fortinet.fortimanager.fmgr_fmupdate_fdssetting – Configure FortiGuard settings.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fmupdate_fdssetting.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fmupdate_fdssetting
dictionary
the top level parameters set
fds-clt-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
The SSL protocols version for connecting fds server (default = tlsv1.2).
sslv3 - set SSLv3 as the client version.
tlsv1.0 - set TLSv1.0 as the client version.
tlsv1.1 - set TLSv1.1 as the client version.
tlsv1.2 - set TLSv1.2 as the client version (default).
fds-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
The SSL protocols version for receiving fgt connection (default = tlsv1.2).
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
fmtr-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info ←
  • debug
  • disable
fmtr log level
emergency - Log level - emergency
alert - Log level - alert
critical - Log level - critical
error - Log level - error
warn - Log level - warn
notice - Log level - notice
info - Log level - info
debug - Log level - debug
disable - Disable linkd log
fortiguard-anycast
string
    Choices:
  • disable ←
  • enable
Enable/disable use of FortiGuards anycast network
disable - Disable setting.
enable - Enable setting.
fortiguard-anycast-source
string
    Choices:
  • fortinet ←
  • aws
Configure which of Fortinets servers to provide FortiGuard services in FortiGuards anycast network. Default is Fortinet
fortinet - Use Fortinets servers to provide FortiGuard services in FortiGuards anycast network.
aws - Use Fortinets AWS servers to provide FortiGuard services in FortiGuards anycast network.
linkd-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info ←
  • debug
  • disable
The linkd log level (default = info).
emergency - Log level - emergency
alert - Log level - alert
critical - Log level - critical
error - Log level - error
warn - Log level - warn
notice - Log level - notice
info - Log level - info
debug - Log level - debug
disable - Disable linkd log
max-av-ips-version
integer
Default:
20
The maximum number of downloadable, full version AV/IPS packages (1 - 1000, default = 20).
max-work
integer
Default:
1
The maximum number of worker processing download requests (1 - 32, default = 1).
push-override
dictionary
no description
ip
string
Default:
"0.0.0.0"
External or virtual IP address of the NAT device that will forward push messages to the FortiManager unit.
port
integer
Default:
9443
Receiving port number on the NAT device (1 - 65535, default = 9443).
status
string
    Choices:
  • disable ←
  • enable
Enable/disable push updates for clients (default = disable).
disable - Disable setting.
enable - Enable setting.
push-override-to-client
dictionary
no description
announce-ip
list / elements=string
Announce-Ip.
id
integer
Default:
0
ID of the announce IP address (1 - 10).
ip
string
Default:
"0.0.0.0"
Announce IPv4 address.
port
integer
Default:
8890
Announce IP port (1 - 65535, default = 8890).
status
string
    Choices:
  • disable ←
  • enable
Enable/disable push updates (default = disable).
disable - Disable setting.
enable - Enable setting.
send_report
string
    Choices:
  • disable
  • enable ←
send report/fssi to fds server.
disable - Disable setting.
enable - Enable setting.
send_setup
string
    Choices:
  • disable ←
  • enable
forward setup to fds server.
disable - Disable setting.
enable - Enable setting.
server-override
dictionary
no description
servlist
list / elements=string
Servlist.
id
integer
Default:
0
Override server ID (1 - 10).
ip
string
Default:
"0.0.0.0"
IPv4 address of the override server.
ip6
string
Default:
"::"
IPv6 address of the override server.
port
integer
Default:
443
Port number to use when contacting FortiGuard (1 - 65535, default = 443).
service-type
list / elements=string
    Choices:
  • fds
  • fct
Override service type.
status
string
    Choices:
  • disable ←
  • enable
Override status.
disable - Disable setting.
enable - Enable setting.
system-support-fct
list / elements=string
    Choices:
  • 4.x
  • 5.0
  • 5.2
  • 5.4
  • 5.6
  • 6.0
  • 6.2
  • 6.4
Supported FortiClient versions.
system-support-fgt
list / elements=string
    Choices:
  • 5.4
  • 5.6
  • 6.0
  • 6.2
  • 6.4
  • 7.0
Supported FortiOS versions.
system-support-fml
list / elements=string
    Choices:
  • 4.x
  • 5.x
  • 6.x
Supported FortiMail versions.
