source: | fortios_monitor.py |
---|---|
orphan: |
.. versionadded:: 2.10
- Request FortiOS appliances to perform specific actions or procedures. This module contain all the FortiOS monitor API.
The below requirements are needed on the host that executes this module.
- install galaxy collection fortinet.fortios >=
2.0.0
.
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
- enable_log - Enable/Disable logging for task. type: bool required: False default: False
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
- selector - Action taken in FortiOS appliance. type: str choices:
- abort.user.query - Abort a running user device unified query.
- query_id - Provide a query ID to abort an unified type query. type: int required: True
- activate.user.fortitoken - Activate a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to activate. If omitted, all tokens will be used. type: array required: False
- add-license.registration.forticare - Add a FortiCare license.
- registration_code - FortiCare contract number. type: string required: True
- add-license.registration.vdom - Add a VDOM license.
- license - VDOM license key. type: string required: True
- add.firewall.clearpass-address - Add ClearPass address with SPT (System Posture Token) value.
- endpoint_ip - Endpoint IPv4 address. type: array required: True
- spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
- add.nsx.service - Add NSX service to connector.
- mkey - NSX connector name. type: string required: True
- add_users.user.banned - Immediately add one or more users to the banned list.
- ip_addresses - List of IP Addresses to ban. IPv4 and IPv6 addresses are allowed. type: array required: True
- expiry - Time until expiry in seconds. 0 for indefinite ban. type: int required: False
- auth.user.firewall - Trigger authentication for a single firewall user.
- username - User name. type: string required: True
- ip - User IP address. type: string required: True
- server - Name of an existing LDAP server entry. If supplied, authenticate that user against any matched groups on that LDAP server. type: string required: False
- backup-action.system.fortimanager - Import or update from FortiManager objects.
- operation - Operation to perform on the given CMDB objects [import|update]. type: string required: True
- objects - Array of CMDB tables and mkeys. type: array required: True
- backup.system.config - Backup system config
- destination - Configuration file destination [file* | usb]. type: string required: False
- usb_filename - When using 'usb' destination: the filename to save to on the connected USB device. type: string required: False
- password - Password to encrypt configuration data. type: string required: False
- scope - Specify global or VDOM only backup [global | vdom]. type: string required: True
- vdom - If 'vdom' scope specified, the name of the VDOM to backup configuration. type: string required: False
- password_mask - True to replace all the secrects and passwords with a mask. type: boolean required: False
- file_format - Configuration file format [fos* | yaml]. type: string required: False
- block.endpoint-control.registration - Block endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to block. type: string required: False
- mac - Single MAC to block. type: string required: False
- bounce-port.switch-controller.managed-switch - Reset the port to force all connected clients to re-request DHCP lease. All active client sessions will be terminated.
- mkey - FortiSwitch ID. type: string required: True
- port - FortiSwitch Port ID. type: string required: True
- duration - Duration in seconds from 1 to 5 for port to be down. Defaults to 1 second if not provided. type: int required: False
- stop - Stop a bounce in progress. type: boolean required: False
- cancel.fortiview.session - Cancel a FortiView request session.
- sessionid - Session ID to cancel. type: int required: False
- device - FortiView request session's device. [disk|faz] type: string required: False
- report_by - Report by field. type: string required: False
- view_level - FortiView View level. type: string required: False
- change-vdom-mode.system.admin - Switch between VDOM modes.
- vdom-mode - VDOM mode [no-vdom|split-vdom|multi-vdom] type: string required: True
- check.endpoint-control.registration-password - Check if provided registration password is valid for current VDOM.
- password - Registration password to test. type: string required: True
- clear-counters.firewall.central-snat-map - Reset traffic statistics for one or more firewall central SNAT policy by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear-counters.firewall.dnat - Reset hit count statistics for one or more firewall virtual IP/server by ID.
- id - Single IDs to reset. type: int required: False
- clear-soft-in.router.bgp - Inbound soft-reconfiguration for BGP peers.
- clear-soft-out.router.bgp - Outbound soft-reconfiguration for BGP peers.
- clear-statistics.system.fortiguard - Immediately clear all FortiGuard statistics.
- clear.system.crash-log - Clear system crash log.
- clear.system.sniffer - Clear the results of a specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- clear.vpn.ike - Clear IKE gateways.
- mkey - Name of the IKE gateway to clear. type: string required: True
- clear_all.firewall.session - Immediately clear all active IPv4 and IPv6 sessions and IPS sessions of current VDOM.
- clear_all.user.banned - Immediately clear all banned users.
- clear_all.wifi.rogue_ap - Clear all detected rogue APs.
- clear_counters.firewall.acl - Reset counters for one or more IPv4 ACLs by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.acl6 - Reset counters for one or more IPv6 ACLs by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.consolidated-policy - Reset traffic statistics for one or more consolidated policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.multicast-policy - Reset traffic statistics for one or more firewall IPv4 multicast policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.multicast-policy6 - Reset traffic statistics for one or more firewall IPv6 multicast policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.policy - Reset traffic statistics for one or more firewall policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.policy6 - Reset traffic statistics for one or more IPv6 policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.proxy-policy - Reset traffic statistics for one or more explicit proxy policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.security-policy - Reset traffic statistics for one or more security policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_tunnel.vpn.ssl - Remove all active tunnel sessions in current virtual domain.
