New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||||
webfilter_profile
-
|
Default: null
|
Configure Web filter profiles.
|
||||
comment
-
|
Optional comments.
|
|||||
extended-log
-
|
|
Enable/disable extended logging for web filtering.
|
||||
ftgd-wf
-
|
FortiGuard Web Filter settings.
|
|||||
exempt-quota
-
|
Do not stop quota for these categories.
|
|||||
filters
-
|
FortiGuard filters.
|
|||||
action
-
|
|
Action to take for matches.
|
||||
auth-usr-grp
-
|
Groups with permission to authenticate.
|
|||||
name
-
/ required
|
User group name. Source user.group.name.
|
|||||
category
-
|
Categories and groups the filter examines.
|
|||||
id
-
/ required
|
ID number.
|
|||||
log
-
|
|
Enable/disable logging.
|
||||
override-replacemsg
-
|
Override replacement message.
|
|||||
warn-duration
-
|
Duration of warnings.
|
|||||
warning-duration-type
-
|
|
Re-display warning after closing browser or after a timeout.
|
||||
warning-prompt
-
|
|
Warning prompts in each category or each domain.
|
||||
max-quota-timeout
-
|
Maximum FortiGuard quota used by single page view in seconds (excludes streams).
|
|||||
options
-
|
|
Options for FortiGuard Web Filter.
|
||||
ovrd
-
|
Allow web filter profile overrides.
|
|||||
quota
-
|
FortiGuard traffic quota settings.
|
|||||
category
-
|
FortiGuard categories to apply quota to (category action must be set to monitor).
|
|||||
duration
-
|
Duration of quota.
|
|||||
id
-
/ required
|
ID number.
|
|||||
override-replacemsg
-
|
Override replacement message.
|
|||||
type
-
|
|
Quota type.
|
||||
unit
-
|
|
Traffic quota unit of measurement.
|
||||
value
-
|
Traffic quota value.
|
|||||
rate-crl-urls
-
|
|
Enable/disable rating CRL by URL.
|
||||
rate-css-urls
-
|
|
Enable/disable rating CSS by URL.
|
||||
rate-image-urls
-
|
|
Enable/disable rating images by URL.
|
||||
rate-javascript-urls
-
|
|
Enable/disable rating JavaScript by URL.
|
||||
https-replacemsg
-
|
|
Enable replacement messages for HTTPS.
|
||||
inspection-mode
-
|
|
Web filtering inspection mode.
|
||||
log-all-url
-
|
|
Enable/disable logging all URLs visited.
|
||||
name
-
/ required
|
Profile name.
|
|||||
options
-
|
|
Options.
|
||||
override
-
|
Web Filter override settings.
|
|||||
ovrd-cookie
-
|
|
Allow/deny browser-based (cookie) overrides.
|
||||
ovrd-dur
-
|
Override duration.
|
|||||
ovrd-dur-mode
-
|
|
Override duration mode.
|
||||
ovrd-scope
-
|
|
Override scope.
|
||||
ovrd-user-group
-
|
User groups with permission to use the override.
|
|||||
name
-
/ required
|
User group name. Source user.group.name.
|
|||||
profile
-
|
Web filter profile with permission to create overrides.
|
|||||
name
-
/ required
|
Web profile. Source webfilter.profile.name.
|
|||||
profile-attribute
-
|
|
Profile attribute to retrieve from the RADIUS server.
|
||||
profile-type
-
|
|
Override profile type.
|
||||
ovrd-perm
-
|
|
Permitted override types.
|
||||
post-action
-
|
|
Action taken for HTTP POST traffic.
|
||||
replacemsg-group
-
|
Replacement message group. Source system.replacemsg-group.name.
|
|||||
state
-
|
|
Indicates whether to create or remove the object
|
||||
web
-
|
Web content filtering settings.
|
|||||
blacklist
-
|
|
Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist.
|
||||
bword-table
-
|
Banned word table ID. Source webfilter.content.id.
|
|||||
bword-threshold
-
|
Banned word score threshold.
|
|||||
content-header-list
-
|
Content header list. Source webfilter.content-header.id.
|
|||||
keyword-match
-
|
Search keywords to log when match is found.
|
|||||
pattern
-
/ required
|
Pattern/keyword to search for.
|
|||||
log-search
-
|
|
Enable/disable logging all search phrases.
|
||||
safe-search
-
|
|
Safe search type.
|
||||
urlfilter-table
-
|
URL filter table ID. Source webfilter.urlfilter.id.
|
|||||
whitelist
-
|
|
FortiGuard whitelist settings.
|
||||
youtube-restrict
-
|
|
YouTube EDU filter level.
|
||||
web-content-log
-
|
|
Enable/disable logging logging blocked web content.
|
||||
web-extended-all-action-log
-
|
|
Enable/disable extended any filter action logging for web filtering.
