New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
firewall_shaping_policy
-
|
Default: null
|
Configure shaping policies.
|
||
app-category
-
|
IDs of one or more application categories that this shaper applies application control traffic shaping to.
|
|||
id
-
/ required
|
Category IDs.
|
|||
application
-
|
IDs of one or more applications that this shaper applies application control traffic shaping to.
|
|||
id
-
/ required
|
Application IDs.
|
|||
class-id
-
|
Traffic class ID.
|
|||
comment
-
|
Comments.
|
|||
dstaddr
-
|
IPv4 destination address and address group names.
|
|||
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||
dstaddr6
-
|
IPv6 destination address and address group names.
|
|||
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||
dstintf
-
|
One or more outgoing (egress) interfaces.
|
|||
name
-
/ required
|
Interface name. Source system.interface.name system.zone.name.
|
|||
groups
-
|
Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.
|
|||
name
-
/ required
|
Group name. Source user.group.name.
|
|||
id
-
/ required
|
Shaping policy ID.
|
|||
internet-service
-
|
|
Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
|
||
internet-service-custom
-
|
Custom Internet Service name.
|
|||
name
-
/ required
|
Custom Internet Service name. Source firewall.internet-service-custom.name.
|
|||
internet-service-id
-
|
Internet Service ID.
|
|||
id
-
/ required
|
Internet Service ID. Source firewall.internet-service.id.
|
|||
internet-service-src
-
|
|
Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
|
||
internet-service-src-custom
-
|
Custom Internet Service source name.
|
|||
name
-
/ required
|
Custom Internet Service name. Source firewall.internet-service-custom.name.
|
|||
internet-service-src-id
-
|
Internet Service source ID.
|
|||
id
-
/ required
|
Internet Service ID. Source firewall.internet-service.id.
|
|||
ip-version
-
|
|
Apply this traffic shaping policy to IPv4 or IPv6 traffic.
|
||
per-ip-shaper
-
|
Per-IP traffic shaper to apply with this policy. Source firewall.shaper.per-ip-shaper.name.
|
|||
schedule
-
|
Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name.
|
|||
service
-
|
Service and service group names.
|
|||
name
-
/ required
|
Service name. Source firewall.service.custom.name firewall.service.group.name.
|
|||
srcaddr
-
|
IPv4 source address and address group names.
|
|||
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||
srcaddr6
-
|
IPv6 source address and address group names.
|
|||
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||
state
-
|
|
Indicates whether to create or remove the object
|
||
status
-
|
|
Enable/disable this traffic shaping policy.
|
||
traffic-shaper
-
|
Traffic shaper to apply to traffic forwarded by the firewall policy. Source firewall.shaper.traffic-shaper.name.
|
|||
traffic-shaper-reverse
-
|
Traffic shaper to apply to response traffic received by the firewall policy. Source firewall.shaper.traffic-shaper.name.
|
|||
url-category
-
|
IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.
|
|||
id
-
/ required
|
URL category ID.
|
|||
users
-
|
Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.
|
|||
name
-
/ required
|
User name. Source user.local.name.
|
|||
host
-
/ required
|
FortiOS or FortiGate ip adress.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure shaping policies.
fortios_firewall_shaping_policy:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
firewall_shaping_policy:
state: "present"
app-category:
-
id: "4"
application:
-
id: "6"
class-id: "7"
comment: "Comments."
dstaddr:
-
name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)"
dstaddr6:
-
name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)"
dstintf:
-
name: "default_name_14 (source system.interface.name system.zone.name)"
groups:
-
name: "default_name_16 (source user.group.name)"
id: "17"
internet-service: "enable"
internet-service-custom:
-
name: "default_name_20 (source firewall.internet-service-custom.name)"
internet-service-id:
-
id: "22 (source firewall.internet-service.id)"
internet-service-src: "enable"
internet-service-src-custom:
-
name: "default_name_25 (source firewall.internet-service-custom.name)"
internet-service-src-id:
-
id: "27 (source firewall.internet-service.id)"
ip-version: "4"
per-ip-shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_32 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_34 (source firewall.address.name firewall.addrgrp.name)"
srcaddr6:
-
name: "default_name_36 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
traffic-shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic-shaper-reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
url-category:
-
id: "41"
users:
-
name: "default_name_43 (source user.local.name)"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.