fortios_system_accprofile – Configure access profiles for system administrators in Fortinet’s FortiOS and FortiGate

From Get docs
Ansible/docs/2.8/modules/fortios system accprofile module


fortios_system_accprofile – Configure access profiles for system administrators in Fortinet’s FortiOS and FortiGate

New in version 2.8.


Synopsis

  • This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify system feature and accprofile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments

host

- / required

FortiOS or FortiGate ip address.

https

boolean

  • no
  • yes

Indicates if the requests towards FortiGate must use HTTPS protocol

password

-

Default:

""

FortiOS or FortiGate password.

system_accprofile

-

Default:

null

Configure access profiles for system administrators.

admintimeout

-

Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout).

admintimeout-override

-

  • enable
  • disable

Enable/disable overriding the global administrator idle timeout.

authgrp

-

  • none
  • read
  • read-write

Administrator access to Users and Devices.

comments

-

Comment.

ftviewgrp

-

  • none
  • read
  • read-write

FortiView.

fwgrp

-

  • none
  • read
  • read-write
  • custom

Administrator access to the Firewall configuration.

fwgrp-permission

-

Custom firewall permission.

address

-

  • none
  • read
  • read-write

Address Configuration.

policy

-

  • none
  • read
  • read-write

Policy Configuration.

schedule

-

  • none
  • read
  • read-write

Schedule Configuration.

service

-

  • none
  • read
  • read-write

Service Configuration.

loggrp

-

  • none
  • read
  • read-write
  • custom

Administrator access to Logging and Reporting including viewing log messages.

loggrp-permission

-

Custom Log & Report permission.

config

-

  • none
  • read
  • read-write

Log & Report configuration.

data-access

-

  • none
  • read
  • read-write

Log & Report Data Access.

report-access

-

  • none
  • read
  • read-write

Log & Report Report Access.

threat-weight

-

  • none
  • read
  • read-write

Log & Report Threat Weight.

name

- / required

Profile name.

netgrp

-

  • none
  • read
  • read-write
  • custom

Network Configuration.

netgrp-permission

-

Custom network permission.

cfg

-

  • none
  • read
  • read-write

Network Configuration.

packet-capture

-

  • none
  • read
  • read-write

Packet Capture Configuration.

route-cfg

-

  • none
  • read
  • read-write

Router Configuration.

scope

-

  • vdom
  • global

Scope of admin access: global or specific VDOs.

secfabgrp

-

  • none
  • read
  • read-write

Security Fabric.

state

-

  • present
  • absent

Indicates whether to create or remove the object

sysgrp

-

  • none
  • read
  • read-write
  • custom

System Configuration.

sysgrp-permission

-

Custom system permission.

admin

-

  • none
  • read
  • read-write

Administrator Users.

cfg

-

  • none
  • read
  • read-write

System Configuration.

mnt

-

  • none
  • read
  • read-write

Maintenance.

upd

-

  • none
  • read
  • read-write

FortiGuard Updates.

utmgrp

-

  • none
  • read
  • read-write
  • custom

Administrator access to Security Profiles.

utmgrp-permission

-

Custom Security Profile permissions.

antivirus

-

  • none
  • read
  • read-write

Antivirus profiles and settings.

application-control

-

  • none
  • read
  • read-write

Application Control profiles and settings.

data-loss-prevention

-

  • none
  • read
  • read-write

DLP profiles and settings.

dnsfilter

-

  • none
  • read
  • read-write

DNS Filter profiles and settings.

endpoint-control

-

  • none
  • read
  • read-write

FortiClient Profiles.

icap

-

  • none
  • read
  • read-write

ICAP profiles and settings.

ips

-

  • none
  • read
  • read-write

IPS profiles and settings.

spamfilter

-

  • none
  • read
  • read-write

AntiSpam filter and settings.

voip

-

  • none
  • read
  • read-write

VoIP profiles and settings.

waf

-

  • none
  • read
  • read-write

Web Application Firewall profiles and settings.

webfilter

-

  • none
  • read
  • read-write

Web Filter profiles and settings.

vpngrp

-

  • none
  • read
  • read-write

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

wanoptgrp

-

  • none
  • read
  • read-write

Administrator access to WAN Opt & Cache.

wifi

-

  • none
  • read
  • read-write

Administrator access to the WiFi controller and Switch controller.

username

- / required

FortiOS or FortiGate username.

vdom

-

Default:

"root"

Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.



Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook


Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure access profiles for system administrators.
    fortios_system_accprofile:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      system_accprofile:
        state: "present"
        admintimeout: "3"
        admintimeout-override: "enable"
        authgrp: "none"
        comments: "<your_own_value>"
        ftviewgrp: "none"
        fwgrp: "none"
        fwgrp-permission:
            address: "none"
            policy: "none"
            schedule: "none"
            service: "none"
        loggrp: "none"
        loggrp-permission:
            config: "none"
            data-access: "none"
            report-access: "none"
            threat-weight: "none"
        name: "default_name_20"
        netgrp: "none"
        netgrp-permission:
            cfg: "none"
            packet-capture: "none"
            route-cfg: "none"
        scope: "vdom"
        secfabgrp: "none"
        sysgrp: "none"
        sysgrp-permission:
            admin: "none"
            cfg: "none"
            mnt: "none"
            upd: "none"
        utmgrp: "none"
        utmgrp-permission:
            antivirus: "none"
            application-control: "none"
            data-loss-prevention: "none"
            dnsfilter: "none"
            endpoint-control: "none"
            icap: "none"
            ips: "none"
            spamfilter: "none"
            voip: "none"
            waf: "none"
            webfilter: "none"
        vpngrp: "none"
        wanoptgrp: "none"
        wifi: "none"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

build

string

always

Build number of the fortigate image


Sample:

1547

http_method

string

always

Last method used to provision the content into FortiGate


Sample:

PUT

http_status

string

always

Last result given by FortiGate on last operation applied


Sample:

200

mkey

string

success

Master key (id) used in the last call to FortiGate


Sample:

id

name

string

always

Name of the table used to fulfill the request


Sample:

urlfilter

path

string

always

Path of the table used to fulfill the request


Sample:

webfilter

revision

string

always

Internal revision number


Sample:

17.0.2.10658

serial

string

always

Serial number of the unit


Sample:

FGVMEVYYQT3AB5352

status

string

always

Indication of the operation's result


Sample:

success

vdom

string

always

Virtual domain used


Sample:

root

version

string

always

Version of the FortiGate


Sample:

v5.6.3




Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fortios_system_accprofile_module.html