- clear_users.user.banned - Immediately clear a list of specific banned users by IP.
- ip_addresses - List of banned user IPs to clear. IPv4 and IPv6 addresses are allowed. type: array required: True
- close-all.firewall.session - Immediately close all active IPv4 and IPv6 sessions, as well as IPS sessions of the current VDOM.
- close-multiple.firewall.session - Close multiple IPv4 firewall sessions which match the provided criteria.
- proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
- saddr - Source address. type: string required: False
- daddr - Destination address. type: string required: False
- sport - Source port. type: int required: False
- dport - Destination port. type: int required: False
- naddr - NAT'd source IP address. type: string required: False
- nport - NAT'd source port. type: int required: False
- policy - Policy ID. type: int required: False
- close-multiple.firewall.session6 - Close multiple IPv6 firewall sessions which match the provided criteria.
- proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
- saddr - Source address. type: string required: False
- daddr - Destination address. type: string required: False
- sport - Source port. type: int required: False
- dport - Destination port. type: int required: False
- policy - Policy ID. type: int required: False
- close.firewall.session - Close a single firewall session that matches all provided criteria.
- pro - Protocol name [tcp|udp|icmp|...]. type: string required: True
- saddr - Source address. type: string required: True
- daddr - Destination address. type: string required: True
- sport - Source port. type: int required: True
- dport - Destination port. type: int required: True
- config.system.fortimanager - Configure FortiManager IP. Register FortiManager if 'fortimanager_ip' is provided. Unregister FortiManager if only 'unregister' parameter is specified and set to true.
- fortimanager_ip - FortiManager IP address. type: string required: False
- unregister - Unregister the FortiManager (default=false). type: boolean required: False
- connect.system.modem - Trigger a connect for the configured modem.
- connect.wifi.network - When FortiWiFi is in client mode, connect to the specified network, if configured in the 'wifi' interface.
- ssid - SSID of network to connect to. type: string required: True
- create.registration.forticare - Create a new FortiCare account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- first_name - First name. type: string required: True
- last_name - Last name. type: string required: True
- title - Title. type: string required: False
- company - Company. type: string required: True
- address - Address. type: string required: True
- city - City. type: string required: True
- country_code - Country code. type: int required: True
- state - State/Province. type: string required: True
- state_code - State/Province code. type: string required: False
- postal_code - Postal code. type: string required: True
- phone - Phone number. type: string required: True
- industry - Industry. type: string required: True
- industry_id - Industry ID. type: int required: True
- orgsize_id - Organization size ID. type: int required: True
- reseller_name - Reseller name. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- create.registration.forticloud - Create a FortiCloud account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- send_logs - Send logs to FortiCloud. type: boolean required: False
- create.vpn-certificate.local - Generate a new certificate signed by Fortinet_CA_SSL.
- certname - Certificate name. type: string required: True
- common_name - Certificate common name. type: string required: True
- scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators. type: string required: True
- create.web-ui.custom-language - Upload custom language file to this Fortigate.
- filename - Name of custom language file. type: string required: True
- lang_name - Name of custom language entry. type: string required: True
- lang_comments - Comments of custom language entry. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- deauth.user.firewall - Deauthenticate single, multiple, or all firewall users.
- user_type - User type [proxy|firewall]. Required for both proxy and firewall users. type: string required: False
- id - User ID. Required for both proxy and firewall users. type: int required: False
- ip - User IP address. Required for both proxy and firewall users. type: string required: False
- ip_version - IP version [ip4|ip6]. Only required if user_type is firewall. type: string required: False
- method - Authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall. type: string required: False
- all - Set to true to deauthenticate all users. Other parameters will be ignored. type: boolean required: False
- users - Array of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties. type: array required: False
- delete.firewall.clearpass-address - Delete ClearPass address with SPT (System Posture Token) value.
- endpoint_ip - Endpoint IPv4 address. type: array required: True
- spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
- delete.log.local-report - Delete a local report.
- mkeys - Local Report Name. type: array required: True
- delete.system.config-revision - Deletes one or more system configuration revisions.
- config_ids - List of configuration ids. type: array required: True
- delete.system.config-script - Delete the history of config scripts.
- id_list - List of config script history ids to delete. type: array required: True
- delete.vpn.ssl - Terminate the provided SSL-VPN session.
- type - The session type [websession|subsession]. type: string required: True
- index - The session index. type: int required: True
- delete.webfilter.override - Delete a configured webfilter override.
- mkey - ID of webfilter override to delete. type: string required: False
- deregister-device.registration.forticare - Deregister the FortiGate from a FortiCare account.
- email - FortiCare email. type: string required: True
- password - Account password. type: string required: True
- deregister.endpoint-control.registration - Deregister endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to deregister. type: string required: False
- mac - Single MAC to deregister. type: string required: False
- dhcp-renew.system.interface - Renew DHCP lease of an interface.
