community.fortios.fmgr_secprof_ips – Managing IPS security profiles in FortiManager
Note
This plugin is part of the community.fortios collection (version 1.0.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.fortios
.
To use it in a playbook, specify: community.fortios.fmgr_secprof_ips
.
Synopsis
- Managing IPS security profiles in FortiManager
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
adom string | Default: "root" | The ADOM the configuration should belong to. |
block_malicious_url string |
| Enable/disable malicious URL blocking. |
comment string | Comment. | |
entries string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
entries_action string |
| Action taken with traffic in which signatures are detected. |
entries_application string | Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. | |
entries_exempt_ip_dst_ip string | Destination IP address and netmask. | |
entries_exempt_ip_src_ip string | Source IP address and netmask. | |
entries_location string | Protect client or server traffic. | |
entries_log string |
| Enable/disable logging of signatures included in filter. |
entries_log_attack_context string |
| Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer. |
entries_log_packet string |
| Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. |
entries_os string | Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. | |
entries_protocol string | Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. | |
entries_quarantine string |
| Quarantine method. |
entries_quarantine_expiry string | Duration of quarantine. | |
entries_quarantine_log string |
| Enable/disable quarantine logging. |
entries_rate_count string | Count of the rate. | |
entries_rate_duration string | Duration (sec) of the rate. | |
entries_rate_mode string |
| Rate limit mode. |
entries_rate_track string |
| Track the packet protocol field. |
entries_rule string | Identifies the predefined or custom IPS signatures to add to the sensor. | |
entries_severity string | Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. | |
entries_status string |
| Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. |
extended_log string |
| Enable/disable extended logging. |
filter string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
filter_action string |
| Action of selected rules. |
filter_application string | Vulnerable application filter. | |
filter_location string | Vulnerability location filter. | |
filter_log string |
| Enable/disable logging of selected rules. |
filter_log_packet string |
| Enable/disable packet logging of selected rules. |
filter_name string | Filter name. | |
filter_os string | Vulnerable OS filter. | |
filter_protocol string | Vulnerable protocol filter. | |
filter_quarantine string |
| Quarantine IP or interface. |
filter_quarantine_expiry string | Duration of quarantine in minute. | |
filter_quarantine_log string |
| Enable/disable logging of selected quarantine. |
filter_severity string | Vulnerability severity filter. | |
filter_status string |
| Selected rules status. |
mode string |
| Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values |
name string | Sensor name. | |
override string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
override_action string |
| Action of override rule. |
override_exempt_ip_dst_ip string | Destination IP address and netmask. | |
override_exempt_ip_src_ip string | Source IP address and netmask. | |
override_log string |
| Enable/disable logging. |
override_log_packet string |
| Enable/disable packet logging. |
override_quarantine string |
| Quarantine IP or interface. |
override_quarantine_expiry string | Duration of quarantine in minute. | |
override_quarantine_log string |
| Enable/disable logging of selected quarantine. |
override_rule_id string | Override rule ID. | |
override_status string |
| Enable/disable status of override rule. |
replacemsg_group string | Replacement message group. |
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile community.fortios.fmgr_secprof_ips: name: "Ansible_IPS_Profile" comment: "Created by Ansible Module TEST" mode: "delete" - name: CREATE Profile community.fortios.fmgr_secprof_ips: name: "Ansible_IPS_Profile" comment: "Created by Ansible Module TEST" mode: "set" block_malicious_url: "enable" entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
api_result string | always | full API response, includes status code and message |
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/fortios/fmgr_secprof_ips_module.html