New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
system_accprofile
-
|
Default: null
|
Configure access profiles for system administrators.
|
||
admintimeout
-
|
Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout).
|
|||
admintimeout-override
-
|
|
Enable/disable overriding the global administrator idle timeout.
|
||
authgrp
-
|
|
Administrator access to Users and Devices.
|
||
comments
-
|
Comment.
|
|||
ftviewgrp
-
|
|
FortiView.
|
||
fwgrp
-
|
|
Administrator access to the Firewall configuration.
|
||
fwgrp-permission
-
|
Custom firewall permission.
|
|||
address
-
|
|
Address Configuration.
|
||
policy
-
|
|
Policy Configuration.
|
||
schedule
-
|
|
Schedule Configuration.
|
||
service
-
|
|
Service Configuration.
|
||
loggrp
-
|
|
Administrator access to Logging and Reporting including viewing log messages.
|
||
loggrp-permission
-
|
Custom Log & Report permission.
|
|||
config
-
|
|
Log & Report configuration.
|
||
data-access
-
|
|
Log & Report Data Access.
|
||
report-access
-
|
|
Log & Report Report Access.
|
||
threat-weight
-
|
|
Log & Report Threat Weight.
|
||
name
-
/ required
|
Profile name.
|
|||
netgrp
-
|
|
Network Configuration.
|
||
netgrp-permission
-
|
Custom network permission.
|
|||
cfg
-
|
|
Network Configuration.
|
||
packet-capture
-
|
|
Packet Capture Configuration.
|
||
route-cfg
-
|
|
Router Configuration.
|
||
scope
-
|
|
Scope of admin access: global or specific VDOs.
|
||
secfabgrp
-
|
|
Security Fabric.
|
||
state
-
|
|
Indicates whether to create or remove the object
|
||
sysgrp
-
|
|
System Configuration.
|
||
sysgrp-permission
-
|
Custom system permission.
|
|||
admin
-
|
|
Administrator Users.
|
||
cfg
-
|
|
System Configuration.
|
||
mnt
-
|
|
Maintenance.
|
||
upd
-
|
|
FortiGuard Updates.
|
||
utmgrp
-
|
|
Administrator access to Security Profiles.
|
||
utmgrp-permission
-
|
Custom Security Profile permissions.
|
|||
antivirus
-
|
|
Antivirus profiles and settings.
|
||
application-control
-
|
|
Application Control profiles and settings.
|
||
data-loss-prevention
-
|
|
DLP profiles and settings.
|
||
dnsfilter
-
|
|
DNS Filter profiles and settings.
|
||
endpoint-control
-
|
|
FortiClient Profiles.
|
||
icap
-
|
|
ICAP profiles and settings.
|
||
ips
-
|
|
IPS profiles and settings.
|
||
spamfilter
-
|
|
AntiSpam filter and settings.
|
||
voip
-
|
|
VoIP profiles and settings.
|
||
waf
-
|
|
Web Application Firewall profiles and settings.
|
||
webfilter
-
|
|
Web Filter profiles and settings.
|
||
vpngrp
-
|
|
Administrator access to IPsec, SSL, PPTP, and L2TP VPN.
|
||
wanoptgrp
-
|
|
Administrator access to WAN Opt & Cache.
|
||
wifi
-
|
|
Administrator access to the WiFi controller and Switch controller.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure access profiles for system administrators.
fortios_system_accprofile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_accprofile:
state: "present"
admintimeout: "3"
admintimeout-override: "enable"
authgrp: "none"
comments: "<your_own_value>"
ftviewgrp: "none"
fwgrp: "none"
fwgrp-permission:
address: "none"
policy: "none"
schedule: "none"
service: "none"
loggrp: "none"
loggrp-permission:
config: "none"
data-access: "none"
report-access: "none"
threat-weight: "none"
name: "default_name_20"
netgrp: "none"
netgrp-permission:
cfg: "none"
packet-capture: "none"
route-cfg: "none"
scope: "vdom"
secfabgrp: "none"
sysgrp: "none"
sysgrp-permission:
admin: "none"
cfg: "none"
mnt: "none"
upd: "none"
utmgrp: "none"
utmgrp-permission:
antivirus: "none"
application-control: "none"
data-loss-prevention: "none"
dnsfilter: "none"
endpoint-control: "none"
icap: "none"
ips: "none"
spamfilter: "none"
voip: "none"
waf: "none"
webfilter: "none"
vpngrp: "none"
wanoptgrp: "none"
wifi: "none"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.