fortinet.fortios.fortios_firewall_mms_profile – Configure MMS profiles in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_firewall_mms_profile.

New in version 2.10: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter Choices/Defaults Comments
access_token
string
Token-based authentication. Generated from GUI of Fortigate.
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task.
firewall_mms_profile
dictionary
Configure MMS profiles.
avnotificationtable
integer
AntiVirus notification table ID. Source antivirus.notification.id.
bwordtable
integer
MMS banned word table ID. Source webfilter.content.id.
carrier_endpoint_prefix
string
    Choices:
  • enable
  • disable
Enable/disable prefixing of end point values.
carrier_endpoint_prefix_range_max
integer
Maximum length of end point value that can be prefixed (1 - 48).
carrier_endpoint_prefix_range_min
integer
Minimum end point length to be prefixed (1 - 48).
carrier_endpoint_prefix_string
string
String with which to prefix End point values.
carrierendpointbwltable
integer
Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id.
comment
string
Comment.
dupe
list / elements=string
Duplicate configuration.
action1
list / elements=string
    Choices:
  • block
  • archive
  • log
  • archive-first
  • alert-notif
Action to take when threshold reached.
action2
list / elements=string
    Choices:
  • block
  • archive
  • log
  • archive-first
  • alert-notif
Action to take when threshold reached.
action3
list / elements=string
    Choices:
  • block
  • archive
  • log
  • archive-first
  • alert-notif
Action to take when threshold reached.
block_time1
integer
Duration for which action takes effect (0 - 35791 min).
block_time2
integer
Duration for which action takes effect (0 - 35791 min).
block_time3
integer
Duration action takes effect (0 - 35791 min).
limit1
integer
Maximum number of messages allowed.
limit2
integer
Maximum number of messages allowed.
limit3
integer
Maximum number of messages allowed.
protocol
string / required
Protocol.
status1
string
    Choices:
  • enable
  • disable
Enable/disable status1 detection.
status2
string
    Choices:
  • enable
  • disable
Enable/disable status2 detection.
status3
string
    Choices:
  • enable
  • disable
Enable/disable status3 detection.
window1
integer
Window to count messages over (1 - 2880 min).
window2
integer
Window to count messages over (1 - 2880 min).
window3
integer
Window to count messages over (1 - 2880 min).
extended_utm_log
string
Enable/disable detailed UTM log messages.
flood
list / elements=string
Flood configuration.
action1
list / elements=string
    Choices:
  • block
  • archive
  • log
  • archive-first
  • alert-notif
Action to take when threshold reached.
action2
list / elements=string
    Choices:
  • block
  • archive
  • log
  • archive-first
  • alert-notif
Action to take when threshold reached.
action3
list / elements=string
    Choices:
  • block
  • archive
  • log
  • archive-first
  • alert-notif
Action to take when threshold reached.
block_time1
integer
Duration for which action takes effect (0 - 35791 min).
block_time2
integer
Duration for which action takes effect (0 - 35791 min).
block_time3
integer
Duration action takes effect (0 - 35791 min).
limit1
integer
Maximum number of messages allowed.
limit2
integer
Maximum number of messages allowed.
limit3
integer
Maximum number of messages allowed.
protocol
string / required
Protocol.
status1
string
    Choices:
  • enable
  • disable
Enable/disable status1 detection.
status2
string
    Choices:
  • enable
  • disable
Enable/disable status2 detection.
status3
string
    Choices:
  • enable
  • disable
Enable/disable status3 detection.
window1
integer
Window to count messages over (1 - 2880 min).
window2
integer
Window to count messages over (1 - 2880 min).
window3
integer
Window to count messages over (1 - 2880 min).
mm1
list / elements=string
    Choices:
  • avmonitor
  • oversize
  • quarantine
  • scan
  • bannedword
  • chunkedbypass
  • clientcomfort
  • servercomfort
  • carrier-endpoint-bwl
  • remove-blocked
  • mms-checksum
MM1 options.
mm1_addr_hdr
string
HTTP header field (for MM1) containing user address.
mm1_addr_source
string
    Choices:
  • http-header
  • cookie
Source for MM1 user address.
mm1_convert_hex
string
    Choices:
  • enable
  • disable
Enable/disable converting user address from HEX string for MM1.
