fmgr_fwobj_vip¶
Playbook Task Examples¶
# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
fmgr_fwobj_vip:
name: "Basic StaticNAT Map"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extintf: "any"
mappedip: "10.7.220.25"
comment: "Created by Ansible"
color: "17"
# BASIC PORT PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extport: "10443"
extintf: "any"
portforward: "enable"
protocol: "tcp"
mappedip: "10.7.220.25"
mappedport: "443"
comment: "Created by Ansible"
color: "17"
# BASIC DNS TRANSLATION NAT
- name: EDIT FMGR_FIREWALL_DNST
fmgr_fwobj_vip:
name: "Basic DNS Translation"
mode: "set"
adom: "ansible"
type: "dns-translation"
extip: "192.168.0.1-192.168.0.100"
extintf: "dmz"
mappedip: "3.3.3.0/24, 4.0.0.0/24"
comment: "Created by Ansible"
color: "12"
# BASIC FQDN NAT
- name: EDIT FMGR_FIREWALL_FQDN
fmgr_fwobj_vip:
name: "Basic FQDN Translation"
mode: "set"
adom: "ansible"
type: "fqdn"
mapped_addr: "google-play"
comment: "Created by Ansible"
color: "5"
# DELETE AN ENTRY
- name: DELETE FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "delete"
adom: "ansible"
Playbook File Examples¶
fmgr_fwobj_vip_add_pnat.yml¶
- name: CONFIG CUSTOM SERVICES
hosts: FortiManager
connection: httpapi
gather_facts: False
tasks:
# BASIC FULL PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extport: "10443"
extintf: "any"
portforward: "enable"
protocol: "tcp"
mappedip: "10.7.220.25"
mappedport: "443"
comment: "Created by Ansible"
color: "17"
fmgr_fwobj_vip_add_dnst.yml¶
- name: CONFIG CUSTOM SERVICES
hosts: FortiManager
connection: httpapi
gather_facts: False
tasks:
- name: EDIT FMGR_FIREWALL_DNST
fmgr_fwobj_vip:
name: "Basic DNS Translation"
mode: "set"
adom: "ansible"
type: "dns-translation"
extip: "192.168.0.1-192.168.0.100"
extintf: "dmz"
mappedip: "3.3.3.0/24, 4.0.0.0/24"
comment: "Created by Ansible"
color: "12"
fmgr_fwobj_vip_add_fqdn.yml¶
- name: CONFIG CUSTOM SERVICES
hosts: FortiManager
connection: httpapi
gather_facts: False
tasks:
- name: EDIT FMGR_FIREWALL_FQDN
fmgr_fwobj_vip:
name: "Basic FQDN Translation"
mode: "set"
adom: "ansible"
type: "fqdn"
mapped_addr: "google-play"
comment: "Created by Ansible"
color: "5"
fmgr_fwobj_vip_add_snat.yml¶
- name: CONFIG CUSTOM SERVICES
hosts: FortiManager
connection: httpapi
gather_facts: False
tasks:
# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
fmgr_fwobj_vip:
name: "Basic StaticNAT Map"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extintf: "any"
mappedip: "10.7.220.25"
comment: "Created by Ansible"
color: "17"
fmgr_fwobj_vip_TEMPLATE.yml¶
- name: CONFIG CUSTOM SERVICES
hosts: FortiManager
connection: httpapi
gather_facts: False
tasks:
# BASIC FULL PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extport: "10443"
extintf: "any"
portforward: "enable"
protocol: "tcp"
mappedip: "10.7.220.25"
mappedport: "443"
comment: "Created by Ansible"
color: "17"
# service:
# server_type:
# portmapping_type:
# monitor:
# max_embryonic_connections:
# mapped_addr:
# ldb_method:
# FILTERS!
# srcintf_filter:
# src_filter:
# ADVANCED OPTIONS!!
# nat_source_vip:
# persistence:
# extaddr:
# dns_mapping_ttl:
# arp_reply:
# outlook_web_access:
# https_cookie_secure:
# http_multiplex:
# http_ip_header_name:
# http_ip_header:
# http_cookie_share:
# http_cookie_path:
# http_cookie_generation:
# http_cookie_domain_from_host:
# http_cookie_domain:
# http_cookie_age:
# gratuitous_arp_interval:
# dynamic_mapping_arp_reply:
# dynamic_mapping_color:
# dynamic_mapping_comment:
# dynamic_mapping_dns_mapping_ttl:
# dynamic_mapping_extaddr:
# dynamic_mapping_extintf:
# dynamic_mapping_extip:
# dynamic_mapping_extport:
# dynamic_mapping_gratuitous_arp_interval:
# dynamic_mapping_http_cookie_age:
# dynamic_mapping_http_cookie_domain:
# dynamic_mapping_http_cookie_domain_from_host:
# dynamic_mapping_http_cookie_generation:
# dynamic_mapping_http_cookie_path:
# dynamic_mapping_http_cookie_share:
# dynamic_mapping_http_ip_header:
# dynamic_mapping_http_ip_header_name:
# dynamic_mapping_http_multiplex:
# dynamic_mapping_https_cookie_secure:
# dynamic_mapping_ldb_method:
# dynamic_mapping_mapped_addr:
# dynamic_mapping_mappedip:
# dynamic_mapping_mappedport:
# dynamic_mapping_max_embryonic_connections:
# dynamic_mapping_monitor:
