New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
firewall_sniffer
-
|
Default: null
|
Configure sniffer.
|
||
anomaly
-
|
Configuration method to edit Denial of Service (DoS) anomaly settings.
|
|||
action
-
|
|
Action taken when the threshold is reached.
|
||
log
-
|
|
Enable/disable anomaly logging.
|
||
name
-
/ required
|
Anomaly name.
|
|||
quarantine
-
|
|
Quarantine method.
|
||
quarantine-expiry
-
|
Duration of quarantine. (Format
|
|||
quarantine-log
-
|
|
Enable/disable quarantine logging.
|
||
status
-
|
|
Enable/disable this anomaly.
|
||
threshold
-
|
Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.
|
|||
threshold(default)
-
|
Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it.
|
|||
application-list
-
|
Name of an existing application list. Source application.list.name.
|
|||
application-list-status
-
|
|
Enable/disable application control profile.
|
||
av-profile
-
|
Name of an existing antivirus profile. Source antivirus.profile.name.
|
|||
av-profile-status
-
|
|
Enable/disable antivirus profile.
|
||
dlp-sensor
-
|
Name of an existing DLP sensor. Source dlp.sensor.name.
|
|||
dlp-sensor-status
-
|
|
Enable/disable DLP sensor.
|
||
dsri
-
|
|
Enable/disable DSRI.
|
||
host
-
|
Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).
|
|||
id
-
/ required
|
Sniffer ID.
|
|||
interface
-
|
Interface name that traffic sniffing will take place on. Source system.interface.name.
|
|||
ips-dos-status
-
|
|
Enable/disable IPS DoS anomaly detection.
|
||
ips-sensor
-
|
Name of an existing IPS sensor. Source ips.sensor.name.
|
|||
ips-sensor-status
-
|
|
Enable/disable IPS sensor.
|
||
ipv6
-
|
|
Enable/disable sniffing IPv6 packets.
|
||
logtraffic
-
|
|
Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.
|
||
max-packet-count
-
|
Maximum packet count (1 - 1000000, default = 10000).
|
|||
non-ip
-
|
|
Enable/disable sniffing non-IP packets.
|
||
port
-
|
Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).
|
|||
protocol
-
|
Integer value for the protocol type as defined by IANA (0 - 255).
|
|||
scan-botnet-connections
-
|
|
Enable/disable scanning of connections to Botnet servers.
|
||
spamfilter-profile
-
|
Name of an existing spam filter profile. Source spamfilter.profile.name.
|
|||
spamfilter-profile-status
-
|
|
Enable/disable spam filter.
|
||
state
-
|
|
Indicates whether to create or remove the object
|
||
status
-
|
|
Enable/disable the active status of the sniffer.
|
||
vlan
-
|
List of VLANs to sniff.
|
|||
webfilter-profile
-
|
Name of an existing web filter profile. Source webfilter.profile.name.
|
|||
webfilter-profile-status
-
|
|
Enable/disable web filter profile.
|
||
host
-
/ required
|
FortiOS or FortiGate ip adress.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure sniffer.
fortios_firewall_sniffer:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
firewall_sniffer:
state: "present"
anomaly:
-
action: "pass"
log: "enable"
name: "default_name_6"
quarantine: "none"
quarantine-expiry: "<your_own_value>"
quarantine-log: "disable"
status: "disable"
threshold: "11"
threshold(default): "12"
application-list: "<your_own_value> (source application.list.name)"
application-list-status: "enable"
av-profile: "<your_own_value> (source antivirus.profile.name)"
av-profile-status: "enable"
dlp-sensor: "<your_own_value> (source dlp.sensor.name)"
dlp-sensor-status: "enable"
dsri: "enable"
host: "myhostname"
id: "21"
interface: "<your_own_value> (source system.interface.name)"
ips-dos-status: "enable"
ips-sensor: "<your_own_value> (source ips.sensor.name)"
ips-sensor-status: "enable"
ipv6: "enable"
logtraffic: "all"
max-packet-count: "28"
non-ip: "enable"
port: "<your_own_value>"
protocol: "<your_own_value>"
scan-botnet-connections: "disable"
spamfilter-profile: "<your_own_value> (source spamfilter.profile.name)"
spamfilter-profile-status: "enable"
status: "enable"
vlan: "<your_own_value>"
webfilter-profile: "<your_own_value> (source webfilter.profile.name)"
webfilter-profile-status: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.