Fortinet FortiManager Modules

January 25, 2018 ยท View on GitHub


Requirements

  • Python requests
  • Everything was tested with FortiManager 5.4

Modules


fortimgr_ip_pool

Manages IP Pool resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager IP Pool configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
commentnoA comment to add to the IP Pool.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create the configuration if needed.
typeno
  • overload
  • one-to-one
  • fixed-port-range
  • port-block-allocation
The type of NAT the IP Pool will perform
end_ipnoThe last address in the range of external addresses used to NAT internal addresses to.
pool_nameyesThe name of the IP Pool.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
adomyesThe ADOM the configuration should belong to.
source_end_ipnoThe last address in the range of internal addresses which will be NAT'ed to an address in the external range.
arp_intfcnoSets the interface which should reply for ARP if arp_reply is enabled.
session_idnoThe session_id of an established and active session
permit_any_hostno
  • enable
  • disable
Allows for the use fo full cone NAT.
hostyesThe FortiManager's Address.
arp_replyno
  • enable
  • disable
Allows the fortigate to reply to ARP requests.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
start_ipnoThe first address in the range of external addresses used to NAT internal addresses to.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
source_start_ipnoThe first address in the range of internal addresses which will be NAT'ed to an address in the external range.

fortimgr_policy

Manages FW Policy resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager FW Policy configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
commentnoA comment to add to the Policy.
statusno
  • enable
  • disable
The desired status of the policy.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
nat_ipnoThe IP to use for NAT when enabled. First IP in the list is beginning NAT range Second IP in the list is the ending NAT range..
policy_namenoThe name of the Policy.
reference_policy_idnoThe policy id to use as a reference point for policy placement.
source_intfcnoA list of source interfaces used for policy matching.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
destination_addressnoA list of destinations to use for policy matching.
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
servicenoA list services used for policy matching.
schedulenoThe schedule to use for when the policy should be enabled.
labelnoA label for policy grouping.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified policy. absent will delete the policy if it exists. param_absent will remove passed params from the policy config if necessary and possible. present will update the configuration if needed.
natno
  • enable
  • disable
Setting the NAT to enable or disable.
reference_policy_namenoThe policy name to use as a reference point for policy placement.
source_addressnoA list of source addresses used for policy matching.
global_labelnoA section label for policy grouping.
usernamenoThe username used to authenticate with the FortiManager.
pool_namenoThe name of the IP Pool when enabled.
directionno
  • before
  • after
The direction the policy should be placed in reference to the reference_policy
adomyesThe ADOM the configuration should belong to.
log_trafficno
  • disable
  • all
  • utm
Setting the Log Traffic to disable, all, or utm(log security events).
log_traffic_startno
  • enable
  • disable
Setting the Log Traffic Start to enable or disable.
hostyesThe FortiManager's Address.
passwordnoThe password associated with the username account.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
ip_poolno
  • enable
  • disable
Setting the IP Pool Nat feature to enable or disable.
permit_any_hostno
  • enable
  • disable
Setting the Permit Any Host to enable or disable.
match_filterFalseDetermines whether to use match_filters to retrieve existing policies. True will use match_filters to retrieve a matching policy. False will not use match_filters to retrieve a matching policy.
packageyesThe policy package to add the policy to.
match_filters[u'source_address', u'source_intfc', u'destination_address', u'destination_intfc', u'service']This is an alternative means of matching an existing policy when not using policy_id or policy_name. The config parameters to match existing policies against for comparing module parameters against existing configurations. All fields passed into the list will be used to retrieve an exact match from existing policies. If multiple policies match on the parameters, the module will fail with the list of matching policies. C(all) can be used to match all parameters that are passed to the module.
destination_intfcnoA list of interface destinations to use for policy matching.
session_idnoThe session_id of an established and active session
actionno
  • accept
  • deny
  • ipsec
  • ssl-vpn
The action the end device should take when the policy is matched.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
policy_idnoThe ID associated with the Policy.

