fortinet.fortimanager.fmgr_fmupdate_webspam_fgdsetting – Configure the FortiGuard run parameters.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fmupdate_webspam_fgdsetting.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fmupdate_webspam_fgdsetting
dictionary
the top level parameters set
as-cache
integer
Default:
300
Antispam service maximum memory usage in megabytes (Maximum = Physical memory-1024, 0: no limit, default = 300).
as-log
string
    Choices:
  • disable
  • nospam ←
  • all
Antispam log setting (default = nospam).
disable - Disable spam log.
nospam - Log non-spam events.
all - Log all spam lookups.
as-preload
string
    Choices:
  • disable ←
  • enable
Enable/disable preloading antispam database to memory (default = disable).
disable - Disable antispam database preload.
enable - Enable antispam database preload.
av-cache
integer
Default:
300
Antivirus service maximum memory usage, in megabytes (100 - 500, default = 300).
av-log
string
    Choices:
  • disable
  • novirus ←
  • all
Antivirus log setting (default = novirus).
disable - Disable virus log.
novirus - Log non-virus events.
all - Log all virus lookups.
av-preload
string
    Choices:
  • disable ←
  • enable
Enable/disable preloading antivirus database to memory (default = disable).
disable - Disable antivirus database preload.
enable - Enable antivirus database preload.
av2-cache
integer
Default:
800
Antispam service maximum memory usage in megabytes (Maximum = Physical memory-1024, 0: no limit, default = 800).
av2-log
string
    Choices:
  • disable
  • noav2 ←
  • all
Outbreak prevention log setting (default = noav2).
disable - Disable av2 log.
noav2 - Log non-av2 events.
all - Log all av2 lookups.
av2-preload
string
    Choices:
  • disable ←
  • enable
Enable/disable preloading outbreak prevention database to memory (default = disable).
disable - Disable outbreak prevention database preload.
enable - Enable outbreak prevention database preload.
eventlog-query
string
    Choices:
  • disable ←
  • enable
Enable/disable record query to event-log besides fgd-log (default = disable).
disable - Record query to event-log besides fgd-log.
enable - Do not log to event-log.
fgd-pull-interval
integer
Default:
10
Fgd pull interval setting, in minutes (1 - 1440, default = 10).
fq-cache
integer
Default:
300
File query service maximum memory usage, in megabytes (100 - 500, default = 300).
fq-log
string
    Choices:
  • disable
  • nofilequery ←
  • all
File query log setting (default = nofilequery).
disable - Disable file query log.
nofilequery - Log non-file query events.
all - Log all file query events.
fq-preload
string
    Choices:
  • disable ←
  • enable
Enable/disable preloading file query database to memory (default = disable).
disable - Disable file query db preload.
enable - Enable file query db preload.
linkd-log
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warn
  • notice
  • info
  • debug ←
  • disable
Linkd log setting (default = debug).
emergency - The unit is unusable.
alert - Immediate action is required
critical - Functionality is affected.
error - Functionality is probably affected.
warn - Functionality might be affected.
notice - Information about normal events.
info - General information.
debug - Debug information.
disable - Linkd logging is disabled.
max-client-worker
integer
Default:
0
max worker for tcp client connection (0~16: 0 means use cpu number up to 4).
max-log-quota
integer
Default:
6144
Maximum log quota setting, in megabytes (100 - 20480, default = 6144).
max-unrated-site
integer
Default:
500
Maximum number of unrated site in memory, in kilobytes(10 - 5120, default = 500).
restrict-as1-dbver
string
Restrict system update to indicated antispam(1) database version (character limit = 127).
restrict-as2-dbver
string
Restrict system update to indicated antispam(2) database version (character limit = 127).
restrict-as4-dbver
string
Restrict system update to indicated antispam(4) database version (character limit = 127).
restrict-av-dbver
string
Restrict system update to indicated antivirus database version (character limit = 127).
restrict-av2-dbver
string
Restrict system update to indicated outbreak prevention database version (character limit = 127).
