Docs4dev
Docs
ansible / 2.10 / collections / community / network / fmgr_fwobj_service_module.html

community.network.fmgr_fwobj_service – Manages FortiManager Firewall Service Objects.

Note

This plugin is part of the community.network collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.fmgr_fwobj_service.

Synopsis

  • Manages FortiManager Firewall Service Objects.

Parameters

Parameter Choices/Defaults Comments
adom
string
Default:
"root"
-The ADOM the configuration should belong to.
app_category
string
Application category ID.
app_service_type
string
Application service type.
application
string
Application ID.
category
string
Service category.
check_reset_range
string
Enable disable RST check.
color
string
Default:
22
GUI icon color.
comment
string
Comment.
custom_type
string
    Choices:
  • tcp_udp_sctp
  • icmp
  • icmp6
  • ip
  • http
  • ftp
  • connect
  • socks_tcp
  • socks_udp
  • all
Tells module what kind of custom service to be added.
explicit_proxy
string
    Choices:
  • enable
  • disable
Enable/disable explicit web proxy service.
fqdn
string
Default:
""
Fully qualified domain name.
group_member
string
Comma-Seperated list of members' names.
group_name
string
Name of the Service Group.
icmp_code
string
ICMP code.
icmp_type
string
ICMP type.
iprange
string
Default:
"0.0.0.0"
Start IP-End IP.
mode
string
    Choices:
  • add
  • set
  • delete
Sets one of three modes for managing the object.
name
string
Custom service name.
object_type
string
    Choices:
  • custom
  • group
  • category
Tells module if we are adding a custom service, category, or group.
protocol
string
Protocol type.
protocol_number
string
IP protocol number.
sctp_portrange
string
Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
session_ttl
string
Default:
0
Session TTL (300 - 604800, 0 = default).
tcp_halfclose_timer
string
Default:
0
TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_halfopen_timer
string
Default:
0
TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_portrange
string
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
tcp_timewait_timer
string
Default:
0
TCP half close timeout (1 - 300 sec, 0 = default).
udp_idle_timer
string
Default:
0
TCP half close timeout (0 - 86400 sec, 0 = default).
udp_portrange
string
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
visibility
string
    Choices:
  • enable
  • disable
Enable/disable service visibility.

Notes

Note

Examples

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  community.network.fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/fmgr_fwobj_service_module.html