fortimgr_vip

Manages VIP resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager VIP configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
commentnoA comment to add to the VIP.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create the configuration if needed.
typeno
  • static-nat
  • fqdn
  • dns-translation
The type of service the VIP will offer.
source_filternoThe source IP addresses which will be used to filter when the NAT takes place.
adomyesThe ADOM the configuration should belong to.
colornoA tag that can be used to group objects.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
external_intfcnoThe associated external interface
session_idnoThe session_id of an established and active session
vip_nameyesThe name of the VIP.
external_ipnoThe external IP or IP range that will be NAT'ed to the internal mapped IP.
hostyesThe FortiManager's Address.
arp_replyno
  • enable
  • disable
Allows the fortigate to reply to ARP requests.
source_intfcnoThe source interface which will be used to filter when the NAT takes place.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
mapped_ipnoThe address or address range used that the external IP will be mapped to.

fortimgr_ip_pool_map

Manages IP Pool mapped resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager IP Pool dynamic_mapping configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
commentnoA comment to add to the IP Pool.
source_start_ipnoThe first address in the range of internal addresses which will be NAT'ed to an address in the external range.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
arp_intfcnoSets the interface which should reply for ARP if arp_reply is enabled.
arp_replyno
  • enable
  • disable
Allows the fortigate to reply to ARP requests.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the mapping from the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create configuration for the mapping correlating to the fortigate specified if needed.
end_ipnoThe last address in the range of external addresses used to NAT internal addresses to.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
typeno
  • overload
  • one-to-one
  • fixed-port-range
  • port-block-allocation
The type of NAT the IP Pool will perform
usernamenoThe username used to authenticate with the FortiManager.
pool_nameyesThe name of the IP Pool.
adomyesThe ADOM the configuration should belong to.
source_end_ipnoThe last address in the range of internal addresses which will be NAT'ed to an address in the external range.
start_ipnoThe first address in the range of external addresses used to NAT internal addresses to.
passwordnoThe password associated with the username account.
fortigatenoThe name of the fortigate to map the configuration to.
vdomyesThe vdom on the fortigate that the config should be associated to.
permit_any_hostno
  • enable
  • disable
Allows for the use fo full cone NAT.
hostyesThe FortiManager's Address.
session_idnoThe session_id of an established and active session
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)

fortimgr_revision

Manages ADOM revisions

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager revisions using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
lock_revisionno
  • 0
  • 1
The lock status of the revision. 0 permits the revision to be automatically deleted per FortiManager settings. 1 prevents the revision from being automatically deleted per FortiManager settings.
descriptionnoA description to add to the revision.
adomyesThe ADOM the configuration should belong to.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
statenopresent
  • absent
  • present
  • restore
The desired state of the revision. Absent will ensure no revisions exist with the specified name. Present will create a new revision. Restore will restore the ADOM to the specified revision.
session_idnoThe session_id of an established and active session
hostyesThe FortiManager's Address.
created_bynoThe name of the user who created the revision.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
revision_nameyesThe name of the revision.

fortimgr_address_map

Manages Address mapped resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager Address dynamic_mapping configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
commentnoA comment to add to the Address
allow_routingnoDetermines if the address can be used in static routing configuration.
colornoA tag that can be used to group objects
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
network_addressnoThe network address to use when address_type is ipmask. The network_mask param must be used in conjuction with network_address. Alternatively, the subnet param can be used for cidr notation.
wildcard_fqdnnoThe wildcard FQDN associated with an Address when the type is wildcard-fqdn.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
subnetnoThe subnet associated with an Address when the type is ipmask. This supports sending a string as cidr notation or a two element list that would be returned from getting existing address objects. Alternatively, the network_address and network_mask params can be used.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the mapping from the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create configuration for the mapping correlating to the fortigate specified if needed.
end_ipnoThe last IP associated with an Address when the type is iprange.
wildcard_masknoThe wildcard mask to use when address_type is wildcard. The wildcard_address param must be used in conjuction with the wildcard_mask Alternatively, the wildcard param can be used for cidr notation.
address_nameyesThe name of the Address object.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
address_typeno
  • ipmask
  • iprange
  • fqdn
  • wildcard
  • wildcard-fqdn
The type of address the Address object is.
usernamenoThe username used to authenticate with the FortiManager.
adomyesThe ADOM the configuration should belong to.
hostyesThe FortiManager's Address.
start_ipnoThe first IP associated with an Address when the type is iprange.
network_masknoThe netmask to use when address_type is ipmask. The network_address param must be used in conjuction with network_mask. Alternatively, the subnet param can be used for cidr notation.
passwordnoThe password associated with the username account.
vdomyesThe vdom on the fortigate that the config should be associated to.
fqdnnoThe fully qualified domain name associated with an Address when the type is fqdn.
session_idnoThe session_id of an established and active session
wildcardnoThe wildcard associated with an Address when the type is wildcard. This supports sending a string as cidr notation or a two element list that would be returned from getting existing address objects. Alternatively, the wildcard_address and wildcard_mask params can be used.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
wildcard_addressnoThe wildcard address to use when address_type is wildcard. The wildcard_mask param must be used in conjunction with the wildcard_address. Alternatively, the wildcard param can be used for cidr notation.

