Parameter |
Choices/Defaults |
Comments |
application_list
|
|
Specifies Application Control name.
|
av_profile
|
|
Specifies Antivirus profile name.
|
backup
bool |
|
This argument will cause the module to create a backup of the current running-config from the remote device before any changes are made. The backup file is written to the i(backup) folder.
|
backup_filename
|
|
Specifies the backup filename. If omitted filename will be formatted like HOST_config.YYYY-MM-DD@HH:MM:SS
|
backup_path
|
|
Specifies where to store backup files. Required if backup=yes.
|
comment
|
|
free text to describe policy.
|
config_file
(added in 2.4) |
|
Path to configuration file. Required when file_mode is True.
|
dst_addr
|
|
Specifies destination address (or group) object name(s). Required when state=present.
|
dst_addr_negate
bool |
|
Negate destination address param.
|
dst_intf
|
Default:
any
|
Specifies destination interface name(s).
|
file_mode
bool
(added in 2.4) |
|
Don't connect to any device, only use config_file as input and Output.
|
fixedport
bool |
|
Use fixed port for nat.
|
host
|
|
Specifies the DNS hostname or IP address for connecting to the remote fortios device. Required when file_mode is False.
|
id
required |
|
Policy ID. Warning: policy ID number is different than Policy sequence number. The policy ID is the number assigned at policy creation. The sequence number represents the order in which the Fortigate will evaluate the rule for policy enforcement, and also the order in which rules are listed in the GUI and CLI. These two numbers do not necessarily correlate: this module is based off policy ID. TIP: policy ID can be viewed in the GUI by adding 'ID' to the display columns
|
ips_sensor
|
|
Specifies IPS Sensor profile name.
|
logtraffic
(added in 2.4) |
Choices:
- disable
utm ←
- all
|
Logs sessions that matched policy.
|
logtraffic_start
bool
(added in 2.4) |
|
Logs beginning of session as well.
|
nat
bool |
|
Enable or disable Nat.
|
password
|
|
Specifies the password used to authenticate to the remote device. Required when file_mode is True.
|
policy_action
|
|
Specifies accept or deny action policy. Required when state=present.
aliases: action
|
poolname
|
|
Specifies NAT pool name.
|
schedule
|
Default:
always
|
defines policy schedule.
|
service
|
|
Specifies policy service(s), could be a list (ex: ['MAIL','DNS']). Required when state=present.
aliases: services
|
service_negate
bool |
|
Negate policy service(s) defined in service value.
|
src_addr
|
|
Specifies source address (or group) object name(s). Required when state=present.
|
src_addr_negate
bool |
|
Negate source address param.
|
src_intf
|
Default:
any
|
Specifies source interface name(s).
|
state
|
Choices:
present ←
- absent
|
Specifies if policy id need to be added or deleted.
|
timeout
|
Default:
60
|
Timeout in seconds for connecting to the remote device.
|
username
|
|
Configures the username used to authenticate to the remote device. Required when file_mode is True.
|
vdom
|
|
Specifies on which vdom to apply configuration
|
webfilter_profile
|
|
Specifies Webfilter profile name.
|