# dynamic_mapping_nat_source_vip:
# dynamic_mapping_outlook_web_access:
# dynamic_mapping_persistence:
# dynamic_mapping_portforward:
# dynamic_mapping_portmapping_type:
# dynamic_mapping_protocol:
# dynamic_mapping_server_type:
# dynamic_mapping_service:
# dynamic_mapping_src_filter:
# dynamic_mapping_srcintf_filter:
# dynamic_mapping_ssl_algorithm:
# dynamic_mapping_ssl_certificate:
# dynamic_mapping_ssl_client_fallback:
# dynamic_mapping_ssl_client_renegotiation:
# dynamic_mapping_ssl_client_session_state_max:
# dynamic_mapping_ssl_client_session_state_timeout:
# dynamic_mapping_ssl_client_session_state_type:
# dynamic_mapping_ssl_dh_bits:
# dynamic_mapping_ssl_hpkp:
# dynamic_mapping_ssl_hpkp_age:
# dynamic_mapping_ssl_hpkp_backup:
# dynamic_mapping_ssl_hpkp_include_subdomains:
# dynamic_mapping_ssl_hpkp_primary:
# dynamic_mapping_ssl_hpkp_report_uri:
# dynamic_mapping_ssl_hsts:
# dynamic_mapping_ssl_hsts_age:
# dynamic_mapping_ssl_hsts_include_subdomains:
# dynamic_mapping_ssl_http_location_conversion:
# dynamic_mapping_ssl_http_match_host:
# dynamic_mapping_ssl_max_version:
# dynamic_mapping_ssl_min_version:
# dynamic_mapping_ssl_mode:
# dynamic_mapping_ssl_pfs:
# dynamic_mapping_ssl_send_empty_frags:
# dynamic_mapping_ssl_server_algorithm:
# dynamic_mapping_ssl_server_max_version:
# dynamic_mapping_ssl_server_min_version:
# dynamic_mapping_ssl_server_session_state_max:
# dynamic_mapping_ssl_server_session_state_timeout:
# dynamic_mapping_ssl_server_session_state_type:
# dynamic_mapping_type:
# dynamic_mapping_weblogic_server:
# dynamic_mapping_websphere_server:
# dynamic_mapping_realservers_client_ip:
# dynamic_mapping_realservers_healthcheck:
# dynamic_mapping_realservers_holddown_interval:
# dynamic_mapping_realservers_http_host:
# dynamic_mapping_realservers_ip:
# dynamic_mapping_realservers_max_connections:
# dynamic_mapping_realservers_monitor:
# dynamic_mapping_realservers_port:
# dynamic_mapping_realservers_seq:
# dynamic_mapping_realservers_status:
# dynamic_mapping_realservers_weight:
# dynamic_mapping_ssl_cipher_suites_cipher:
# dynamic_mapping_ssl_cipher_suites_versions:
# realservers_client_ip:
# realservers_healthcheck:
# realservers_holddown_interval:
# realservers_http_host:
# realservers_ip:
# realservers_max_connections:
# realservers_monitor:
# realservers_port:
# realservers_seq:
# realservers_status:
# realservers_weight:
# ssl_server_session_state_type:
# ssl_server_session_state_timeout:
# ssl_server_session_state_max:
# ssl_server_min_version:
# ssl_server_max_version:
# ssl_server_algorithm:
# ssl_send_empty_frags:
# ssl_pfs:
# ssl_mode:
# ssl_min_version:
# ssl_max_version:
# ssl_http_match_host:
# ssl_http_location_conversion:
# ssl_hsts_include_subdomains:
# ssl_hsts_age:
# ssl_hsts:
# ssl_hpkp_report_uri:
# ssl_hpkp_primary:
# ssl_hpkp_include_subdomains:
# ssl_hpkp_backup:
# ssl_hpkp_age:
# ssl_hpkp:
# ssl_dh_bits:
# ssl_client_session_state_type:
# ssl_client_session_state_timeout:
# ssl_client_session_state_max:
# ssl_client_renegotiation:
# ssl_client_fallback:
# ssl_certificate:
# ssl_algorithm:
# ssl_cipher_suites_cipher:
# ssl_cipher_suites_versions:
# ssl_server_cipher_suites_cipher:
# ssl_server_cipher_suites_priority:
# ssl_server_cipher_suites_versions:
# websphere_server:
# weblogic_server:
fmgr_fwobj_vip_del_all.yml¶
- name: CONFIG CUSTOM SERVICES
hosts: FortiManager
connection: httpapi
gather_facts: False
tasks:
# BASIC FULL PORT NAT MAPPING
- name: DELETE FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "delete"
adom: "ansible"
- name: DELETE FMGR_FIREWALL_VIP SNAT
fmgr_fwobj_vip:
name: "Basic StaticNAT Map"
mode: "delete"
adom: "ansible"
- name: DELETE FMGR_FIREWALL_VIP DNS
fmgr_fwobj_vip:
name: "Basic DNS Translation"
mode: "delete"
adom: "ansible"
- name: DELETE FMGR_FIREWALL_VIP FQDN
fmgr_fwobj_vip:
name: "Basic FQDN Translation"
mode: "delete"
adom: "ansible"
fmgr_fwobj_vip_run_all.sh¶
#!/bin/bash
ansible-playbook fmgr_fwobj_vip_add_pnat.yml -vvvv
ansible-playbook fmgr_fwobj_vip_add_dnst.yml -vvvv
ansible-playbook fmgr_fwobj_vip_add_fqdn.yml -vvvv
ansible-playbook fmgr_fwobj_vip_add_snat.yml -vvvv
ansible-playbook fmgr_fwobj_vip_TEMPLATE.yml -vvvv
ansible-playbook fmgr_fwobj_vip_del_all.yml -vvvv