fmgr_fwobj_service – Manages FortiManager Firewall Service Objects

From Get docs
Ansible/docs/2.8/modules/fmgr fwobj service module


fmgr_fwobj_service – Manages FortiManager Firewall Service Objects

New in version 2.8.


Synopsis

  • Manages FortiManager Firewall Service Objects.

Parameters

Parameter Choices/Defaults Comments

adom

-

Default:

"root"

-The ADOM the configuration should belong to.

app_category

-

Application category ID.

app_service_type

-

Application service type.

application

-

Application ID.

category

-

Service category.

check_reset_range

-

Enable disable RST check.

color

-

Default:

22

GUI icon color.

comment

-

Comment.

custom_type

-

  • tcp_udp_sctp
  • icmp
  • icmp6
  • ip
  • http
  • ftp
  • connect
  • socks_tcp
  • socks_udp
  • all

Tells module what kind of custom service to be added.

explicit_proxy

-

  • enable
  • disable

Enable/disable explicit web proxy service.

fqdn

-

Default:

""

Fully qualified domain name.

group_member

-

Comma-Seperated list of members' names.

group_name

-

Name of the Service Group.

icmp_code

-

ICMP code.

icmp_type

-

ICMP type.

iprange

-

Default:

"0.0.0.0"

Start IP-End IP.

mode

-

  • add

  • set
  • delete

Sets one of three modes for managing the object.

name

-

Custom service name.

object_type

-

  • custom
  • group
  • category

Tells module if we are adding a custom service, category, or group.

protocol

-

Protocol type.

protocol_number

-

IP protocol number.

sctp_portrange

-

Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80').

Syntax is

If no sourcePort is defined, it assumes all of them.

Ranges can be defined with a hyphen -

Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).

String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').

session_ttl

-

Default:

0

Session TTL (300 - 604800, 0 = default).

tcp_halfclose_timer

-

Default:

0

TCP half close timeout (1 - 86400 sec, 0 = default).

tcp_halfopen_timer

-

Default:

0

TCP half close timeout (1 - 86400 sec, 0 = default).

tcp_portrange

-

Comma separated list of destination ports to add (i.e. '443,80').

Syntax is

If no sourcePort is defined, it assumes all of them.

Ranges can be defined with a hyphen -

Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).

String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').

tcp_timewait_timer

-

Default:

0

TCP half close timeout (1 - 300 sec, 0 = default).

udp_idle_timer

-

Default:

0

TCP half close timeout (0 - 86400 sec, 0 = default).

udp_portrange

-

Comma separated list of destination ports to add (i.e. '443,80').

Syntax is

If no sourcePort is defined, it assumes all of them.

Ranges can be defined with a hyphen -

Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).

String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').

visibility

-

  • enable

  • disable

Enable/disable service visibility.



Notes

Examples

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

api_result

string

always

full API response, includes status code and message





Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_fwobj_service_module.html