faz_cli_system_global – Global range attributes.
Added in version 1.0.0.
Warning
Starting in version 2.0.0, all variables will be named in the underscore naming convention.
Possible variable names before 2.0.0:
variable-name,variable name,variable.nameCorresponding variable names since 2.0.0:
variable_name
FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values need to be adjusted to data sources before usage.
This module supports check mode and diff mode.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.16.0
FortiAnalyzer Version Compatibility
Supported Version Ranges: v6.2.1 -> latest
Parameters
- access_token The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str
- bypass_validation Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool default: False
- enable_log Enable/Disable logging for task type: bool default: False
- forticloud_access_token Access token of forticloud analyzer API users. type: str
- log_path The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str default: "/tmp/fortianalyzer.ansible.log"
- proposed_method The overridden method for the underlying Json RPC request type: str choices: set, update, add
- version_check If set to True, it will check whether the parameters used are supported by the corresponding version of FortiAnazlyer locally based on FNDN data. A warning will be returned in version_check_warning if there is a mismatch. This warning is only a suggestion and may not be accurate. type: bool default: False
- rc_succeeded The rc codes list with which the conditions to succeed will be overriden type: list
- rc_failed The rc codes list with which the conditions to fail will be overriden type: list
- cli_system_global Global range attributes. type: dict
- admin_lockout_duration Lockout duration(sec) for administration. type: int default: 60 more...
- admin_lockout_threshold Lockout threshold for administration. type: int default: 3 more...
- adom_mode ADOM mode. type: str choices: [normal, advanced] default: normal more...
- adom_select Enable/disable select ADOM after login. type: str choices: [disable, enable] default: enable more...
- adom_status ADOM status. type: str choices: [disable, enable] default: disable more...
- backup_compression Compression level. type: str choices: [none, low, normal, high] default: normal more...
- backup_to_subfolders Enable/disable creation of subfolders on server for backup storage. type: str choices: [disable, enable] default: disable more...
- clone_name_option set the clone object names option. type: str choices: [default, keep] default: default more...
- clt_cert_req Require client certificate for GUI login. type: str choices: [disable, enable, optional] default: disable more...
- console_output Console output mode. type: str choices: [standard, more] default: standard more...
- country_flag Country flag Status. type: str choices: [disable, enable] default: enable more...
- create_revision Enable/disable create revision by default. type: str choices: [disable, enable] default: disable more...
- daylightsavetime Enable/disable daylight saving time. type: str choices: [disable, enable] default: enable more...
- default_logview_auto_completion Enable/disable log view filter auto-completion. type: str choices: [disable, enable] default: enable more...
- default_search_mode Set the default search mode of log view. type: str choices: [filter-based, advanced] default: filter-based more...
- detect_unregistered_log_device Detect unregistered logging device from log message. type: str choices: [disable, enable] default: enable more...
- device_view_mode Set devices/groups view mode. type: str choices: [regular, tree] default: regular more...
- dh_params Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] default: 2048 more...
- disable_module Disable module list. type: list elements: str choices: [fortiview-noc, siem, soar, none, soc, fortirecorder, ai, ot-view, safeguard-mv] more...
- enc_algorithm SSL communication encryption algorithms. type: str choices: [low, medium, high, custom] default: high more...
- fgfm_ca_cert set the extra fgfm CA certificates. type: str more...
- fgfm_local_cert set the fgfm local certificate. type: str more...
- fgfm_ssl_protocol set the lowest SSL protocols for fgfmsd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, follow-global-ssl-protocol] default: tlsv1.2 more...
- ha_member_auto_grouping Enable/disable automatically group HA members feature type: str choices: [disable, enable] default: enable more...
- hitcount_concurrent The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int default: 100 more...
- hitcount_interval The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 900). type: int default: 900 more...
- hostname System hostname. type: str default: FAZVM64 more...
- language System global language. type: str choices: [english, simch, japanese, korean, spanish, trach] default: english more...
- latitude fmg location latitude type: str more...
