fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate
fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate
New in version 2.8.
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
|
antivirus_profile dictionary |
Default: null |
Configure AntiVirus profiles. | ||
|
analytics_bl_filetype integer |
Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. | |||
|
analytics_db string |
|
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. | ||
|
analytics_max_upload integer |
Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes). | |||
|
analytics_wl_filetype integer |
Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. | |||
|
av_block_log string |
|
Enable/disable logging for AntiVirus file blocking. | ||
|
av_virus_log string |
|
Enable/disable AntiVirus logging. | ||
|
comment string |
Comment. | |||
|
content_disarm dictionary |
AV Content Disarm and Reconstruction settings. | |||
|
cover_page string |
|
Enable/disable inserting a cover page into the disarmed document. | ||
|
detect_only string |
|
Enable/disable only detect disarmable files, do not alter content. | ||
|
office_embed string |
|
Enable/disable stripping of embedded objects in Microsoft Office documents. | ||
|
office_hylink string |
|
Enable/disable stripping of hyperlinks in Microsoft Office documents. | ||
|
office_linked string |
|
Enable/disable stripping of linked objects in Microsoft Office documents. | ||
|
office_macro string |
|
Enable/disable stripping of macros in Microsoft Office documents. | ||
|
original_file_destination string |
|
Destination to send original file if active content is removed. | ||
|
pdf_act_form string |
|
Enable/disable stripping of actions that submit data to other targets in PDF documents. | ||
|
pdf_act_gotor string |
|
Enable/disable stripping of links to other PDFs in PDF documents. | ||
|
pdf_act_java string |
|
Enable/disable stripping of actions that execute JavaScript code in PDF documents. | ||
|
pdf_act_launch string |
|
Enable/disable stripping of links to external applications in PDF documents. | ||
|
pdf_act_movie string |
|
Enable/disable stripping of embedded movies in PDF documents. | ||
|
pdf_act_sound string |
|
Enable/disable stripping of embedded sound files in PDF documents. | ||
|
pdf_embedfile string |
|
Enable/disable stripping of embedded files in PDF documents. | ||
|
pdf_hyperlink string |
|
Enable/disable stripping of hyperlinks from PDF documents. | ||
|
pdf_javacode string |
|
Enable/disable stripping of JavaScript code in PDF documents. | ||
|
extended_log string |
|
Enable/disable extended logging for antivirus. | ||
|
ftgd_analytics string |
|
Settings to control which files are uploaded to FortiSandbox. | ||
|
ftp dictionary |
Configure FTP AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
options string |
|
Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
http dictionary |
Configure HTTP AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
content_disarm string |
|
Enable Content Disarm and Reconstruction for this protocol. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
options string |
|
Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
imap dictionary |
Configure IMAP AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
content_disarm string |
|
Enable Content Disarm and Reconstruction for this protocol. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
executables string |
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. | ||
|
options string |
|
Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
inspection_mode string |
|
Inspection mode. | ||
|
mapi dictionary |
Configure MAPI AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
executables string |
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. | ||
|
options string |
|
Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
mobile_malware_db string |
|
Enable/disable using the mobile malware signature database. | ||
|
nac_quar dictionary |
Configure AntiVirus quarantine settings. | |||
|
expiry string |
Duration of quarantine. | |||
|
infected string |
|
Enable/Disable quarantining infected hosts to the banned user list. | ||
|
log string |
|
Enable/disable AntiVirus quarantine logging. | ||
|
name string / required |
Profile name. | |||
|
nntp dictionary |
Configure NNTP AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
options string |
|
Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
pop3 dictionary |
Configure POP3 AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
content_disarm string |
|
Enable Content Disarm and Reconstruction for this protocol. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
executables string |
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. | ||
|
options string |
|
Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
replacemsg_group string |
Replacement message group customized for this profile. Source system.replacemsg-group.name. | |||
|
scan_mode string |
|
Choose between full scan mode and quick scan mode. | ||
|
smb dictionary |
Configure SMB AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
options string |
|
Enable/disable SMB AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
smtp dictionary |
Configure SMTP AntiVirus options. | |||
|
archive_block string |
|
Select the archive types to block. | ||
|
archive_log string |
|
Select the archive types to log. | ||
|
content_disarm string |
|
Enable Content Disarm and Reconstruction for this protocol. | ||
|
emulator string |
|
Enable/disable the virus emulator. | ||
|
executables string |
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. | ||
|
options string |
|
Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. | ||
|
outbreak_prevention string |
|
Enable FortiGuard Virus Outbreak Prevention service. | ||
|
state string |
|
Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
|
host string |
FortiOS or FortiGate IP address. | |||
|
https boolean |
|
Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
|
password string |
Default: "" |
FortiOS or FortiGate password. | ||
|
ssl_verify boolean added in 2.9 |
|
Ensures FortiGate certificate must be verified by a proper CA. | ||
|
state string added in 2.9 |
|
Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
|
username string |
FortiOS or FortiGate username. | |||
|
vdom string |
Default: "root" |
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Notes
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure AntiVirus profiles.
fortios_antivirus_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
antivirus_profile:
analytics_bl_filetype: "3 (source dlp.filepattern.id)"
analytics_db: "disable"
analytics_max_upload: "5"
analytics_wl_filetype: "6 (source dlp.filepattern.id)"
av_block_log: "enable"
av_virus_log: "enable"
comment: "Comment."
content_disarm:
cover_page: "disable"
detect_only: "disable"
office_embed: "disable"
office_hylink: "disable"
office_linked: "disable"
office_macro: "disable"
original_file_destination: "fortisandbox"
pdf_act_form: "disable"
pdf_act_gotor: "disable"
pdf_act_java: "disable"
pdf_act_launch: "disable"
pdf_act_movie: "disable"
pdf_act_sound: "disable"
pdf_embedfile: "disable"
pdf_hyperlink: "disable"
pdf_javacode: "disable"
extended_log: "enable"
ftgd_analytics: "disable"
ftp:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
http:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
imap:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
inspection_mode: "proxy"
mapi:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
mobile_malware_db: "disable"
nac_quar:
expiry: "<your_own_value>"
infected: "none"
log: "enable"
name: "default_name_63"
nntp:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
pop3:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
scan_mode: "quick"
smb:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
smtp:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
build string |
always |
Build number of the fortigate image
Sample: 1547 |
|
http_method string |
always |
Last method used to provision the content into FortiGate
Sample: PUT |
|
http_status string |
always |
Last result given by FortiGate on last operation applied
Sample: 200 |
|
mkey string |
success |
Master key (id) used in the last call to FortiGate
Sample: id |
|
name string |
always |
Name of the table used to fulfill the request
Sample: urlfilter |
|
path string |
always |
Path of the table used to fulfill the request
Sample: webfilter |
|
revision string |
always |
Internal revision number
Sample: 17.0.2.10658 |
|
serial string |
always |
Serial number of the unit
Sample: FGVMEVYYQT3AB5352 |
|
status string |
always |
Indication of the operation's result
Sample: success |
|
vdom string |
always |
Virtual domain used
Sample: root |
|
version string |
always |
Version of the FortiGate
Sample: v5.6.3 |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_antivirus_profile_module.html
