faz_cli_system_global – Global range attributes.

New in version 1.0.0.

Warning

Starting in version 2.0.0, all variables will be named in the underscore naming convention.

Possible variable names before 2.0.0: variable-name, variable name, variable.name
Corresponding variable names since 2.0.0: variable_name

FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis 

This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements 

The below requirements are needed on the host that executes this module.

ansible>=2.15.0

FortiAnalyzer Version Compatibility 

6.2.0 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.2.10 6.2.11 6.2.12

None True True True None True True True True True True True True

6.4.0 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.4.7 6.4.8 6.4.9 6.4.10 6.4.11 6.4.12 6.4.13 6.4.14

None True True True True True True True True True True True True True True

7.0.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.0.6 7.0.7 7.0.8 7.0.9 7.0.10 7.0.11

True True True True True True True True True True True True

7.2.0 7.2.1 7.2.2 7.2.3 7.2.4

True True True True True

7.4.0 7.4.1 7.4.2

True True True

Parameters 

access_token -The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str required: false
enable_log - Enable/Disable logging for task type: bool required: false default: False
forticloud_access_token - Access token of forticloud analyzer API users. type: str required: false
log_path - The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str required: false default: "/tmp/fortianalyzer.ansible.log"
proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
bypass_validation - Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool required: false default: False
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
cli_system_global - Global range attributes. type: dict

admin_lockout_duration - Lockout duration(sec) for administration. type: int default: 60 more...

admin_lockout_threshold - Lockout threshold for administration. type: int default: 3 more...

adom_mode - ADOM mode. type: str choices: [normal, advanced] default: normal more...

adom_select - Enable/disable select ADOM after login. type: str choices: [disable, enable] default: enable more...

adom_status - ADOM status. type: str choices: [disable, enable] default: disable more...

backup_compression - Compression level. type: str choices: [none, low, normal, high] default: normal more...

backup_to_subfolders - Enable/disable creation of subfolders on server for backup storage. type: str choices: [disable, enable] default: disable more...

clone_name_option - set the clone object names option. type: str choices: [default, keep] default: default more...

clt_cert_req - Require client certificate for GUI login. type: str choices: [disable, enable, optional] default: disable more...

console_output - Console output mode. type: str choices: [standard, more] default: standard more...

country_flag - Country flag Status. type: str choices: [disable, enable] default: enable more...

create_revision - Enable/disable create revision by default. type: str choices: [disable, enable] default: disable more...

daylightsavetime - Enable/disable daylight saving time. type: str choices: [disable, enable] default: enable more...

default_logview_auto_completion - Enable/disable log view filter auto-completion. type: str choices: [disable, enable] default: enable more...

default_search_mode - Set the default search mode of log view. type: str choices: [filter-based, advanced] default: filter-based more...

detect_unregistered_log_device - Detect unregistered logging device from log message. type: str choices: [disable, enable] default: enable more...

device_view_mode - Set devices/groups view mode. type: str choices: [regular, tree] default: regular more...

dh_params - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] default: 2048 more...

disable_module - No description for the parameter type: array choices: [fortiview-noc, siem, soar, none, soc, fortirecorder, ai, ot-view] more...

enc_algorithm - SSL communication encryption algorithms. type: str choices: [low, medium, high, custom] default: high more...

fgfm_ca_cert - set the extra fgfm CA certificates. type: str more...

fgfm_local_cert - set the fgfm local certificate. type: str more...

fgfm_ssl_protocol - set the lowest SSL protocols for fgfmsd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...

ha_member_auto_grouping - Enable/disable automatically group HA members feature type: str choices: [disable, enable] default: enable more...

hitcount_concurrent - The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int default: 100 more...

hitcount_interval - The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 900). type: int default: 900 more...

hostname - System hostname. type: str default: FAZVM64 more...

language - System global language. type: str choices: [english, simch, japanese, korean, spanish, trach] default: english more...

latitude - fmg location latitude type: str more...

ldap_cache_timeout - LDAP browser cache timeout (seconds). type: int default: 86400 more...

ldapconntimeout - LDAP connection timeout (msec). type: int default: 60000 more...

lock_preempt - Enable/disable ADOM lock override. type: str choices: [disable, enable] default: disable more...

log_checksum - Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str choices: [none, md5, md5-auth] default: none more...

log_forward_cache_size - Log forwarding disk cache size (GB). type: int default: 0 more...

log_mode - Log system operation mode. type: str choices: [analyzer, collector] default: analyzer more...

longitude - fmg location longitude type: str more...

max_aggregation_tasks - Maximum number of concurrent tasks of a log aggregation session. type: int default: 0 more...

max_log_forward - Maximum number of log-forward and aggregation settings. type: int default: 5 more...

max_running_reports - Maximum number of reports generating at one time. type: int default: 1 more...

oftp_ssl_protocol - set the lowest SSL protocols for oftpd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...

policy_hit_count - show policy hit count. type: str choices: [disable, enable] default: disable more...

policy_object_icon - show icons of policy objects. type: str choices: [disable, enable] default: disable more...

policy_object_in_dual_pane - show policies and objects in dual pane. type: str choices: [disable, enable] default: disable more...

pre_login_banner - Enable/disable pre-login banner. type: str choices: [disable, enable] default: disable more...