system-support-fsa
list / elements=string
    Choices:
  • 1.x
  • 2.x
  • 3.x
  • 4.x
Supported FortiSandbox versions.
system-support-fsw
list / elements=string
    Choices:
  • 5.4
  • 5.6
  • 6.0
  • 6.2
  • 4.x
  • 5.0
  • 5.2
  • 6.4
Supported FortiSwitch versions.
umsvc-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info ←
  • debug
  • disable
The um_service log level (default = info).
emergency - Log level - emergency
alert - Log level - alert
critical - Log level - critical
error - Log level - error
warn - Log level - warn
notice - Log level - notice
info - Log level - info
debug - Log level - debug
disable - Disable linkd log
unreg-dev-option
string
    Choices:
  • ignore
  • svc-only
  • add-service ←
set the option for unregister devices
ignore - Ignore all unregistered devices.
svc-only - Allow update requests without adding the device.
add-service - Add unregistered devices and allow update request.
update-schedule
dictionary
no description
day
string
    Choices:
  • Sunday
  • Monday ←
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
Configure the day the update will occur, if the freqnecy is weekly (Sunday - Saturday, default = Monday).
Sunday - Update every Sunday.
Monday - Update every Monday.
Tuesday - Update every Tuesday.
Wednesday - Update every Wednesday.
Thursday - Update every Thursday.
Friday - Update every Friday.
Saturday - Update every Saturday.
frequency
string
    Choices:
  • every ←
  • daily
  • weekly
Configure update frequency: every - time interval, daily - once a day, weekly - once a week (default = every).
every - Time interval.
daily - Every day.
weekly - Every week.
status
string
    Choices:
  • disable
  • enable ←
Enable/disable scheduled updates.
disable - Disable setting.
enable - Enable setting.
time
string
Time interval between updates, or the hour and minute when the update occurs (hh: 0 - 23, mm: 0 - 59 or 60 = random, default = 00:10).
User-Agent
string
Default:
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
Configure the user agent string.
wanip-query-mode
string
    Choices:
  • disable ←
  • ipify
public ip query mode
disable - Do not query public ip
ipify - Get public IP through https://api.ipify.org
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure FortiGuard settings.
     fmgr_fmupdate_fdssetting:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        fmupdate_fdssetting:
           User-Agent: <value of string>
           fds-clt-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           fds-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           fmtr-log: <value in [emergency, alert, critical, ...]>
           linkd-log: <value in [emergency, alert, critical, ...]>
           max-av-ips-version: <value of integer>
           max-work: <value of integer>
           push-override:
              ip: <value of string>
              port: <value of integer>
              status: <value in [disable, enable]>
           push-override-to-client:
              announce-ip:
                -
                    id: <value of integer>
                    ip: <value of string>
                    port: <value of integer>
              status: <value in [disable, enable]>
           send_report: <value in [disable, enable]>
           send_setup: <value in [disable, enable]>
           server-override:
              servlist:
                -
                    id: <value of integer>
                    ip: <value of string>
                    ip6: <value of string>
                    port: <value of integer>
                    service-type:
                      - fds
                      - fct
              status: <value in [disable, enable]>
           system-support-fct:
             - 4.x
             - 5.0
             - 5.2
             - 5.4
             - 5.6
             - 6.0
             - 6.2
             - 6.4
           system-support-fgt:
             - 5.4
             - 5.6
             - 6.0
             - 6.2
             - 6.4
             - 7.0
           system-support-fml:
             - 4.x
             - 5.x
             - 6.x
           system-support-fsa:
             - 1.x
             - 2.x
             - 3.x
             - 4.x
           system-support-fsw:
             - 5.4
             - 5.6
             - 6.0
             - 6.2
             - 4.x
             - 5.0
             - 5.2
             - 6.4
           umsvc-log: <value in [emergency, alert, critical, ...]>
           unreg-dev-option: <value in [ignore, svc-only, add-service]>
           update-schedule:
              day: <value in [Sunday, Monday, Tuesday, ...]>
              frequency: <value in [every, daily, weekly]>
              status: <value in [disable, enable]>
              time: <value of string>
           wanip-query-mode: <value in [disable, ipify]>
           fortiguard-anycast: <value in [disable, enable]>
           fortiguard-anycast-source: <value in [fortinet, aws]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)