security_outbound_policies - Outbound Policy Resource

Added in version 1.0.0.

Synopsis

Outbound Policy Resource.

Use API “/resource-api/v2/security/outbound-policies”.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.17.0

Parameters

  • state The state of the module. "present" means create or update the resource, "absent" means delete the resource.type: strchoices: ['present', 'absent']default: present
  • force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
  • bypass_validation Bypass validation of the module.type: booldefault: False
  • params The parameters of the module.[Required]type: dict
    • primary_key [Required]type: str
    • enabled type: bool
    • scope type: strchoices: ['all', 'specify', 'thin-edge', 'vpn-user']
    • users type: listelements: dict
      • primary_key type: str
      • datasource type: strchoices: ['auth/ad-groups', 'auth/user-groups', 'auth/users']
    • destinations type: listelements: dict
      • primary_key type: str
      • datasource type: strchoices: ['network/host-groups', 'network/hosts', 'network/internet-services', 'security/ip-threat-feeds']
    • services type: listelements: dict
      • primary_key type: str
      • datasource type: strchoices: ['security/service-groups', 'security/services']
    • action type: strchoices: ['accept', 'deny']
    • schedule type: dict
      • primary_key type: str
      • datasource type: strchoices: ['security/onetime-schedules', 'security/recurring-schedules', 'security/schedule-groups']
    • comments type: str
    • profile_group type: dict
      • group type: dict
        • primary_key type: str
        • datasource type: str
      • force_cert_inspection type: bool
    • log_traffic type: strchoices: ['all', 'disable', 'utm']
    • sources type: listelements: dict
      • primary_key type: str
      • datasource type: strchoices: ['endpoint/ztna-tags', 'infra/extenders', 'infra/fortigates', 'infra/ssids', 'network/host-groups', 'network/hosts', 'security/ip-threat-feeds']
    • captive_portal_exempt type: bool

Examples

- name: Security outbound policies
  hosts: fortisase
  gather_facts: false
  vars:
    primary_key: "outbound_policy_ansible"
  tasks:
    - name: Create/Update security outbound policies
      fortinet.fortisase.security_outbound_policies:
        state: present
        params:
          primary_key: "{{ primary_key }}"
          enabled: true
          scope: "vpn-user"
          users:
            - primary_key: "gui_test"
              datasource: "auth/user-groups"
          destinations:
            - primary_key: "Salesforce-Web"
              datasource: "network/internet-services"
            - primary_key: "SAP-Web"
              datasource: "network/internet-services"
          action: "accept"
          log_traffic: "all"
          services:
            - primary_key: "ALL_TCP"
              datasource: "security/services"
          profile_group:
            group:
              primary_key: "outbound"
              datasource: "security/profile-groups"
            force_cert_inspection: false
          sources:
            - primary_key: "gui_test"
              datasource: "endpoint/ztna-tags"
          schedule:
            primary_key: "always"
            datasource: "security/recurring-schedules"
          comments: "Secure SaaS Access Policy"
    - name: Delete security outbound policies
      fortinet.fortisase.security_outbound_policies:
        state: absent
        params:
          primary_key: "{{ primary_key }}"

Return Values

  • http_code type: intreturned: always
  • response type: rawreturned: always

Authors

  • Xinwei Du (@dux-fortinet)