diff --git a/lib/ansible/modules/network/fortios/fortios_system_settings.py b/lib/ansible/modules/network/fortios/fortios_system_settings.py
index cdb75243016..c79b8818516 100644
--- a/lib/ansible/modules/network/fortios/fortios_system_settings.py
+++ b/lib/ansible/modules/network/fortios/fortios_system_settings.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_system_settings
short_description: Configure VDOM settings in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by
- allowing the user to configure system feature and settings category.
- Examples includes all options and need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
+ user to set and modify system feature and settings category.
+ Examples include all parameters and values need to be adjusted to datasources before usage.
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,640 +41,769 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip adress.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
system_settings:
description:
- Configure VDOM settings.
default: null
+ type: dict
suboptions:
- allow-subnet-overlap:
+ allow_linkdown_path:
+ description:
+ - Enable/disable link down path.
+ type: str
+ choices:
+ - enable
+ - disable
+ allow_subnet_overlap:
description:
- Enable/disable allowing interface subnets to use overlapping IP addresses.
+ type: str
choices:
- enable
- disable
asymroute:
description:
- Enable/disable IPv4 asymmetric routing.
+ type: str
choices:
- enable
- disable
- asymroute-icmp:
+ asymroute_icmp:
description:
- Enable/disable ICMP asymmetric routing.
+ type: str
choices:
- enable
- disable
asymroute6:
description:
- Enable/disable asymmetric IPv6 routing.
+ type: str
choices:
- enable
- disable
- asymroute6-icmp:
+ asymroute6_icmp:
description:
- Enable/disable asymmetric ICMPv6 routing.
+ type: str
choices:
- enable
- disable
bfd:
description:
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces.
+ type: str
choices:
- enable
- disable
- bfd-desired-min-tx:
+ bfd_desired_min_tx:
description:
- BFD desired minimal transmit interval (1 - 100000 ms, default = 50).
- bfd-detect-mult:
+ type: int
+ bfd_detect_mult:
description:
- BFD detection multiplier (1 - 50, default = 3).
- bfd-dont-enforce-src-port:
+ type: int
+ bfd_dont_enforce_src_port:
description:
- Enable to not enforce verifying the source port of BFD Packets.
+ type: str
choices:
- enable
- disable
- bfd-required-min-rx:
+ bfd_required_min_rx:
description:
- BFD required minimal receive interval (1 - 100000 ms, default = 50).
- block-land-attack:
+ type: int
+ block_land_attack:
description:
- Enable/disable blocking of land attacks.
+ type: str
choices:
- disable
- enable
- central-nat:
+ central_nat:
description:
- Enable/disable central NAT.
+ type: str
choices:
- enable
- disable
comments:
description:
- VDOM comments.
- compliance-check:
+ type: str
+ compliance_check:
description:
- Enable/disable PCI DSS compliance checking.
+ type: str
choices:
- enable
- disable
- default-voip-alg-mode:
+ default_voip_alg_mode:
description:
- Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile.
+ type: str
choices:
- proxy-based
- kernel-helper-based
- deny-tcp-with-icmp:
+ deny_tcp_with_icmp:
description:
- Enable/disable denying TCP by sending an ICMP communication prohibited packet.
+ type: str
choices:
- enable
- disable
device:
description:
- Interface to use for management access for NAT mode. Source system.interface.name.
- dhcp-proxy:
+ type: str
+ dhcp_proxy:
description:
- Enable/disable the DHCP Proxy.
+ type: str
choices:
- enable
- disable
- dhcp-server-ip:
+ dhcp_server_ip:
description:
- DHCP Server IPv4 address.
- dhcp6-server-ip:
+ type: str
+ dhcp6_server_ip:
description:
- DHCPv6 server IPv6 address.
- discovered-device-timeout:
+ type: str
+ discovered_device_timeout:
description:
- Timeout for discovered devices (1 - 365 days, default = 28).
- ecmp-max-paths:
+ type: int
+ ecmp_max_paths:
description:
- Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 100, default = 10).
- email-portal-check-dns:
+ type: int
+ email_portal_check_dns:
description:
- Enable/disable using DNS to validate email addresses collected by a captive portal.
+ type: str
choices:
- disable
- enable
- firewall-session-dirty:
+ firewall_session_dirty:
description:
- Select how to manage sessions affected by firewall policy configuration changes.
+ type: str
choices:
- check-all
- check-new
- check-policy-option
- fw-session-hairpin:
+ fw_session_hairpin:
description:
- Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate.
+ type: str
choices:
- enable
- disable
gateway:
description:
- Transparent mode IPv4 default gateway IP address.
+ type: str
gateway6:
description:
- Transparent mode IPv4 default gateway IP address.
- gui-advanced-policy:
+ type: str
+ gui_advanced_policy:
description:
- Enable/disable advanced policy configuration on the GUI.
+ type: str
choices:
- enable
- disable
- gui-allow-unnamed-policy:
+ gui_allow_unnamed_policy:
description:
- Enable/disable the requirement for policy naming on the GUI.
+ type: str
choices:
- enable
- disable
- gui-antivirus:
+ gui_antivirus:
description:
- Enable/disable AntiVirus on the GUI.
+ type: str
choices:
- enable
- disable
- gui-ap-profile:
+ gui_ap_profile:
description:
- Enable/disable FortiAP profiles on the GUI.
+ type: str
choices:
- enable
- disable
- gui-application-control:
+ gui_application_control:
description:
- Enable/disable application control on the GUI.
+ type: str
choices:
- enable
- disable
- gui-default-policy-columns:
+ gui_default_policy_columns:
description:
- Default columns to display for policy lists on GUI.
+ type: list
suboptions:
name:
description:
- Select column name.
required: true
- gui-dhcp-advanced:
+ type: str
+ gui_dhcp_advanced:
description:
- Enable/disable advanced DHCP options on the GUI.
+ type: str
choices:
- enable
- disable
- gui-dlp:
+ gui_dlp:
description:
- Enable/disable DLP on the GUI.
+ type: str
choices:
- enable
- disable
- gui-dns-database:
+ gui_dns_database:
description:
- Enable/disable DNS database settings on the GUI.
+ type: str
choices:
- enable
- disable
- gui-dnsfilter:
+ gui_dnsfilter:
description:
- Enable/disable DNS Filtering on the GUI.
+ type: str
choices:
- enable
- disable
- gui-domain-ip-reputation:
+ gui_domain_ip_reputation:
description:
- Enable/disable Domain and IP Reputation on the GUI.
+ type: str
choices:
- enable
- disable
- gui-dos-policy:
+ gui_dos_policy:
description:
- Enable/disable DoS policies on the GUI.
+ type: str
choices:
- enable
- disable
- gui-dynamic-profile-display:
+ gui_dynamic_profile_display:
description:
- Enable/disable RADIUS Single Sign On (RSSO) on the GUI.
+ type: str
choices:
- enable
- disable
- gui-dynamic-routing:
+ gui_dynamic_routing:
description:
- Enable/disable dynamic routing on the GUI.
+ type: str
choices:
- enable
- disable
- gui-email-collection:
+ gui_email_collection:
description:
- Enable/disable email collection on the GUI.
+ type: str
choices:
- enable
- disable
- gui-endpoint-control:
+ gui_endpoint_control:
description:
- Enable/disable endpoint control on the GUI.
+ type: str
choices:
- enable
- disable
- gui-endpoint-control-advanced:
+ gui_endpoint_control_advanced:
description:
- Enable/disable advanced endpoint control options on the GUI.
+ type: str
choices:
- enable
- disable
- gui-explicit-proxy:
+ gui_explicit_proxy:
description:
- Enable/disable the explicit proxy on the GUI.
+ type: str
choices:
- enable
- disable
- gui-fortiap-split-tunneling:
+ gui_fortiap_split_tunneling:
description:
- Enable/disable FortiAP split tunneling on the GUI.
+ type: str
choices:
- enable
- disable
- gui-fortiextender-controller:
+ gui_fortiextender_controller:
description:
- Enable/disable FortiExtender on the GUI.
+ type: str
choices:
- enable
- disable
- gui-icap:
+ gui_icap:
description:
- Enable/disable ICAP on the GUI.
+ type: str
choices:
- enable
- disable
- gui-implicit-policy:
+ gui_implicit_policy:
description:
- Enable/disable implicit firewall policies on the GUI.
+ type: str
choices:
- enable
- disable
- gui-ips:
+ gui_ips:
description:
- Enable/disable IPS on the GUI.
+ type: str
choices:
- enable
- disable
- gui-load-balance:
+ gui_load_balance:
description:
- Enable/disable server load balancing on the GUI.
+ type: str
choices:
- enable
- disable
- gui-local-in-policy:
+ gui_local_in_policy:
description:
- Enable/disable Local-In policies on the GUI.
+ type: str
choices:
- enable
- disable
- gui-local-reports:
+ gui_local_reports:
description:
- Enable/disable local reports on the GUI.
+ type: str
choices:
- enable
- disable
- gui-multicast-policy:
+ gui_multicast_policy:
description:
- Enable/disable multicast firewall policies on the GUI.
+ type: str
choices:
- enable
- disable
- gui-multiple-interface-policy:
+ gui_multiple_interface_policy:
description:
- Enable/disable adding multiple interfaces to a policy on the GUI.
+ type: str
choices:
- enable
- disable
- gui-multiple-utm-profiles:
+ gui_multiple_utm_profiles:
description:
- Enable/disable multiple UTM profiles on the GUI.
+ type: str
choices:
- enable
- disable
- gui-nat46-64:
+ gui_nat46_64:
description:
- Enable/disable NAT46 and NAT64 settings on the GUI.
+ type: str
choices:
- enable
- disable
- gui-object-colors:
+ gui_object_colors:
description:
- Enable/disable object colors on the GUI.
+ type: str
choices:
- enable
- disable
- gui-policy-based-ipsec:
+ gui_policy_based_ipsec:
description:
- Enable/disable policy-based IPsec VPN on the GUI.
+ type: str
choices:
- enable
- disable
- gui-policy-learning:
+ gui_policy_learning:
description:
- Enable/disable firewall policy learning mode on the GUI.