fortimgr_vip_group

Manages the VIP Group resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager VIP Group configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
commentnoA comment to add to the VIP.
adomyesThe ADOM the configuration should belong to.
colornoA tag that can be used to group objects.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
vip_group_nameyesThe name of the VIP Group.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create the configuration if needed.
session_idnoThe session_id of an established and active session
hostyesThe FortiManager's Address.
membersnoThe list of VIP objects that should be associated to the VIP Group.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
interfacenoThe list of interfaces/zones associated with the VIP Group
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).

fortimgr_address

Manages Address resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager Address configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
commentnoA comment to add to the Address
allow_routingnoDetermines if the address can be used in static routing configuration.
colornoA tag that can be used to group objects
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
network_addressnoThe network address to use when address_type is ipmask. The network_mask param must be used in conjuction with network_address. Alternatively, the subnet param can be used for cidr notation.
wildcard_fqdnnoThe wildcard FQDN associated with an Address when the type is wildcard-fqdn.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
subnetnoThe subnet associated with an Address when the type is ipmask. This supports sending a string as cidr notation or a two element list that would be returned from getting existing address objects. Alternatively, the network_address and network_mask params can be used.
associated_intfcnoThe interface associated with the Address.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete resource if it exists. param_absent will remove passed params from the object config if necessary and possible. present will update the configuration if needed.
end_ipnoThe last IP associated with an Address when the type is iprange.
wildcard_masknoThe wildcard mask to use when address_type is wildcard. The wildcard_address param must be used in conjuction with the wildcard_mask Alternatively, the wildcard param can be used for cidr notation.
address_nameyesThe name of the Address object.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
address_typeno
  • ipmask
  • iprange
  • fqdn
  • wildcard
  • wildcard-fqdn
The type of address the Address object is.
usernamenoThe username used to authenticate with the FortiManager.
adomyesThe ADOM the configuration should belong to.
hostyesThe FortiManager's Address.
start_ipnoThe first IP associated with an Address when the type is iprange.
network_masknoThe netmask to use when address_type is ipmask. The network_address param must be used in conjuction with network_mask. Alternatively, the subnet param can be used for cidr notation.
passwordnoThe password associated with the username account.
fqdnnoThe fully qualified domain name associated with an Address when the type is fqdn.
session_idnoThe session_id of an established and active session
wildcardnoThe wildcard associated with an Address when the type is wildcard. This supports sending a string as cidr notation or a two element list that would be returned from getting existing address objects. Alternatively, the wildcard_address and wildcard_mask params can be used.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
wildcard_addressnoThe wildcard address to use when address_type is wildcard. The wildcard_mask param must be used in conjunction with the wildcard_address. Alternatively, the wildcard param can be used for cidr notation.

fortimgr_lock

Manages ADOM locking and unlocking

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager ADOM locking and unlocking using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
savenoFalseSaves the config before unlocking a session. True saves the configuration. False does not save the configuration and all changes in the session will be lost if unlocked.
adomyesThe ADOM the configuration should belong to.
locknoFalseLocks the ADOM in the FortiManager. True ensures the ADOM is locked.
unlocknoFalseUnlocks the ADOM in the FortiManager. True ensures the ADOM is unlocked and closes the current session with the FortiManager.
session_idnoThe session_id of an established and active session
hostyesThe FortiManager's Address.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).