mm1_outbreak_prevention
string
    Choices:
  • disabled
  • files
  • full-archive
Enable FortiGuard Virus Outbreak Prevention service.
mm1_retr_dupe
string
    Choices:
  • enable
  • disable
Enable/disable duplicate scanning of MM1 retr.
mm1_retrieve_scan
string
    Choices:
  • enable
  • disable
Enable/disable scanning on MM1 retrieve configuration messages.
mm1comfortamount
integer
MM1 comfort amount (0 - 4294967295).
mm1comfortinterval
integer
MM1 comfort interval (0 - 4294967295).
mm1oversizelimit
integer
Maximum file size to scan (1 - 819200 kB).
mm3
list / elements=string
    Choices:
  • avmonitor
  • oversize
  • quarantine
  • scan
  • bannedword
  • fragmail
  • splice
  • carrier-endpoint-bwl
  • remove-blocked
  • mms-checksum
MM3 options.
mm3_outbreak_prevention
string
    Choices:
  • disabled
  • files
  • full-archive
Enable FortiGuard Virus Outbreak Prevention service.
mm3oversizelimit
integer
Maximum file size to scan (1 - 819200 kB).
mm4
list / elements=string
    Choices:
  • avmonitor
  • oversize
  • quarantine
  • scan
  • bannedword
  • fragmail
  • splice
  • carrier-endpoint-bwl
  • remove-blocked
  • mms-checksum
MM4 options.
mm4_outbreak_prevention
string
    Choices:
  • disabled
  • files
  • full-archive
Enable FortiGuard Virus Outbreak Prevention service.
mm4oversizelimit
integer
Maximum file size to scan (1 - 819200 kB).
mm7
list / elements=string
    Choices:
  • avmonitor
  • oversize
  • quarantine
  • scan
  • bannedword
  • chunkedbypass
  • clientcomfort
  • servercomfort
  • carrier-endpoint-bwl
  • remove-blocked
  • mms-checksum
MM7 options.
mm7_addr_hdr
string
HTTP header field (for MM7) containing user address.
mm7_addr_source
string
    Choices:
  • http-header
  • cookie
Source for MM7 user address.
mm7_convert_hex
string
    Choices:
  • enable
  • disable
Enable/disable conversion of user address from HEX string for MM7.
mm7_outbreak_prevention
string
    Choices:
  • disabled
  • files
  • full-archive
Enable FortiGuard Virus Outbreak Prevention service.
mm7comfortamount
integer
MM7 comfort amount (0 - 4294967295).
mm7comfortinterval
integer
MM7 comfort interval (0 - 4294967295).
mm7oversizelimit
integer
Maximum file size to scan (1 - 819200 kB).
mms_antispam_mass_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS antispam mass.
mms_av_block_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS antivirus file blocking.
mms_av_oversize_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS antivirus oversize file blocking.
mms_av_virus_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS antivirus scanning.
mms_carrier_endpoint_filter_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS end point filter blocking.
mms_checksum_log
string
    Choices:
  • enable
  • disable
Enable/disable MMS content checksum logging.
mms_checksum_table
integer
MMS content checksum table ID. Source antivirus.mms-checksum.id.
mms_notification_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS notification messages.
mms_web_content_log
string
    Choices:
  • enable
  • disable
Enable/disable logging for MMS web content blocking.
mmsbwordthreshold
integer
MMS banned word threshold.
name
string / required
Profile name.
notif_msisdn
list / elements=string
Notification for MSISDNs.
msisdn
string / required
Recipient MSISDN.
threshold
string
    Choices:
  • flood-thresh-1
  • flood-thresh-2
  • flood-thresh-3
  • dupe-thresh-1
  • dupe-thresh-2
  • dupe-thresh-3
Thresholds on which this MSISDN will receive an alert.
notification
list / elements=string
Notification configuration.
alert_int
integer
Alert notification send interval.
alert_int_mode
string
    Choices:
  • hours
  • minutes
Alert notification interval mode.
alert_src_msisdn
string
Specify from address for alert messages.
alert_status
string
    Choices:
  • enable
  • disable
Alert notification status.
bword_int
integer
Banned word notification send interval.
