security_ips_profile - IPS Profile Resource
Added in version 1.0.0.
Synopsis
IPS Profile Resource.
Use API “/resource-api/v2/security/ips-profile/{direction}/{primaryKey}”.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.17.0
Parameters
- state The state of the module. "present" means update the resource. This resource can't be deleted, and does not support "absent" state.type: strchoices: ['present', 'absent']default: present
- force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
- bypass_validation Bypass validation of the module.type: booldefault: False
- params The parameters of the module.[Required]type: dict
- direction [Required]type: str
- primary_key [Required]type: str
- profile_type type: strchoices: ['critical', 'custom', 'monitor', 'recommended']
- custom_rule_groups type: listelements: dict
- action type: strchoices: ['allow', 'block', 'monitor']
- signatures type: listelements: dict
- primary_key type: str
- datasource type: str
- is_blocking_malicious_url type: bool
- botnet_scanning type: strchoices: ['block', 'disable', 'monitor']
- is_extended_log_enabled type: bool
- comment type: str
- entries type: listelements: dict
- rule type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['security/ips-custom-signatures', 'security/ips-rule']
- location type: str
- severity type: str
- protocol type: str
- os type: str
- application type: str
- cve type: listelements: str
- status type: strchoices: ['default', 'disable', 'enable']
- log type: strchoices: ['disable', 'enable']
- log_packet type: strchoices: ['disable', 'enable']
- log_attack_context type: str
- action type: strchoices: ['block', 'default', 'pass']
- vuln_type type: listelements: dict
- id type: int
- quarantine type: str
- exempt_ip type: listelements: dict
- id type: int
- src_ip type: str
- dst_ip type: str
- default_action type: strchoices: ['all', 'block', 'pass']
- default_status type: strchoices: ['all', 'disable', 'enable']
- rule type: listelements: dict
Examples
- name: Update security ips profile
hosts: fortisase
gather_facts: false
vars:
direction: "outbound-profiles" # outbound-profiles or internal-profiles
profile_group: "profile_ansible"
tasks:
- name: Ensure security group exists, otherwise create it
fortinet.fortisase.security_profile_group:
params:
direction: "{{ direction }}"
primary_key: "{{ profile_group }}"
- name: Update security ips profile
fortinet.fortisase.security_ips_profile:
params:
direction: "{{ direction }}"
primary_key: "{{ profile_group }}"
botnet_scanning: "block"
comment: "Recommended"
custom_rule_groups: []
entries:
- action: "default"
application: "all"
cve: []
default_action: "all"
default_status: "all"
exempt_ip: []
location: "all"
log: "enable"
log_attack_context: "disable"
log_packet: "disable"
os: "all"
protocol: "all"
quarantine: "none"
rule: []
severity: "all"
status: "default"
vuln_type: []
is_blocking_malicious_url: false
is_extended_log_enabled: false
profile_type: "recommended"
Return Values
- http_code type: intreturned: always
- response type: rawreturned: always