|
||||
web-filter-activex-log
-
|
|
Enable/disable logging ActiveX.
|
||||
web-filter-applet-log
-
|
|
Enable/disable logging Java applets.
|
||||
web-filter-command-block-log
-
|
|
Enable/disable logging blocked commands.
|
||||
web-filter-cookie-log
-
|
|
Enable/disable logging cookie filtering.
|
||||
web-filter-cookie-removal-log
-
|
|
Enable/disable logging blocked cookies.
|
||||
web-filter-js-log
-
|
|
Enable/disable logging Java scripts.
|
||||
web-filter-jscript-log
-
|
|
Enable/disable logging JScripts.
|
||||
web-filter-referer-log
-
|
|
Enable/disable logging referrers.
|
||||
web-filter-unknown-log
-
|
|
Enable/disable logging unknown scripts.
|
||||
web-filter-vbs-log
-
|
|
Enable/disable logging VBS scripts.
|
||||
web-ftgd-err-log
-
|
|
Enable/disable logging rating errors.
|
||||
web-ftgd-quota-usage
-
|
|
Enable/disable logging daily quota usage.
|
||||
web-invalid-domain-log
-
|
|
Enable/disable logging invalid domain names.
|
||||
web-url-log
-
|
|
Enable/disable logging URL filtering.
|
||||
wisp
-
|
|
Enable/disable web proxy WISP.
|
||||
wisp-algorithm
-
|
|
WISP server selection algorithm.
|
||||
wisp-servers
-
|
WISP servers.
|
|||||
name
-
/ required
|
Server name. Source web-proxy.wisp.name.
|
|||||
youtube-channel-filter
-
|
YouTube channel filter.
|
|||||
channel-id
-
|
YouTube channel ID to be filtered.
|
|||||
comment
-
|
Comment.
|
|||||
id
-
/ required
|
ID.
|
|||||
youtube-channel-status
-
|
|
YouTube channel filter status.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure Web filter profiles.
fortios_webfilter_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
webfilter_profile:
state: "present"
comment: "Optional comments."
extended-log: "enable"
ftgd-wf:
exempt-quota: "<your_own_value>"
filters:
-
action: "block"
auth-usr-grp:
-
name: "default_name_10 (source user.group.name)"
category: "11"
id: "12"
log: "enable"
override-replacemsg: "<your_own_value>"
warn-duration: "<your_own_value>"
warning-duration-type: "session"
warning-prompt: "per-domain"
max-quota-timeout: "18"
options: "error-allow"
ovrd: "<your_own_value>"
quota:
-
category: "<your_own_value>"
duration: "<your_own_value>"
id: "24"
override-replacemsg: "<your_own_value>"
type: "time"
unit: "B"
value: "28"
rate-crl-urls: "disable"
rate-css-urls: "disable"
rate-image-urls: "disable"
rate-javascript-urls: "disable"
https-replacemsg: "enable"
inspection-mode: "proxy"
log-all-url: "enable"
name: "default_name_36"
options: "activexfilter"
override:
ovrd-cookie: "allow"
ovrd-dur: "<your_own_value>"
ovrd-dur-mode: "constant"
ovrd-scope: "user"
ovrd-user-group:
-
name: "default_name_44 (source user.group.name)"
profile:
-
name: "default_name_46 (source webfilter.profile.name)"
profile-attribute: "User-Name"
profile-type: "list"
ovrd-perm: "bannedword-override"
post-action: "normal"
replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
web:
blacklist: "enable"
bword-table: "54 (source webfilter.content.id)"
bword-threshold: "55"
content-header-list: "56 (source webfilter.content-header.id)"
keyword-match:
-
pattern: "<your_own_value>"
log-search: "enable"
safe-search: "url"
urlfilter-table: "61 (source webfilter.urlfilter.id)"
whitelist: "exempt-av"
youtube-restrict: "none"
web-content-log: "enable"
web-extended-all-action-log: "enable"
web-filter-activex-log: "enable"
web-filter-applet-log: "enable"
web-filter-command-block-log: "enable"
web-filter-cookie-log: "enable"
web-filter-cookie-removal-log: "enable"
web-filter-js-log: "enable"
web-filter-jscript-log: "enable"
web-filter-referer-log: "enable"
web-filter-unknown-log: "enable"
web-filter-vbs-log: "enable"
web-ftgd-err-log: "enable"
web-ftgd-quota-usage: "enable"
web-invalid-domain-log: "enable"
web-url-log: "enable"
wisp: "enable"
wisp-algorithm: "primary-secondary"
wisp-servers:
-
name: "default_name_83 (source web-proxy.wisp.name)"
youtube-channel-filter:
-
channel-id: "<your_own_value>"
comment: "Comment."
id: "87"
youtube-channel-status: "disable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
key1
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.