+ type: str
choices:
- enable
- disable
- gui-replacement-message-groups:
+ gui_replacement_message_groups:
description:
- Enable/disable replacement message groups on the GUI.
+ type: str
choices:
- enable
- disable
- gui-spamfilter:
+ gui_spamfilter:
description:
- Enable/disable Antispam on the GUI.
+ type: str
choices:
- enable
- disable
- gui-sslvpn-personal-bookmarks:
+ gui_sslvpn_personal_bookmarks:
description:
- Enable/disable SSL-VPN personal bookmark management on the GUI.
+ type: str
choices:
- enable
- disable
- gui-sslvpn-realms:
+ gui_sslvpn_realms:
description:
- Enable/disable SSL-VPN realms on the GUI.
+ type: str
choices:
- enable
- disable
- gui-switch-controller:
+ gui_switch_controller:
description:
- Enable/disable the switch controller on the GUI.
+ type: str
choices:
- enable
- disable
- gui-threat-weight:
+ gui_threat_weight:
description:
- Enable/disable threat weight on the GUI.
+ type: str
choices:
- enable
- disable
- gui-traffic-shaping:
+ gui_traffic_shaping:
description:
- Enable/disable traffic shaping on the GUI.
+ type: str
choices:
- enable
- disable
- gui-voip-profile:
+ gui_voip_profile:
description:
- Enable/disable VoIP profiles on the GUI.
+ type: str
choices:
- enable
- disable
- gui-vpn:
+ gui_vpn:
description:
- Enable/disable VPN tunnels on the GUI.
+ type: str
choices:
- enable
- disable
- gui-waf-profile:
+ gui_waf_profile:
description:
- Enable/disable Web Application Firewall on the GUI.
+ type: str
choices:
- enable
- disable
- gui-wan-load-balancing:
+ gui_wan_load_balancing:
description:
- Enable/disable SD-WAN on the GUI.
+ type: str
choices:
- enable
- disable
- gui-wanopt-cache:
+ gui_wanopt_cache:
description:
- Enable/disable WAN Optimization and Web Caching on the GUI.
+ type: str
choices:
- enable
- disable
- gui-webfilter:
+ gui_webfilter:
description:
- Enable/disable Web filtering on the GUI.
+ type: str
choices:
- enable
- disable
- gui-webfilter-advanced:
+ gui_webfilter_advanced:
description:
- Enable/disable advanced web filtering on the GUI.
+ type: str
choices:
- enable
- disable
- gui-wireless-controller:
+ gui_wireless_controller:
description:
- Enable/disable the wireless controller on the GUI.
+ type: str
choices:
- enable
- disable
- http-external-dest:
+ http_external_dest:
description:
- Offload HTTP traffic to FortiWeb or FortiCache.
+ type: str
choices:
- fortiweb
- forticache
- ike-dn-format:
+ ike_dn_format:
description:
- Configure IKE ASN.1 Distinguished Name format conventions.
+ type: str
choices:
- with-space
- no-space
- ike-quick-crash-detect:
+ ike_quick_crash_detect:
description:
- Enable/disable IKE quick crash detection (RFC 6290).
+ type: str
choices:
- enable
- disable
- ike-session-resume:
+ ike_session_resume:
description:
- Enable/disable IKEv2 session resumption (RFC 5723).
+ type: str
choices:
- enable
- disable
- implicit-allow-dns:
+ implicit_allow_dns:
description:
- Enable/disable implicitly allowing DNS traffic.
+ type: str
choices:
- enable
- disable
- inspection-mode:
+ inspection_mode:
description:
- Inspection mode (proxy-based or flow-based).
+ type: str
choices:
- proxy
- flow
ip:
description:
- IP address and netmask.
+ type: str
ip6:
description:
- IPv6 address prefix for NAT mode.
- link-down-access:
+ type: str
+ link_down_access:
description:
- Enable/disable link down access traffic.
+ type: str
choices:
- enable
- disable
- lldp-transmission:
+ lldp_transmission:
description:
- Enable/disable Link Layer Discovery Protocol (LLDP) for this VDOM or apply global settings to this VDOM.
+ type: str
choices:
- enable
- disable
- global
- mac-ttl:
+ mac_ttl:
description:
- Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
+ type: int
manageip:
description:
- Transparent mode IPv4 management IP address and netmask.
+ type: str
manageip6:
description:
- Transparent mode IPv6 management IP address and netmask.
- multicast-forward:
+ type: str
+ multicast_forward:
description:
- Enable/disable multicast forwarding.
+ type: str
choices:
- enable
- disable
- multicast-skip-policy:
+ multicast_skip_policy:
description:
- Enable/disable allowing multicast traffic through the FortiGate without a policy check.
+ type: str
choices:
- enable
- disable
- multicast-ttl-notchange:
+ multicast_ttl_notchange:
description:
- Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets.
+ type: str
choices:
- enable
- disable
- ngfw-mode:
+ ngfw_mode:
description:
- Next Generation Firewall (NGFW) mode.
+ type: str
choices:
- profile-based
- policy-based
opmode:
description:
- Firewall operation mode (NAT or Transparent).
+ type: str
choices:
- nat
- transparent
- prp-trailer-action:
+ prp_trailer_action:
description:
- Enable/disable action to take on PRP trailer.
+ type: str
choices:
- enable
- disable
- sccp-port:
+ sccp_port:
description:
- TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- ses-denied-traffic:
+ type: int
+ ses_denied_traffic:
description:
- Enable/disable including denied session in the session table.
+ type: str
choices:
- enable
- disable
- sip-helper:
+ sip_helper:
description:
- Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway
(ALG).
+ type: str
choices:
- enable
- disable
- sip-nat-trace:
+ sip_nat_trace:
description:
- Enable/disable recording the original SIP source IP address when NAT is used.
+ type: str
choices:
- enable
- disable
- sip-ssl-port:
+ sip_ssl_port:
description:
- TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip-tcp-port:
+ type: int
+ sip_tcp_port:
description:
- TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip-udp-port:
+ type: int
+ sip_udp_port:
description:
- UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat-hairpin-traffic:
+ type: int
+ snat_hairpin_traffic:
description:
- Enable/disable source NAT (SNAT) for hairpin traffic.
+ type: str
choices:
- enable
- disable
- ssl-ssh-profile:
+ ssl_ssh_profile:
description:
- Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name.
+ type: str
status:
description:
- Enable/disable this VDOM.
+ type: str
choices:
- enable
- disable
- strict-src-check:
+ strict_src_check:
description:
- Enable/disable strict source verification.
+ type: str
choices:
- enable
- disable
- tcp-session-without-syn:
+ tcp_session_without_syn:
description:
- Enable/disable allowing TCP session without SYN flags.
+ type: str
choices:
- enable
- disable
- utf8-spam-tagging:
+ utf8_spam_tagging:
description:
- Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support.
+ type: str
choices:
- enable
- disable
- v4-ecmp-mode:
+ v4_ecmp_mode:
description:
- IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode.
+ type: str
choices:
- source-ip-based
- weight-based
- usage-based
- source-dest-ip-based
- vpn-stats-log:
+ vpn_stats_log:
description:
- Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space.
+ type: str
choices:
- ipsec
- pptp
- l2tp
- ssl
- vpn-stats-period:
+ vpn_stats_period:
description:
- Period to send VPN log statistics (60 - 86400 sec).
- wccp-cache-engine:
+ type: int
+ wccp_cache_engine:
description:
- Enable/disable WCCP cache engine.
+ type: str
choices:
- enable
- disable
@@ -690,6 +816,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure VDOM settings.
