The collection is the FortiWeb Ansible Automation project. It includes the modules that are able to configure FortiWeb OS features.
The collection provides the following modules:
fwebos_admin
Configure FortiWeb adminfwebos_admin_profiles
Configure FortiWeb admin profilesfwebos_backup_download
Download FortiWeb config filefwebos_certificate_ca
Config FortiWeb server objects CA fwebos_certificate_ca_group
Config FortiWeb server objects CA groupfwebos_certificate_ca_group_member
Config FortiWeb server objects group memberfwebos_certificate_ca_tsl
Config FortiWeb server objects TSL CAfwebos_certificate_crl
Config FortiWeb server objects CRLfwebos_certificate_crl_group
Config FortiWeb server objects CRL groupfwebos_certificate_crl_group_member
Config FortiWeb server objects CRL group memberfwebos_certificate_intermediate_ca
Config FortiWeb server objects Intermediate CAfwebos_certificate_intermediate_ca_group
Config FortiWeb server objects Intermediate CA groupfwebos_certificate_intermediate_ca_group_member
Config FortiWeb server objects Intermediate CA group memberfwebos_certificate_letsencrypt
Config FortiWeb server objects Letsencryptfwebos_certificate_letsencrypt_issue
Call FortiWeb server objects Letsencrypt issue actionfwebos_certificate_letsencrypt_revoke
Call FortiWeb server objects Letsencrypt revoke actionfwebos_certificate_local_csr
Config FortiWeb server objects Localfwebos_certificate_local_multi
Config FortiWeb server objects Local Multi-certificatefwebos_certificate_ocsp_stapling
Config FortiWeb server objects OCSP Staplingfwebos_certificate_offline_sni_group
Config FortiWeb server objects SNI Offline SNIfwebos_certificate_offline_sni_member
Config FortiWeb server objects SNI Offline SNI memberfwebos_certificate_public_key_pinning
Config FortiWeb server objects Public Key Pinningfwebos_certificate_sign_ca
Config FortiWeb server objects Sign CAfwebos_certificate_sni_group
Config FortiWeb server objects SNI Inline SNIfwebos_certificate_sni_group_member
Config FortiWeb server objects SNI Inline SNI memberfwebos_certificate_urlcert_group
Config FortiWeb server objects URL Certificate groupfwebos_certificate_urlcert_list
Config FortiWeb server objects URL Certificate listfwebos_certificate_verify
Config FortiWeb server objects Certificate Verifyfwebos_certificate_verify_server
Config FortiWeb server objects Server Certificate Verifyfwebos_certificate_xml_certificate_client
Config FortiWeb server objects XML Certificate Client Certificatefwebos_certificate_xml_certificate_server
Config FortiWeb server objects XML Certificate Server Certificatefwebos_certificate_xml_certificate_client_group
Config FortiWeb server objects XML Certificate Client groupfwebos_certificate_xml_certificate_client_group_member
Config FortiWeb server objects XML Certificate Client group memberfwebos_fortiguard_config
Config FortiWeb System FortiGuard infofwebos_ha
Config FortiWeb HA optionsfwebos_hsm_partion
Config FortiWeb HSM Partionfwebos_hsm_server
Config FortiWeb HSM Server infofwebos_hsm_server_download
Download HSM Server Certificatefwebos_ntp
Config FortiWeb NTP settingsfwebos_server_policy
Config FortiWeb Policy Server Policyfwebos_server_pool
Config FortiWeb server objects Server Poolfwebos_server_pool_rule
Config FortiWeb server objects Server Pool memberfwebos_server_service
Config FortiWeb server objects Servicefwebos_snmp_community
Config FortiWeb SNMP v1/v2c Communityfwebos_snmp_sysinfo
Config FortiWeb SNMP system infofwebos_snmp_user
Config FortiWeb SNMP v3 userfwebos_system_setting
Config FortiWeb system settingsfwebos_virtual_ip
Config FortiWeb Network Virtual IPfwebos_virtual_server
Config FortiWeb server objects virtual serverfwebos_virtual_server_ip
Assign FortiWeb virtual IP with virtual serverfwebos_waf_cookie_security
Config FortiWeb Web Protection Cookie Securityfwebos_waf_cookie_security_exception
Config FortiWeb Web Protection Cookie Security exceptionsfwebos_waf_custom_protection_group
Config FortiWeb Custom Policy policyfwebos_waf_custom_protection_group_type_list
Assign FortiWeb Custom Policy Custom Rule to policyfwebos_waf_custom_protection_rule
Config FortiWeb Custom Policy Custom Rulefwebos_waf_custom_protection_rule_condition
Config FortiWeb Custom Policy Custom Rule conditionsfwebos_waf_file_upload_policy
Config FortiWeb Input Validation File Securityfwebos_waf_file_upload_policy_rule
Assign FortiWeb Input Validation File Security rules to policyfwebos_waf_file_upload_rule
Config FortiWeb Input Validation File Security Rulefwebos_waf_file_upload_rule_filetype
Config FortiWeb Input Validation File Security Rule file typesfwebos_waf_geo_block
Config FortiWeb IP Protection GEO IPfwebos_waf_geo_block_country
Edit Country list in GEO IP Policyfwebos_waf_http_constraints_exceptions
Config FortiWeb Web Protection HTTP Constraints exceptionsfwebos_waf_http_constraints_exceptions_list
Config FortiWeb Web Protection HTTP Constraints exceptions rulesfwebos_waf_http_protocol_parameter_restriction
Config FortiWeb Web Protection HTTP Constraintsfwebos_waf_ip
Config FortiWeb IP Protection IP Listfwebos_waf_ip_members
Config FortiWeb IP Protection IP List memberfwebos_waf_signature
Config FortiWeb Web Protection Signaturefwebos_waf_syntax
Config FortiWeb Web Protection SQL/XSS Syntax Based Detetctionfwebos_waf_url_access_policy
Config FortiWeb Web Protection URL Access policyfwebos_waf_url_access_policy_rule
Assign URL policy rule to a policyfwebos_waf_url_access_rule
Config FortiWeb Web Protection URL Access rulesfwebos_waf_url_access_rule_condition
Config FortiWeb Web Protection URL Access rules conditionsfwebos_waf_webshell
Config FortiWeb Web Protection Web Shell Detetctionfwebos_waf_xml_policy
Config FortiWeb API Protection XML Protection policyfwebos_waf_xml_policy_rule_list
Assign FortiWeb API Protection XML Protection rule to a policyfwebos_waf_xml_rule
Config FortiWeb API Protection XML Protection ruleThis collection includes some playbooks for configuring FortiWeb OS. Here is a quick example:
Create the hosts
inventory file
[fortiweb]
web01 ansible_host=192.168.1.99 ansible_user="admin" ansible_password="password"
[fortiweb:vars]
ansible_network_os=fortinet.fortiweb.fwebos
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=no
ansible_httpapi_port=443
Run the playbook:
ansible-playbook -i hosts fwebos_system_setting.yml
This operation will adjust system idle timeout.
For other playbooks, please make sure required settings are already done in FortiWeb OS before running them.