              servlist:
                -
                    id: <value of integer>
                    ip: <value of string>
                    ip6: <value of string>
                    port: <value of integer>
                    service-type:
                      - fds
                      - fct
              status: <value in [disable, enable]>
           system-support-fct:
             - 4.x
             - 5.0
             - 5.2
             - 5.4
             - 5.6
             - 6.0
             - 6.2
             - 6.4
           system-support-fgt:
             - 5.4
             - 5.6
             - 6.0
             - 6.2
             - 6.4
             - 7.0
           system-support-fml:
             - 4.x
             - 5.x
             - 6.x
           system-support-fsa:
             - 1.x
             - 2.x
             - 3.x
             - 4.x
           system-support-fsw:
             - 5.4
             - 5.6
             - 6.0
             - 6.2
             - 4.x
             - 5.0
             - 5.2
             - 6.4
           umsvc-log: <value in [emergency, alert, critical, ...]>
           unreg-dev-option: <value in [ignore, svc-only, add-service]>
           update-schedule:
              day: <value in [Sunday, Monday, Tuesday, ...]>
              frequency: <value in [every, daily, weekly]>
              status: <value in [disable, enable]>
              time: <value of string>
           wanip-query-mode: <value in [disable, ipify]>
           fortiguard-anycast: <value in [disable, enable]>
           fortiguard-anycast-source: <value in [fortinet, aws]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)