fortinet.fortios.fortios_firewall_mms_profile – Configure MMS profiles in Fortinet’s FortiOS and FortiGate.
Note
This plugin is part of the fortinet.fortios collection (version 2.1.2).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_firewall_mms_profile.
New in version 2.10: of fortinet.fortios
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| access_token
string
|
Token-based authentication. Generated from GUI of Fortigate.
|
|||
| enable_log
boolean
|
|
Enable/Disable logging for task.
|
||
| firewall_mms_profile
dictionary
|
Configure MMS profiles.
|
|||
| avnotificationtable
integer
|
AntiVirus notification table ID. Source antivirus.notification.id.
|
|||
| bwordtable
integer
|
MMS banned word table ID. Source webfilter.content.id.
|
|||
| carrier_endpoint_prefix
string
|
|
Enable/disable prefixing of end point values.
|
||
| carrier_endpoint_prefix_range_max
integer
|
Maximum length of end point value that can be prefixed (1 - 48).
|
|||
| carrier_endpoint_prefix_range_min
integer
|
Minimum end point length to be prefixed (1 - 48).
|
|||
| carrier_endpoint_prefix_string
string
|
String with which to prefix End point values.
|
|||
| carrierendpointbwltable
integer
|
Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id.
|
|||
| comment
string
|
Comment.
|
|||
| dupe
list / elements=string
|
Duplicate configuration.
|
|||
| action1
list / elements=string
|
|
Action to take when threshold reached.
|
||
| action2
list / elements=string
|
|
Action to take when threshold reached.
|
||
| action3
list / elements=string
|
|
Action to take when threshold reached.
|
||
| block_time1
integer
|
Duration for which action takes effect (0 - 35791 min).
|
|||
| block_time2
integer
|
Duration for which action takes effect (0 - 35791 min).
|
|||
| block_time3
integer
|
Duration action takes effect (0 - 35791 min).
|
|||
| limit1
integer
|
Maximum number of messages allowed.
|
|||
| limit2
integer
|
Maximum number of messages allowed.
|
|||
| limit3
integer
|
Maximum number of messages allowed.
|
|||
| protocol
string / required
|
Protocol.
|
|||
| status1
string
|
|
Enable/disable status1 detection.
|
||
| status2
string
|
|
Enable/disable status2 detection.
|
||
| status3
string
|
|
Enable/disable status3 detection.
|
||
| window1
integer
|
Window to count messages over (1 - 2880 min).
|
|||
| window2
integer
|
Window to count messages over (1 - 2880 min).
|
|||
| window3
integer
|
Window to count messages over (1 - 2880 min).
|
|||
| extended_utm_log
string
|
Enable/disable detailed UTM log messages.
|
|||
| flood
list / elements=string
|
Flood configuration.
|
|||
| action1
list / elements=string
|
|
Action to take when threshold reached.
|
||
| action2
list / elements=string
|
|
Action to take when threshold reached.
|
||
| action3
list / elements=string
|
|
Action to take when threshold reached.
|
||
| block_time1
integer
|
Duration for which action takes effect (0 - 35791 min).
|
|||
| block_time2
integer
|
Duration for which action takes effect (0 - 35791 min).
|
|||
| block_time3
integer
|
Duration action takes effect (0 - 35791 min).
|
|||
| limit1
integer
|
Maximum number of messages allowed.
|
|||
| limit2
integer
|
Maximum number of messages allowed.
|
|||
| limit3
integer
|
Maximum number of messages allowed.
|
|||
| protocol
string / required
|
Protocol.
|
|||
| status1
string
|
|
Enable/disable status1 detection.
|
||
| status2
string
|
|
Enable/disable status2 detection.
|
||
| status3
string
|
|
Enable/disable status3 detection.
|
||
| window1
integer
|
Window to count messages over (1 - 2880 min).
|
|||
| window2
integer
|
Window to count messages over (1 - 2880 min).