- ldap_cache_timeout LDAP browser cache timeout (seconds). type: int default: 86400 more...
- ldapconntimeout LDAP connection timeout (msec). type: int default: 60000 more...
- lock_preempt Enable/disable ADOM lock override. type: str choices: [disable, enable] default: disable more...
- log_checksum Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str choices: [none, md5, md5-auth] default: none more...
- log_forward_cache_size Log forwarding disk cache size (GB). type: int default: 0 more...
- log_mode Log system operation mode. type: str choices: [analyzer, collector] default: analyzer more...
- longitude fmg location longitude type: str more...
- max_aggregation_tasks Maximum number of concurrent tasks of a log aggregation session. type: int default: 0 more...
- max_log_forward Maximum number of log-forward and aggregation settings. type: int default: 5 more...
- max_running_reports Maximum number of reports generating at one time. type: int default: 1 more...
- oftp_ssl_protocol set the lowest SSL protocols for oftpd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...
- policy_hit_count show policy hit count. type: str choices: [disable, enable] default: disable more...
- policy_object_icon show icons of policy objects. type: str choices: [disable, enable] default: disable more...
- policy_object_in_dual_pane show policies and objects in dual pane. type: str choices: [disable, enable] default: disable more...
- pre_login_banner Enable/disable pre-login banner. type: str choices: [disable, enable] default: disable more...
- pre_login_banner_message Pre-login banner message. type: str more...
- private_data_encryption Enable/disable private data encryption using an AES 128-bit key. type: str choices: [disable, enable] default: disable more...
- remoteauthtimeout Remote authentication (RADIUS/LDAP) timeout (sec). type: int default: 10 more...
- search_all_adoms Enable/Disable Search all ADOMs for where-used query. type: str choices: [disable, enable] default: disable more...
- ssl_low_encryption SSL low-grade encryption. type: str choices: [disable, enable] default: disable more...
- ssl_protocol SSL protocols. type: list elements: str choices: [tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3] more...
- ssl_static_key_ciphers Enable/disable SSL static key ciphers. type: str choices: [disable, enable] default: enable more...
- task_list_size Maximum number of completed tasks to keep. type: int default: 2000 more...
- tftp Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str choices: [disable, enable] default: disable more...
- timezone Time zone. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91] default: 04 more...
- tunnel_mtu Maximum transportation unit(68 - 9000). type: int default: 1500 more...
- usg Enable/disable Fortiguard server restriction. type: str choices: [disable, enable] default: disable more...
- webservice_proto Web Service connection support SSL protocols. type: list elements: str choices: [tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2] more...
- workflow_max_sessions Maximum number of workflow sessions per ADOM (minimum 100). type: int default: 500 more...
- multiple_steps_upgrade_in_autolink Enable/disable multiple steps upgade in autolink process type: str choices: [disable, enable] default: disable more...
- normalized_intf_zone_only allow normalized interface to be zone only. type: str choices: [disable, enable] default: disable more...
- ssl_cipher_suites type: list of dict more...
- gui_curl_timeout GUI curl timeout in seconds (5-300 default 30). type: int default: 30 more...
- fgfm_cert_exclusive set if the local or CA certificates should be used exclusively. type: str choices: [disable, enable] default: disable more...
- object_revision_db_max Maximum revisions for a single database (10,000-1,000,000 default 100,000). type: int default: 100000 more...
- object_revision_mandatory_note Enable/disable mandatory note when create revision. type: str choices: [disable, enable] default: enable more...
- object_revision_object_max Maximum revisions for a single object (10-1000 default 100). type: int default: 100 more...
- object_revision_status Enable/disable create revision when modify objects. type: str choices: [disable, enable] default: enable more...
- table_entry_blink Enable/disable table entry blink in GUI type: str choices: [disable, enable] default: enable more...
- contentpack_fgt_install Enable/disable outbreak alert auto install for FGT ADOMS . type: str choices: [disable, enable] default: disable more...