fortimgr_address_group

Manages Address Group resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager Address Group configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
allow_routingnoDetermines if the address can be used in static routing configuration.
adomyesThe ADOM the configuration should belong to.
colornoA tag that can be used to group objects
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create the configuration if needed.
session_idnoThe session_id of an established and active session
hostyesThe FortiManager's Address.
address_group_nameyesThe name of the Address Group object.
membersnoA list of members associated with the Address Group object.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
commentnoA comment to add to the Address

fortimgr_service_group

Manages Service Group resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager Service Group configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
commentnoA comment to add to the Service Group
adomyesThe ADOM the configuration should belong to.
colornoA tag that can be used to group objects
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
service_group_nameyesThe name of the Service Group object.
explicit-proxynoUsed to set the explicit-proxy service for the Service Group object.
session_idnoThe session_id of an established and active session
hostyesThe FortiManager's Address.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create the configuration if needed.
membersnoA list of members associated with the Service Group object.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).

fortimgr_service

Manages Service resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager Service configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
icmp_codenoThe ICMP code for when protocol is set to ICMP.
passwordnoThe password associated with the username account.
protocolnoUsed to specify the service's protocol type.
icmp_typenoThe ICMP type for when the protocol is set to ICMP.
categoryno
  • Uncategorized
  • Authentication
  • Email
  • File Access
  • General
  • Network Services
  • Remote Access
  • Tunneling
  • VoIP, Messaging & Other Applications
  • Web Access
  • Web Proxy
The category of the service object.
adomyesThe ADOM the configuration should belong to.
colornoA tag that can be used to group objects
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
protocol_numbernoUsed to specify the IP protocol number when protocol is set to IP.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create the configuration if needed.
session_idnoThe session_id of an established and active session
port_rangenoThe range of TCP or UDP ports associated with the service object.
hostyesThe FortiManager's Address.
service_nameyesThe name of the service.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
explicit_proxynoUsed to set the explicit-proxy service for the Service object.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
commentnoA comment to add to the Service

fortimgr_install

Manages ADOM package installs

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager package installs using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
adom_revision_namenoThe name to give the ADOM revision if creating a revision.
fortigate_revision_commentsnoComments to add to the FortiGate revision.
adomyesThe ADOM that should have package installed should belong to.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
packageyesThe policy package that should be pushed to the end devices.
adom_revision_commentsnoComments to add to the ADOM revision if creating a revision.
check_installnoDetermines if the install will only be committed if the FortiGate is in sync and connected with the FortManager. True performs the check. False attempts the install regardless of device status.
session_idnoThe session_id of an established and active session
fortigate_nameyesThe name of FortiGate in consideration for package install.
install_flagsno
  • cp_all_objs
  • generate_rev
  • copy_assigned_pkg
  • unassign
  • ifpolicy_only
  • no_ifpolicy
  • objs_only
  • copy_only
Flags to send to the FortiManager identifying how the install should be done.
hostyesThe FortiManager's Address.
statenopresent
  • present
  • preview
The desired state of the package. Present will update the configuration if needed. Preview (or check mode) will return a preview of what will be pushed to the end device.
dst_filenoThe file path/name where to write the install preview to.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
vdomnoThe VDOM associated with the FortiGate and package.

fortimgr_vip_mapping

Manages VIP mapped resources and attributes

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiManager VIP dynamic_mapping configurations using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
commentnoA comment to add to the VIP.
colornoA tag that can be used to group objects.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
arp_replyno
  • enable
  • disable
Allows the fortigate to reply to ARP requests.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
mapped_ipnoThe address or address range used that the external IP will be mapped to.
statenopresent
  • absent
  • param_absent
  • present
The desired state of the specified object. absent will delete the mapping from the object if it exists. param_absent will remove passed params from the object config if necessary and possible. present will create configuration for the mapping correlating to the fortigate specified if needed.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
typenoThe source interface which will be used to filter when the NAT takes place.
usernamenoThe username used to authenticate with the FortiManager.
source_filternoThe source IP addresses which will be used to filter when the NAT takes place.
adomyesThe ADOM the configuration should belong to.
hostyesThe FortiManager's Address.
passwordnoThe password associated with the username account.
fortigatenoThe name of the fortigate to map the configuration to.
vdomyesThe vdom on the fortigate that the config should be associated to.
external_intfcnoThe associated external interface
external_ipnoThe external IP or IP range that will be NAT'ed to the internal mapped IP.
session_idnoThe session_id of an established and active session
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False)
vip_nameyesThe name of the VIP.

