New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
log_threat_weight
-
|
Default: null
|
Configure threat weight settings.
|
||
application
-
|
Application-control threat weight settings.
|
|||
category
-
|
Application category.
|
|||
id
-
/ required
|
Entry ID.
|
|||
level
-
|
|
Threat weight score for Application events.
|
||
blocked-connection
-
|
|
Threat weight score for blocked connections.
|
||
failed-connection
-
|
|
Threat weight score for failed connections.
|
||
geolocation
-
|
Geolocation-based threat weight settings.
|
|||
country
-
|
Country code.
|
|||
id
-
/ required
|
Entry ID.
|
|||
level
-
|
|
Threat weight score for Geolocation-based events.
|
||
ips
-
|
IPS threat weight settings.
|
|||
critical-severity
-
|
|
Threat weight score for IPS critical severity events.
|
||
high-severity
-
|
|
Threat weight score for IPS high severity events.
|
||
info-severity
-
|
|
Threat weight score for IPS info severity events.
|
||
low-severity
-
|
|
Threat weight score for IPS low severity events.
|
||
medium-severity
-
|
|
Threat weight score for IPS medium severity events.
|
||
level
-
|
Score mapping for threat weight levels.
|
|||
critical
-
|
Critical level score value (1 - 100).
|
|||
high
-
|
High level score value (1 - 100).
|
|||
low
-
|
Low level score value (1 - 100).
|
|||
medium
-
|
Medium level score value (1 - 100).
|
|||
malware
-
|
Anti-virus malware threat weight settings.
|
|||
botnet-connection
-
|
|
Threat weight score for detected botnet connections.
|
||
command-blocked
-
|
|
Threat weight score for blocked command detected.
|
||
mimefragmented
-
|
|
Threat weight score for mimefragmented detected.
|
||
oversized
-
|
|
Threat weight score for oversized file detected.
|
||
switch-proto
-
|
|
Threat weight score for switch proto detected.
|
||
virus-blocked
-
|
|
Threat weight score for virus (blocked) detected.
|
||
virus-file-type-executable
-
|
|
Threat weight score for virus (filetype executable) detected.
|
||
virus-infected
-
|
|
Threat weight score for virus (infected) detected.
|
||
virus-outbreak-prevention
-
|
|
Threat weight score for virus (outbreak prevention) event.
|
||
virus-scan-error
-
|
|
Threat weight score for virus (scan error) detected.
|
||
status
-
|
|
Enable/disable the threat weight feature.
|
||
url-block-detected
-
|
|
Threat weight score for URL blocking.
|
||
web
-
|
Web filtering threat weight settings.
|
|||
category
-
|
Threat weight score for web category filtering matches.
|
|||
id
-
/ required
|
Entry ID.
|
|||
level
-
|
|
Threat weight score for web category filtering matches.
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure threat weight settings.
fortios_log_threat_weight:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
log_threat_weight:
application:
-
category: "4"
id: "5"
level: "disable"
blocked-connection: "disable"
failed-connection: "disable"
geolocation:
-
country: "<your_own_value>"
id: "11"
level: "disable"
ips:
critical-severity: "disable"
high-severity: "disable"
info-severity: "disable"
low-severity: "disable"
medium-severity: "disable"
level:
critical: "20"
high: "21"
low: "22"
medium: "23"
malware:
botnet-connection: "disable"
command-blocked: "disable"
mimefragmented: "disable"
oversized: "disable"
switch-proto: "disable"
virus-blocked: "disable"
virus-file-type-executable: "disable"
virus-infected: "disable"
virus-outbreak-prevention: "disable"
virus-scan-error: "disable"
status: "enable"
url-block-detected: "disable"
web:
-
category: "38"
id: "39"
level: "disable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.