security_application_control_profile - Application Control Profile Resource

Added in version 1.0.0.

Synopsis

Application Control Profile Resource.

Use API “/resource-api/v2/security/application-control-profile/{direction}/{primaryKey}”.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.17.0

Parameters

  • state The state of the module. "present" means update the resource. This resource can't be deleted, and does not support "absent" state.type: strchoices: ['present', 'absent']default: present
  • force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
  • bypass_validation Bypass validation of the module.type: booldefault: False
  • params The parameters of the module.[Required]type: dict
    • direction [Required]type: str
    • primary_key [Required]type: str
    • application_category_controls type: listelements: dict
      • action type: strchoices: ['allow', 'block', 'monitor']
      • category type: dict
        • primary_key type: str
        • datasource type: str
    • application_controls type: listelements: dict
      • action type: strchoices: ['allow', 'block', 'monitor']
      • applications type: listelements: dict
        • primary_key type: str
        • datasource type: str
    • unknown_application_action type: strchoices: ['allow', 'block', 'monitor']
    • network_protocol_enforcement type: strchoices: ['disable', 'enable']
    • network_protocols type: listelements: dict
      • port type: int
      • action type: strchoices: ['block', 'monitor', 'pass']
      • services type: listelements: str
    • block_non_default_port_applications type: strchoices: ['disable', 'enable']

Examples

# To configure this resource, please disable SWG Configuration.
- name: Update security application control profile
  hosts: fortisase
  gather_facts: false
  vars:
    direction: "outbound-profiles" # outbound-profiles or internal-profiles
    profile_group: "profile_ansible"
  tasks:
    - name: Ensure security group exists, otherwise create it
      fortinet.fortisase.security_profile_group:
        params:
          direction: "{{ direction }}"
          primary_key: "{{ profile_group }}"
    - name: Update security application control profile
      fortinet.fortisase.security_application_control_profile:
        params:
          direction: "{{ direction }}"
          primary_key: "{{ profile_group }}"
          application_controls: []
          block_non_default_port_applications: "disable"
          network_protocol_enforcement: "disable"
          network_protocols: []
          unknown_application_action: "monitor"
          application_category_controls:
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: P2P
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: VoIP
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Video/Audio
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Proxy
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Remote.Access
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Game
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: General.Interest
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Network.Service
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Update
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Email
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Storage.Backup
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Social.Media
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Web.Client
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Industrial
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Collaboration
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Business
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Cloud.IT
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Mobile
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: Unknown Applications
            - action: allow
              category:
                datasource: security/application-categories
                primary_key: GenAI

Return Values

  • http_code type: intreturned: always
  • response type: rawreturned: always

Authors

  • Xinwei Du (@dux-fortinet)