fortinet.fortimanager.fmgr_application_list – Configure application control lists.
fortinet.fortimanager.fmgr_application_list – Configure application control lists.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_application_list
.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
adom string / required |
the parameter (adom) in requested url | ||||
application_list dictionary |
the top level parameters set | ||||
app-replacemsg string |
|
Enable/disable replacement messages for blocked applications. | |||
comment string |
comments | ||||
deep-app-inspection string |
|
Enable/disable deep application inspection. | |||
entries list / elements=string |
no description | ||||
action string |
|
Pass or block traffic, or reset connection for traffic from this application. | |||
application integer |
no description | ||||
behavior string |
no description | ||||
category string |
Category ID list. | ||||
id integer |
Entry ID. | ||||
log string |
|
Enable/disable logging for this application list. | |||
log-packet string |
|
Enable/disable packet logging. | |||
parameters list / elements=string |
no description | ||||
id integer |
Parameter ID. | ||||
value string |
Parameter value. | ||||
per-ip-shaper string |
Per-IP traffic shaper. | ||||
popularity list / elements=string |
|
no description | |||
protocols string |
no description | ||||
quarantine string |
|
Quarantine method. | |||
quarantine-expiry string |
Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to ... | ||||
quarantine-log string |
|
Enable/disable quarantine logging. | |||
rate-count integer |
Count of the rate. | ||||
rate-duration integer |
Duration (sec) of the rate. | ||||
rate-mode string |
|
Rate limit mode. | |||
rate-track string |
|
Track the packet protocol field. | |||
risk integer |
no description | ||||
session-ttl integer |
Session TTL (0 = default). | ||||
shaper string |
Traffic shaper. | ||||
shaper-reverse string |
Reverse traffic shaper. | ||||
sub-category integer |
no description | ||||
technology string |
no description | ||||
vendor string |
no description | ||||
extended-log string |
|
Enable/disable extended logging. | |||
name string |
List name. | ||||
options list / elements=string |
|
no description | |||
other-application-action string |
|
Action for other applications. | |||
other-application-log string |
|
Enable/disable logging for other applications. | |||
p2p-black-list list / elements=string |
|
no description | |||
replacemsg-group string |
Replacement message group. | ||||
unknown-application-action string |
|
Pass or block traffic from unknown applications. | |||
unknown-application-log string |
|
Enable/disable logging for unknown applications. | |||
bypass_validation boolean |
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
rc_failed list / elements=string |
the rc codes list with which the conditions to fail will be overriden | ||||
rc_succeeded list / elements=string |
the rc codes list with which the conditions to succeed will be overriden | ||||
state string / required |
|
the directive to create, update or delete an object | |||
workspace_locking_adom string |
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
workspace_locking_timeout integer |
Default: 300 |
the maximum time in seconds to wait for other user to release the workspace lock |
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure application control lists.
fmgr_application_list:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
application_list:
app-replacemsg: <value in [disable, enable]>
comment: <value of string>
deep-app-inspection: <value in [disable, enable]>
entries:
-
action: <value in [pass, block, reset]>
application: <value of integer>
behavior: <value of string>
category: <value of string>
id: <value of integer>
log: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
parameters:
-
id: <value of integer>
value: <value of string>
per-ip-shaper: <value of string>
popularity:
- 1
- 2
- 3
- 4
- 5
protocols: <value of string>
quarantine: <value in [none, attacker]>
quarantine-expiry: <value of string>
quarantine-log: <value in [disable, enable]>
rate-count: <value of integer>
rate-duration: <value of integer>
rate-mode: <value in [periodical, continuous]>
rate-track: <value in [none, src-ip, dest-ip, ...]>
risk: <value of integer>
session-ttl: <value of integer>
shaper: <value of string>
shaper-reverse: <value of string>
sub-category: <value of integer>
technology: <value of string>
vendor: <value of string>
extended-log: <value in [disable, enable]>
name: <value of string>
options:
- allow-dns
- allow-icmp
- allow-http
- allow-ssl
- allow-quic
other-application-action: <value in [pass, block]>
other-application-log: <value in [disable, enable]>
p2p-black-list:
- skype
- edonkey
- bittorrent
replacemsg-group: <value of string>
unknown-application-action: <value in [pass, block]>
unknown-application-log: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
request_url string |
always |
The full url requested
Sample: /sys/login/user |
response_code integer |
always |
The status of api request
|
response_message string |
always |
The descriptive message of the api response
Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_application_list_module.html