pre_login_banner_message - Pre-login banner message. type: str more...

private_data_encryption - Enable/disable private data encryption using an AES 128-bit key. type: str choices: [disable, enable] default: disable more...

remoteauthtimeout - Remote authentication (RADIUS/LDAP) timeout (sec). type: int default: 10 more...

search_all_adoms - Enable/Disable Search all ADOMs for where-used query. type: str choices: [disable, enable] default: disable more...

ssl_low_encryption - SSL low-grade encryption. type: str choices: [disable, enable] default: disable more...

ssl_protocol - No description for the parameter type: array choices: [tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3] more...

ssl_static_key_ciphers - Enable/disable SSL static key ciphers. type: str choices: [disable, enable] default: enable more...

task_list_size - Maximum number of completed tasks to keep. type: int default: 2000 more...

tftp - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str choices: [disable, enable] default: disable more...

timezone - Time zone. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91] default: 04 more...

tunnel_mtu - Maximum transportation unit(68 - 9000). type: int default: 1500 more...

usg - Enable/disable Fortiguard server restriction. type: str choices: [disable, enable] default: disable more...

webservice_proto - No description for the parameter type: array choices: [tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2] more...

workflow_max_sessions - Maximum number of workflow sessions per ADOM (minimum 100). type: int default: 500 more...

multiple_steps_upgrade_in_autolink - Enable/disable multiple steps upgade in autolink process type: str choices: [disable, enable] default: disable more...

normalized_intf_zone_only - allow normalized interface to be zone only. type: str choices: [disable, enable] default: disable more...

ssl_cipher_suites - No description for the parameter type: array more...

cipher - Cipher name type: str more...

priority - SSL/TLS cipher suites priority. type: int default: 0 more...

version - SSL/TLS version the cipher suite can be used with. type: str choices: [tls1.2-or-below, tls1.3] default: tls1.2-or-below more...

gui_curl_timeout - GUI curl timeout in seconds (5-300 default 30). type: int default: 30 more...

object_revision_db_max - Maximum revisions for a single database (10,000-1,000,000 default 100,000). type: int default: 100000 more...

object_revision_mandatory_note - Enable/disable mandatory note when create revision. type: str choices: [disable, enable] default: enable more...

object_revision_object_max - Maximum revisions for a single object (10-1000 default 100). type: int default: 100 more...

object_revision_status - Enable/disable create revision when modify objects. type: str choices: [disable, enable] default: enable more...

table_entry_blink - Enable/disable table entry blink in GUI type: str choices: [disable, enable] default: enable more...

contentpack_fgt_install - Enable/disable outbreak alert auto install for FGT ADOMS . type: str choices: [disable, enable] default: disable more...

gui_polling_interval - GUI polling interval in seconds (1-288000 default 5). type: int default: 5 more...

no_copy_permission_check - Do not perform permission check to block object changes in different adom during copy and install. type: str choices: [disable, enable] default: enable more...

ssh_enc_algo - No description for the parameter type: array choices: [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com] more...

ssh_hostkey_algo - No description for the parameter type: array choices: [ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519] more...

ssh_kex_algo - No description for the parameter type: array choices: [diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521] more...

ssh_mac_algo - No description for the parameter type: array choices: [hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com] more...

ssh_strong_crypto - Only allow strong ciphers for SSH when enabled. type: str choices: [disable, enable] default: enable more...

admin_lockout_method - Lockout method for administration. type: str choices: [ip, user] default: ip more...

event_correlation_cache_size - Maimum event correlation cache size (GB) type: int default: 10 more...

fgfm_cert_exclusive - set if the local or CA certificates should be used exclusively. type: str choices: [disable, enable] default: disable more...

log_checksum_upload - Enable/disable upload log checksum with log files. type: str choices: [disable, enable] default: disable more...

apache_mode - Set apache mode. type: str choices: [event, prefork] default: event more...

no_vip_value_check - Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy type: str choices: [disable, enable] default: disable more...

log_forward_plugin_workers - Maximum workers for running log forward output plugins, the valid range is 2 to 20 type: int default: 10 more...

fortiservice_port - FortiService port (1 - 65535, default = 8013). type: int default: 8013 more...

management_ip - Management IP address of this FortiGate. type: str more...

management_port - Overriding port for management connection (Overrides admin port). type: int default: 443 more...

api_ip_binding - Enable/disable source IP check for JSON API request. type: str choices: [disable, enable] default: enable more...

Notes 

Note

To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: Example playbook
  hosts: fortianalyzers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Alert console
      fortinet.fortianalyzer.faz_cli_system_global:
        enable_log: true
        cli_system_global:
          language: english

Return Values 

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

meta - The result of the request. returned: always type: dict

request_url - The full url requested. returned: always type: str sample: /sys/login/user
response_code - The status of api request. returned: always type: int sample: 0
response_data - The data body of the api response. returned: optional type: list or dict
response_message - The descriptive message of the api response. returned: always type: str sample: OK
system_information - The information of the target system. returned: always type: dict

rc - The status the request. returned: always type: int sample: 0
version_check_warning - Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current version type: list

Status 

This module is not guaranteed to have a backwards compatible interface.

Authors 

Xinwei Du (@dux-fortinet)
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.