- mkey - Name of the interface. type: string required: True
- ipv6 - Renew the DHCPv6 lease. type: boolean required: False
- diagnose.extender-controller.extender - Execute diagnotic commands.
- id - FortiExtender ID. type: string required: True
- cmd - Command to execute. type: string required: True
- disassociate.wifi.client - Disassociate a WiFi client from the FortiAP it's currently connected to. The client will need to reassociate with the same FortiAP or another to resume connectivity.
- mac - MAC address. type: string required: True
- disconnect.system.ha-peer - Update configuration of peer in HA cluster.
- serial_no - Serial number of the HA member. type: string required: True
- interface - Name of the interface which should be assigned for management. type: string required: True
- ip - IP to assign to the selected interface. type: string required: True
- mask - Full network mask to assign to the selected interface. type: string required: True
- disconnect.system.modem - Trigger a disconnect for the configured modem.
- download-eval.system.vmlicense - Download Evaluation VM License and reboot immediately if successful.
- account_id - FortiCare account email. type: string required: True
- account_password - FortiCare account password. type: string required: True
- is_government - Is the account in use by a government user? type: boolean required: False
- download.switch-controller.fsw-firmware - Download FortiSwitch firmware from FortiGuard to the FortiGate according to FortiSwitch image ID.
- image_id - FortiSwitch image ID. type: string required: True
- download.system.vmlicense - Download Flex-VM license and reboot immediately if successful.
- token - VM license token. type: string required: False
- proxy_url - HTTP proxy URL in the form: http://user:pass@proxyip:proxyport. type: string required: False
- download.wifi.firmware - Download FortiAP firmware from FortiGuard to the FortiGate according to FortiAP image ID.
- image_id - FortiAP image ID. type: string required: True
- dump.system.com-log - Dump system com-log to file.
- dynamic.system.external-resource - Push updates to the specified external resource.
- commands - List of push commands to run. Each push command requires name of external resource, the push command name and a list of entries that the push command acts on. E.g [{"name":"Threat Feed","command":"snapshot","entries":["192.168.1.1","192.168.1.2"]}] type: array required: True
- eject.system.usb-device - Eject USB drives for safe removal.
- email.user.guest - Sent guest login details via email.
- group - Guest group name. type: string required: True
- guest - Guest user IDs. type: array required: True
- enable-app-bandwidth-tracking.system.traffic-history - Enable FortiView application bandwidth tracking.
- factory-reset.switch-controller.managed-switch - Send 'Factory Reset' command to a given FortiSwitch.
- mkey - Name of managed FortiSwitch. type: string required: True
- flush.firewall.gtp - Flush GTP tunnels.
- scope - Scope from which to flush tunnels from [global|*vdom]. type: string required: False
- gtp_profile - Filter: GTP profile. type: string required: False
- version - Filter: GTP version. type: int required: False
- imsi - Filter: International mobile subscriber identity. type: string required: False
- msisdn - Filter: Mobile station international subscriber directory number type: string required: False
- ms_addr - Filter: Mobile user IP address. type: string required: False
- ms_addr6 - Filter: Mobile user IPv6 address. type: string required: False
- cteid - Filter: Control plane fully qualified tunnel endpoint identifier. type: int required: False
- cteid_addr - Filter: Control plane TEID IP address. type: string required: False
- cteid_addr6 - Filter: Control plane TEID IPv6 address. type: string required: False
- fteid - Filter: Data plane fully qualified tunnel endpoint identifier. type: int required: False
- fteid_addr - Filter: Data plane TEID IP address. type: string required: False
- fteid_addr6 - Filter: Data plane TEID IPv6 address. type: string required: False
- apn - Filter: Access point name. type: string required: False
- format.system.logdisk - Format log disk.
- generate-key.system.api-user - Generate a new api-key for the specified api-key-auth admin. The old api-key will be replaced. The response contains the only chance to read the new api-key plaintext in the api_key field.
- api-user - Generate a new token for this api-user. type: string required: True
- generate-keys.wifi.ssid - Generate pre-shared keys for specific multi pre-shared key profile.
- mpsk_profile - Multi pre-shared key profile to add keys to. type: string required: True
- group - Multi pre-shared key group to add keys to. type: string required: True
- prefix - Prefix to be added at the start of the generated key's name. type: string required: True
- count - Number of keys to be generated [1-512]. type: int required: True
- key_length - Length of the keys to be generated [8-63]. type: int required: True
- generate.vpn-certificate.csr - Generate a certificate signing request (CSR) and a private key. The CSR can be retrieved / downloaded from CLI, GUI and REST API.