- gui_polling_interval GUI polling interval in seconds (1-288000 default 5). type: int default: 5 more...
- no_copy_permission_check Do not perform permission check to block object changes in different adom during copy and install. type: str choices: [disable, enable] default: enable more...
- ssh_enc_algo Select one or more SSH ciphers. type: list elements: str choices: [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com] more...
- ssh_hostkey_algo Select one or more SSH hostkey algorithms. type: list elements: str choices: [ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519] more...
- ssh_kex_algo Select one or more SSH kex algorithms. type: list elements: str choices: [diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521] more...
- ssh_mac_algo Select one or more SSH MAC algorithms. type: list elements: str choices: [hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com] more...
- ssh_strong_crypto Only allow strong ciphers for SSH when enabled. type: str choices: [disable, enable] default: enable more...
- admin_lockout_method Lockout method for administration. type: str choices: [ip, user] default: ip more...
- event_correlation_cache_size Maimum event correlation cache size (GB) type: int default: 10 more...
- log_checksum_upload Enable/disable upload log checksum with log files. type: str choices: [disable, enable] default: disable more...
- apache_mode Set apache mode. type: str choices: [event, prefork] default: event more...
- no_vip_value_check Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy type: str choices: [disable, enable] default: disable more...
- admin_ssh_grace_time Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120). type: int default: 120 more...
- fcp_cfg_service Enable/disable FCP service processing configuration requests type: str choices: [disable, enable] default: disable more...
- apache_wsgi_processes Set apache wsgi processes(5-250 default 10). type: int default: 10 more...
- log_forward_plugin_workers Maximum workers for running log forward output plugins, the valid range is 2 to 20 type: int default: 10 more...
- fortiservice_port FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int default: 8013 more...
- management_ip Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str more...
- management_port Overriding port for management connection (Overrides admin port). type: int default: 443 more...
- api_ip_binding Enable/disable source IP check for JSON API request. type: str choices: [disable, enable] default: enable more...
- admin_host Administrative host for HTTP and HTTPs. When set, will be used in lieu of the clients Host header for any redirection. type: str more...
- global_ssl_protocol set the lowest SSL protocol version for all SSL connections. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...
- httpd_ssl_protocol set SSL protocols for apache daemon (httpd) type: list elements: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] more...
- mapclient_ssl_protocol set the lowest SSL protocol version for connection to mapserver. type: str choices: [follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: follow-global-ssl-protocol more...
- gui_feature_visibility_mode Set GUI feature visibility mode (per-adom, per-admin). type: str choices: [per-adom, per-admin] default: per-adom more...
- rpc_log Enable/Disable incoming/outgoing rpc log. type: str choices: [disable, enable] default: enable more...
- gui_install_preview_concurrency Set the maximum number of devices to be processed in a single GUI install preview request (1-100 default 20). type: int default: 20 more...
- fabric_storage_pool_quota Disk quota for Fabric (MB). type: int default: 0 more...
- fabric_storage_pool_size Max storage pooll size type: int default: 20 more...
- jsonapi_log enable jsonapi log. type: str choices: [disable, request, response, all] default: disable more...
- fmg_fabric_port type: int default: 8893 more...
- storage_age_limit type: int default: 0 more...
- auth_dev_restapi_allowlist type: str choices: [disable, enable] default: disable more...
Notes
Note
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
gather_facts: false
hosts: fortianalyzers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Alert console
fortinet.fortianalyzer.faz_cli_system_global:
enable_log: true
cli_system_global:
language: english
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta The result of the request. returned: always type: dict
- request_url The full url requested. returned: always type: str sample: /sys/login/user
- response_code The status of api request. returned: always type: int sample: 0
- response_data The data body of the api response. returned: optional type: list or dict
- response_message The descriptive message of the api response. returned: always type: str sample: OK
- system_information The information of the target system. returned: always type: dict
- rc The status the request. returned: always type: int sample: 0
- version_check_warning Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current version type: list
Status
This module is not guaranteed to have a backwards compatible interface.