|
|||
| window3
integer
|
Window to count messages over (1 - 2880 min).
|
|||
| mm1
list / elements=string
|
|
MM1 options.
|
||
| mm1_addr_hdr
string
|
HTTP header field (for MM1) containing user address.
|
|||
| mm1_addr_source
string
|
|
Source for MM1 user address.
|
||
| mm1_convert_hex
string
|
|
Enable/disable converting user address from HEX string for MM1.
|
||
| mm1_outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| mm1_retr_dupe
string
|
|
Enable/disable duplicate scanning of MM1 retr.
|
||
| mm1_retrieve_scan
string
|
|
Enable/disable scanning on MM1 retrieve configuration messages.
|
||
| mm1comfortamount
integer
|
MM1 comfort amount (0 - 4294967295).
|
|||
| mm1comfortinterval
integer
|
MM1 comfort interval (0 - 4294967295).
|
|||
| mm1oversizelimit
integer
|
Maximum file size to scan (1 - 819200 kB).
|
|||
| mm3
list / elements=string
|
|
MM3 options.
|
||
| mm3_outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| mm3oversizelimit
integer
|
Maximum file size to scan (1 - 819200 kB).
|
|||
| mm4
list / elements=string
|
|
MM4 options.
|
||
| mm4_outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| mm4oversizelimit
integer
|
Maximum file size to scan (1 - 819200 kB).
|
|||
| mm7
list / elements=string
|
|
MM7 options.
|
||
| mm7_addr_hdr
string
|
HTTP header field (for MM7) containing user address.
|
|||
| mm7_addr_source
string
|
|
Source for MM7 user address.
|
||
| mm7_convert_hex
string
|
|
Enable/disable conversion of user address from HEX string for MM7.
|
||
| mm7_outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| mm7comfortamount
integer
|
MM7 comfort amount (0 - 4294967295).
|
|||
| mm7comfortinterval
integer
|
MM7 comfort interval (0 - 4294967295).
|
|||
| mm7oversizelimit
integer
|
Maximum file size to scan (1 - 819200 kB).
|
|||
| mms_antispam_mass_log
string
|
|
Enable/disable logging for MMS antispam mass.
|
||
| mms_av_block_log
string
|
|
Enable/disable logging for MMS antivirus file blocking.
|
||
| mms_av_oversize_log
string
|
|
Enable/disable logging for MMS antivirus oversize file blocking.
|
||
| mms_av_virus_log
string
|
|
Enable/disable logging for MMS antivirus scanning.
|
||
| mms_carrier_endpoint_filter_log
string
|
|
Enable/disable logging for MMS end point filter blocking.
|
||
| mms_checksum_log
string
|
|
Enable/disable MMS content checksum logging.
|
||
| mms_checksum_table
integer
|
MMS content checksum table ID. Source antivirus.mms-checksum.id.
|
|||
| mms_notification_log
string
|
|
Enable/disable logging for MMS notification messages.
|
||
| mms_web_content_log
string
|
|
Enable/disable logging for MMS web content blocking.
|
||
| mmsbwordthreshold
integer
|
MMS banned word threshold.
|
|||
| name
string / required
|
Profile name.
|
|||
| notif_msisdn
list / elements=string
|
Notification for MSISDNs.
|
|||
| msisdn
string / required
|
Recipient MSISDN.
|
|||
| threshold
string
|
|
Thresholds on which this MSISDN will receive an alert.
|
||
| notification
list / elements=string
|
Notification configuration.
|
|||
| alert_int
integer
|
Alert notification send interval.
|
|||
| alert_int_mode
string
|
|
Alert notification interval mode.
|
||
| alert_src_msisdn
string
|
Specify from address for alert messages.
|
|||
| alert_status
string
|
|
Alert notification status.
|
||
| bword_int
integer
|
Banned word notification send interval.
|
|||
| bword_int_mode
string
|
|
Banned word notification interval mode.