fortios_system_settings:
@@ -699,119 +826,120 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
system_settings:
- allow-subnet-overlap: "enable"
+ allow_linkdown_path: "enable"
+ allow_subnet_overlap: "enable"
asymroute: "enable"
- asymroute-icmp: "enable"
+ asymroute_icmp: "enable"
asymroute6: "enable"
- asymroute6-icmp: "enable"
+ asymroute6_icmp: "enable"
bfd: "enable"
- bfd-desired-min-tx: "9"
- bfd-detect-mult: "10"
- bfd-dont-enforce-src-port: "enable"
- bfd-required-min-rx: "12"
- block-land-attack: "disable"
- central-nat: "enable"
+ bfd_desired_min_tx: "10"
+ bfd_detect_mult: "11"
+ bfd_dont_enforce_src_port: "enable"
+ bfd_required_min_rx: "13"
+ block_land_attack: "disable"
+ central_nat: "enable"
comments: ""
- compliance-check: "enable"
- default-voip-alg-mode: "proxy-based"
- deny-tcp-with-icmp: "enable"
+ compliance_check: "enable"
+ default_voip_alg_mode: "proxy-based"
+ deny_tcp_with_icmp: "enable"
device: " (source system.interface.name)"
- dhcp-proxy: "enable"
- dhcp-server-ip: ""
- dhcp6-server-ip: ""
- discovered-device-timeout: "23"
- ecmp-max-paths: "24"
- email-portal-check-dns: "disable"
- firewall-session-dirty: "check-all"
- fw-session-hairpin: "enable"
+ dhcp_proxy: "enable"
+ dhcp_server_ip: ""
+ dhcp6_server_ip: ""
+ discovered_device_timeout: "24"
+ ecmp_max_paths: "25"
+ email_portal_check_dns: "disable"
+ firewall_session_dirty: "check-all"
+ fw_session_hairpin: "enable"
gateway: ""
gateway6: ""
- gui-advanced-policy: "enable"
- gui-allow-unnamed-policy: "enable"
- gui-antivirus: "enable"
- gui-ap-profile: "enable"
- gui-application-control: "enable"
- gui-default-policy-columns:
+ gui_advanced_policy: "enable"
+ gui_allow_unnamed_policy: "enable"
+ gui_antivirus: "enable"
+ gui_ap_profile: "enable"
+ gui_application_control: "enable"
+ gui_default_policy_columns:
-
- name: "default_name_36"
- gui-dhcp-advanced: "enable"
- gui-dlp: "enable"
- gui-dns-database: "enable"
- gui-dnsfilter: "enable"
- gui-domain-ip-reputation: "enable"
- gui-dos-policy: "enable"
- gui-dynamic-profile-display: "enable"
- gui-dynamic-routing: "enable"
- gui-email-collection: "enable"
- gui-endpoint-control: "enable"
- gui-endpoint-control-advanced: "enable"
- gui-explicit-proxy: "enable"
- gui-fortiap-split-tunneling: "enable"
- gui-fortiextender-controller: "enable"
- gui-icap: "enable"
- gui-implicit-policy: "enable"
- gui-ips: "enable"
- gui-load-balance: "enable"
- gui-local-in-policy: "enable"
- gui-local-reports: "enable"
- gui-multicast-policy: "enable"
- gui-multiple-interface-policy: "enable"
- gui-multiple-utm-profiles: "enable"
- gui-nat46-64: "enable"
- gui-object-colors: "enable"
- gui-policy-based-ipsec: "enable"
- gui-policy-learning: "enable"
- gui-replacement-message-groups: "enable"
- gui-spamfilter: "enable"
- gui-sslvpn-personal-bookmarks: "enable"
- gui-sslvpn-realms: "enable"
- gui-switch-controller: "enable"
- gui-threat-weight: "enable"
- gui-traffic-shaping: "enable"
- gui-voip-profile: "enable"
- gui-vpn: "enable"
- gui-waf-profile: "enable"
- gui-wan-load-balancing: "enable"
- gui-wanopt-cache: "enable"
- gui-webfilter: "enable"
- gui-webfilter-advanced: "enable"
- gui-wireless-controller: "enable"
- http-external-dest: "fortiweb"
- ike-dn-format: "with-space"
- ike-quick-crash-detect: "enable"
- ike-session-resume: "enable"
- implicit-allow-dns: "enable"
- inspection-mode: "proxy"
+ name: "default_name_37"
+ gui_dhcp_advanced: "enable"
+ gui_dlp: "enable"
+ gui_dns_database: "enable"
+ gui_dnsfilter: "enable"
+ gui_domain_ip_reputation: "enable"
+ gui_dos_policy: "enable"
+ gui_dynamic_profile_display: "enable"
+ gui_dynamic_routing: "enable"
+ gui_email_collection: "enable"
+ gui_endpoint_control: "enable"
+ gui_endpoint_control_advanced: "enable"
+ gui_explicit_proxy: "enable"
+ gui_fortiap_split_tunneling: "enable"
+ gui_fortiextender_controller: "enable"
+ gui_icap: "enable"
+ gui_implicit_policy: "enable"
+ gui_ips: "enable"
+ gui_load_balance: "enable"
+ gui_local_in_policy: "enable"
+ gui_local_reports: "enable"
+ gui_multicast_policy: "enable"
+ gui_multiple_interface_policy: "enable"
+ gui_multiple_utm_profiles: "enable"
+ gui_nat46_64: "enable"
+ gui_object_colors: "enable"
+ gui_policy_based_ipsec: "enable"
+ gui_policy_learning: "enable"
+ gui_replacement_message_groups: "enable"
+ gui_spamfilter: "enable"
+ gui_sslvpn_personal_bookmarks: "enable"
+ gui_sslvpn_realms: "enable"
+ gui_switch_controller: "enable"
+ gui_threat_weight: "enable"
+ gui_traffic_shaping: "enable"
+ gui_voip_profile: "enable"
+ gui_vpn: "enable"
+ gui_waf_profile: "enable"
+ gui_wan_load_balancing: "enable"
+ gui_wanopt_cache: "enable"
+ gui_webfilter: "enable"
+ gui_webfilter_advanced: "enable"
+ gui_wireless_controller: "enable"
+ http_external_dest: "fortiweb"
+ ike_dn_format: "with-space"
+ ike_quick_crash_detect: "enable"
+ ike_session_resume: "enable"
+ implicit_allow_dns: "enable"
+ inspection_mode: "proxy"
ip: ""
ip6: ""
- link-down-access: "enable"
- lldp-transmission: "enable"
- mac-ttl: "89"
+ link_down_access: "enable"
+ lldp_transmission: "enable"
+ mac_ttl: "90"
manageip: ""
manageip6: ""
- multicast-forward: "enable"
- multicast-skip-policy: "enable"
- multicast-ttl-notchange: "enable"
- ngfw-mode: "profile-based"
+ multicast_forward: "enable"
+ multicast_skip_policy: "enable"
+ multicast_ttl_notchange: "enable"
+ ngfw_mode: "profile-based"
opmode: "nat"
- prp-trailer-action: "enable"
- sccp-port: "98"
- ses-denied-traffic: "enable"
- sip-helper: "enable"
- sip-nat-trace: "enable"
- sip-ssl-port: "102"
- sip-tcp-port: "103"
- sip-udp-port: "104"
- snat-hairpin-traffic: "enable"
- ssl-ssh-profile: " (source firewall.ssl-ssh-profile.name)"
+ prp_trailer_action: "enable"
+ sccp_port: "99"
+ ses_denied_traffic: "enable"
+ sip_helper: "enable"
+ sip_nat_trace: "enable"
+ sip_ssl_port: "103"
+ sip_tcp_port: "104"
+ sip_udp_port: "105"
+ snat_hairpin_traffic: "enable"
+ ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)"
status: "enable"
- strict-src-check: "enable"
- tcp-session-without-syn: "enable"
- utf8-spam-tagging: "enable"
- v4-ecmp-mode: "source-ip-based"
- vpn-stats-log: "ipsec"
- vpn-stats-period: "113"
- wccp-cache-engine: "enable"
+ strict_src_check: "enable"
+ tcp_session_without_syn: "enable"
+ utf8_spam_tagging: "enable"
+ v4_ecmp_mode: "source-ip-based"
+ vpn_stats_log: "ipsec"
+ vpn_stats_period: "114"
+ wccp_cache_engine: "enable"
'''
RETURN = '''
@@ -874,14 +1002,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-fos = None
-
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -889,47 +1019,48 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_system_settings_data(json):
- option_list = ['allow-subnet-overlap', 'asymroute', 'asymroute-icmp',
- 'asymroute6', 'asymroute6-icmp', 'bfd',
- 'bfd-desired-min-tx', 'bfd-detect-mult', 'bfd-dont-enforce-src-port',
- 'bfd-required-min-rx', 'block-land-attack', 'central-nat',
- 'comments', 'compliance-check', 'default-voip-alg-mode',
- 'deny-tcp-with-icmp', 'device', 'dhcp-proxy',
- 'dhcp-server-ip', 'dhcp6-server-ip', 'discovered-device-timeout',
- 'ecmp-max-paths', 'email-portal-check-dns', 'firewall-session-dirty',
- 'fw-session-hairpin', 'gateway', 'gateway6',
- 'gui-advanced-policy', 'gui-allow-unnamed-policy', 'gui-antivirus',
- 'gui-ap-profile', 'gui-application-control', 'gui-default-policy-columns',
- 'gui-dhcp-advanced', 'gui-dlp', 'gui-dns-database',
- 'gui-dnsfilter', 'gui-domain-ip-reputation', 'gui-dos-policy',
- 'gui-dynamic-profile-display', 'gui-dynamic-routing', 'gui-email-collection',
- 'gui-endpoint-control', 'gui-endpoint-control-advanced', 'gui-explicit-proxy',
- 'gui-fortiap-split-tunneling', 'gui-fortiextender-controller', 'gui-icap',
- 'gui-implicit-policy', 'gui-ips', 'gui-load-balance',
- 'gui-local-in-policy', 'gui-local-reports', 'gui-multicast-policy',
- 'gui-multiple-interface-policy', 'gui-multiple-utm-profiles', 'gui-nat46-64',
- 'gui-object-colors', 'gui-policy-based-ipsec', 'gui-policy-learning',
- 'gui-replacement-message-groups', 'gui-spamfilter', 'gui-sslvpn-personal-bookmarks',
- 'gui-sslvpn-realms', 'gui-switch-controller', 'gui-threat-weight',
- 'gui-traffic-shaping', 'gui-voip-profile', 'gui-vpn',
- 'gui-waf-profile', 'gui-wan-load-balancing', 'gui-wanopt-cache',
- 'gui-webfilter', 'gui-webfilter-advanced', 'gui-wireless-controller',
- 'http-external-dest', 'ike-dn-format', 'ike-quick-crash-detect',
- 'ike-session-resume', 'implicit-allow-dns', 'inspection-mode',
- 'ip', 'ip6', 'link-down-access',
- 'lldp-transmission', 'mac-ttl', 'manageip',
- 'manageip6', 'multicast-forward', 'multicast-skip-policy',
- 'multicast-ttl-notchange', 'ngfw-mode', 'opmode',
- 'prp-trailer-action', 'sccp-port', 'ses-denied-traffic',
- 'sip-helper', 'sip-nat-trace', 'sip-ssl-port',
- 'sip-tcp-port', 'sip-udp-port', 'snat-hairpin-traffic',
- 'ssl-ssh-profile', 'status', 'strict-src-check',
- 'tcp-session-without-syn', 'utf8-spam-tagging', 'v4-ecmp-mode',
- 'vpn-stats-log', 'vpn-stats-period', 'wccp-cache-engine']
+ option_list = ['allow_linkdown_path', 'allow_subnet_overlap', 'asymroute',
+ 'asymroute_icmp', 'asymroute6', 'asymroute6_icmp',
+ 'bfd', 'bfd_desired_min_tx', 'bfd_detect_mult',
+ 'bfd_dont_enforce_src_port', 'bfd_required_min_rx', 'block_land_attack',
+ 'central_nat', 'comments', 'compliance_check',
+ 'default_voip_alg_mode', 'deny_tcp_with_icmp', 'device',
+ 'dhcp_proxy', 'dhcp_server_ip', 'dhcp6_server_ip',
+ 'discovered_device_timeout', 'ecmp_max_paths', 'email_portal_check_dns',
