fmgr_secprof_ips – Managing IPS security profiles in FortiManager

From Get docs
Ansible/docs/2.9/modules/fmgr secprof ips module


fmgr_secprof_ips – Managing IPS security profiles in FortiManager

New in version 2.8.


Synopsis

  • Managing IPS security profiles in FortiManager

Parameters

Parameter Choices/Defaults Comments

adom

-

Default:

"root"

The ADOM the configuration should belong to.

block_malicious_url

-

  • disable
  • enable

Enable/disable malicious URL blocking.

comment

-

Comment.

entries

-

EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!

List of multiple child objects to be added. Expects a list of dictionaries.

Dictionaries must use FortiManager API parameters, not the ansible ones listed below.

If submitted, all other prefixed sub-parameters ARE IGNORED.

This object is MUTUALLY EXCLUSIVE with its options.

We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.

WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS

entries_action

-

  • pass
  • block
  • reset
  • default

Action taken with traffic in which signatures are detected.

entries_application

-

Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.

entries_exempt_ip_dst_ip

-

Destination IP address and netmask.

entries_exempt_ip_src_ip

-

Source IP address and netmask.

entries_location

-

Protect client or server traffic.

entries_log

-

  • disable
  • enable

Enable/disable logging of signatures included in filter.

entries_log_attack_context

-

  • disable
  • enable

Enable/disable logging of attack context| URL buffer, header buffer, body buffer, packet buffer.

entries_log_packet

-

  • disable
  • enable

Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.

entries_os

-

Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.

entries_protocol

-

Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.

entries_quarantine

-

  • none
  • attacker

Quarantine method.

entries_quarantine_expiry

-

Duration of quarantine.

entries_quarantine_log

-

  • disable
  • enable

Enable/disable quarantine logging.

entries_rate_count

-

Count of the rate.

entries_rate_duration

-

Duration (sec) of the rate.

entries_rate_mode

-

  • periodical
  • continuous

Rate limit mode.

entries_rate_track

-

  • none
  • src-ip
  • dest-ip
  • dhcp-client-mac
  • dns-domain

Track the packet protocol field.

entries_rule

-

Identifies the predefined or custom IPS signatures to add to the sensor.

entries_severity

-

Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.

entries_status

-

  • disable
  • enable
  • default

Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.

extended_log

-

  • disable
  • enable

Enable/disable extended logging.

filter

-

EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!

List of multiple child objects to be added. Expects a list of dictionaries.

Dictionaries must use FortiManager API parameters, not the ansible ones listed below.

If submitted, all other prefixed sub-parameters ARE IGNORED.

This object is MUTUALLY EXCLUSIVE with its options.

We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.

WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS

filter_action

-

  • pass
  • block
  • default
  • reset

Action of selected rules.

filter_application

-

Vulnerable application filter.

filter_location

-

Vulnerability location filter.

filter_log

-

  • disable
  • enable

Enable/disable logging of selected rules.

filter_log_packet

-

  • disable
  • enable

Enable/disable packet logging of selected rules.

filter_name

-

Filter name.

filter_os

-

Vulnerable OS filter.

filter_protocol

-

Vulnerable protocol filter.

filter_quarantine

-

  • none
  • attacker

Quarantine IP or interface.

filter_quarantine_expiry

-

Duration of quarantine in minute.

filter_quarantine_log

-

  • disable
  • enable

Enable/disable logging of selected quarantine.

filter_severity

-

Vulnerability severity filter.

filter_status

-

  • disable
  • enable
  • default

Selected rules status.

mode

-

  • add

  • set
  • delete
  • update

Sets one of three modes for managing the object.

Allows use of soft-adds instead of overwriting existing values

name

-

Sensor name.

override

-

EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!

List of multiple child objects to be added. Expects a list of dictionaries.

Dictionaries must use FortiManager API parameters, not the ansible ones listed below.

If submitted, all other prefixed sub-parameters ARE IGNORED.

This object is MUTUALLY EXCLUSIVE with its options.

We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.

WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS

override_action

-

  • pass
  • block
  • reset

Action of override rule.

override_exempt_ip_dst_ip

-

Destination IP address and netmask.

override_exempt_ip_src_ip

-

Source IP address and netmask.

override_log

-

  • disable
  • enable

Enable/disable logging.

override_log_packet

-

  • disable
  • enable

Enable/disable packet logging.

override_quarantine

-

  • none
  • attacker

Quarantine IP or interface.

override_quarantine_expiry

-

Duration of quarantine in minute.

override_quarantine_log

-

  • disable
  • enable

Enable/disable logging of selected quarantine.

override_rule_id

-

Override rule ID.

override_status

-

  • disable
  • enable

Enable/disable status of override rule.

replacemsg_group

-

Replacement message group.



Notes

Examples

- name: DELETE Profile
  fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  fmgr_secprof_ips:
    name: "Ansible_IPS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_malicious_url: "enable"
    entries: [{severity: "high", action: "block", log-packet: "enable"}, {severity: "medium", action: "pass"}]

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

api_result

string

always

full API response, includes status code and message





Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fmgr_secprof_ips_module.html