- certname - Certicate name. Used to retrieve / download the CSR. Not included in CSR and key content. type: string required: True
- subject - Subject (Host IP/Domain Name/E-Mail). Common Name (CN) of the certificate subject. type: string required: True
- keytype - Generate a RSA or an elliptic curve certificate request [rsa|ec]. The Elliptic Curve option is unavailable if the FortiGate is a Low Encryption Device (LENC) type: string required: True
- keysize - Key size.[1024|1536|2048|4096]. 512 only if the FortiGate is a Low Encryption Device (LENC). Required when keytype is RSA. type: int required: False
- curvename - Elliptic curve name. [secp256r1|secp384r1|secp521r1]. Unavailable if the FortiGate is a Low Encryption Device (LENC). Required when keytype is ec. type: string required: False
- orgunits - List of organization units. Organization Units (OU) of the certificate subject. type: array required: False
- org - Organization (O) of the certificate subject. type: string required: False
- city - Locality (L) of the certificate subject. type: string required: False
- state - State (ST) of the certificate subject. type: string required: False
- countrycode - Country (C) of the certificate subject. type: string required: False
- email - Email of the certificate subject. type: string required: False
- subject_alt_name - Subject alternative name (SAN) of the certificate. type: string required: False
- password - Password / pass phrase for the private key. If not provided, FortiGate generates a random one. type: string required: False
- scep_url - SCEP server URL. If provided, use the url to enroll the csr through SCEP. type: string required: False
- scep_password - SCEP challenge password. Some SCEP servers may require challege password. Provide it when SCEP server requires. type: string required: False
- scope - Scope of CSR [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- geoip.geoip-query - Retrieve location details for IPs queried against FortiGuard's geoip service.
- ip_addresses - One or more IP address strings to query for location details. type: array required: True
- import-mobile.user.fortitoken - Import a list of tokens from FortiGuard to the FortiGate unit.
- code - Activation code on redemption certificate. type: string required: True
- import-seed.user.fortitoken - Import a FortiToken seed file.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import-trial.user.fortitoken - Import trial mobile FortiTokens.
- import.vpn-certificate.ca - Import CA certificate.
- import_method - Method of importing CA certificate.[file|scep] type: string required: True
- scep_url - SCEP server URL. Required for import via SCEP type: string required: False
- scep_ca_id - SCEP server CA identifier for import via SCEP. type: string required: False
- scope - Scope of CA certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.vpn-certificate.crl - Import certificate revocation lists (CRL) from file content.
- scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.vpn-certificate.local - Import local certificate.
- type - Type of certificate.[local|pkcs12|regular] type: string required: True
- certname - Certificate name for pkcs12 and regular certificate types. type: string required: False
- password - Optional password for pkcs12 and regular certificate types. type: string required: False
- key_file_content - Key content encoded in BASE64 for regular certificate type. type: string required: False
- scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- acme_domain - A valid domain that resolves to an IP whose TCP port 443 reaches this FortiGate. type: string required: False
- acme_email - Contact email address that is required by some CAs such as LetsEncrypt. type: string required: False
- acme_ca_url - URL for the ACME CA server. type: string required: False
- acme_rsa_key_size - Length of the RSA private key for the generated cert. type: int required: False
- acme_renew_window - Certificate renewal window in days. type: int required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.vpn-certificate.remote - Import remote certificate.
- scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.web-ui.language - Import localization language file to this FortiGate.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- keep-alive.wifi.spectrum - Extend duration of an existing spectrum analysis for a specific FortiAP.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- duration - Duration in seconds. type: int required: True
- kill.system.process - Kill a running process.
- pid - The process ID. type: int required: True
- signal - Signal to use when killing the process [9 (SIGKILL) | 11 (SIGSEGV) | 15 (SIGTERM)]. Defaults to 15. type: int required: False
- led-blink.wifi.managed_ap - Turn a managed FortiAP's LED blinking on or off.
- serials - FortiAP IDs to turn LED blink on/off. type: array required: True
- blink - True to turn on blinking, false to turn off. type: boolean required: True
- duration - Time to blink, in seconds. 0 or omit for indefinite. type: int required: False
- login.registration.forticare - Login to FortiCare.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- reseller_name - Reseller name. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- login.registration.forticloud - Login to FortiCloud.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- send_logs - Send logs to FortiCloud. type: boolean required: False
- domain - FortiCloud domain. type: string required: False
- logout.registration.forticloud - Logout from FortiCloud.
- manual-update.system.fortiguard - Manually update entitlements.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- migrate.registration.forticloud - Migrate standalone FortiGate Cloud account to FortiCloud.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- poe-reset.switch-controller.managed-switch - Reset PoE on a given FortiSwitch's port.
- mkey - Name of managed FortiSwitch. type: string required: True
- port - Name of port to reset PoE on. type: string required: True
- port-stats-reset.switch-controller.managed-switch - Reset port statistics for a given FortiSwitch.
- mkey - FortiSwitch ID. type: string required: True
- ports - Name of ports to reset statistics on. type: array required: False
- provision-user.vpn.ssl - Provision SSL-VPN users with target applications. The provisioning message (email or SMS) is sent with no confirmation of success.
- host - The hostname/IP address of the VPN server. type: string required: True
- port - The port of the VPN server. type: int required: True
- vpn_name - The name of the VPN configuration. type: string required: True
- method - Method to send [email|sms]. If not set, email will be the default. type: string required: False
- email_list - The email address that the VPN configuration message should be sent to. Required if "method" is "email". type: string required: False
- phone_user_list - The user that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
- phone_number_list - The phone number that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
- sms_method - The method to be used for sending the SMS [fortiguard|custom]. Default is "fortiguard". type: string required: False
- sms_server - The SMS server to be used for sending SMS messages, required if "custom" SMS method is chosen. type: string required: False
- provision.user.fortitoken - Provision a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to provision. If omitted, all tokens will be used. type: array required: False
- purdue-level.user.device - Update the Purdue level of device from device store.