+ 'firewall_session_dirty', 'fw_session_hairpin', 'gateway',
+ 'gateway6', 'gui_advanced_policy', 'gui_allow_unnamed_policy',
+ 'gui_antivirus', 'gui_ap_profile', 'gui_application_control',
+ 'gui_default_policy_columns', 'gui_dhcp_advanced', 'gui_dlp',
+ 'gui_dns_database', 'gui_dnsfilter', 'gui_domain_ip_reputation',
+ 'gui_dos_policy', 'gui_dynamic_profile_display', 'gui_dynamic_routing',
+ 'gui_email_collection', 'gui_endpoint_control', 'gui_endpoint_control_advanced',
+ 'gui_explicit_proxy', 'gui_fortiap_split_tunneling', 'gui_fortiextender_controller',
+ 'gui_icap', 'gui_implicit_policy', 'gui_ips',
+ 'gui_load_balance', 'gui_local_in_policy', 'gui_local_reports',
+ 'gui_multicast_policy', 'gui_multiple_interface_policy', 'gui_multiple_utm_profiles',
+ 'gui_nat46_64', 'gui_object_colors', 'gui_policy_based_ipsec',
+ 'gui_policy_learning', 'gui_replacement_message_groups', 'gui_spamfilter',
+ 'gui_sslvpn_personal_bookmarks', 'gui_sslvpn_realms', 'gui_switch_controller',
+ 'gui_threat_weight', 'gui_traffic_shaping', 'gui_voip_profile',
+ 'gui_vpn', 'gui_waf_profile', 'gui_wan_load_balancing',
+ 'gui_wanopt_cache', 'gui_webfilter', 'gui_webfilter_advanced',
+ 'gui_wireless_controller', 'http_external_dest', 'ike_dn_format',
+ 'ike_quick_crash_detect', 'ike_session_resume', 'implicit_allow_dns',
+ 'inspection_mode', 'ip', 'ip6',
+ 'link_down_access', 'lldp_transmission', 'mac_ttl',
+ 'manageip', 'manageip6', 'multicast_forward',
+ 'multicast_skip_policy', 'multicast_ttl_notchange', 'ngfw_mode',
+ 'opmode', 'prp_trailer_action', 'sccp_port',
+ 'ses_denied_traffic', 'sip_helper', 'sip_nat_trace',
+ 'sip_ssl_port', 'sip_tcp_port', 'sip_udp_port',
+ 'snat_hairpin_traffic', 'ssl_ssh_profile', 'status',
+ 'strict_src_check', 'tcp_session_without_syn', 'utf8_spam_tagging',
+ 'v4_ecmp_mode', 'vpn_stats_log', 'vpn_stats_period',
+ 'wccp_cache_engine']
dictionary = {}
for attribute in option_list:
@@ -939,242 +1070,261 @@ def filter_system_settings_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def system_settings(data, fos):
vdom = data['vdom']
system_settings_data = data['system_settings']
- filtered_data = filter_system_settings_data(system_settings_data)
+ filtered_data = underscore_to_hyphen(filter_system_settings_data(system_settings_data))
+
return fos.set('system',
'settings',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_system(data, fos):
- login(data)
- methodlist = ['system_settings']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['system_settings']:
+ resp = system_settings(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"system_settings": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "allow-subnet-overlap": {"required": False, "type": "str",
+ "allow_linkdown_path": {"required": False, "type": "str",
+ "choices": ["enable", "disable"]},
+ "allow_subnet_overlap": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"asymroute": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "asymroute-icmp": {"required": False, "type": "str",
+ "asymroute_icmp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"asymroute6": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "asymroute6-icmp": {"required": False, "type": "str",
+ "asymroute6_icmp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"bfd": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "bfd-desired-min-tx": {"required": False, "type": "int"},
- "bfd-detect-mult": {"required": False, "type": "int"},
- "bfd-dont-enforce-src-port": {"required": False, "type": "str",
+ "bfd_desired_min_tx": {"required": False, "type": "int"},
+ "bfd_detect_mult": {"required": False, "type": "int"},
+ "bfd_dont_enforce_src_port": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "bfd-required-min-rx": {"required": False, "type": "int"},
- "block-land-attack": {"required": False, "type": "str",
+ "bfd_required_min_rx": {"required": False, "type": "int"},
+ "block_land_attack": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "central-nat": {"required": False, "type": "str",
+ "central_nat": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"comments": {"required": False, "type": "str"},
- "compliance-check": {"required": False, "type": "str",
+ "compliance_check": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "default-voip-alg-mode": {"required": False, "type": "str",
+ "default_voip_alg_mode": {"required": False, "type": "str",
"choices": ["proxy-based", "kernel-helper-based"]},
- "deny-tcp-with-icmp": {"required": False, "type": "str",
+ "deny_tcp_with_icmp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"device": {"required": False, "type": "str"},
- "dhcp-proxy": {"required": False, "type": "str",
+ "dhcp_proxy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dhcp-server-ip": {"required": False, "type": "str"},
- "dhcp6-server-ip": {"required": False, "type": "str"},
- "discovered-device-timeout": {"required": False, "type": "int"},
- "ecmp-max-paths": {"required": False, "type": "int"},
- "email-portal-check-dns": {"required": False, "type": "str",
+ "dhcp_server_ip": {"required": False, "type": "str"},
+ "dhcp6_server_ip": {"required": False, "type": "str"},
+ "discovered_device_timeout": {"required": False, "type": "int"},
+ "ecmp_max_paths": {"required": False, "type": "int"},
+ "email_portal_check_dns": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "firewall-session-dirty": {"required": False, "type": "str",
+ "firewall_session_dirty": {"required": False, "type": "str",
"choices": ["check-all", "check-new", "check-policy-option"]},
- "fw-session-hairpin": {"required": False, "type": "str",
+ "fw_session_hairpin": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gateway": {"required": False, "type": "str"},
"gateway6": {"required": False, "type": "str"},
- "gui-advanced-policy": {"required": False, "type": "str",
+ "gui_advanced_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-allow-unnamed-policy": {"required": False, "type": "str",
+ "gui_allow_unnamed_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-antivirus": {"required": False, "type": "str",
+ "gui_antivirus": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-ap-profile": {"required": False, "type": "str",
+ "gui_ap_profile": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-application-control": {"required": False, "type": "str",
+ "gui_application_control": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-default-policy-columns": {"required": False, "type": "list",
+ "gui_default_policy_columns": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"}
}},
- "gui-dhcp-advanced": {"required": False, "type": "str",
+ "gui_dhcp_advanced": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-dlp": {"required": False, "type": "str",
+ "gui_dlp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-dns-database": {"required": False, "type": "str",
+ "gui_dns_database": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-dnsfilter": {"required": False, "type": "str",
+ "gui_dnsfilter": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-domain-ip-reputation": {"required": False, "type": "str",
+ "gui_domain_ip_reputation": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-dos-policy": {"required": False, "type": "str",
+ "gui_dos_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-dynamic-profile-display": {"required": False, "type": "str",
+ "gui_dynamic_profile_display": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-dynamic-routing": {"required": False, "type": "str",
+ "gui_dynamic_routing": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-email-collection": {"required": False, "type": "str",
+ "gui_email_collection": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-endpoint-control": {"required": False, "type": "str",
+ "gui_endpoint_control": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-endpoint-control-advanced": {"required": False, "type": "str",
+ "gui_endpoint_control_advanced": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-explicit-proxy": {"required": False, "type": "str",
+ "gui_explicit_proxy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-fortiap-split-tunneling": {"required": False, "type": "str",
+ "gui_fortiap_split_tunneling": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-fortiextender-controller": {"required": False, "type": "str",
+ "gui_fortiextender_controller": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-icap": {"required": False, "type": "str",
+ "gui_icap": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-implicit-policy": {"required": False, "type": "str",
+ "gui_implicit_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-ips": {"required": False, "type": "str",
+ "gui_ips": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-load-balance": {"required": False, "type": "str",
+ "gui_load_balance": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-local-in-policy": {"required": False, "type": "str",
+ "gui_local_in_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-local-reports": {"required": False, "type": "str",
+ "gui_local_reports": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-multicast-policy": {"required": False, "type": "str",
+ "gui_multicast_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-multiple-interface-policy": {"required": False, "type": "str",
+ "gui_multiple_interface_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-multiple-utm-profiles": {"required": False, "type": "str",
