fmgr_fwobj_service – Manages FortiManager Firewall Service Objects
New in version 2.8.
Synopsis
- Manages FortiManager Firewall Service Objects.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| adom
-
|
Default:
"root"
|
-The ADOM the configuration should belong to.
|
| app_category
-
|
Application category ID.
|
|
| app_service_type
-
|
Application service type.
|
|
| application
-
|
Application ID.
|
|
| category
-
|
Service category.
|
|
| check_reset_range
-
|
Enable disable RST check.
|
|
| color
-
|
Default:
22
|
GUI icon color.
|
| comment
-
|
Comment.
|
|
| custom_type
-
|
|
Tells module what kind of custom service to be added.
|
| explicit_proxy
-
|
|
Enable/disable explicit web proxy service.
|
| fqdn
-
|
Default:
""
|
Fully qualified domain name.
|
| group_member
-
|
Comma-Seperated list of members' names.
|
|
| group_name
-
|
Name of the Service Group.
|
|
| icmp_code
-
|
ICMP code.
|
|
| icmp_type
-
|
ICMP type.
|
|
| iprange
-
|
Default:
"0.0.0.0"
|
Start IP-End IP.
|
| mode
-
|
|
Sets one of three modes for managing the object.
|
| name
-
|
Custom service name.
|
|
| object_type
-
|
|
Tells module if we are adding a custom service, category, or group.
|
| protocol
-
|
Protocol type.
|
|
| protocol_number
-
|
IP protocol number.
|
|
| sctp_portrange
-
|
Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
|
|
| session_ttl
-
|
Default:
0
|
Session TTL (300 - 604800, 0 = default).
|
| tcp_halfclose_timer
-
|
Default:
0
|
TCP half close timeout (1 - 86400 sec, 0 = default).
|
| tcp_halfopen_timer
-
|
Default:
0
|
TCP half close timeout (1 - 86400 sec, 0 = default).
|
| tcp_portrange
-
|
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
|
|
| tcp_timewait_timer
-
|
Default:
0
|
TCP half close timeout (1 - 300 sec, 0 = default).
|
| udp_idle_timer
-
|
Default:
0
|
TCP half close timeout (0 - 86400 sec, 0 = default).
|
| udp_portrange
-
|
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
|
|
| visibility
-
|
|
Enable/disable service visibility.
|
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_service"
object_type: "custom"
custom_type: "tcp_udp_sctp"
tcp_portrange: "443"
udp_portrange: "51"
sctp_portrange: "100"
- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_serviceWithSource"
object_type: "custom"
custom_type: "tcp_udp_sctp"
tcp_portrange: "443:2000-1000,80-82:10000-20000"
udp_portrange: "51:100-200,162:200-400"
sctp_portrange: "100:2000-2500"
- name: ADD A CUSTOM SERVICE FOR ICMP
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_icmp"
object_type: "custom"
custom_type: "icmp"
icmp_type: "8"
icmp_code: "3"
- name: ADD A CUSTOM SERVICE FOR ICMP6
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_icmp6"
object_type: "custom"
custom_type: "icmp6"
icmp_type: "5"
icmp_code: "1"
- name: ADD A CUSTOM SERVICE FOR IP - GRE
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_icmp6"
object_type: "custom"
custom_type: "ip"
protocol_number: "47"
- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_proxy_all"
object_type: "custom"
custom_type: "all"
explicit_proxy: "enable"
tcp_portrange: "443:2000-1000,80-82:10000-20000"
iprange: "www.ansible.com"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| api_result
string
|
always |
full API response, includes status code and message
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_fwobj_service_module.html