bword_int_mode
string
    Choices:
  • hours
  • minutes
Banned word notification interval mode.
bword_status
string
    Choices:
  • enable
  • disable
Banned word notification status.
carrier_endpoint_bwl_int
integer
Carrier end point black/white list notification send interval.
carrier_endpoint_bwl_int_mode
string
    Choices:
  • hours
  • minutes
Carrier end point black/white list notification interval mode.
carrier_endpoint_bwl_status
string
    Choices:
  • enable
  • disable
Carrier end point black/white list notification status.
days_allowed
list / elements=string
    Choices:
  • sunday
  • monday
  • tuesday
  • wednesday
  • thursday
  • friday
  • saturday
Weekdays on which notification messages may be sent.
detect_server
string
    Choices:
  • enable
  • disable
Enable/disable automatic server address determination.
dupe_int
integer
Duplicate notification send interval.
dupe_int_mode
string
    Choices:
  • hours
  • minutes
Duplicate notification interval mode.
dupe_status
string
    Choices:
  • enable
  • disable
Duplicate notification status.
file_block_int
integer
File block notification send interval.
file_block_int_mode
string
    Choices:
  • hours
  • minutes
File block notification interval mode.
file_block_status
string
    Choices:
  • enable
  • disable
File block notification status.
flood_int
integer
Flood notification send interval.
flood_int_mode
string
    Choices:
  • hours
  • minutes
Flood notification interval mode.
flood_status
string
    Choices:
  • enable
  • disable
Flood notification status.
from_in_header
string
    Choices:
  • enable
  • disable
Enable/disable insertion of from address in HTTP header.
mms_checksum_int
integer
MMS checksum notification send interval.
mms_checksum_int_mode
string
    Choices:
  • hours
  • minutes
MMS checksum notification interval mode.
mms_checksum_status
string
    Choices:
  • enable
  • disable
MMS checksum notification status.
mmsc_hostname
string
Host name or IP address of the MMSC.
mmsc_password
string
Password required for authentication with the MMSC.
mmsc_port
integer
Port used on the MMSC for sending MMS messages (1 - 65535).
mmsc_url
string
URL used on the MMSC for sending MMS messages.
mmsc_username
string
User name required for authentication with the MMSC.
msg_protocol
string
    Choices:
  • mm1
  • mm3
  • mm4
  • mm7
Protocol to use for sending notification messages.
msg_type
string
    Choices:
  • submit-req
  • deliver-req
MM7 message type.
protocol
string / required
Protocol.
rate_limit
integer
Rate limit for sending notification messages (0 - 250).
tod_window_duration
string
Time of day window duration.
tod_window_end
string
Obsolete.
tod_window_start
string
Time of day window start.
user_domain
string
Domain name to which the user addresses belong.
vas_id
string
VAS identifier.
vasp_id
string
VASP identifier.
virus_int
integer
Virus notification send interval.
virus_int_mode
string
    Choices:
  • hours
  • minutes
Virus notification interval mode.
virus_status
string
    Choices:
  • enable
  • disable
Virus notification status.
outbreak_prevention
dictionary
Configure Virus Outbreak Prevention settings.
external_blocklist
string
    Choices:
  • disable
  • enable
Enable/disable external malware blocklist.
ftgd_service
string
    Choices:
  • disable
  • enable
Enable/disable FortiGuard Virus outbreak prevention service.
remove_blocked_const_length
string
    Choices:
  • enable
  • disable
Enable/disable MMS replacement of blocked file constant length.
replacemsg_group
string
Replacement message group. Source system.replacemsg-group.name.
state
string / required
    Choices:
  • present
  • absent
Indicates whether to create or remove the object.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure MMS profiles.
    fortios_firewall_mms_profile:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      firewall_mms_profile:
        avnotificationtable: "3 (source antivirus.notification.id)"
        bwordtable: "4 (source webfilter.content.id)"
        carrier_endpoint_prefix: "enable"
        carrier_endpoint_prefix_range_max: "6"
        carrier_endpoint_prefix_range_min: "7"
        carrier_endpoint_prefix_string: "<your_own_value>"
        carrierendpointbwltable: "9 (source firewall.carrier-endpoint-bwl.id)"
        comment: "Comment."
