fmgr_device_provision_template – Manages Device Provisioning Templates in FortiManager

From Get docs
Ansible/docs/2.8/modules/fmgr device provision template module


fmgr_device_provision_template – Manages Device Provisioning Templates in FortiManager

New in version 2.8.


Synopsis

  • Allows the editing and assignment of device provisioning templates in FortiManager.

Parameters

Parameter Choices/Defaults Comments

admin_enable_fortiguard

-

  • none
  • direct
  • this-fmg

Enables FortiGuard security updates to their default settings.

admin_fortianalyzer_target

-

Configures faz target.

admin_fortiguard_target

-

Configures fortiguard target.

admin_enable_fortiguard must be set to "direct".

admin_gui_theme

-

  • green
  • red
  • blue
  • melongene
  • mariner

Changes the admin gui theme.

admin_http_port

-

Non-SSL admin gui port number.

admin_https_port

-

SSL admin gui port number.

admin_https_redirect

-

  • enable
  • disable

Enables or disables https redirect from http.

admin_language

-

  • english
  • simch
  • japanese
  • korean
  • spanish
  • trach
  • french
  • portuguese

Sets the admin gui language.

admin_switch_controller

-

  • enable
  • disable

Enables or disables the switch controller.

admin_timeout

-

Admin timeout in minutes.

adom

- / required

The ADOM the configuration should belong to.

delete_provisioning_template

-

If specified, all other options are ignored. The specified provisioning template will be deleted.

device_unique_name

- / required

The unique device's name that you are editing.

dns_primary_ipv4

-

primary ipv4 dns forwarder.

dns_secondary_ipv4

-

secondary ipv4 dns forwarder.

dns_suffix

-

Sets the local dns domain suffix.

mode

-

  • add

  • set
  • delete
  • update

Sets one of three modes for managing the object.

Allows use of soft-adds instead of overwriting existing values.

ntp_auth

-

  • enable
  • disable

Enables or disables ntp authentication.

ntp_auth_pwd

-

Sets the ntp auth password.

ntp_server

-

Only used with custom ntp_type -- specifies IP of server to sync to -- comma separated ip addresses for multiples.

ntp_status

-

  • enable
  • disable

Enables or disables ntp.

ntp_sync_interval

-

Sets the interval in minutes for ntp sync.

ntp_type

-

  • fortiguard
  • custom

Enables fortiguard servers or custom servers are the ntp source.

ntp_v3

-

  • enable
  • disable

Enables or disables ntpv3 (default is ntpv4).

provision_targets

- / required

The friendly names of devices in FortiManager to assign the provisioning template to. Comma separated list.

provisioning_template

- / required

The provisioning template you want to apply (default = default).

smtp_conn_sec

-

  • none
  • starttls
  • smtps

defines the ssl level for smtp.

smtp_password

-

SMTP password.

smtp_port

-

SMTP port number.

smtp_replyto

-

SMTP reply to address.

smtp_server

-

SMTP server ipv4 address.

smtp_source_ipv4

-

SMTP source ip address.

smtp_username

-

SMTP auth username.

smtp_validate_cert

-

  • enable
  • disable

Enables or disables valid certificate checking for smtp.

snmp_status

-

  • enable
  • disable

Enables or disables SNMP globally.

snmp_v2c_id

-

Primary key for the snmp community. this must be unique!

snmp_v2c_name

-

Specifies the v2c community name.

snmp_v2c_query_hosts_ipv4

-

- IPv4 addresses or subnets that are allowed to query SNMP v2c, comma separated ("10.7.220.59 255.255.255.0, 10.7.220.0 255.255.255.0").

snmp_v2c_query_port

-

Sets the snmp v2c community query port.

snmp_v2c_query_status

-

  • enable
  • disable

Enables or disables the v2c community specified for queries.

snmp_v2c_status

-

  • enable
  • disable

Enables or disables the v2c community specified.

