 
    New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| firewall_interface_policy 
                    -
                                         | Default: null | Configure IPv4 interface policies. | ||
| address-type 
                    -
                                         | 
 | Policy address type (IPv4 or IPv6). | ||
| application-list 
                    -
                                         | Application list name. Source application.list.name. | |||
| application-list-status 
                    -
                                         | 
 | Enable/disable application control. | ||
| av-profile 
                    -
                                         | Antivirus profile. Source antivirus.profile.name. | |||
| av-profile-status 
                    -
                                         | 
 | Enable/disable antivirus. | ||
| comments 
                    -
                                         | Comments. | |||
| dlp-sensor 
                    -
                                         | DLP sensor name. Source dlp.sensor.name. | |||
| dlp-sensor-status 
                    -
                                         | 
 | Enable/disable DLP. | ||
| dsri 
                    -
                                         | 
 | Enable/disable DSRI. | ||
| dstaddr 
                    -
                                         | Address object to limit traffic monitoring to network traffic sent to the specified address or range. | |||
| name 
                    -
                     / required                     | Address name. Source firewall.address.name firewall.addrgrp.name. | |||
| interface 
                    -
                                         | Monitored interface name from available interfaces. Source system.zone.name system.interface.name. | |||
| ips-sensor 
                    -
                                         | IPS sensor name. Source ips.sensor.name. | |||
| ips-sensor-status 
                    -
                                         | 
 | Enable/disable IPS. | ||
| label 
                    -
                                         | Label. | |||
| logtraffic 
                    -
                                         | 
 | Logging type to be used in this policy (Options: all | utm | disable, Default: utm). | ||
| policyid 
                    -
                     / required                     | Policy ID. | |||
| scan-botnet-connections 
                    -
                                         | 
 | Enable/disable scanning for connections to Botnet servers. | ||
| service 
                    -
                                         | Service object from available options. | |||
| name 
                    -
                     / required                     | Service name. Source firewall.service.custom.name firewall.service.group.name. | |||
| spamfilter-profile 
                    -
                                         | Antispam profile. Source spamfilter.profile.name. | |||
| spamfilter-profile-status 
                    -
                                         | 
 | Enable/disable antispam. | ||
| srcaddr 
                    -
                                         | Address object to limit traffic monitoring to network traffic sent from the specified address or range. | |||
| name 
                    -
                     / required                     | Address name. Source firewall.address.name firewall.addrgrp.name. | |||
| state 
                    -
                                         | 
 | Indicates whether to create or remove the object | ||
| status 
                    -
                                         | 
 | Enable/disable this policy. | ||
| webfilter-profile 
                    -
                                         | Web filter profile. Source webfilter.profile.name. | |||
| webfilter-profile-status 
                    -
                                         | 
 | Enable/disable web filtering. | ||
| host 
                    -
                     / required                     | FortiOS or FortiGate ip address. | |||
| https 
                    boolean
                                         | 
 | Indicates if the requests towards FortiGate must use HTTPS protocol | ||
| password 
                    -
                                         | Default: "" | FortiOS or FortiGate password. | ||
| username 
                    -
                     / required                     | FortiOS or FortiGate username. | |||
| vdom 
                    -
                                         | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
Note
- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure IPv4 interface policies.
    fortios_firewall_interface_policy:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      firewall_interface_policy:
        state: "present"
        address-type: "ipv4"
        application-list: "<your_own_value> (source application.list.name)"
        application-list-status: "enable"
        av-profile: "<your_own_value> (source antivirus.profile.name)"
        av-profile-status: "enable"
        comments: "<your_own_value>"
        dlp-sensor: "<your_own_value> (source dlp.sensor.name)"
        dlp-sensor-status: "enable"
        dsri: "enable"
        dstaddr:
         -
            name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)"
        interface: "<your_own_value> (source system.zone.name system.interface.name)"
        ips-sensor: "<your_own_value> (source ips.sensor.name)"
        ips-sensor-status: "enable"
        label: "<your_own_value>"
        logtraffic: "all"
        policyid: "19"
        scan-botnet-connections: "disable"
        service:
         -
            name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)"
        spamfilter-profile: "<your_own_value> (source spamfilter.profile.name)"
        spamfilter-profile-status: "enable"
        srcaddr:
         -
            name: "default_name_26 (source firewall.address.name firewall.addrgrp.name)"
        status: "enable"
        webfilter-profile: "<your_own_value> (source webfilter.profile.name)"
        webfilter-profile-status: "enable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | 
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 | 
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT | 
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 | 
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id | 
| name string | always | Name of the table used to fulfill the request Sample: urlfilter | 
| path string | always | Path of the table used to fulfill the request Sample: webfilter | 
| revision string | always | Internal revision number Sample: 17.0.2.10658 | 
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 | 
| status string | always | Indication of the operation's result Sample: success | 
| vdom string | always | Virtual domain used Sample: root | 
| version string | always | Version of the FortiGate Sample: v5.6.3 | 
Hint
If you notice any issues in this documentation you can edit this document to improve it.