+ "gui_multiple_utm_profiles": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-nat46-64": {"required": False, "type": "str",
+ "gui_nat46_64": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-object-colors": {"required": False, "type": "str",
+ "gui_object_colors": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-policy-based-ipsec": {"required": False, "type": "str",
+ "gui_policy_based_ipsec": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-policy-learning": {"required": False, "type": "str",
+ "gui_policy_learning": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-replacement-message-groups": {"required": False, "type": "str",
+ "gui_replacement_message_groups": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-spamfilter": {"required": False, "type": "str",
+ "gui_spamfilter": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-sslvpn-personal-bookmarks": {"required": False, "type": "str",
+ "gui_sslvpn_personal_bookmarks": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-sslvpn-realms": {"required": False, "type": "str",
+ "gui_sslvpn_realms": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-switch-controller": {"required": False, "type": "str",
+ "gui_switch_controller": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-threat-weight": {"required": False, "type": "str",
+ "gui_threat_weight": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-traffic-shaping": {"required": False, "type": "str",
+ "gui_traffic_shaping": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-voip-profile": {"required": False, "type": "str",
+ "gui_voip_profile": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-vpn": {"required": False, "type": "str",
+ "gui_vpn": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-waf-profile": {"required": False, "type": "str",
+ "gui_waf_profile": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-wan-load-balancing": {"required": False, "type": "str",
+ "gui_wan_load_balancing": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-wanopt-cache": {"required": False, "type": "str",
+ "gui_wanopt_cache": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-webfilter": {"required": False, "type": "str",
+ "gui_webfilter": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-webfilter-advanced": {"required": False, "type": "str",
+ "gui_webfilter_advanced": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "gui-wireless-controller": {"required": False, "type": "str",
+ "gui_wireless_controller": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "http-external-dest": {"required": False, "type": "str",
+ "http_external_dest": {"required": False, "type": "str",
"choices": ["fortiweb", "forticache"]},
- "ike-dn-format": {"required": False, "type": "str",
+ "ike_dn_format": {"required": False, "type": "str",
"choices": ["with-space", "no-space"]},
- "ike-quick-crash-detect": {"required": False, "type": "str",
+ "ike_quick_crash_detect": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "ike-session-resume": {"required": False, "type": "str",
+ "ike_session_resume": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "implicit-allow-dns": {"required": False, "type": "str",
+ "implicit_allow_dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "inspection-mode": {"required": False, "type": "str",
+ "inspection_mode": {"required": False, "type": "str",
"choices": ["proxy", "flow"]},
"ip": {"required": False, "type": "str"},
"ip6": {"required": False, "type": "str"},
- "link-down-access": {"required": False, "type": "str",
+ "link_down_access": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "lldp-transmission": {"required": False, "type": "str",
+ "lldp_transmission": {"required": False, "type": "str",
"choices": ["enable", "disable", "global"]},
- "mac-ttl": {"required": False, "type": "int"},
+ "mac_ttl": {"required": False, "type": "int"},
"manageip": {"required": False, "type": "str"},
"manageip6": {"required": False, "type": "str"},
- "multicast-forward": {"required": False, "type": "str",
+ "multicast_forward": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-skip-policy": {"required": False, "type": "str",
+ "multicast_skip_policy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-ttl-notchange": {"required": False, "type": "str",
+ "multicast_ttl_notchange": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "ngfw-mode": {"required": False, "type": "str",
+ "ngfw_mode": {"required": False, "type": "str",
"choices": ["profile-based", "policy-based"]},
"opmode": {"required": False, "type": "str",
"choices": ["nat", "transparent"]},
- "prp-trailer-action": {"required": False, "type": "str",
+ "prp_trailer_action": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sccp-port": {"required": False, "type": "int"},
- "ses-denied-traffic": {"required": False, "type": "str",
+ "sccp_port": {"required": False, "type": "int"},
+ "ses_denied_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sip-helper": {"required": False, "type": "str",
+ "sip_helper": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sip-nat-trace": {"required": False, "type": "str",
+ "sip_nat_trace": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sip-ssl-port": {"required": False, "type": "int"},
- "sip-tcp-port": {"required": False, "type": "int"},
- "sip-udp-port": {"required": False, "type": "int"},
- "snat-hairpin-traffic": {"required": False, "type": "str",
+ "sip_ssl_port": {"required": False, "type": "int"},
+ "sip_tcp_port": {"required": False, "type": "int"},
+ "sip_udp_port": {"required": False, "type": "int"},
+ "snat_hairpin_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "ssl-ssh-profile": {"required": False, "type": "str"},
+ "ssl_ssh_profile": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "strict-src-check": {"required": False, "type": "str",
+ "strict_src_check": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "tcp-session-without-syn": {"required": False, "type": "str",
+ "tcp_session_without_syn": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "utf8-spam-tagging": {"required": False, "type": "str",
+ "utf8_spam_tagging": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "v4-ecmp-mode": {"required": False, "type": "str",
+ "v4_ecmp_mode": {"required": False, "type": "str",
"choices": ["source-ip-based", "weight-based", "usage-based",
"source-dest-ip-based"]},
- "vpn-stats-log": {"required": False, "type": "str",
+ "vpn_stats_log": {"required": False, "type": "str",
"choices": ["ipsec", "pptp", "l2tp",
"ssl"]},
- "vpn-stats-period": {"required": False, "type": "int"},
- "wccp-cache-engine": {"required": False, "type": "str",
+ "vpn_stats_period": {"required": False, "type": "int"},
+ "wccp_cache_engine": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@@ -1183,15 +1333,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_system(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_system(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_system(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt
index ebae76d439b..e251d271e3e 100644
--- a/test/sanity/ignore.txt
+++ b/test/sanity/ignore.txt
@@ -3845,8 +3845,6 @@ lib/ansible/modules/network/fortios/fortios_system_interface.py validate-modules
lib/ansible/modules/network/fortios/fortios_system_interface.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_system_settings.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_system_settings.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_system_vdom.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_system_vdom.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py validate-modules:E336
diff --git a/test/units/modules/network/fortios/test_fortios_system_settings.py b/test/units/modules/network/fortios/test_fortios_system_settings.py
new file mode 100644
index 00000000000..8e81a70c635
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_system_settings.py
@@ -0,0 +1,1031 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_system_settings
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_settings.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_system_settings_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'system_settings': {
+ 'allow_linkdown_path': 'enable',
+ 'allow_subnet_overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute_icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6_icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd_desired_min_tx': '10',
+ 'bfd_detect_mult': '11',
+ 'bfd_dont_enforce_src_port': 'enable',
+ 'bfd_required_min_rx': '13',
+ 'block_land_attack': 'disable',
+ 'central_nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance_check': 'enable',
+ 'default_voip_alg_mode': 'proxy-based',
+ 'deny_tcp_with_icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp_proxy': 'enable',
+ 'dhcp_server_ip': 'test_value_22',
+ 'dhcp6_server_ip': 'test_value_23',
+ 'discovered_device_timeout': '24',
+ 'ecmp_max_paths': '25',
+ 'email_portal_check_dns': 'disable',
+ 'firewall_session_dirty': 'check-all',
+ 'fw_session_hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui_advanced_policy': 'enable',
+ 'gui_allow_unnamed_policy': 'enable',
+ 'gui_antivirus': 'enable',
+ 'gui_ap_profile': 'enable',
+ 'gui_application_control': 'enable',
+ 'gui_dhcp_advanced': 'enable',
+ 'gui_dlp': 'enable',
+ 'gui_dns_database': 'enable',
+ 'gui_dnsfilter': 'enable',
+ 'gui_domain_ip_reputation': 'enable',
+ 'gui_dos_policy': 'enable',
