New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|||
ips_sensor
-
|
Default: null
|
Configure IPS sensor.
|
|||
block-malicious-url
-
|
|
Enable/disable malicious URL blocking.
|
|||
comment
-
|
Comment.
|
||||
entries
-
|
IPS sensor filter.
|
||||
action
-
|
|
Action taken with traffic in which signatures are detected.
|
|||
application
-
|
Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.
|
||||
exempt-ip
-
|
Traffic from selected source or destination IP addresses is exempt from this signature.
|
||||
dst-ip
-
|
Destination IP address and netmask.
|
||||
id
-
/ required
|
Exempt IP ID.
|
||||
src-ip
-
|
Source IP address and netmask.
|
||||
id
-
/ required
|
Rule ID in IPS database (0 - 4294967295).
|
||||
location
-
|
Protect client or server traffic.
|
||||
log
-
|
|
Enable/disable logging of signatures included in filter.
|
|||
log-attack-context
-
|
|
Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer.
|
|||
log-packet
-
|
|
Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.
|
|||
os
-
|
Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.
|
||||
protocol
-
|
Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.
|
||||
quarantine
-
|
|
Quarantine method.
|
|||
quarantine-expiry
-
|
Duration of quarantine. (Format
|
||||
quarantine-log
-
|
|
Enable/disable quarantine logging.
|
|||
rate-count
-
|
Count of the rate.
|
||||
rate-duration
-
|
Duration (sec) of the rate.
|
||||
rate-mode
-
|
|
Rate limit mode.
|
|||
rate-track
-
|
|
Track the packet protocol field.
|
|||
rule
-
|
Identifies the predefined or custom IPS signatures to add to the sensor.
|
||||
id
-
/ required
|
Rule IPS.
|
||||
severity
-
|
Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.
|
||||
status
-
|
|
Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.
|
|||
extended-log
-
|
|
Enable/disable extended logging.
|
|||
filter
-
|
IPS sensor filter.
|
||||
action
-
|
|
Action of selected rules.
|
|||
application
-
|
Vulnerable application filter.
|
||||
location
-
|
Vulnerability location filter.
|
||||
log
-
|
|
Enable/disable logging of selected rules.
|
|||
log-packet
-
|
|
Enable/disable packet logging of selected rules.
|
|||
name
-
/ required
|
Filter name.
|
||||
os
-
|
Vulnerable OS filter.
|
||||
protocol
-
|
Vulnerable protocol filter.
|
||||
quarantine
-
|
|
Quarantine IP or interface.
|
|||
quarantine-expiry
-
|
Duration of quarantine in minute.
|
||||
quarantine-log
-
|
|
Enable/disable logging of selected quarantine.
|
|||
severity
-
|
Vulnerability severity filter.
|
||||
status
-
|
|
Selected rules status.
|
|||
name
-
/ required
|
Sensor name.
|
||||
override
-
|
IPS override rule.
|
||||
action
-
|
|
Action of override rule.
|
|||
exempt-ip
-
|
Exempted IP.
|
||||
dst-ip
-
|
Destination IP address and netmask.
|
||||
id
-
/ required
|
Exempt IP ID.
|
||||
src-ip
-
|
Source IP address and netmask.
|
||||
log
-
|
|
Enable/disable logging.
|
|||
log-packet
-
|
|
Enable/disable packet logging.
|
|||
quarantine
-
|
|
Quarantine IP or interface.
|
|||
quarantine-expiry
-
|
Duration of quarantine in minute.
|
||||
quarantine-log
-
|
|
Enable/disable logging of selected quarantine.
|
|||
rule-id
-
/ required
|
Override rule ID.
|
||||
status
-
|
|
Enable/disable status of override rule.
|
|||
replacemsg-group
-
|
Replacement message group. Source system.replacemsg-group.name.
|
||||
state
-
|
|
Indicates whether to create or remove the object
|
|||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|||
username
-
/ required
|
FortiOS or FortiGate username.
|
||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure IPS sensor.
fortios_ips_sensor:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
ips_sensor:
state: "present"
block-malicious-url: "disable"
comment: "Comment."
entries:
-
action: "pass"
application: "<your_own_value>"
exempt-ip:
-
dst-ip: "<your_own_value>"
id: "10"
src-ip: "<your_own_value>"
id: "12"
location: "<your_own_value>"
log: "disable"
log-attack-context: "disable"
log-packet: "disable"
os: "<your_own_value>"
protocol: "<your_own_value>"
quarantine: "none"
quarantine-expiry: "<your_own_value>"
quarantine-log: "disable"
rate-count: "22"
rate-duration: "23"
rate-mode: "periodical"
rate-track: "none"
rule:
-
id: "27"
severity: "<your_own_value>"
status: "disable"
extended-log: "enable"
filter:
-
action: "pass"
application: "<your_own_value>"
location: "<your_own_value>"
log: "disable"
log-packet: "disable"
name: "default_name_37"
os: "<your_own_value>"
protocol: "<your_own_value>"
quarantine: "none"
quarantine-expiry: "41"
quarantine-log: "disable"
severity: "<your_own_value>"
status: "disable"
name: "default_name_45"
override:
-
action: "pass"
exempt-ip:
-
dst-ip: "<your_own_value>"
id: "50"
src-ip: "<your_own_value>"
log: "disable"
log-packet: "disable"
quarantine: "none"
quarantine-expiry: "55"
quarantine-log: "disable"
rule-id: "57"
status: "disable"
replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
key1
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.