security_internal_reverse_policies - Internal Reverse Policy Resource
Added in version 1.0.0.
Synopsis
Internal Reverse Policy Resource.
Use API “/resource-api/v2/security/internal-reverse-policies”.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.17.0
Parameters
- state The state of the module. "present" means create or update the resource, "absent" means delete the resource.type: strchoices: ['present', 'absent']default: present
- force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
- bypass_validation Bypass validation of the module.type: booldefault: False
- params The parameters of the module.[Required]type: dict
- primary_key [Required]type: str
- enabled type: bool
- scope type: strchoices: ['all', 'specify', 'thin-edge', 'vpn-user']
- sources type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['network/host-groups', 'network/hosts', 'security/ip-threat-feeds']
- services type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['security/service-groups', 'security/services']
- action type: strchoices: ['accept', 'deny']
- schedule type: dict
- primary_key type: str
- datasource type: strchoices: ['security/onetime-schedules', 'security/recurring-schedules', 'security/schedule-groups']
- comments type: str
- profile_group type: dict
- group type: dict
- primary_key type: str
- datasource type: str
- force_cert_inspection type: bool
- group type: dict
- log_traffic type: strchoices: ['all', 'disable', 'utm']
- destinations type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['infra/extenders', 'infra/fortigates', 'infra/ssids', 'network/host-groups', 'network/hosts']
Examples
- name: Security internal reverse policies
hosts: fortisase
gather_facts: false
vars:
primary_key: "reverse_policy_ansible"
tasks:
- name: Create/Update security internal reverse policies
fortinet.fortisase.security_internal_reverse_policies:
state: present
params:
primary_key: "{{ primary_key }}"
enabled: true
scope: "vpn-user"
services:
- primary_key: "SSH"
datasource: "security/services"
- primary_key: "RDP"
datasource: "security/services"
action: "deny"
log_traffic: "all"
profile_group:
group:
primary_key: "internal"
datasource: "security/profile-groups"
force_cert_inspection: false
sources:
- primary_key: "gui_test"
datasource: "network/hosts"
schedule:
primary_key: "always"
datasource: "security/recurring-schedules"
comments: "Allow IT Admins remote access to machines of mobile workers"
- name: Delete security internal reverse policies
fortinet.fortisase.security_internal_reverse_policies:
state: absent
params:
primary_key: "{{ primary_key }}"
Return Values
- http_code type: intreturned: always
- response type: rawreturned: always