snmp_v2c_trap_hosts_ipv4

-

- IPv4 addresses of the hosts that should get SNMP v2c traps, comma separated, must include mask ("10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255").

snmp_v2c_trap_port

-

Sets the snmp v2c community trap port.

snmp_v2c_trap_src_ipv4

-

Source ip the traps should come from IPv4.

snmp_v2c_trap_status

-

  • enable
  • disable

Enables or disables the v2c community specified for traps.

snmpv3_auth_proto

-

  • md5
  • sha

SNMPv3 auth protocol.

snmpv3_auth_pwd

-

SNMPv3 auth pwd __ currently not encrypted! ensure this file is locked down permissions wise!

snmpv3_name

-

SNMPv3 user name.

snmpv3_notify_hosts

-

List of ipv4 hosts to send snmpv3 traps to. Comma separated IPv4 list.

snmpv3_priv_proto

-

  • aes
  • des
  • aes256
  • aes256cisco

SNMPv3 priv protocol.

snmpv3_priv_pwd

-

SNMPv3 priv pwd currently not encrypted! ensure this file is locked down permissions wise!

snmpv3_queries

-

  • enable
  • disable

Allow snmpv3_queries.

snmpv3_query_port

-

SNMPv3 query port.

snmpv3_security_level

-

  • no-auth-no-priv
  • auth-no-priv
  • auth-priv

SNMPv3 security level.

snmpv3_source_ip

-

SNMPv3 source ipv4 address for traps.

snmpv3_status

-

  • enable
  • disable

SNMPv3 user is enabled or disabled.

snmpv3_trap_rport

-

SNMPv3 trap remote port.

snmpv3_trap_status

-

  • enable
  • disable

SNMPv3 traps is enabled or disabled.

syslog_certificate

-

Certificate used to communicate with Syslog server if encryption on.

syslog_enc_algorithm

-

  • high
  • low
  • disable

  • high-medium

Enable/disable reliable syslogging with TLS encryption.

choice | high | SSL communication with high encryption algorithms.

choice | low | SSL communication with low encryption algorithms.

choice | disable | Disable SSL communication.

choice | high-medium | SSL communication with high and medium encryption algorithms.

syslog_facility

-

  • kernel
  • user
  • mail
  • daemon
  • auth
  • syslog

  • lpr
  • news
  • uucp
  • cron
  • authpriv
  • ftp
  • ntp
  • audit
  • alert
  • clock
  • local0
  • local1
  • local2
  • local3
  • local4
  • local5
  • local6
  • local7

Remote syslog facility.

choice | kernel | Kernel messages.

choice | user | Random user-level messages.

choice | mail | Mail system.

choice | daemon | System daemons.

choice | auth | Security/authorization messages.

choice | syslog | Messages generated internally by syslog.

choice | lpr | Line printer subsystem.

choice | news | Network news subsystem.

choice | uucp | Network news subsystem.

choice | cron | Clock daemon.

choice | authpriv | Security/authorization messages (private).

choice | ftp | FTP daemon.

choice | ntp | NTP daemon.

choice | audit | Log audit.

choice | alert | Log alert.

choice | clock | Clock daemon.

choice | local0 | Reserved for local use.

choice | local1 | Reserved for local use.

choice | local2 | Reserved for local use.

choice | local3 | Reserved for local use.

choice | local4 | Reserved for local use.

choice | local5 | Reserved for local use.

choice | local6 | Reserved for local use.

choice | local7 | Reserved for local use.

syslog_filter

-

  • emergency
  • alert
  • critical
  • error
  • warning
  • notification
  • information
  • debug

Sets the logging level for syslog.

syslog_mode

-

  • udp

  • legacy-reliable
  • reliable

Remote syslog logging over UDP/Reliable TCP.

choice | udp | Enable syslogging over UDP.

choice | legacy-reliable | Enable legacy reliable syslogging by RFC3195 (Reliable Delivery for Syslog).

choice | reliable | Enable reliable syslogging by RFC6587 (Transmission of Syslog Messages over TCP).

syslog_port

-

Syslog port that will be set.

syslog_server

-

Server the syslogs will be sent to.

syslog_status

-

  • enable
  • disable

Enables or disables syslogs.



