security_outbound_policies - Outbound Policy Resource
Added in version 1.0.0.
Synopsis
Outbound Policy Resource.
Use API “/resource-api/v2/security/outbound-policies”.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.17.0
Parameters
- state The state of the module. "present" means create or update the resource, "absent" means delete the resource.type: strchoices: ['present', 'absent']default: present
- force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
- bypass_validation Bypass validation of the module.type: booldefault: False
- params The parameters of the module.[Required]type: dict
- primary_key [Required]type: str
- enabled type: bool
- scope type: strchoices: ['all', 'specify', 'thin-edge', 'vpn-user']
- users type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['auth/ad-groups', 'auth/user-groups', 'auth/users']
- destinations type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['network/host-groups', 'network/hosts', 'network/internet-services', 'security/ip-threat-feeds']
- services type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['security/service-groups', 'security/services']
- action type: strchoices: ['accept', 'deny']
- schedule type: dict
- primary_key type: str
- datasource type: strchoices: ['security/onetime-schedules', 'security/recurring-schedules', 'security/schedule-groups']
- comments type: str
- profile_group type: dict
- group type: dict
- primary_key type: str
- datasource type: str
- force_cert_inspection type: bool
- group type: dict
- log_traffic type: strchoices: ['all', 'disable', 'utm']
- sources type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['endpoint/ztna-tags', 'infra/extenders', 'infra/fortigates', 'infra/ssids', 'network/host-groups', 'network/hosts', 'security/ip-threat-feeds']
- captive_portal_exempt type: bool
Examples
- name: Security outbound policies
hosts: fortisase
gather_facts: false
vars:
primary_key: "outbound_policy_ansible"
tasks:
- name: Create/Update security outbound policies
fortinet.fortisase.security_outbound_policies:
state: present
params:
primary_key: "{{ primary_key }}"
enabled: true
scope: "vpn-user"
users:
- primary_key: "gui_test"
datasource: "auth/user-groups"
destinations:
- primary_key: "Salesforce-Web"
datasource: "network/internet-services"
- primary_key: "SAP-Web"
datasource: "network/internet-services"
action: "accept"
log_traffic: "all"
services:
- primary_key: "ALL_TCP"
datasource: "security/services"
profile_group:
group:
primary_key: "outbound"
datasource: "security/profile-groups"
force_cert_inspection: false
sources:
- primary_key: "gui_test"
datasource: "endpoint/ztna-tags"
schedule:
primary_key: "always"
datasource: "security/recurring-schedules"
comments: "Secure SaaS Access Policy"
- name: Delete security outbound policies
fortinet.fortisase.security_outbound_policies:
state: absent
params:
primary_key: "{{ primary_key }}"
Return Values
- http_code type: intreturned: always
- response type: rawreturned: always