fortinet.fortimanager.fmgr_pkg_header_policy6 – Configure IPv6 policies.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_pkg_header_policy6.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
pkg
string / required
the parameter (pkg) in requested url
pkg_header_policy6
dictionary
the top level parameters set
action
string
    Choices:
  • deny
  • accept
  • ipsec
  • ssl-vpn
no description
anti-replay
string
    Choices:
  • disable
  • enable
no description
app-category
string
no description
app-group
string
no description
application
integer
no description
application-charts
list / elements=string
    Choices:
  • top10-app
  • top10-p2p-user
  • top10-media-user
no description
application-list
string
no description
auto-asic-offload
string
    Choices:
  • disable
  • enable
no description
av-profile
string
no description
casi-profile
string
no description
cgn-log-server-grp
string
no description
cifs-profile
string
no description
comments
string
no description
custom-log-fields
string
no description
decrypted-traffic-mirror
string
no description
deep-inspection-options
string
no description
device-detection-portal
string
    Choices:
  • disable
  • enable
no description
devices
string
no description
diffserv-forward
string
    Choices:
  • disable
  • enable
no description
diffserv-reverse
string
    Choices:
  • disable
  • enable
no description
diffservcode-forward
string
no description
diffservcode-rev
string
no description
dlp-sensor
string
no description
dnsfilter-profile
string
no description
dscp-match
string
    Choices:
  • disable
  • enable
no description
dscp-negate
string
    Choices:
  • disable
  • enable
no description
dscp-value
string
no description
dsri
string
    Choices:
  • disable
  • enable
no description
dstaddr
string
no description
dstaddr-negate
string
    Choices:
  • disable
  • enable
no description
dstintf
string
no description
dynamic-profile
string
    Choices:
  • disable
  • enable
no description
dynamic-profile-access
list / elements=string
    Choices:
  • imap
  • smtp
  • pop3
  • http
  • ftp
  • im
  • nntp
  • imaps
  • smtps
  • pop3s
  • https
  • ftps
no description
dynamic-profile-group
string
no description
email-collection-portal
string
    Choices:
  • disable
  • enable
no description
emailfilter-profile
string
no description
file-filter-profile
string
no description
firewall-session-dirty
string
    Choices:
  • check-all
  • check-new
no description
fixedport
string
    Choices:
  • disable
  • enable
no description
fsae
string
    Choices:
  • disable
  • enable
no description
fsso-groups
string
no description
global-label
string
no description
groups
string
no description
http-policy-redirect
string
    Choices:
  • disable
  • enable
no description
icap-profile
string
no description
identity-based
string
    Choices:
  • disable
  • enable
no description
identity-based-policy6
list / elements=string
no description
action
string
    Choices:
  • deny
  • accept
no description
application-list
string
no description
av-profile
string
no description
deep-inspection-options
string
no description
devices
string
no description
dlp-sensor
string
no description
endpoint-compliance
string
    Choices:
  • disable
  • enable
no description
groups
string
no description
icap-profile
string
no description
id
integer
no description
ips-sensor
string
no description
logtraffic
string
    Choices:
  • disable
  • enable
  • all
  • utm
no description
mms-profile
string
no description
per-ip-shaper
string
no description
profile-group
string
no description
profile-protocol-options
string
no description
profile-type
string
    Choices:
  • single
  • group
no description
replacemsg-group
string
no description
schedule
string
no description
send-deny-packet
string
    Choices:
  • disable
  • enable
no description
service
string
no description
service-negate
string
    Choices:
  • disable
  • enable
no description
spamfilter-profile
string
no description
sslvpn-portal
string
no description
sslvpn-realm
string
no description
traffic-shaper
string
no description
traffic-shaper-reverse
string
no description
utm-status
string
    Choices:
  • disable
  • enable
no description
voip-profile
string
no description
webfilter-profile
string
no description
identity-from
string
    Choices:
  • auth
  • device
no description
inbound
string
    Choices:
  • disable
  • enable
no description
inspection-mode
string
    Choices:
  • proxy
  • flow
no description
ippool
string
