community.network.fmgr_fwobj_service – Manages FortiManager Firewall Service Objects.

From Get docs
Ansible/docs/2.10/collections/community/network/fmgr fwobj service module


community.network.fmgr_fwobj_service – Manages FortiManager Firewall Service Objects.

Note

This plugin is part of the community.network collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.fmgr_fwobj_service.


Synopsis

  • Manages FortiManager Firewall Service Objects.

Parameters

Parameter Choices/Defaults Comments

adom

string

Default:

"root"

-The ADOM the configuration should belong to.

app_category

string

Application category ID.

app_service_type

string

Application service type.

application

string

Application ID.

category

string

Service category.

check_reset_range

string

Enable disable RST check.

color

string

Default:

22

GUI icon color.

comment

string

Comment.

custom_type

string

  • tcp_udp_sctp
  • icmp
  • icmp6
  • ip
  • http
  • ftp
  • connect
  • socks_tcp
  • socks_udp
  • all

Tells module what kind of custom service to be added.

explicit_proxy

string

  • enable
  • disable

Enable/disable explicit web proxy service.

fqdn

string

Default:

""

Fully qualified domain name.

group_member

string

Comma-Seperated list of members' names.

group_name

string

Name of the Service Group.

icmp_code

string

ICMP code.

icmp_type

string

ICMP type.

iprange

string

Default:

"0.0.0.0"

Start IP-End IP.

mode

string

  • add

  • set
  • delete

Sets one of three modes for managing the object.

name

string

Custom service name.

object_type

string

  • custom
  • group
  • category

Tells module if we are adding a custom service, category, or group.

protocol

string

Protocol type.

protocol_number

string

IP protocol number.

sctp_portrange

string

Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80').

Syntax is

If no sourcePort is defined, it assumes all of them.

Ranges can be defined with a hyphen -

Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).

String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').

session_ttl

string

Default:

0

Session TTL (300 - 604800, 0 = default).

tcp_halfclose_timer

string

Default:

0

TCP half close timeout (1 - 86400 sec, 0 = default).

tcp_halfopen_timer

string

Default:

0

TCP half close timeout (1 - 86400 sec, 0 = default).

tcp_portrange

string

Comma separated list of destination ports to add (i.e. '443,80').

Syntax is

If no sourcePort is defined, it assumes all of them.

Ranges can be defined with a hyphen -

Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).

String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').

tcp_timewait_timer

string

Default:

0

TCP half close timeout (1 - 300 sec, 0 = default).

udp_idle_timer

string

Default:

0

TCP half close timeout (0 - 86400 sec, 0 = default).

udp_portrange

string

Comma separated list of destination ports to add (i.e. '443,80').

Syntax is

If no sourcePort is defined, it assumes all of them.

Ranges can be defined with a hyphen -

Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).

String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').

visibility

string

  • enable

  • disable

Enable/disable service visibility.



Notes

Examples

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

api_result

string

always

full API response, includes status code and message





Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/fmgr_fwobj_service_module.html