- mac - Main MAC address of the device. type: string required: True
- ip - IP address of the device. type: string required: False
- level - Purdue level of the device [1|1.5|2|2.5|3|3.5|4|5|5.5]. type: string required: True
- push.switch-controller.fsw-firmware - Push FortiSwitch firmware to the given device.
- serial - The target device's serial. type: string required: True
- image_id - FortiSwitch image ID. type: string required: True
- push.wifi.firmware - Push FortiAP firmware to the given device.
- serial - The target device's serial. type: string required: True
- image_id - FortiAP image ID. type: string required: True
- quarantine.endpoint-control.registration - Quarantine endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to quarantine. type: string required: False
- mac - Single MAC to quarantine. type: string required: False
- read-info.system.certificate - Get certificate information from a certificate string.
- value - PEM formatted certificate. type: string required: True
- reboot.system.os - Immediately reboot this device.
- event_log_message - Message to be logged in event log. type: string required: False
- refresh-server.user.fsso - Refresh remote agent group list for all fsso agents.
- refresh.azure.application-list - Update the Azure application list data or get the status of an update.
- last_update_time - Timestamp of a previous update request. If this is not provided then it will refresh the Azure application list data. type: int required: False
- refresh.system.external-resource - Fetch the external resource file and refresh status for the specified external resource.
- mkey - The name of the external resource to query. type: string required: True
- check_status_only - Set to true to return only the refresh status. type: boolean required: False
- last_connection_time - The timestamp of last connection to the resource; used for checking refresh status. type: int required: False
- refresh.user.fortitoken - Refresh a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to refresh. If omitted, all tokens will be used. type: array required: False
- register-appliance.system.csf - Register appliance to Security Fabric.
- type - Appliance type (Example: 'faz'). type: string required: True
- mgmt_ip - Management IP or FQDN. type: string required: True
- mgmt_port - Management port. type: int required: False
- mgmt_url_parameters - Array of URL parameters. Each item is a key/value pair. If provided, the URL parameters will be included in the management IP URL. type: array required: False
- serial - Serial number. type: string required: True
- hostname - Host name. type: string required: False
- register-device.registration.forticloud - Register a device to FortiCloud through FortiGate. Currently FortiSwitch and FortiAP are supported.
- serial - Device serial number type: string required: True
- email - FortiCloud email. type: string required: True
- password - Password. type: string required: True
- reseller - Reseller. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- country - Country. type: string required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- remove.user.device - Remove single or multiple user devices specified by host MAC addresses.
- macs - An array of host MAC addresses to be removed. type: array required: False
- reset.extender-controller.extender - Reset a specific FortiExtender unit.
- id - FortiExtender ID to reset. type: string required: True
- reset.firewall.central-snat-map - Reset traffic statistics for all firewall central SNAT policies.
- reset.firewall.consolidated-policy - Reset traffic statistics for all consolidated policies.
- reset.firewall.dnat - Reset hit count statistics for all firewall virtual IPs/servers.
- reset.firewall.multicast-policy - Reset traffic statistics for all IPv4 firewall multicast policies.
- reset.firewall.multicast-policy6 - Reset traffic statistics for all IPv6 firewall multicast policies.
- reset.firewall.per-ip-shaper - Reset statistics for all configured firewall per-IP traffic shapers.
- reset.firewall.policy - Reset traffic statistics for all firewall policies.
- reset.firewall.policy6 - Reset traffic statistics for all IPv6 policies.
- reset.firewall.shaper - Reset statistics for all configured traffic shapers.
- reset.log.stats - Reset logging statistics for all log devices.
- reset.system.modem - Reset statistics for internal/external configured modem.
- reset.wanopt.history - Reset WAN opt. statistics.
- reset.wanopt.peer_stats - Reset WAN opt peer statistics.
- reset.wanopt.webcache - Reset webcache statistics.
- reset.webcache.stats - Reset all webcache statistics.
- reset.webfilter.category-quota - Reset webfilter quota for user or IP.
- profile - Webfilter profile to reset. type: string required: False
- user - User or IP to reset with. type: string required: False
- reset.wifi.euclid - Reset presence analytics statistics.
- restart.switch-controller.managed-switch - Restart a given FortiSwitch.
- mkey - Name of managed FortiSwitch. type: string required: True
- restart.system.sniffer - Restart specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- restart.wifi.managed_ap - Restart a given FortiAP.
- wtpname - FortiAP name. type: string required: False
- restore.system.config - Restore system configuration from uploaded file or from USB.