        dupe:
         -
            action1: "block"
            action2: "block"
            action3: "block"
            block_time1: "15"
            block_time2: "16"
            block_time3: "17"
            limit1: "18"
            limit2: "19"
            limit3: "20"
            protocol: "<your_own_value>"
            status1: "enable"
            status2: "enable"
            status3: "enable"
            window1: "25"
            window2: "26"
            window3: "27"
        extended_utm_log: "<your_own_value>"
        flood:
         -
            action1: "block"
            action2: "block"
            action3: "block"
            block_time1: "33"
            block_time2: "34"
            block_time3: "35"
            limit1: "36"
            limit2: "37"
            limit3: "38"
            protocol: "<your_own_value>"
            status1: "enable"
            status2: "enable"
            status3: "enable"
            window1: "43"
            window2: "44"
            window3: "45"
        mm1: "avmonitor"
        mm1_addr_hdr: "<your_own_value>"
        mm1_addr_source: "http-header"
        mm1_convert_hex: "enable"
        mm1_outbreak_prevention: "disabled"
        mm1_retr_dupe: "enable"
        mm1_retrieve_scan: "enable"
        mm1comfortamount: "53"
        mm1comfortinterval: "54"
        mm1oversizelimit: "55"
        mm3: "avmonitor"
        mm3_outbreak_prevention: "disabled"
        mm3oversizelimit: "58"
        mm4: "avmonitor"
        mm4_outbreak_prevention: "disabled"
        mm4oversizelimit: "61"
        mm7: "avmonitor"
        mm7_addr_hdr: "<your_own_value>"
        mm7_addr_source: "http-header"
        mm7_convert_hex: "enable"
        mm7_outbreak_prevention: "disabled"
        mm7comfortamount: "67"
        mm7comfortinterval: "68"
        mm7oversizelimit: "69"
        mms_antispam_mass_log: "enable"
        mms_av_block_log: "enable"
        mms_av_oversize_log: "enable"
        mms_av_virus_log: "enable"
        mms_carrier_endpoint_filter_log: "enable"
        mms_checksum_log: "enable"
        mms_checksum_table: "76 (source antivirus.mms-checksum.id)"
        mms_notification_log: "enable"
        mms_web_content_log: "enable"
        mmsbwordthreshold: "79"
        name: "default_name_80"
        notif_msisdn:
         -
            msisdn: "<your_own_value>"
            threshold: "flood-thresh-1"
        notification:
         -
            alert_int: "85"
            alert_int_mode: "hours"
            alert_src_msisdn: "<your_own_value>"
            alert_status: "enable"
            bword_int: "89"
            bword_int_mode: "hours"
            bword_status: "enable"
            carrier_endpoint_bwl_int: "92"
            carrier_endpoint_bwl_int_mode: "hours"
            carrier_endpoint_bwl_status: "enable"
            days_allowed: "sunday"
            detect_server: "enable"
            dupe_int: "97"
            dupe_int_mode: "hours"
            dupe_status: "enable"
            file_block_int: "100"
            file_block_int_mode: "hours"
            file_block_status: "enable"
            flood_int: "103"
            flood_int_mode: "hours"
            flood_status: "enable"
            from_in_header: "enable"
            mms_checksum_int: "107"
            mms_checksum_int_mode: "hours"
            mms_checksum_status: "enable"
            mmsc_hostname: "myhostname"
            mmsc_password: "<your_own_value>"
            mmsc_port: "112"
            mmsc_url: "<your_own_value>"
            mmsc_username: "<your_own_value>"
            msg_protocol: "mm1"
            msg_type: "submit-req"
            protocol: "<your_own_value>"
            rate_limit: "118"
            tod_window_duration: "<your_own_value>"
            tod_window_end: "<your_own_value>"
            tod_window_start: "<your_own_value>"
            user_domain: "<your_own_value>"
            vas_id: "<your_own_value>"
            vasp_id: "<your_own_value>"
            virus_int: "125"
            virus_int_mode: "hours"
            virus_status: "enable"
        outbreak_prevention:
            external_blocklist: "disable"
            ftgd_service: "disable"
        remove_blocked_const_length: "enable"
        replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)