+ 'gui_dynamic_profile_display': 'enable',
+ 'gui_dynamic_routing': 'enable',
+ 'gui_email_collection': 'enable',
+ 'gui_endpoint_control': 'enable',
+ 'gui_endpoint_control_advanced': 'enable',
+ 'gui_explicit_proxy': 'enable',
+ 'gui_fortiap_split_tunneling': 'enable',
+ 'gui_fortiextender_controller': 'enable',
+ 'gui_icap': 'enable',
+ 'gui_implicit_policy': 'enable',
+ 'gui_ips': 'enable',
+ 'gui_load_balance': 'enable',
+ 'gui_local_in_policy': 'enable',
+ 'gui_local_reports': 'enable',
+ 'gui_multicast_policy': 'enable',
+ 'gui_multiple_interface_policy': 'enable',
+ 'gui_multiple_utm_profiles': 'enable',
+ 'gui_nat46_64': 'enable',
+ 'gui_object_colors': 'enable',
+ 'gui_policy_based_ipsec': 'enable',
+ 'gui_policy_learning': 'enable',
+ 'gui_replacement_message_groups': 'enable',
+ 'gui_spamfilter': 'enable',
+ 'gui_sslvpn_personal_bookmarks': 'enable',
+ 'gui_sslvpn_realms': 'enable',
+ 'gui_switch_controller': 'enable',
+ 'gui_threat_weight': 'enable',
+ 'gui_traffic_shaping': 'enable',
+ 'gui_voip_profile': 'enable',
+ 'gui_vpn': 'enable',
+ 'gui_waf_profile': 'enable',
+ 'gui_wan_load_balancing': 'enable',
+ 'gui_wanopt_cache': 'enable',
+ 'gui_webfilter': 'enable',
+ 'gui_webfilter_advanced': 'enable',
+ 'gui_wireless_controller': 'enable',
+ 'http_external_dest': 'fortiweb',
+ 'ike_dn_format': 'with-space',
+ 'ike_quick_crash_detect': 'enable',
+ 'ike_session_resume': 'enable',
+ 'implicit_allow_dns': 'enable',
+ 'inspection_mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link_down_access': 'enable',
+ 'lldp_transmission': 'enable',
+ 'mac_ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast_forward': 'enable',
+ 'multicast_skip_policy': 'enable',
+ 'multicast_ttl_notchange': 'enable',
+ 'ngfw_mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp_trailer_action': 'enable',
+ 'sccp_port': '97',
+ 'ses_denied_traffic': 'enable',
+ 'sip_helper': 'enable',
+ 'sip_nat_trace': 'enable',
+ 'sip_ssl_port': '101',
+ 'sip_tcp_port': '102',
+ 'sip_udp_port': '103',
+ 'snat_hairpin_traffic': 'enable',
+ 'ssl_ssh_profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict_src_check': 'enable',
+ 'tcp_session_without_syn': 'enable',
+ 'utf8_spam_tagging': 'enable',
+ 'v4_ecmp_mode': 'source-ip-based',
+ 'vpn_stats_log': 'ipsec',
+ 'vpn_stats_period': '112',
+ 'wccp_cache_engine': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance)
+
+ expected_data = {
+ 'allow-linkdown-path': 'enable',
+ 'allow-subnet-overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute-icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6-icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd-desired-min-tx': '10',
+ 'bfd-detect-mult': '11',
+ 'bfd-dont-enforce-src-port': 'enable',
+ 'bfd-required-min-rx': '13',
+ 'block-land-attack': 'disable',
+ 'central-nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance-check': 'enable',
+ 'default-voip-alg-mode': 'proxy-based',
+ 'deny-tcp-with-icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp-proxy': 'enable',
+ 'dhcp-server-ip': 'test_value_22',
+ 'dhcp6-server-ip': 'test_value_23',
+ 'discovered-device-timeout': '24',
+ 'ecmp-max-paths': '25',
+ 'email-portal-check-dns': 'disable',
+ 'firewall-session-dirty': 'check-all',
+ 'fw-session-hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui-advanced-policy': 'enable',
+ 'gui-allow-unnamed-policy': 'enable',
+ 'gui-antivirus': 'enable',
+ 'gui-ap-profile': 'enable',
+ 'gui-application-control': 'enable',
+ 'gui-dhcp-advanced': 'enable',
+ 'gui-dlp': 'enable',
+ 'gui-dns-database': 'enable',
+ 'gui-dnsfilter': 'enable',
+ 'gui-domain-ip-reputation': 'enable',
+ 'gui-dos-policy': 'enable',
+ 'gui-dynamic-profile-display': 'enable',
+ 'gui-dynamic-routing': 'enable',
+ 'gui-email-collection': 'enable',
+ 'gui-endpoint-control': 'enable',
+ 'gui-endpoint-control-advanced': 'enable',
+ 'gui-explicit-proxy': 'enable',
+ 'gui-fortiap-split-tunneling': 'enable',
+ 'gui-fortiextender-controller': 'enable',
+ 'gui-icap': 'enable',
+ 'gui-implicit-policy': 'enable',
+ 'gui-ips': 'enable',
+ 'gui-load-balance': 'enable',
+ 'gui-local-in-policy': 'enable',
+ 'gui-local-reports': 'enable',
+ 'gui-multicast-policy': 'enable',
+ 'gui-multiple-interface-policy': 'enable',
+ 'gui-multiple-utm-profiles': 'enable',
+ 'gui-nat46-64': 'enable',
+ 'gui-object-colors': 'enable',
+ 'gui-policy-based-ipsec': 'enable',
+ 'gui-policy-learning': 'enable',
+ 'gui-replacement-message-groups': 'enable',
+ 'gui-spamfilter': 'enable',
+ 'gui-sslvpn-personal-bookmarks': 'enable',
+ 'gui-sslvpn-realms': 'enable',
+ 'gui-switch-controller': 'enable',
+ 'gui-threat-weight': 'enable',
+ 'gui-traffic-shaping': 'enable',
+ 'gui-voip-profile': 'enable',
+ 'gui-vpn': 'enable',
+ 'gui-waf-profile': 'enable',
+ 'gui-wan-load-balancing': 'enable',
+ 'gui-wanopt-cache': 'enable',
+ 'gui-webfilter': 'enable',
+ 'gui-webfilter-advanced': 'enable',
+ 'gui-wireless-controller': 'enable',
+ 'http-external-dest': 'fortiweb',
+ 'ike-dn-format': 'with-space',
+ 'ike-quick-crash-detect': 'enable',
+ 'ike-session-resume': 'enable',
+ 'implicit-allow-dns': 'enable',
+ 'inspection-mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link-down-access': 'enable',
+ 'lldp-transmission': 'enable',
+ 'mac-ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast-forward': 'enable',
+ 'multicast-skip-policy': 'enable',
+ 'multicast-ttl-notchange': 'enable',
+ 'ngfw-mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp-trailer-action': 'enable',
+ 'sccp-port': '97',
+ 'ses-denied-traffic': 'enable',
+ 'sip-helper': 'enable',
+ 'sip-nat-trace': 'enable',
+ 'sip-ssl-port': '101',
+ 'sip-tcp-port': '102',
+ 'sip-udp-port': '103',
+ 'snat-hairpin-traffic': 'enable',
+ 'ssl-ssh-profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict-src-check': 'enable',
+ 'tcp-session-without-syn': 'enable',
+ 'utf8-spam-tagging': 'enable',
+ 'v4-ecmp-mode': 'source-ip-based',
+ 'vpn-stats-log': 'ipsec',
+ 'vpn-stats-period': '112',
+ 'wccp-cache-engine': 'enable'
+ }
+
+ set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_system_settings_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'system_settings': {
+ 'allow_linkdown_path': 'enable',
+ 'allow_subnet_overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute_icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6_icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd_desired_min_tx': '10',
+ 'bfd_detect_mult': '11',
+ 'bfd_dont_enforce_src_port': 'enable',
+ 'bfd_required_min_rx': '13',
+ 'block_land_attack': 'disable',
+ 'central_nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance_check': 'enable',
+ 'default_voip_alg_mode': 'proxy-based',
+ 'deny_tcp_with_icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp_proxy': 'enable',
+ 'dhcp_server_ip': 'test_value_22',
+ 'dhcp6_server_ip': 'test_value_23',
+ 'discovered_device_timeout': '24',
+ 'ecmp_max_paths': '25',
+ 'email_portal_check_dns': 'disable',
+ 'firewall_session_dirty': 'check-all',
+ 'fw_session_hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui_advanced_policy': 'enable',
+ 'gui_allow_unnamed_policy': 'enable',
+ 'gui_antivirus': 'enable',
+ 'gui_ap_profile': 'enable',
+ 'gui_application_control': 'enable',
+ 'gui_dhcp_advanced': 'enable',
+ 'gui_dlp': 'enable',
+ 'gui_dns_database': 'enable',
+ 'gui_dnsfilter': 'enable',
+ 'gui_domain_ip_reputation': 'enable',
+ 'gui_dos_policy': 'enable',
+ 'gui_dynamic_profile_display': 'enable',
+ 'gui_dynamic_routing': 'enable',
+ 'gui_email_collection': 'enable',
+ 'gui_endpoint_control': 'enable',
+ 'gui_endpoint_control_advanced': 'enable',
+ 'gui_explicit_proxy': 'enable',
+ 'gui_fortiap_split_tunneling': 'enable',
+ 'gui_fortiextender_controller': 'enable',
+ 'gui_icap': 'enable',
+ 'gui_implicit_policy': 'enable',
+ 'gui_ips': 'enable',
+ 'gui_load_balance': 'enable',
+ 'gui_local_in_policy': 'enable',
+ 'gui_local_reports': 'enable',
+ 'gui_multicast_policy': 'enable',
+ 'gui_multiple_interface_policy': 'enable',
+ 'gui_multiple_utm_profiles': 'enable',
+ 'gui_nat46_64': 'enable',
+ 'gui_object_colors': 'enable',
+ 'gui_policy_based_ipsec': 'enable',
+ 'gui_policy_learning': 'enable',
+ 'gui_replacement_message_groups': 'enable',
+ 'gui_spamfilter': 'enable',
+ 'gui_sslvpn_personal_bookmarks': 'enable',
+ 'gui_sslvpn_realms': 'enable',
+ 'gui_switch_controller': 'enable',
+ 'gui_threat_weight': 'enable',
+ 'gui_traffic_shaping': 'enable',
+ 'gui_voip_profile': 'enable',
+ 'gui_vpn': 'enable',
+ 'gui_waf_profile': 'enable',
+ 'gui_wan_load_balancing': 'enable',
+ 'gui_wanopt_cache': 'enable',
+ 'gui_webfilter': 'enable',
+ 'gui_webfilter_advanced': 'enable',
+ 'gui_wireless_controller': 'enable',
+ 'http_external_dest': 'fortiweb',
+ 'ike_dn_format': 'with-space',
+ 'ike_quick_crash_detect': 'enable',
+ 'ike_session_resume': 'enable',
+ 'implicit_allow_dns': 'enable',
+ 'inspection_mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link_down_access': 'enable',
+ 'lldp_transmission': 'enable',
+ 'mac_ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast_forward': 'enable',
+ 'multicast_skip_policy': 'enable',
+ 'multicast_ttl_notchange': 'enable',
+ 'ngfw_mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp_trailer_action': 'enable',
+ 'sccp_port': '97',
+ 'ses_denied_traffic': 'enable',
+ 'sip_helper': 'enable',
+ 'sip_nat_trace': 'enable',
+ 'sip_ssl_port': '101',
+ 'sip_tcp_port': '102',
+ 'sip_udp_port': '103',
+ 'snat_hairpin_traffic': 'enable',