Notes

Examples

- name: SET SNMP SYSTEM INFO
  fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"

- name: SET SNMP SYSTEM INFO ANSIBLE ADOM
  fmgr_device_provision_template:
    provisioning_template: "default"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"

- name: SET SNMP SYSTEM INFO different template (SNMPv2)
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmp_v2c_query_port: "162"
    snmp_v2c_trap_port: "161"
    snmp_v2c_status: "enable"
    snmp_v2c_trap_status: "enable"
    snmp_v2c_query_status: "enable"
    snmp_v2c_name: "ansibleV2c"
    snmp_v2c_id: "1"
    snmp_v2c_trap_src_ipv4: "10.7.220.41"
    snmp_v2c_trap_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255"
    snmp_v2c_query_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.0 255.255.255.0"

- name: SET SNMP SYSTEM INFO different template (SNMPv3)
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    snmp_status: "enable"
    mode: "set"
    adom: "ansible"
    snmpv3_auth_proto: "sha"
    snmpv3_auth_pwd: "fortinet"
    snmpv3_name: "ansibleSNMPv3"
    snmpv3_notify_hosts: "10.7.220.59,10.7.220.60"
    snmpv3_priv_proto: "aes256"
    snmpv3_priv_pwd: "fortinet"
    snmpv3_queries: "enable"
    snmpv3_query_port: "161"
    snmpv3_security_level: "auth_priv"
    snmpv3_source_ip: "0.0.0.0"
    snmpv3_status: "enable"
    snmpv3_trap_rport: "162"
    snmpv3_trap_status: "enable"

- name: SET SYSLOG INFO
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    syslog_server: "10.7.220.59"
    syslog_port: "514"
    syslog_mode: "disable"
    syslog_status: "enable"
    syslog_filter: "information"

- name: SET NTP TO FORTIGUARD
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    type: "fortiguard"

- name: SET NTP TO CUSTOM SERVER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    ntp_status: "enable"
    ntp_sync_interval: "60"
    ntp_type: "custom"
    ntp_server: "10.7.220.32,10.7.220.1"
    ntp_auth: "enable"
    ntp_auth_pwd: "fortinet"
    ntp_v3: "disable"

- name: SET ADMIN GLOBAL SETTINGS
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    admin_https_redirect: "enable"
    admin_https_port: "4433"
    admin_http_port: "8080"
    admin_timeout: "30"
    admin_language: "english"
    admin_switch_controller: "enable"
    admin_gui_theme: "blue"
    admin_enable_fortiguard: "direct"
    admin_fortiguard_target: "10.7.220.128"
    admin_fortianalyzer_target: "10.7.220.61"

- name: SET CUSTOM SMTP SERVER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    smtp_username: "ansible"
    smtp_password: "fortinet"
    smtp_port: "25"
    smtp_replyto: "[email protected]"
    smtp_conn_sec: "starttls"
    smtp_server: "10.7.220.32"
    smtp_source_ipv4: "0.0.0.0"
    smtp_validate_cert: "disable"

- name: SET DNS SERVERS
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    dns_suffix: "ansible.local"
    dns_primary_ipv4: "8.8.8.8"
    dns_secondary_ipv4: "4.4.4.4"

- name: SET PROVISIONING TEMPLATE DEVICE TARGETS IN FORTIMANAGER
  fmgr_device_provision_template:
    provisioning_template: "ansibleTest"
    mode: "set"
    adom: "ansible"
    provision_targets: "FGT1, FGT2"

- name: DELETE ENTIRE PROVISIONING TEMPLATE
  fmgr_device_provision_template:
    delete_provisioning_template: "ansibleTest"
    mode: "delete"
    adom: "ansible"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

api_result

string

always

full API response, includes status code and message





Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_device_provision_template_module.html