restrict-fq-dbver
string
Restrict system update to indicated file query database version (character limit = 127).
restrict-wf-dbver
string
Restrict system update to indicated web filter database version (character limit = 127).
server-override
dictionary
no description
servlist
list / elements=string
no description
id
integer
Default:
0
Override server ID (1 - 10).
ip
string
Default:
"0.0.0.0"
IPv4 address of the override server.
ip6
string
Default:
"::"
IPv6 address of the override server.
port
integer
Default:
443
Port number to use when contacting FortiGuard (1 - 65535, default = 443).
service-type
list / elements=string
    Choices:
  • fgd
  • fgc
  • fsa
no description
status
string
    Choices:
  • disable ←
  • enable
Override status.
disable - Disable setting.
enable - Enable setting.
stat-log-interval
integer
Default:
60
Statistic log interval setting, in minutes (1 - 1440, default = 60).
stat-sync-interval
integer
Default:
60
Synchronization interval for statistic of unrated site in minutes (1 - 60, default = 60).
update-interval
integer
Default:
6
FortiGuard database update wait time if not enough delta files, in hours (2 - 24, default = 6).
update-log
string
    Choices:
  • disable
  • enable ←
Enable/disable update log setting (default = enable).
disable - Disable update log.
enable - Enable update log.
wf-cache
integer
Default:
0
Web filter service maximum memory usage, in megabytes (maximum = Physical memory-1024, 0 = no limit, default = 600).
wf-dn-cache-expire-time
integer
Default:
30
Web filter DN cache expire time, in minutes (1 - 1440, 0 = never, default = 30).
wf-dn-cache-max-number
integer
Default:
10000
Maximum number of Web filter DN cache (0 = disable, default = 10000).
wf-log
string
    Choices:
  • disable
  • nourl ←
  • all
Web filter log setting (default = nour1)
disable - Disable URL log.
nourl - Log non-URL events.
all - Log all URL lookups.
wf-preload
string
    Choices:
  • disable
  • enable ←
Enable/disable preloading the web filter database into memory (default = disable).
disable - Disable web filter database preload.
enable - Enable web filter database preload.
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure the FortiGuard run parameters.
     fmgr_fmupdate_webspam_fgdsetting:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        fmupdate_webspam_fgdsetting:
           as-cache: <value of integer>
           as-log: <value in [disable, nospam, all]>
           as-preload: <value in [disable, enable]>
           av-cache: <value of integer>
           av-log: <value in [disable, novirus, all]>
           av-preload: <value in [disable, enable]>
           av2-cache: <value of integer>
           av2-log: <value in [disable, noav2, all]>
           av2-preload: <value in [disable, enable]>
           eventlog-query: <value in [disable, enable]>
           fgd-pull-interval: <value of integer>
           fq-cache: <value of integer>
           fq-log: <value in [disable, nofilequery, all]>
           fq-preload: <value in [disable, enable]>
           linkd-log: <value in [emergency, alert, critical, ...]>
           max-client-worker: <value of integer>
           max-log-quota: <value of integer>
           max-unrated-site: <value of integer>
           restrict-as1-dbver: <value of string>
           restrict-as2-dbver: <value of string>
           restrict-as4-dbver: <value of string>
           restrict-av-dbver: <value of string>
           restrict-av2-dbver: <value of string>
           restrict-fq-dbver: <value of string>
           restrict-wf-dbver: <value of string>
           server-override:
              servlist:
                -
                    id: <value of integer>
                    ip: <value of string>
                    ip6: <value of string>
                    port: <value of integer>
                    service-type:
                      - fgd
                      - fgc
                      - fsa
              status: <value in [disable, enable]>
           stat-log-interval: <value of integer>
           stat-sync-interval: <value of integer>
           update-interval: <value of integer>
           update-log: <value in [disable, enable]>
           wf-cache: <value of integer>
           wf-dn-cache-expire-time: <value of integer>
           wf-dn-cache-max-number: <value of integer>
           wf-log: <value in [disable, nourl, all]>
           wf-preload: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)