New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
application_list
-
|
Default: null
|
Configure application control lists.
|
|||
app-replacemsg
-
|
|
Enable/disable replacement messages for blocked applications.
|
|||
comment
-
|
comments
|
||||
deep-app-inspection
-
|
|
Enable/disable deep application inspection.
|
|||
entries
-
|
Application list entries.
|
||||
action
-
|
|
Pass or block traffic, or reset connection for traffic from this application.
|
|||
application
-
|
ID of allowed applications.
|
||||
id
-
/ required
|
Application IDs.
|
||||
behavior
-
|
Application behavior filter.
|
||||
category
-
|
Category ID list.
|
||||
id
-
/ required
|
Application category ID.
|
||||
id
-
/ required
|
Entry ID.
|
||||
log
-
|
|
Enable/disable logging for this application list.
|
|||
log-packet
-
|
|
Enable/disable packet logging.
|
|||
parameters
-
|
Application parameters.
|
||||
id
-
/ required
|
Parameter ID.
|
||||
value
-
|
Parameter value.
|
||||
per-ip-shaper
-
|
Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name.
|
||||
popularity
-
|
|
Application popularity filter (1 - 5, from least to most popular).
|
|||
protocols
-
|
Application protocol filter.
|
||||
quarantine
-
|
|
Quarantine method.
|
|||
quarantine-expiry
-
|
Duration of quarantine. (Format
|
||||
quarantine-log
-
|
|
Enable/disable quarantine logging.
|
|||
rate-count
-
|
Count of the rate.
|
||||
rate-duration
-
|
Duration (sec) of the rate.
|
||||
rate-mode
-
|
|
Rate limit mode.
|
|||
rate-track
-
|
|
Track the packet protocol field.
|
|||
risk
-
|
Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).
|
||||
level
-
/ required
|
Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).
|
||||
session-ttl
-
|
Session TTL (0 = default).
|
||||
shaper
-
|
Traffic shaper. Source firewall.shaper.traffic-shaper.name.
|
||||
shaper-reverse
-
|
Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name.
|
||||
sub-category
-
|
Application Sub-category ID list.
|
||||
id
-
/ required
|
Application sub-category ID.
|
||||
technology
-
|
Application technology filter.
|
||||
vendor
-
|
Application vendor filter.
|
||||
extended-log
-
|
|
Enable/disable extended logging.
|
|||
name
-
/ required
|
List name.
|
||||
options
-
|
|
Basic application protocol signatures allowed by default.
|
|||
other-application-action
-
|
|
Action for other applications.
|
|||
other-application-log
-
|
|
Enable/disable logging for other applications.
|
|||
p2p-black-list
-
|
|
P2P applications to be black listed.
|
|||
replacemsg-group
-
|
Replacement message group. Source system.replacemsg-group.name.
|
||||
state
-
|
|
Indicates whether to create or remove the object
|
|||
unknown-application-action
-
|
|
Pass or block traffic from unknown applications.
|
|||
unknown-application-log
-
|
|
Enable/disable logging for unknown applications.
|
|||
host
-
/ required
|
FortiOS or FortiGate ip address.
|
||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|||
username
-
/ required
|
FortiOS or FortiGate username.
|
||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure application control lists.
fortios_application_list:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
application_list:
state: "present"
app-replacemsg: "disable"
comment: "comments"
deep-app-inspection: "disable"
entries:
-
action: "pass"
application:
-
id: "9"
behavior: "<your_own_value>"
category:
-
id: "12"
id: "13"
log: "disable"
log-packet: "disable"
parameters:
-
id: "17"
value: "<your_own_value>"
per-ip-shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
popularity: "1"
protocols: "<your_own_value>"
quarantine: "none"
quarantine-expiry: "<your_own_value>"
quarantine-log: "disable"
rate-count: "25"
rate-duration: "26"
rate-mode: "periodical"
rate-track: "none"
risk:
-
level: "30"
session-ttl: "31"
shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
shaper-reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
sub-category:
-
id: "35"
technology: "<your_own_value>"
vendor: "<your_own_value>"
extended-log: "enable"
name: "default_name_39"
options: "allow-dns"
other-application-action: "pass"
other-application-log: "disable"
p2p-black-list: "skype"
replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
unknown-application-action: "pass"
unknown-application-log: "disable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
key1
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.