    Choices:
  • disable
  • enable
no description
ips-sensor
string
no description
label
string
no description
logtraffic
string
    Choices:
  • disable
  • enable
  • all
  • utm
no description
logtraffic-start
string
    Choices:
  • disable
  • enable
no description
mms-profile
string
no description
name
string
no description
nat
string
    Choices:
  • disable
  • enable
no description
natinbound
string
    Choices:
  • disable
  • enable
no description
natoutbound
string
    Choices:
  • disable
  • enable
no description
np-accelation
string
    Choices:
  • disable
  • enable
no description
np-acceleration
string
    Choices:
  • disable
  • enable
no description
outbound
string
    Choices:
  • disable
  • enable
no description
per-ip-shaper
string
no description
policy-offload
string
    Choices:
  • disable
  • enable
no description
policyid
integer
no description
poolname
string
no description
profile-group
string
no description
profile-protocol-options
string
no description
profile-type
string
    Choices:
  • single
  • group
no description
replacemsg-group
string
no description
replacemsg-override-group
string
no description
rsso
string
    Choices:
  • disable
  • enable
no description
schedule
string
no description
send-deny-packet
string
    Choices:
  • disable
  • enable
no description
service
string
no description
service-negate
string
    Choices:
  • disable
  • enable
no description
session-ttl
integer
no description
spamfilter-profile
string
no description
srcaddr
string
no description
srcaddr-negate
string
    Choices:
  • disable
  • enable
no description
srcintf
string
no description
ssh-filter-profile
string
no description
ssh-policy-redirect
string
    Choices:
  • disable
  • enable
no description
ssl-mirror
string
    Choices:
  • disable
  • enable
no description
ssl-mirror-intf
string
no description
ssl-ssh-profile
string
no description
sslvpn-auth
string
    Choices:
  • any
  • local
  • radius
  • ldap
  • tacacs+
no description
sslvpn-ccert
string
    Choices:
  • disable
  • enable
no description
sslvpn-cipher
string
    Choices:
  • any
  • high
  • medium
no description
status
string
    Choices:
  • disable
  • enable
no description
tags
string
no description
tcp-mss-receiver
integer
no description
tcp-mss-sender
integer
no description
tcp-session-without-syn
string
    Choices:
  • all
  • data-only
  • disable
no description
timeout-send-rst
string
    Choices:
  • disable
  • enable
no description
tos
string
no description
tos-mask
string
no description
tos-negate
string
    Choices:
  • disable
  • enable
no description
traffic-shaper
string
no description
traffic-shaper-reverse
string
no description
url-category
string
no description
users
string
no description
utm-inspection-mode
string
    Choices:
  • proxy
  • flow
no description
utm-status
string
    Choices:
  • disable
  • enable
no description
uuid
string
no description
vlan-cos-fwd
integer
no description
vlan-cos-rev
integer
no description
vlan-filter
string
no description
voip-profile
string
no description
vpntunnel
string
no description
waf-profile
string
no description
webcache
string
    Choices:
  • disable
  • enable
no description
webcache-https
string
    Choices:
  • disable
  • enable
no description
webfilter-profile
string
no description
webproxy-forward-server
string
no description
webproxy-profile
string
no description
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure IPv6 header policies.
     fmgr_pkg_header_policy6:
        bypass_validation: False
        pkg: ansible
        state: present
        pkg_header_policy6:
           action: accept #<value in [deny, accept, ipsec, ...]>
           comments: ansible-comment
           dstaddr: gall
           dstintf: any
           name: ansible-test2-header
           policyid: 1073741827 # must larger than 2^30(1074741824), since header/footer policy is a special policy
           schedule: galways
           service: gALL
           srcaddr: gall
           srcintf: any
           status: enable

- name: gathering fortimanager facts
  hosts: fortimanager00
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortimanager
  vars:
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443
  tasks:
   - name: retrieve all the IPv6 header policies
     fmgr_fact:
       facts:
           selector: 'pkg_header_policy6'
           params:
               pkg: 'ansible'
               policy6: ''

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)