fmgr_secprof_ips – Managing IPS security profiles in FortiManager
New in version 2.8.
Synopsis
- Managing IPS security profiles in FortiManager
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
adom - | Default: "root" | The ADOM the configuration should belong to. |
block_malicious_url - |
| Enable/disable malicious URL blocking. |
comment - | Comment. | |
entries - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
entries_action - |
| Action taken with traffic in which signatures are detected. |
entries_application - | Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. | |
entries_exempt_ip_dst_ip - | Destination IP address and netmask. | |
entries_exempt_ip_src_ip - | Source IP address and netmask. | |
entries_location - | Protect client or server traffic. | |
entries_log - |
| Enable/disable logging of signatures included in filter. |
entries_log_attack_context - |
| Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer. |
entries_log_packet - |
| Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. |
entries_os - | Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. | |
entries_protocol - | Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. | |
entries_quarantine - |
| Quarantine method. |
entries_quarantine_expiry - | Duration of quarantine. | |
entries_quarantine_log - |
| Enable/disable quarantine logging. |
entries_rate_count - | Count of the rate. | |
entries_rate_duration - | Duration (sec) of the rate. | |
entries_rate_mode - |
| Rate limit mode. |
entries_rate_track - |
| Track the packet protocol field. |
entries_rule - | Identifies the predefined or custom IPS signatures to add to the sensor. | |
entries_severity - | Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. | |
entries_status - |
| Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. |
extended_log - |
| Enable/disable extended logging. |
filter - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
filter_action - |
| Action of selected rules. |
filter_application - | Vulnerable application filter. | |
filter_location - | Vulnerability location filter. | |
filter_log - |
| Enable/disable logging of selected rules. |
filter_log_packet - |
| Enable/disable packet logging of selected rules. |
filter_name - | Filter name. | |
filter_os - | Vulnerable OS filter. | |
filter_protocol - | Vulnerable protocol filter. | |
filter_quarantine - |
| Quarantine IP or interface. |
filter_quarantine_expiry - | Duration of quarantine in minute. | |
filter_quarantine_log - |
| Enable/disable logging of selected quarantine. |
filter_severity - | Vulnerability severity filter. | |
filter_status - |
| Selected rules status. |
mode - |
| Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values |
name - | Sensor name. | |
override - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
override_action - |
| Action of override rule. |
override_exempt_ip_dst_ip - | Destination IP address and netmask. | |
override_exempt_ip_src_ip - | Source IP address and netmask. | |
override_log - |
| Enable/disable logging. |
override_log_packet - |
| Enable/disable packet logging. |
override_quarantine - |
| Quarantine IP or interface. |
override_quarantine_expiry - | Duration of quarantine in minute. | |
override_quarantine_log - |
| Enable/disable logging of selected quarantine. |
override_rule_id - | Override rule ID. | |
override_status - |
| Enable/disable status of override rule. |
replacemsg_group - | Replacement message group. |
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile fmgr_secprof_ips: name: "Ansible_IPS_Profile" comment: "Created by Ansible Module TEST" mode: "delete" - name: CREATE Profile fmgr_secprof_ips: name: "Ansible_IPS_Profile" comment: "Created by Ansible Module TEST" mode: "set" block_malicious_url: "enable" entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
api_result string | always | full API response, includes status code and message |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_secprof_ips_module.html