community.fortios.fmgr_secprof_ips – Managing IPS security profiles in FortiManager

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_secprof_ips.

Synopsis

  • Managing IPS security profiles in FortiManager

Parameters

Parameter Choices/Defaults Comments
adom
string
Default:
"root"
The ADOM the configuration should belong to.
block_malicious_url
string
    Choices:
  • disable
  • enable
Enable/disable malicious URL blocking.
comment
string
Comment.
entries
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
entries_action
string
    Choices:
  • pass
  • block
  • reset
  • default
Action taken with traffic in which signatures are detected.
entries_application
string
Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.
entries_exempt_ip_dst_ip
string
Destination IP address and netmask.
entries_exempt_ip_src_ip
string
Source IP address and netmask.
entries_location
string
Protect client or server traffic.
entries_log
string
    Choices:
  • disable
  • enable
Enable/disable logging of signatures included in filter.
entries_log_attack_context
string
    Choices:
  • disable
  • enable
Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer.
entries_log_packet
string
    Choices:
  • disable
  • enable
Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.
entries_os
string
Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.
entries_protocol
string
Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.
entries_quarantine
string
    Choices:
  • none
  • attacker
Quarantine method.
entries_quarantine_expiry
string
Duration of quarantine.
entries_quarantine_log
string
    Choices:
  • disable
  • enable
Enable/disable quarantine logging.
entries_rate_count
string
Count of the rate.
entries_rate_duration
string
Duration (sec) of the rate.
entries_rate_mode
string
    Choices:
  • periodical
  • continuous
Rate limit mode.
entries_rate_track
string
    Choices:
  • none
  • src-ip
  • dest-ip
  • dhcp-client-mac
  • dns-domain
Track the packet protocol field.
entries_rule
string
Identifies the predefined or custom IPS signatures to add to the sensor.
entries_severity
string
Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.
entries_status
string
    Choices:
  • disable
  • enable
  • default
Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.
extended_log
string
    Choices:
  • disable
  • enable
Enable/disable extended logging.
filter
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
filter_action
string
    Choices:
  • pass
  • block
  • default
  • reset
Action of selected rules.
filter_application
string
Vulnerable application filter.
filter_location
string
Vulnerability location filter.
filter_log
string
    Choices:
  • disable
  • enable
Enable/disable logging of selected rules.
filter_log_packet
string
    Choices:
  • disable
  • enable
Enable/disable packet logging of selected rules.
filter_name
string
Filter name.
filter_os
string
Vulnerable OS filter.
filter_protocol
string
Vulnerable protocol filter.
filter_quarantine
string
    Choices:
  • none
  • attacker
Quarantine IP or interface.
filter_quarantine_expiry
string
Duration of quarantine in minute.
filter_quarantine_log
string
    Choices:
  • disable
  • enable
Enable/disable logging of selected quarantine.
filter_severity
string
Vulnerability severity filter.
filter_status
string
    Choices:
  • disable
  • enable
  • default
Selected rules status.
mode
string
    Choices:
  • add
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
name
string
Sensor name.
override
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
override_action
string
    Choices:
  • pass
  • block
  • reset
Action of override rule.
override_exempt_ip_dst_ip
string
Destination IP address and netmask.
override_exempt_ip_src_ip
string
Source IP address and netmask.
override_log
string
    Choices:
  • disable
  • enable
Enable/disable logging.
override_log_packet
string
    Choices:
  • disable
  • enable
Enable/disable packet logging.
override_quarantine
string
    Choices:
  • none
  • attacker
Quarantine IP or interface.
override_quarantine_expiry
string
Duration of quarantine in minute.
override_quarantine_log
string
    Choices:
  • disable
  • enable
Enable/disable logging of selected quarantine.
override_rule_id
string
Override rule ID.
override_status
string
    Choices:
  • disable
  • enable
Enable/disable status of override rule.
replacemsg_group
string
Replacement message group.

Notes

Examples

- name: DELETE Profile
  community.fortios.fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  community.fortios.fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_malicious_url: "enable"
    entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/fortios/fmgr_secprof_ips_module.html