+ 'ssl_ssh_profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict_src_check': 'enable',
+ 'tcp_session_without_syn': 'enable',
+ 'utf8_spam_tagging': 'enable',
+ 'v4_ecmp_mode': 'source-ip-based',
+ 'vpn_stats_log': 'ipsec',
+ 'vpn_stats_period': '112',
+ 'wccp_cache_engine': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance)
+
+ expected_data = {
+ 'allow-linkdown-path': 'enable',
+ 'allow-subnet-overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute-icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6-icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd-desired-min-tx': '10',
+ 'bfd-detect-mult': '11',
+ 'bfd-dont-enforce-src-port': 'enable',
+ 'bfd-required-min-rx': '13',
+ 'block-land-attack': 'disable',
+ 'central-nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance-check': 'enable',
+ 'default-voip-alg-mode': 'proxy-based',
+ 'deny-tcp-with-icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp-proxy': 'enable',
+ 'dhcp-server-ip': 'test_value_22',
+ 'dhcp6-server-ip': 'test_value_23',
+ 'discovered-device-timeout': '24',
+ 'ecmp-max-paths': '25',
+ 'email-portal-check-dns': 'disable',
+ 'firewall-session-dirty': 'check-all',
+ 'fw-session-hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui-advanced-policy': 'enable',
+ 'gui-allow-unnamed-policy': 'enable',
+ 'gui-antivirus': 'enable',
+ 'gui-ap-profile': 'enable',
+ 'gui-application-control': 'enable',
+ 'gui-dhcp-advanced': 'enable',
+ 'gui-dlp': 'enable',
+ 'gui-dns-database': 'enable',
+ 'gui-dnsfilter': 'enable',
+ 'gui-domain-ip-reputation': 'enable',
+ 'gui-dos-policy': 'enable',
+ 'gui-dynamic-profile-display': 'enable',
+ 'gui-dynamic-routing': 'enable',
+ 'gui-email-collection': 'enable',
+ 'gui-endpoint-control': 'enable',
+ 'gui-endpoint-control-advanced': 'enable',
+ 'gui-explicit-proxy': 'enable',
+ 'gui-fortiap-split-tunneling': 'enable',
+ 'gui-fortiextender-controller': 'enable',
+ 'gui-icap': 'enable',
+ 'gui-implicit-policy': 'enable',
+ 'gui-ips': 'enable',
+ 'gui-load-balance': 'enable',
+ 'gui-local-in-policy': 'enable',
+ 'gui-local-reports': 'enable',
+ 'gui-multicast-policy': 'enable',
+ 'gui-multiple-interface-policy': 'enable',
+ 'gui-multiple-utm-profiles': 'enable',
+ 'gui-nat46-64': 'enable',
+ 'gui-object-colors': 'enable',
+ 'gui-policy-based-ipsec': 'enable',
+ 'gui-policy-learning': 'enable',
+ 'gui-replacement-message-groups': 'enable',
+ 'gui-spamfilter': 'enable',
+ 'gui-sslvpn-personal-bookmarks': 'enable',
+ 'gui-sslvpn-realms': 'enable',
+ 'gui-switch-controller': 'enable',
+ 'gui-threat-weight': 'enable',
+ 'gui-traffic-shaping': 'enable',
+ 'gui-voip-profile': 'enable',
+ 'gui-vpn': 'enable',
+ 'gui-waf-profile': 'enable',
+ 'gui-wan-load-balancing': 'enable',
+ 'gui-wanopt-cache': 'enable',
+ 'gui-webfilter': 'enable',
+ 'gui-webfilter-advanced': 'enable',
+ 'gui-wireless-controller': 'enable',
+ 'http-external-dest': 'fortiweb',
+ 'ike-dn-format': 'with-space',
+ 'ike-quick-crash-detect': 'enable',
+ 'ike-session-resume': 'enable',
+ 'implicit-allow-dns': 'enable',
+ 'inspection-mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link-down-access': 'enable',
+ 'lldp-transmission': 'enable',
+ 'mac-ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast-forward': 'enable',
+ 'multicast-skip-policy': 'enable',
+ 'multicast-ttl-notchange': 'enable',
+ 'ngfw-mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp-trailer-action': 'enable',
+ 'sccp-port': '97',
+ 'ses-denied-traffic': 'enable',
+ 'sip-helper': 'enable',
+ 'sip-nat-trace': 'enable',
+ 'sip-ssl-port': '101',
+ 'sip-tcp-port': '102',
+ 'sip-udp-port': '103',
+ 'snat-hairpin-traffic': 'enable',
+ 'ssl-ssh-profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict-src-check': 'enable',
+ 'tcp-session-without-syn': 'enable',
+ 'utf8-spam-tagging': 'enable',
+ 'v4-ecmp-mode': 'source-ip-based',
+ 'vpn-stats-log': 'ipsec',
+ 'vpn-stats-period': '112',
+ 'wccp-cache-engine': 'enable'
+ }
+
+ set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_system_settings_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'system_settings': {
+ 'allow_linkdown_path': 'enable',
+ 'allow_subnet_overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute_icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6_icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd_desired_min_tx': '10',
+ 'bfd_detect_mult': '11',
+ 'bfd_dont_enforce_src_port': 'enable',
+ 'bfd_required_min_rx': '13',
+ 'block_land_attack': 'disable',
+ 'central_nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance_check': 'enable',
+ 'default_voip_alg_mode': 'proxy-based',
+ 'deny_tcp_with_icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp_proxy': 'enable',
+ 'dhcp_server_ip': 'test_value_22',
+ 'dhcp6_server_ip': 'test_value_23',
+ 'discovered_device_timeout': '24',
+ 'ecmp_max_paths': '25',
+ 'email_portal_check_dns': 'disable',
+ 'firewall_session_dirty': 'check-all',
+ 'fw_session_hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui_advanced_policy': 'enable',
+ 'gui_allow_unnamed_policy': 'enable',
+ 'gui_antivirus': 'enable',
+ 'gui_ap_profile': 'enable',
+ 'gui_application_control': 'enable',
+ 'gui_dhcp_advanced': 'enable',
+ 'gui_dlp': 'enable',
+ 'gui_dns_database': 'enable',
+ 'gui_dnsfilter': 'enable',
+ 'gui_domain_ip_reputation': 'enable',
+ 'gui_dos_policy': 'enable',
+ 'gui_dynamic_profile_display': 'enable',
+ 'gui_dynamic_routing': 'enable',
+ 'gui_email_collection': 'enable',
+ 'gui_endpoint_control': 'enable',
+ 'gui_endpoint_control_advanced': 'enable',
+ 'gui_explicit_proxy': 'enable',
+ 'gui_fortiap_split_tunneling': 'enable',
+ 'gui_fortiextender_controller': 'enable',
+ 'gui_icap': 'enable',
+ 'gui_implicit_policy': 'enable',
+ 'gui_ips': 'enable',
+ 'gui_load_balance': 'enable',
+ 'gui_local_in_policy': 'enable',
+ 'gui_local_reports': 'enable',
+ 'gui_multicast_policy': 'enable',
+ 'gui_multiple_interface_policy': 'enable',
+ 'gui_multiple_utm_profiles': 'enable',
+ 'gui_nat46_64': 'enable',
+ 'gui_object_colors': 'enable',
+ 'gui_policy_based_ipsec': 'enable',
+ 'gui_policy_learning': 'enable',
+ 'gui_replacement_message_groups': 'enable',
+ 'gui_spamfilter': 'enable',
+ 'gui_sslvpn_personal_bookmarks': 'enable',
+ 'gui_sslvpn_realms': 'enable',
+ 'gui_switch_controller': 'enable',
+ 'gui_threat_weight': 'enable',
+ 'gui_traffic_shaping': 'enable',
+ 'gui_voip_profile': 'enable',
+ 'gui_vpn': 'enable',
+ 'gui_waf_profile': 'enable',
+ 'gui_wan_load_balancing': 'enable',
+ 'gui_wanopt_cache': 'enable',
+ 'gui_webfilter': 'enable',
+ 'gui_webfilter_advanced': 'enable',
+ 'gui_wireless_controller': 'enable',
+ 'http_external_dest': 'fortiweb',
+ 'ike_dn_format': 'with-space',
+ 'ike_quick_crash_detect': 'enable',
+ 'ike_session_resume': 'enable',
+ 'implicit_allow_dns': 'enable',
+ 'inspection_mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link_down_access': 'enable',
+ 'lldp_transmission': 'enable',
+ 'mac_ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast_forward': 'enable',
+ 'multicast_skip_policy': 'enable',
+ 'multicast_ttl_notchange': 'enable',
+ 'ngfw_mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp_trailer_action': 'enable',
+ 'sccp_port': '97',
+ 'ses_denied_traffic': 'enable',
+ 'sip_helper': 'enable',
+ 'sip_nat_trace': 'enable',
+ 'sip_ssl_port': '101',
+ 'sip_tcp_port': '102',
+ 'sip_udp_port': '103',
+ 'snat_hairpin_traffic': 'enable',
+ 'ssl_ssh_profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict_src_check': 'enable',
+ 'tcp_session_without_syn': 'enable',
+ 'utf8_spam_tagging': 'enable',
+ 'v4_ecmp_mode': 'source-ip-based',
+ 'vpn_stats_log': 'ipsec',
+ 'vpn_stats_period': '112',
+ 'wccp_cache_engine': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance)
+
+ expected_data = {
+ 'allow-linkdown-path': 'enable',
+ 'allow-subnet-overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute-icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6-icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd-desired-min-tx': '10',
+ 'bfd-detect-mult': '11',
+ 'bfd-dont-enforce-src-port': 'enable',
+ 'bfd-required-min-rx': '13',
+ 'block-land-attack': 'disable',
+ 'central-nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance-check': 'enable',
+ 'default-voip-alg-mode': 'proxy-based',
+ 'deny-tcp-with-icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp-proxy': 'enable',
+ 'dhcp-server-ip': 'test_value_22',
+ 'dhcp6-server-ip': 'test_value_23',
+ 'discovered-device-timeout': '24',
+ 'ecmp-max-paths': '25',
+ 'email-portal-check-dns': 'disable',
+ 'firewall-session-dirty': 'check-all',
+ 'fw-session-hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui-advanced-policy': 'enable',
+ 'gui-allow-unnamed-policy': 'enable',
+ 'gui-antivirus': 'enable',
+ 'gui-ap-profile': 'enable',
+ 'gui-application-control': 'enable',
+ 'gui-dhcp-advanced': 'enable',
+ 'gui-dlp': 'enable',
+ 'gui-dns-database': 'enable',
+ 'gui-dnsfilter': 'enable',
+ 'gui-domain-ip-reputation': 'enable',
+ 'gui-dos-policy': 'enable',
+ 'gui-dynamic-profile-display': 'enable',
+ 'gui-dynamic-routing': 'enable',
+ 'gui-email-collection': 'enable',
+ 'gui-endpoint-control': 'enable',
+ 'gui-endpoint-control-advanced': 'enable',
+ 'gui-explicit-proxy': 'enable',
+ 'gui-fortiap-split-tunneling': 'enable',
+ 'gui-fortiextender-controller': 'enable',
+ 'gui-icap': 'enable',
+ 'gui-implicit-policy': 'enable',
+ 'gui-ips': 'enable',
+ 'gui-load-balance': 'enable',