|
||
| bword_status
string
|
|
Banned word notification status.
|
||
| carrier_endpoint_bwl_int
integer
|
Carrier end point black/white list notification send interval.
|
|||
| carrier_endpoint_bwl_int_mode
string
|
|
Carrier end point black/white list notification interval mode.
|
||
| carrier_endpoint_bwl_status
string
|
|
Carrier end point black/white list notification status.
|
||
| days_allowed
list / elements=string
|
|
Weekdays on which notification messages may be sent.
|
||
| detect_server
string
|
|
Enable/disable automatic server address determination.
|
||
| dupe_int
integer
|
Duplicate notification send interval.
|
|||
| dupe_int_mode
string
|
|
Duplicate notification interval mode.
|
||
| dupe_status
string
|
|
Duplicate notification status.
|
||
| file_block_int
integer
|
File block notification send interval.
|
|||
| file_block_int_mode
string
|
|
File block notification interval mode.
|
||
| file_block_status
string
|
|
File block notification status.
|
||
| flood_int
integer
|
Flood notification send interval.
|
|||
| flood_int_mode
string
|
|
Flood notification interval mode.
|
||
| flood_status
string
|
|
Flood notification status.
|
||
| from_in_header
string
|
|
Enable/disable insertion of from address in HTTP header.
|
||
| mms_checksum_int
integer
|
MMS checksum notification send interval.
|
|||
| mms_checksum_int_mode
string
|
|
MMS checksum notification interval mode.
|
||
| mms_checksum_status
string
|
|
MMS checksum notification status.
|
||
| mmsc_hostname
string
|
Host name or IP address of the MMSC.
|
|||
| mmsc_password
string
|
Password required for authentication with the MMSC.
|
|||
| mmsc_port
integer
|
Port used on the MMSC for sending MMS messages (1 - 65535).
|
|||
| mmsc_url
string
|
URL used on the MMSC for sending MMS messages.
|
|||
| mmsc_username
string
|
User name required for authentication with the MMSC.
|
|||
| msg_protocol
string
|
|
Protocol to use for sending notification messages.
|
||
| msg_type
string
|
|
MM7 message type.
|
||
| protocol
string / required
|
Protocol.
|
|||
| rate_limit
integer
|
Rate limit for sending notification messages (0 - 250).
|
|||
| tod_window_duration
string
|
Time of day window duration.
|
|||
| tod_window_end
string
|
Obsolete.
|
|||
| tod_window_start
string
|
Time of day window start.
|
|||
| user_domain
string
|
Domain name to which the user addresses belong.
|
|||
| vas_id
string
|
VAS identifier.
|
|||
| vasp_id
string
|
VASP identifier.
|
|||
| virus_int
integer
|
Virus notification send interval.
|
|||
| virus_int_mode
string
|
|
Virus notification interval mode.
|
||
| virus_status
string
|
|
Virus notification status.
|
||
| outbreak_prevention
dictionary
|
Configure Virus Outbreak Prevention settings.
|
|||
| external_blocklist
string
|
|
Enable/disable external malware blocklist.
|
||
| ftgd_service
string
|
|
Enable/disable FortiGuard Virus outbreak prevention service.
|
||
| remove_blocked_const_length
string
|
|
Enable/disable MMS replacement of blocked file constant length.
|
||
| replacemsg_group
string
|
Replacement message group. Source system.replacemsg-group.name.
|
|||
| state
string / required
|
|
Indicates whether to create or remove the object.
|
||
| vdom
string
|
Default:
"root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
Notes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure MMS profiles.
fortios_firewall_mms_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_mms_profile:
avnotificationtable: "3 (source antivirus.notification.id)"
bwordtable: "4 (source webfilter.content.id)"
carrier_endpoint_prefix: "enable"
carrier_endpoint_prefix_range_max: "6"
carrier_endpoint_prefix_range_min: "7"
carrier_endpoint_prefix_string: "<your_own_value>"
carrierendpointbwltable: "9 (source firewall.carrier-endpoint-bwl.id)"
comment: "Comment."