- source - Configuration file data source [upload | usb | revision]. type: string required: True
- usb_filename - When using 'usb' source: the filename to restore from the connected USB device. type: string required: False
- config_id - When using 'revision' source: valid ID of configuration stored on disk to revert to. type: int required: False
- password - Password to decrypt configuration data. type: string required: False
- scope - Specify global or VDOM only restore [global | vdom]. type: string required: True
- vdom - If 'vdom' scope specified, the name of the VDOM to restore configuration. type: string required: False
- file_format - Configuration file format [fos* | yaml]. type: string required: False
- confirm_password_mask - True to upload password mask config file. type: boolean required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- revoke.system.dhcp - Revoke IPv4 DHCP leases.
- ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
- revoke.system.dhcp6 - Revoke IPv6 DHCP leases.
- ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
- run.system.compliance - Immediately run compliance checks for the selected VDOM.
- run.system.config-script - Run remote config scripts.
- remote_script - Name of remote config script to run. type: string required: True
- save.system.config - Explicitly save all configuration.
- save.system.config-revision - Create a new config revision checkpoint.
- comments - Optional revision comments type: string required: False
- scan.wifi.network - When FortiWiFi is in client mode, start a scan for local WiFi networks.
- send-activation.user.fortitoken - Send a FortiToken activation code to a user via SMS or Email.
- token - FortiToken serial number. The token must be assigned to a user/admin. type: string required: True
- method - Method to send activation code [email|sms]. If not set, SMS will be attempted first, then email. type: string required: False
- email - Override email address. type: string required: False
- sms_phone - Override SMS phone number. SMS provider must be set in the assigned user/admin. type: string required: False
- set-tier1.switch-controller.mclag-icl - Setup a tier-1 MC-LAG link between a pair of FortiSwitches.
- fortilink - FortiLink interface name. type: string required: True
- peer1 - FortiSwitch ID for MC-LAG peer 1. type: string required: True
- peer2 - FortiSwitch ID for MC-LAG peer 2. type: string required: True
- set.system.time - Sets current system time stamp.
- year - Specifies the year for setting/updating time manually. type: int required: True
- month - Specifies the month (0 - 11) for setting/updating time manually. type: int required: True
- day - Specifies the day for setting/updating time manually. type: int required: True
- hour - Specifies the hour (0 - 23) for setting/updating time manually. type: int required: True
- minute - Specifies the minute (0 - 59) for setting/updating time manually. type: int required: True
- second - Specifies the second (0 - 59) for setting/updating time manually. type: int required: True
- set_status.wifi.managed_ap - Update administrative state for a given FortiAP (enable or disable authorization).
- wtpname - FortiAP name. type: string required: False
- admin - New FortiAP administrative state [enable|disable|discovered]. type: string required: False
- set_status.wifi.rogue_ap - Mark detected APs as rogue APs.
- bssid - List of rogue AP MAC addresses. type: array required: False
- ssid - Corresponding list of rogue AP SSIDs. type: array required: False
- status - Status to assign matching APs [unclassified|rogue|accepted|suppressed]. type: string required: False
- shutdown.system.os - Immediately shutdown this device.
- event_log_message - Message to be logged in event log. type: string required: False
- sms.user.guest - Sent guest login details via SMS.
- group - Guest group name. type: string required: True
- guest - Guest user IDs. type: array required: True
- soft-reset-neighbor.router.bgp - BGP Neighbor soft reset.
- ip - IP address of neighbor to perform soft reset on. type: string required: True
- speed-test-trigger.system.interface - Run a speed-test on the given interface.
- mkey - Name of the interface. type: string required: True
- start.network.debug-flow - Start debug flow packet capture.
- num_packets - Number of packets. type: int required: True
- ipv6 - Whether we are debugging IPv6 traffic. type: boolean required: True
- negate - Inverse IPv4 or IPv6 filter. type: boolean required: False
- addr_from - IPv4 or IPv6 address start of range. type: string required: False
- addr_to - IPv4 or IPv6 address end of range. type: string required: False
- daddr_from - Destination IPv4 or IPv6 address start of range. type: string required: False
- daddr_to - Destination IPv4 or IPv6 address end of range. type: string required: False
- saddr_from - Source IPv4 or IPv6 address start of range. type: string required: False
- saddr_to - Source IPv4 or IPv6 address end of range. type: string required: False
- port_from - Port from. type: int required: False
- port_to - Port to. type: int required: False
- dport_from - Destination port from. type: int required: False
- dport_to - Destination port to. type: int required: False
- sport_from - Source port from. type: int required: False
- sport_to - Source port to. type: int required: False
- proto - Protocol number. type: int required: False
- start.system.fsck - Set file system check flag so that it will be executed on next device reboot.
- start.system.sniffer - Start specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- start.system.usb-log - Start backup of logs from current VDOM to USB drive.
- start.wifi.spectrum - Start spectrum analysis for a specific FortiAP for a duration of time.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- channels - Channels. type: array required: True
- duration - Duration in seconds. type: int required: True
- start.wifi.vlan-probe - Start a VLAN probe.
- ap_interface - FortiAP interface to send the probe on. type: int required: True
- wtp - FortiAP ID. type: string required: True
- start_vlan_id - The starting VLAN ID for the probe. type: int required: True
- end_vlan_id - The ending VLAN ID for the probe. type: int required: True
- retries - Number of times to retry a probe for a particular VLAN. type: int required: True
- timeout - Timeout duration (in seconds) to wait for a VLAN probe response. type: int required: True
- stop.network.debug-flow - Stop debug flow packet capture.
