New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip adress.
|
||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|
ips_global
-
|
Default: null
|
Configure IPS global parameter.
|
|
anomaly-mode
-
|
|
Global blocking mode for rate-based anomalies.
|
|
database
-
|
|
Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks.
|
|
deep-app-insp-db-limit
-
|
Limit on number of entries in deep application inspection database (1 - 2147483647, 0 = use recommended setting)
|
||
deep-app-insp-timeout
-
|
Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
|
||
engine-count
-
|
Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
|
||
exclude-signatures
-
|
|
Excluded signatures.
|
|
fail-open
-
|
|
Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes.
|
|
intelligent-mode
-
|
|
Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic.
|
|
session-limit-mode
-
|
|
Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics).
|
|
skype-client-public-ipaddr
-
|
Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
|
||
socket-size
-
|
IPS socket buffer size (0 - 256 MB). Default depends on available memory. Can be changed to tune performance.
|
||
sync-session-ttl
-
|
|
Enable/disable use of kernel session TTL for IPS sessions.
|
|
traffic-submit
-
|
|
Enable/disable submitting attack data found by this FortiGate to FortiGuard.
|
|
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|
username
-
/ required
|
FortiOS or FortiGate username.
|
||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure IPS global parameter.
fortios_ips_global:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
ips_global:
anomaly-mode: "periodical"
database: "regular"
deep-app-insp-db-limit: "5"
deep-app-insp-timeout: "6"
engine-count: "7"
exclude-signatures: "none"
fail-open: "enable"
intelligent-mode: "enable"
session-limit-mode: "accurate"
skype-client-public-ipaddr: "<your_own_value>"
socket-size: "13"
sync-session-ttl: "enable"
traffic-submit: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.