dupe:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "15"
block_time2: "16"
block_time3: "17"
limit1: "18"
limit2: "19"
limit3: "20"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "25"
window2: "26"
window3: "27"
extended_utm_log: "<your_own_value>"
flood:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "33"
block_time2: "34"
block_time3: "35"
limit1: "36"
limit2: "37"
limit3: "38"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "43"
window2: "44"
window3: "45"
mm1: "avmonitor"
mm1_addr_hdr: "<your_own_value>"
mm1_addr_source: "http-header"
mm1_convert_hex: "enable"
mm1_outbreak_prevention: "disabled"
mm1_retr_dupe: "enable"
mm1_retrieve_scan: "enable"
mm1comfortamount: "53"
mm1comfortinterval: "54"
mm1oversizelimit: "55"
mm3: "avmonitor"
mm3_outbreak_prevention: "disabled"
mm3oversizelimit: "58"
mm4: "avmonitor"
mm4_outbreak_prevention: "disabled"
mm4oversizelimit: "61"
mm7: "avmonitor"
mm7_addr_hdr: "<your_own_value>"
mm7_addr_source: "http-header"
mm7_convert_hex: "enable"
mm7_outbreak_prevention: "disabled"
mm7comfortamount: "67"
mm7comfortinterval: "68"
mm7oversizelimit: "69"
mms_antispam_mass_log: "enable"
mms_av_block_log: "enable"
mms_av_oversize_log: "enable"
mms_av_virus_log: "enable"
mms_carrier_endpoint_filter_log: "enable"
mms_checksum_log: "enable"
mms_checksum_table: "76 (source antivirus.mms-checksum.id)"
mms_notification_log: "enable"
mms_web_content_log: "enable"
mmsbwordthreshold: "79"
name: "default_name_80"
notif_msisdn:
-
msisdn: "<your_own_value>"
threshold: "flood-thresh-1"
notification:
-
alert_int: "85"
alert_int_mode: "hours"
alert_src_msisdn: "<your_own_value>"
alert_status: "enable"
bword_int: "89"
bword_int_mode: "hours"
bword_status: "enable"
carrier_endpoint_bwl_int: "92"
carrier_endpoint_bwl_int_mode: "hours"
carrier_endpoint_bwl_status: "enable"
days_allowed: "sunday"
detect_server: "enable"
dupe_int: "97"
dupe_int_mode: "hours"
dupe_status: "enable"
file_block_int: "100"
file_block_int_mode: "hours"
file_block_status: "enable"
flood_int: "103"
flood_int_mode: "hours"
flood_status: "enable"
from_in_header: "enable"
mms_checksum_int: "107"
mms_checksum_int_mode: "hours"
mms_checksum_status: "enable"
mmsc_hostname: "myhostname"
mmsc_password: "<your_own_value>"
mmsc_port: "112"
mmsc_url: "<your_own_value>"
mmsc_username: "<your_own_value>"
msg_protocol: "mm1"
msg_type: "submit-req"
protocol: "<your_own_value>"
rate_limit: "118"
tod_window_duration: "<your_own_value>"
tod_window_end: "<your_own_value>"
tod_window_start: "<your_own_value>"
user_domain: "<your_own_value>"
vas_id: "<your_own_value>"
vasp_id: "<your_own_value>"
virus_int: "125"
virus_int_mode: "hours"
virus_status: "enable"
outbreak_prevention:
external_blocklist: "disable"
ftgd_service: "disable"
remove_blocked_const_length: "enable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
| http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
| http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
| mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
| name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
| path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
| revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
| serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
| status
string
|
always |
Indication of the operation's result
Sample:
success
|
| vdom
string
|
always |
Virtual domain used
Sample:
root
|
| version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_firewall_mms_profile_module.html