fortimgr_route

Manages Route configurations for FortiGate devices

  • Synopsis
  • Options
  • Examples

Synopsis

Manages FortiGate route configurations using FortiManager's jsonrpc API

Options

Parameterrequireddefaultchoicescomments
commentnoA comment to add to the route.
weightnoThe weight to assign to the route.
locknoTrueTrue locks the ADOM, makes necessary configuration updates, saves the config, and unlocks the ADOM
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
destination_netmasknoThe netmask to use for the destination address. The network param must be used in conjuction with netmask. Alternatively, the destination param can be used for cidr notation.
destination_networknoThe network address to use destination address. The netmask param must be used in conjuction with network. Alternatively, the destination param can be used for cidr notation.
gatewayyesThe gateway address for which the destination can be reached.
destinationyesThe destination subnet. This supports sending a string as cidr notation or a two element list that would be returned from getting existing address objects. Alternatively, the netmask and network params can be used.
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
prioritynoThe priority to assign the route.
statenopresent
  • present
  • absent
The desired state of the route. absent will remove the route if it exists. present will update the configuration if needed.
intfcnoThe interface used to reach the route.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
usernamenoThe username used to authenticate with the FortiManager.
adomnoThe ADOM the configuration should belong to.
hostyesThe FortiManager's Address.
passwordnoThe password associated with the username account.
fortigateyesThe fortigate to apply the route to.
vdomyesThe vdom on the fortigate to add the route to.
distancenoThe distance metric to associate to the route.
destination_objectnoThe address or address-group object to use as the destination address
session_idnoThe session_id of an established and active session
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file C(True), or accept all certs C(False).
sequence_numbernoThe sequence number of the route in FortiManager This is required in order to modify an existing route's interface, destination, and gateway.

fortimgr_facts

Gathers facts from the FortiManager

  • Synopsis
  • Options
  • Examples

Synopsis

Gathers facts from the FortiManager using jsonrpc API

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
config_filterno
  • all
  • route
  • address
  • address_group
  • service
  • service_group
  • ip_pool
  • vip
  • vip_group
  • policy
The list of configuration items to retrieve from the list of ADOMs and FortiGates managed by the FortiManager. This list will only be used if the fortigates or adoms parameters are passed.
fortigatesnoA list of FortiGates to retrieve device information for; "all" can be used to retrieve all devices managed by the FortiManger. If config_filter is defined, this list will be used to determine what devices to retrieve configuration from. If config_filter is defined, this list should be a list of dictionaries with "name" and "vdom" keys defining the mapping for fortigate and vdom.
adomnoThe ADOM that should have package installed should belong to.
session_idnoThe session_id of an established and active session
fortigate_namenodevice_id
  • device_id
  • hostname
The name to use as the config dictionary key when returning configuration data. This is only used when fortigates is all or a list of fortigate names. C(device_id) will use the device ID that FortiManager has associated to the device. C(hostname) will use the hostname of the device.
hostyesThe FortiManager's Address.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
adomsnoA list of ADOMs for which configurations from FortiManager will be retrieved; "all" can be used to retrieve all ADOMs. If "all" is used, or the value is a list of ADOM names (as strings), then all packages for each ADOM will be retrieved. Passing a list of dictionaries with "name" and "package" keys can be used to limit the scope of policies retrieved. A key/value pair is required for each package (the dictionary values cannot be lists). The objects and policy elements will be collected based on what is listed in the config_filter param.

fortimgr_jsonrpc_request

Sends generic json-rpc FortiManager API requests

  • Synopsis
  • Options
  • Examples

Synopsis

Sends generic json-rpc FortiManager API requests

Options

Parameterrequireddefaultchoicescomments
usernamenoThe username used to authenticate with the FortiManager.
session_idnoThe session_id of an established and active session
hostyesThe FortiManager's Address.
providernoDictionary which acts as a collection of arguments used to define the characteristics of how to connect to the device. Arguments hostname, username, and password must be specified in either provider or local param. Local params take precedence, e.g. hostname is preferred to provider["hostname"] when both are specified.
use_sslnoTrueDetermines whether to use HTTPS(True) or HTTP(False).
passwordnoThe password associated with the username account.
validate_certsnoFalseDetermines whether to validate certs against a trusted certificate file (True), or accept all certs (False).
portnoThe TCP port used to connect to the FortiManager if other than the default used by the transport method(http=80, https=443).
methodyesThe json-rpc method to use (get, add, set, update, delete, move, clone, replace, exec).
paramsyesThe json-rpc request parameters. Refere to Fortimanager API doc for details.


Created by Network to Code, LLC For: 2015