- stop.system.sniffer - Stop specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- stop.system.usb-log - Stop backup of logs to USB drive.
- stop.wifi.spectrum - Stop spectrum analysis for a specific FortiAP.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- stop.wifi.vlan-probe - Stop a VLAN probe.
- ap_interface - FortiAP interface to send the probe on. type: int required: True
- wtp - FortiAP ID. type: string required: True
- system.change-password - Save admin and guest-admin passwords.
- mkey - User ID for password change. type: string required: False
- old_password - Old password. type: string required: False
- new_password - New password. type: string required: True
- system.disconnect-admins - Disconnects logged in administrators.
- id - Admin ID type: int required: False
- method - Login method used to connect admin to FortiGate. type: string required: False
- admins - List of objects with admin id and method. type: array required: False
- system.password-policy-conform - Check whether password conforms to the password policy.
- mkey - User ID for password change. type: string required: False
- apply_to - Password Policy ID. type: string required: False
- password - Password. type: string required: False
- old_password - Old password. type: string required: False
- test-availability.system.fortiguard - Test availability of FortiGuard services.
- protocol - Protocol to check. [https | udp | http] type: string required: True
- port - Port to check. type: int required: True
- service - Service to check. [emailfilter | webfilter] type: string required: True
- test-connect.user.radius - Test the connectivity of the given RADIUS server and, optionally, the validity of a username & password.
- mkey - Name of FortiGate's RADIUS object whose settings to test. type: string required: False
- ordinal - If 'mkey' is provided, the server-secret pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
- server - Host name or IP of a RADIUS server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
- secret - Secret password for the RADIUS server. If 'mkey' is provided, this overrides the 'secret' value in the object. type: string required: False
- auth_type - Authentication protocol to use [auto|ms_chap_v2|ms_chap|chap|pap]. If 'mkey' is provided, this overrides the 'auth-type' value in the object. type: string required: False
- user - User name whose access to check. type: string required: False
- password - User's password. type: string required: False
- test.system.automation-stitch - Triggers an automation stitch for testing purposes.
- mkey - ID of automation stitch to trigger. type: string required: True
- log - Message to store in the log buffer when triggering an event. For example, "logid=\"32102\" eventtime=1528840790000000000 logdesc=\"Sample description\" msg=\"Sample message\"". This parameter is required for the 'event-log' event type. For the test to run, the 'logid' argument value must match the trigger-defined value. If 'logid' is not provided, the test will use the trigger-defined value. type: string required: False
- test.user.tacacs-plus - Test the connectivity of the given TACACS+ server.
- mkey - Name of FortiGate's TACACS+ object whose settings to test. type: string required: False
- ordinal - If 'mkey' is provided, the server-key pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
- server - Host name of IP of a TACACS+ server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
- secret - Secret key for the TACACS+ server. If 'mkey' is provided, this overrides the 'key' value in the object. type: string required: False
- port - Port number of the TACACS+ server. If 'mkey' is provided, this overrides the 'port' value in the object. Defaults to 49. type: int required: False
- source_ip - Source IP for communications to TACACS+ server. If 'mkey' is provided, this overrides the 'source-ip' value in the object. type: string required: False
- toggle-vdom-mode.system.admin - Toggles VDOM mode on/off. Enables or disables VDOM mode if it is disabled or enabled respectively.
- transfer.registration.forticare - Transfer to a new FortiCare account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- old_email - Old account email. type: string required: True
- old_password - Old account password. type: string required: True
- trigger.system.security-rating - Run a Security Rating report.
- report_type - Security Rating report to run, run all reports when unspecified. type: string required: False
- report_types - Multiple Security Rating reports to run, run all reports when unspecified. type: array required: False
- tunnel_down.vpn.ipsec - Bring down a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- p2name - IPsec phase2 name. type: string required: True
- p2serial - IPsec phase2 serial. type: int required: False
- tunnel_reset_stats.vpn.ipsec - Reset statistics for a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- tunnel_up.vpn.ipsec - Bring up a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- p2name - IPsec phase2 name. type: string required: True
- p2serial - IPsec phase2 serial. type: int required: False
- unblock.endpoint-control.registration - Unblock endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to unblock. type: string required: False
- mac - Single MAC to unblock. type: string required: False
- unquarantine.endpoint-control.registration - Unquarantine endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to unquarantine. type: string required: False
- mac - Single MAC to unquarantine. type: string required: False
- update-comments.system.config-revision - Updates comments for a system configuration file.
- config_id - Configuration id. type: int required: False
- comments - Configuration comments. type: string required: False
- update.switch-controller.managed-switch - Update administrative state for a given FortiSwitch (enable or disable authorization).
- mkey - FortiSwitch name. type: string required: False
- admin - New FortiSwitch administrative state [enable|disable|discovered]. type: string required: False
- update.system.fortiguard - Immediately update status for FortiGuard services.
- update.system.ha-peer - Update configuration of peer in HA cluster.
