fortinet.fortios.fortios_antivirus_quarantine – Configure quarantine options in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_antivirus_quarantine.

New in version 2.10: of fortinet.fortios

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters

Parameter		Choices/Defaults	Comments
access_token string			Token-based authentication. Generated from GUI of Fortigate.
antivirus_quarantine dictionary			Configure quarantine options.
	agelimit integer		Age limit for quarantined files (0 - 479 hours, 0 means forever).
	destination string	Choices: None ← disk FortiAnalyzer	Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them.
	drop_blocked list / elements=string	Choices: imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs mm1 mm3 mm4 mm7 ssh	Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
	drop_heuristic list / elements=string	Choices: imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs mm1 mm3 mm4 mm7 ssh	Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
	drop_infected list / elements=string	Choices: imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs mm1 mm3 mm4 mm7 ssh	Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
	drop_intercepted list / elements=string	Choices: imap smtp pop3 http ftp imaps smtps pop3s https ftps mapi mm1 mm3 mm4 mm7	drop intercepted from a protocol
	lowspace string	Choices: drop-new ovrw-old	Select the method for handling additional files when running low on disk space.
	maxfilesize integer		Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited).
	quarantine_quota integer		The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space).
	store_blocked list / elements=string	Choices: imap smtp pop3 http ftp nntp imaps smtps pop3s ftps mapi cifs mm1 mm3 mm4 mm7 ssh	Quarantine blocked files found in sessions using the selected protocols.
	store_heuristic list / elements=string	Choices: imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs mm1 mm3 mm4 mm7 ssh	Quarantine files detected by heuristics found in sessions using the selected protocols.
	store_infected list / elements=string	Choices: imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs mm1 mm3 mm4 mm7 ssh	Quarantine infected files found in sessions using the selected protocols.
	store_intercepted list / elements=string	Choices: imap smtp pop3 http ftp imaps smtps pop3s https ftps mapi mm1 mm3 mm4 mm7	quarantine intercepted from a protocol
enable_log boolean		Choices: no ← yes	Enable/Disable logging for task.
vdom string		Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure quarantine options.
    fortios_antivirus_quarantine:
      vdom:  "{{ vdom }}"
      antivirus_quarantine:
        agelimit: "3"
        destination: "NULL"
        drop_blocked: "imap"
        drop_heuristic: "imap"
        drop_infected: "imap"
        drop_intercepted: "imap"
        lowspace: "drop-new"
        maxfilesize: "10"
        quarantine_quota: "11"
        store_blocked: "imap"
        store_heuristic: "imap"
        store_infected: "imap"
        store_intercepted: "imap"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_antivirus_quarantine_module.html

Docs

Docs4dev

Title here