fmgr_fwobj_service – Manages FortiManager Firewall Service Objects

New in version 2.8.

Synopsis

  • Manages FortiManager Firewall Service Objects.

Parameters

Parameter Choices/Defaults Comments
adom
-
Default:
"root"
-The ADOM the configuration should belong to.
app_category
-
Application category ID.
app_service_type
-
Application service type.
application
-
Application ID.
category
-
Service category.
check_reset_range
-
Enable disable RST check.
color
-
Default:
22
GUI icon color.
comment
-
Comment.
custom_type
-
    Choices:
  • tcp_udp_sctp
  • icmp
  • icmp6
  • ip
  • http
  • ftp
  • connect
  • socks_tcp
  • socks_udp
  • all ←
Tells module what kind of custom service to be added.
explicit_proxy
-
    Choices:
  • enable
  • disable ←
Enable/disable explicit web proxy service.
fqdn
-
Default:
""
Fully qualified domain name.
group_member
-
Comma-Seperated list of members' names.
group_name
-
Name of the Service Group.
icmp_code
-
ICMP code.
icmp_type
-
ICMP type.
iprange
-
Default:
"0.0.0.0"
Start IP-End IP.
mode
-
    Choices:
  • add ←
  • set
  • delete
Sets one of three modes for managing the object.
name
-
Custom service name.
object_type
-
    Choices:
  • custom
  • group
  • category
Tells module if we are adding a custom service, category, or group.
protocol
-
Protocol type.
protocol_number
-
IP protocol number.
sctp_portrange
-
Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
session_ttl
-
Default:
0
Session TTL (300 - 604800, 0 = default).
tcp_halfclose_timer
-
Default:
0
TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_halfopen_timer
-
Default:
0
TCP half close timeout (1 - 86400 sec, 0 = default).
tcp_portrange
-
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
tcp_timewait_timer
-
Default:
0
TCP half close timeout (1 - 300 sec, 0 = default).
udp_idle_timer
-
Default:
0
TCP half close timeout (0 - 86400 sec, 0 = default).
udp_portrange
-
Comma separated list of destination ports to add (i.e. '443,80').
Syntax is <destPort:sourcePort>
If no sourcePort is defined, it assumes all of them.
Ranges can be defined with a hyphen -
Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source ports 1000-2000).
String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
visibility
-
    Choices:
  • enable ←
  • disable
Enable/disable service visibility.

Examples

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_service"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443"
    udp_portrange: "51"
    sctp_portrange: "100"

- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_serviceWithSource"
    object_type: "custom"
    custom_type: "tcp_udp_sctp"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    udp_portrange: "51:100-200,162:200-400"
    sctp_portrange: "100:2000-2500"

- name: ADD A CUSTOM SERVICE FOR ICMP
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp"
    object_type: "custom"
    custom_type: "icmp"
    icmp_type: "8"
    icmp_code: "3"

- name: ADD A CUSTOM SERVICE FOR ICMP6
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "icmp6"
    icmp_type: "5"
    icmp_code: "1"

- name: ADD A CUSTOM SERVICE FOR IP - GRE
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_icmp6"
    object_type: "custom"
    custom_type: "ip"
    protocol_number: "47"

- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
  fmgr_fwobj_service:
    adom: "ansible"
    name: "ansible_custom_proxy_all"
    object_type: "custom"
    custom_type: "all"
    explicit_proxy: "enable"
    tcp_portrange: "443:2000-1000,80-82:10000-20000"
    iprange: "www.ansible.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.