- serial_no - Serial number of the HA member. type: string required: True
- vcluster_id - Virtual cluster number. type: int required: False
- priority - Priority to assign to HA member. type: int required: False
- hostname - Name to assign the HA member. type: string required: False
- update.system.modem - Update supported modem list from FortiGuard.
- update.system.sdn-connector - Update an SDN connector's connection status.
- mkey - SDN connector name. type: string required: True
- update.web-ui.custom-language - Update custom language file to this Fortigate.
- mkey - Name of custom language entry. type: string required: True
- lang_name - New name of custom language entry. type: string required: False
- filename - Name of custom language file. type: string required: False
- lang_comments - Comments of custom language entry. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.extender-controller.extender - Upgrade FortiExtender.
- id - FortiExtender ID to upgrade. type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.license.database - Upgrade or downgrade UTM engine or signature package (IPS/AntiVirus/Application Control/Industrial database/Security Rating/Internet Service Database) using uploaded file.
- db_name - Security service database name [ips|appctrl|industrial_db|antivirus|security_rating|isdb|iotddb] type: string required: True
- confirm_not_signed - Confirm whether unsigned pkg files may be uploaded. type: boolean required: False
- file_id - File id of existing pkg file from a previous upload. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.system.firmware - Upgrade firmware image on this device using uploaded file.
- source - Firmware file data source [upload|usb|fortiguard]. type: string required: True
- filename - Name of file on fortiguard or USB disk to upgrade to. type: string required: False
- format_partition - Set to true to format boot partition before upgrade. type: boolean required: False
- ignore_invalid_signature - Set to true to allow upgrade of firmware images with invalid signatures. type: boolean required: False
- file_id - File ID of the uploaded firmware image to allow upgrade of firmware images with invalid signatures. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.system.lte-modem - Upgrade LTE modem firmware image on this device using uploaded files.
- upload.switch-controller.fsw-firmware - Upload FortiSwitch firmware to the management FortiGate and then push to target FortiSwitches.
- serials - The target device's serial. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.system.config-script - Upload and run a new configuration script file.
- filename - Name of configuration script file. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.system.hscalefw-license - Update Hyperscale firewall license for hardware acceleration using license key.
- license_key - License key. Format:0000-0000-0000-0000-0000-0000-00. type: string required: True
- upload.system.lte-modem - Upload the modem firmware upgrade files.
- filename - Firmware file being uploaded. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.system.vmlicense - Update VM license using uploaded file. Reboots immediately if successful.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.webproxy.pacfile - Upload webproxy PAC file.
- filename - Name of PAC file. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.wifi.firmware - Upload FortiAP firmware to the management FortiGate and then push to target FortiAPs.
- serials - The target device's serial. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.wifi.region-image - Saves a floorplan/region image to an existing region.
- region_name - Region name to save image to. type: string required: True
- image_type - MIME type of the image (png|jpeg|gif). type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- utm.rating-lookup - Lookup FortiGuard rating for a specific URL.
- url - List of URLs to query. type: array required: False
- lang - Language for the rating response. type: string required: False
- validate-gcp-key.system.sdn-connector - Validate a string representing a private key from GCP in PEM format.
- private-key - Private key in PEM format. type: string required: True
- verify-cert.endpoint-control.ems - Verify EMS server certificate for a specific EMS.
- ems_id - EMS server ID (as defined in CLI table endpoint-control.fctems). type: int required: True
- fingerprint - EMS server certificate fingerprint to check with. type: string required: True
- wake-on-lan.system.interface - Send wake on lan packet to device.
- mkey - Name of the interface that will send out the packet. type: string required: True
- mac - MAC of device to wake up. type: string required: True
- protocol_option - protocol [wol | udp]. Default is udp type: string required: False
- port - Port used by UDP WoL packets (0, 7, or 9). Port 9 will be used by default. type: int required: False
- address - Broadcast IP address used by UDP WoL packets. type: string required: False
- secureon_password - Password of the destination host if SecureOn is enabled. type: string required: False
- webhook.system.automation-stitch - Triggers an incoming webhook for an automation stitch.
- mkey - The incoming webhook name to trigger. type: string required: True
- abort.user.query - Abort a running user device unified query.
- params - the parameter for each action, see definition in above list.type: dict
- Different
selector
may have different parameters, users are expected to look up them in the dropdown list above.. - For some selectors, no
params
are allowed to appear. - Not all parameters are required for a selector.
- This module is exclusivly for FortiOS monitor API.
- The result of API request is stored in
results
.
Note
- hosts: fortigate03
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Activate FortiToken
fortios_monitor:
vdom: "root"
access_token: "<fortios_access_token>"
selector: 'activate.user.fortitoken'
params:
tokens: '<token string>'
- name: Reboot This Device
fortios_monitor:
vdom: "root"
access_token: "<fortios_access_token>"
selector: 'reboot.system.os'
params:
event_log_message: 'Reboot Request From Ansible'
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
- name - Name of the table used to fulfill the request returned: always type: str sample: firmware
- path - Path of the table used to fulfill the request returned: always type: str sample: system
- results - Object list retrieved from device. returned: always type: list
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- ansible_facts - The list of fact subsets collected from the device returned: always type: dict
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@fshen01)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.