+ 'gui-local-in-policy': 'enable',
+ 'gui-local-reports': 'enable',
+ 'gui-multicast-policy': 'enable',
+ 'gui-multiple-interface-policy': 'enable',
+ 'gui-multiple-utm-profiles': 'enable',
+ 'gui-nat46-64': 'enable',
+ 'gui-object-colors': 'enable',
+ 'gui-policy-based-ipsec': 'enable',
+ 'gui-policy-learning': 'enable',
+ 'gui-replacement-message-groups': 'enable',
+ 'gui-spamfilter': 'enable',
+ 'gui-sslvpn-personal-bookmarks': 'enable',
+ 'gui-sslvpn-realms': 'enable',
+ 'gui-switch-controller': 'enable',
+ 'gui-threat-weight': 'enable',
+ 'gui-traffic-shaping': 'enable',
+ 'gui-voip-profile': 'enable',
+ 'gui-vpn': 'enable',
+ 'gui-waf-profile': 'enable',
+ 'gui-wan-load-balancing': 'enable',
+ 'gui-wanopt-cache': 'enable',
+ 'gui-webfilter': 'enable',
+ 'gui-webfilter-advanced': 'enable',
+ 'gui-wireless-controller': 'enable',
+ 'http-external-dest': 'fortiweb',
+ 'ike-dn-format': 'with-space',
+ 'ike-quick-crash-detect': 'enable',
+ 'ike-session-resume': 'enable',
+ 'implicit-allow-dns': 'enable',
+ 'inspection-mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link-down-access': 'enable',
+ 'lldp-transmission': 'enable',
+ 'mac-ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast-forward': 'enable',
+ 'multicast-skip-policy': 'enable',
+ 'multicast-ttl-notchange': 'enable',
+ 'ngfw-mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp-trailer-action': 'enable',
+ 'sccp-port': '97',
+ 'ses-denied-traffic': 'enable',
+ 'sip-helper': 'enable',
+ 'sip-nat-trace': 'enable',
+ 'sip-ssl-port': '101',
+ 'sip-tcp-port': '102',
+ 'sip-udp-port': '103',
+ 'snat-hairpin-traffic': 'enable',
+ 'ssl-ssh-profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict-src-check': 'enable',
+ 'tcp-session-without-syn': 'enable',
+ 'utf8-spam-tagging': 'enable',
+ 'v4-ecmp-mode': 'source-ip-based',
+ 'vpn-stats-log': 'ipsec',
+ 'vpn-stats-period': '112',
+ 'wccp-cache-engine': 'enable'
+ }
+
+ set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_system_settings_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'system_settings': {
+ 'random_attribute_not_valid': 'tag',
+ 'allow_linkdown_path': 'enable',
+ 'allow_subnet_overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute_icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6_icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd_desired_min_tx': '10',
+ 'bfd_detect_mult': '11',
+ 'bfd_dont_enforce_src_port': 'enable',
+ 'bfd_required_min_rx': '13',
+ 'block_land_attack': 'disable',
+ 'central_nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance_check': 'enable',
+ 'default_voip_alg_mode': 'proxy-based',
+ 'deny_tcp_with_icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp_proxy': 'enable',
+ 'dhcp_server_ip': 'test_value_22',
+ 'dhcp6_server_ip': 'test_value_23',
+ 'discovered_device_timeout': '24',
+ 'ecmp_max_paths': '25',
+ 'email_portal_check_dns': 'disable',
+ 'firewall_session_dirty': 'check-all',
+ 'fw_session_hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui_advanced_policy': 'enable',
+ 'gui_allow_unnamed_policy': 'enable',
+ 'gui_antivirus': 'enable',
+ 'gui_ap_profile': 'enable',
+ 'gui_application_control': 'enable',
+ 'gui_dhcp_advanced': 'enable',
+ 'gui_dlp': 'enable',
+ 'gui_dns_database': 'enable',
+ 'gui_dnsfilter': 'enable',
+ 'gui_domain_ip_reputation': 'enable',
+ 'gui_dos_policy': 'enable',
+ 'gui_dynamic_profile_display': 'enable',
+ 'gui_dynamic_routing': 'enable',
+ 'gui_email_collection': 'enable',
+ 'gui_endpoint_control': 'enable',
+ 'gui_endpoint_control_advanced': 'enable',
+ 'gui_explicit_proxy': 'enable',
+ 'gui_fortiap_split_tunneling': 'enable',
+ 'gui_fortiextender_controller': 'enable',
+ 'gui_icap': 'enable',
+ 'gui_implicit_policy': 'enable',
+ 'gui_ips': 'enable',
+ 'gui_load_balance': 'enable',
+ 'gui_local_in_policy': 'enable',
+ 'gui_local_reports': 'enable',
+ 'gui_multicast_policy': 'enable',
+ 'gui_multiple_interface_policy': 'enable',
+ 'gui_multiple_utm_profiles': 'enable',
+ 'gui_nat46_64': 'enable',
+ 'gui_object_colors': 'enable',
+ 'gui_policy_based_ipsec': 'enable',
+ 'gui_policy_learning': 'enable',
+ 'gui_replacement_message_groups': 'enable',
+ 'gui_spamfilter': 'enable',
+ 'gui_sslvpn_personal_bookmarks': 'enable',
+ 'gui_sslvpn_realms': 'enable',
+ 'gui_switch_controller': 'enable',
+ 'gui_threat_weight': 'enable',
+ 'gui_traffic_shaping': 'enable',
+ 'gui_voip_profile': 'enable',
+ 'gui_vpn': 'enable',
+ 'gui_waf_profile': 'enable',
+ 'gui_wan_load_balancing': 'enable',
+ 'gui_wanopt_cache': 'enable',
+ 'gui_webfilter': 'enable',
+ 'gui_webfilter_advanced': 'enable',
+ 'gui_wireless_controller': 'enable',
+ 'http_external_dest': 'fortiweb',
+ 'ike_dn_format': 'with-space',
+ 'ike_quick_crash_detect': 'enable',
+ 'ike_session_resume': 'enable',
+ 'implicit_allow_dns': 'enable',
+ 'inspection_mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link_down_access': 'enable',
+ 'lldp_transmission': 'enable',
+ 'mac_ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast_forward': 'enable',
+ 'multicast_skip_policy': 'enable',
+ 'multicast_ttl_notchange': 'enable',
+ 'ngfw_mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp_trailer_action': 'enable',
+ 'sccp_port': '97',
+ 'ses_denied_traffic': 'enable',
+ 'sip_helper': 'enable',
+ 'sip_nat_trace': 'enable',
+ 'sip_ssl_port': '101',
+ 'sip_tcp_port': '102',
+ 'sip_udp_port': '103',
+ 'snat_hairpin_traffic': 'enable',
+ 'ssl_ssh_profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict_src_check': 'enable',
+ 'tcp_session_without_syn': 'enable',
+ 'utf8_spam_tagging': 'enable',
+ 'v4_ecmp_mode': 'source-ip-based',
+ 'vpn_stats_log': 'ipsec',
+ 'vpn_stats_period': '112',
+ 'wccp_cache_engine': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance)
+
+ expected_data = {
+ 'allow-linkdown-path': 'enable',
+ 'allow-subnet-overlap': 'enable',
+ 'asymroute': 'enable',
+ 'asymroute-icmp': 'enable',
+ 'asymroute6': 'enable',
+ 'asymroute6-icmp': 'enable',
+ 'bfd': 'enable',
+ 'bfd-desired-min-tx': '10',
+ 'bfd-detect-mult': '11',
+ 'bfd-dont-enforce-src-port': 'enable',
+ 'bfd-required-min-rx': '13',
+ 'block-land-attack': 'disable',
+ 'central-nat': 'enable',
+ 'comments': 'test_value_16',
+ 'compliance-check': 'enable',
+ 'default-voip-alg-mode': 'proxy-based',
+ 'deny-tcp-with-icmp': 'enable',
+ 'device': 'test_value_20',
+ 'dhcp-proxy': 'enable',
+ 'dhcp-server-ip': 'test_value_22',
+ 'dhcp6-server-ip': 'test_value_23',
+ 'discovered-device-timeout': '24',
+ 'ecmp-max-paths': '25',
+ 'email-portal-check-dns': 'disable',
+ 'firewall-session-dirty': 'check-all',
+ 'fw-session-hairpin': 'enable',
+ 'gateway': 'test_value_29',
+ 'gateway6': 'test_value_30',
+ 'gui-advanced-policy': 'enable',
+ 'gui-allow-unnamed-policy': 'enable',
+ 'gui-antivirus': 'enable',
+ 'gui-ap-profile': 'enable',
+ 'gui-application-control': 'enable',
+ 'gui-dhcp-advanced': 'enable',
+ 'gui-dlp': 'enable',
+ 'gui-dns-database': 'enable',
+ 'gui-dnsfilter': 'enable',
+ 'gui-domain-ip-reputation': 'enable',
+ 'gui-dos-policy': 'enable',
+ 'gui-dynamic-profile-display': 'enable',
+ 'gui-dynamic-routing': 'enable',
+ 'gui-email-collection': 'enable',
+ 'gui-endpoint-control': 'enable',
+ 'gui-endpoint-control-advanced': 'enable',
+ 'gui-explicit-proxy': 'enable',
+ 'gui-fortiap-split-tunneling': 'enable',
+ 'gui-fortiextender-controller': 'enable',
+ 'gui-icap': 'enable',
+ 'gui-implicit-policy': 'enable',
+ 'gui-ips': 'enable',
+ 'gui-load-balance': 'enable',
+ 'gui-local-in-policy': 'enable',
+ 'gui-local-reports': 'enable',
+ 'gui-multicast-policy': 'enable',
+ 'gui-multiple-interface-policy': 'enable',
+ 'gui-multiple-utm-profiles': 'enable',
+ 'gui-nat46-64': 'enable',
+ 'gui-object-colors': 'enable',
+ 'gui-policy-based-ipsec': 'enable',
+ 'gui-policy-learning': 'enable',
+ 'gui-replacement-message-groups': 'enable',
+ 'gui-spamfilter': 'enable',
+ 'gui-sslvpn-personal-bookmarks': 'enable',
+ 'gui-sslvpn-realms': 'enable',
+ 'gui-switch-controller': 'enable',
+ 'gui-threat-weight': 'enable',
+ 'gui-traffic-shaping': 'enable',
+ 'gui-voip-profile': 'enable',
+ 'gui-vpn': 'enable',
+ 'gui-waf-profile': 'enable',
+ 'gui-wan-load-balancing': 'enable',
+ 'gui-wanopt-cache': 'enable',
+ 'gui-webfilter': 'enable',
+ 'gui-webfilter-advanced': 'enable',
+ 'gui-wireless-controller': 'enable',
+ 'http-external-dest': 'fortiweb',
+ 'ike-dn-format': 'with-space',
+ 'ike-quick-crash-detect': 'enable',
+ 'ike-session-resume': 'enable',
+ 'implicit-allow-dns': 'enable',
+ 'inspection-mode': 'proxy',
+ 'ip': 'test_value_84',
+ 'ip6': 'test_value_85',
+ 'link-down-access': 'enable',
+ 'lldp-transmission': 'enable',
+ 'mac-ttl': '88',
+ 'manageip': 'test_value_89',
+ 'manageip6': 'test_value_90',
+ 'multicast-forward': 'enable',
+ 'multicast-skip-policy': 'enable',
+ 'multicast-ttl-notchange': 'enable',
+ 'ngfw-mode': 'profile-based',
+ 'opmode': 'nat',
+ 'prp-trailer-action': 'enable',
+ 'sccp-port': '97',
+ 'ses-denied-traffic': 'enable',
+ 'sip-helper': 'enable',
+ 'sip-nat-trace': 'enable',
+ 'sip-ssl-port': '101',
+ 'sip-tcp-port': '102',
+ 'sip-udp-port': '103',
+ 'snat-hairpin-traffic': 'enable',
+ 'ssl-ssh-profile': 'test_value_105',
+ 'status': 'enable',
+ 'strict-src-check': 'enable',
+ 'tcp-session-without-syn': 'enable',
+ 'utf8-spam-tagging': 'enable',
+ 'v4-ecmp-mode': 'source-ip-based',
+ 'vpn-stats-log': 'ipsec',
+ 'vpn-stats-period': '112',
+ 'wccp-cache-engine': 'enable'
+ }
+
+ set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200