community.network.fmgr_fwobj_service – Manages FortiManager Firewall Service Objects.

Note

This plugin is part of the community.network collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.fmgr_fwobj_service.

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

Manages FortiManager Firewall Service Objects.

Parameters

Parameter	Choices/Defaults	Comments
adom string	Default: "root"	-The ADOM the configuration should belong to.
app_category string		Application category ID.
app_service_type string		Application service type.
application string		Application ID.
category string		Service category.
check_reset_range string		Enable disable RST check.
color string	Default: 22	GUI icon color.
comment string		Comment.
custom_type string	Choices: tcp_udp_sctp icmp icmp6 ip http ftp connect socks_tcp socks_udp all ←	Tells module what kind of custom service to be added.
explicit_proxy string	Choices: enable disable ←	Enable/disable explicit web proxy service.
fqdn string	Default: ""	Fully qualified domain name.
group_member string		Comma-Seperated list of members' names.
group_name string		Name of the Service Group.
icmp_code string		ICMP code.
icmp_type string		ICMP type.
iprange string	Default: "0.0.0.0"	Start IP-End IP.
mode string	Choices: add ← set delete	Sets one of three modes for managing the object.
name string		Custom service name.
object_type string	Choices: custom group category	Tells module if we are adding a custom service, category, or group.
protocol string		Protocol type.
protocol_number string		IP protocol number.
sctp_portrange string		Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80'). Syntax is <destPort:sourcePort> If no sourcePort is defined, it assumes all of them. Ranges can be defined with a hyphen - Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000). String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
session_ttl string	Default: 0	Session TTL (300 - 604800, 0 = default).
tcp_halfclose_timer string	Default: 0	TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_halfopen_timer string	Default: 0	TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_portrange string		Comma separated list of destination ports to add (i.e. '443,80'). Syntax is <destPort:sourcePort> If no sourcePort is defined, it assumes all of them. Ranges can be defined with a hyphen - Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000). String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
tcp_timewait_timer string	Default: 0	TCP half close timeout (1 - 300 sec, 0 = default).
udp_idle_timer string	Default: 0	TCP half close timeout (0 - 86400 sec, 0 = default).
udp_portrange string		Comma separated list of destination ports to add (i.e. '443,80'). Syntax is <destPort:sourcePort> If no sourcePort is defined, it assumes all of them. Ranges can be defined with a hyphen - Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000). String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
visibility string	Choices: enable ← disable	Enable/disable service visibility.

Notes

Note

Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Authors

Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/fmgr_fwobj_service_module.html