Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

Creating an IP protection policy

Example: create an IP protection policy

---
- name: Execute cloud api

hosts: fortiwebcloud01

gather_facts: no

collections:

- fortinet.fortiwebcloud

connection: httpapi

vars:

ansible_httpapi_validate_certs: False

ansible_httpapi_use_ssl: true

ansible_httpapi_port: 443

application_name: "YOUR_APP_NAME"

tasks:

- name: Configure IP Protection.

cloudwaf_ip_protection_method:

api_token: "You must specify a token"

app_name: "{{application_name}}"

template_status: disable

status: enable

IPProtection:

ip-reputation: enable

geo-ip-block:

members:

- Antigua And Barbuda

- Aland Islands

- Afghanistan

ip-list:

members:

- type: trust-ip

ip: '1.1.1.1,2.2.2.21-2.2.2.27'

- type: block-ip

ip: '3.1.1.1,3.1.1.11-3.1.1.17'

- type: allow-only-ip

ip: '4.1.1.1-4.1.1.17,4.1.1.19'

ansible_httpapi_validate_certs

Whether to validate certificates for the connections between your Ansible host and FortiWeb Cloud's API gateway.

Specify False.

ansible_httpapi_use_ssl

Whether to use SSL protocol for the connections between your Ansible host and FortiWeb Cloud's API gateway.

Specify true.

ansible_httpapi_port

The port number used for the SSL connection.

Specify 443.

 

template_status

Specify whether to enable or disable inheriting the configurations of the template that you have applied to this application.

status

Specify whether to enable or disable IP reputation module.

ip-reputation Specify whether to enable or disable blocking client access based on up-to-date threat intelligence gathered by FortiGuard.

geo-ip-block

members:

Specify one or more geographical regions that you want to block. All requests from the specified regions will be blocked.

ip-list

type: trust-ip

Specify the trust IPs.

ip-list

type: block-ip

Specify the block IPs.

ip-list

type: allow-only-ip

Specify the allow only IPs.

For more information about the trust IP, block IP, and allow only IP, see IP Protection.

Creating an IP protection policy

Example: create an IP protection policy

---
- name: Execute cloud api

hosts: fortiwebcloud01

gather_facts: no

collections:

- fortinet.fortiwebcloud

connection: httpapi

vars:

ansible_httpapi_validate_certs: False

ansible_httpapi_use_ssl: true

ansible_httpapi_port: 443

application_name: "YOUR_APP_NAME"

tasks:

- name: Configure IP Protection.

cloudwaf_ip_protection_method:

api_token: "You must specify a token"

app_name: "{{application_name}}"

template_status: disable

status: enable

IPProtection:

ip-reputation: enable

geo-ip-block:

members:

- Antigua And Barbuda

- Aland Islands

- Afghanistan

ip-list:

members:

- type: trust-ip

ip: '1.1.1.1,2.2.2.21-2.2.2.27'

- type: block-ip

ip: '3.1.1.1,3.1.1.11-3.1.1.17'

- type: allow-only-ip

ip: '4.1.1.1-4.1.1.17,4.1.1.19'

ansible_httpapi_validate_certs

Whether to validate certificates for the connections between your Ansible host and FortiWeb Cloud's API gateway.

Specify False.

ansible_httpapi_use_ssl

Whether to use SSL protocol for the connections between your Ansible host and FortiWeb Cloud's API gateway.

Specify true.

ansible_httpapi_port

The port number used for the SSL connection.

Specify 443.

 

template_status

Specify whether to enable or disable inheriting the configurations of the template that you have applied to this application.

status

Specify whether to enable or disable IP reputation module.

ip-reputation Specify whether to enable or disable blocking client access based on up-to-date threat intelligence gathered by FortiGuard.

geo-ip-block

members:

Specify one or more geographical regions that you want to block. All requests from the specified regions will be blocked.

ip-list

type: trust-ip

Specify the trust IPs.

ip-list

type: block-ip

Specify the block IPs.

ip-list

type: allow-only-ip

Specify the allow only IPs.

For more information about the trust IP, block IP, and allow only IP, see IP Protection.