ansible / ansible.builtin / v2.8.13 / module / fortios_web_proxy_global Configure Web proxy global settings in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of ansible.builtin" Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityansible.builtin.fortios_web_proxy_global (v2.8.13) — module
pip
Install with pip install ansible==2.8.13
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost vars: host: "192.168.122.40" username: "admin" password: "" vdom: "root" tasks: - name: Configure Web proxy global settings. fortios_web_proxy_global: host: "{{ host }}" username: "{{ username }}" password: "{{ password }}" vdom: "{{ vdom }}" https: "False" web_proxy_global: fast-policy-match: "enable" forward-proxy-auth: "enable" forward-server-affinity-timeout: "5" learn-client-ip: "enable" learn-client-ip-from-header: "true-client-ip" learn-client-ip-srcaddr: - name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" learn-client-ip-srcaddr6: - name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)" max-message-length: "12" max-request-length: "13" max-waf-body-cache-length: "14" proxy-fqdn: "<your_own_value>" strict-web-check: "enable" tunnel-non-http: "enable" unknown-http-version: "reject" webproxy-profile: "<your_own_value> (source web-proxy.profile.name)"
host: description: - FortiOS or FortiGate ip address. required: true vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. https: default: true description: - Indicates if the requests towards FortiGate must use HTTPS protocol type: bool password: default: '' description: - FortiOS or FortiGate password. username: description: - FortiOS or FortiGate username. required: true web_proxy_global: default: null description: - Configure Web proxy global settings. suboptions: fast-policy-match: choices: - enable - disable description: - Enable/disable fast matching algorithm for explicit and transparent proxy policy. forward-proxy-auth: choices: - enable - disable description: - Enable/disable forwarding proxy authentication headers. forward-server-affinity-timeout: description: - Period of time before the source IP's traffic is no longer assigned to the forwarding server (6 - 60 min, default = 30). learn-client-ip: choices: - enable - disable description: - Enable/disable learning the client's IP address from headers. learn-client-ip-from-header: choices: - true-client-ip - x-real-ip - x-forwarded-for description: - Learn client IP address from the specified headers. learn-client-ip-srcaddr: description: - Source address name (srcaddr or srcaddr6 must be set). suboptions: name: description: - Address name. Source firewall.address.name firewall.addrgrp.name. required: true learn-client-ip-srcaddr6: description: - IPv6 Source address name (srcaddr or srcaddr6 must be set). suboptions: name: description: - Address name. Source firewall.address6.name firewall.addrgrp6.name. required: true max-message-length: description: - Maximum length of HTTP message, not including body (16 - 256 Kbytes, default = 32). max-request-length: description: - Maximum length of HTTP request line (2 - 64 Kbytes, default = 4). max-waf-body-cache-length: description: - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes, default = 32). proxy-fqdn: description: - Fully Qualified Domain Name (FQDN) that clients connect to (default = default.fqdn) to connect to the explicit web proxy. strict-web-check: choices: - enable - disable description: - Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. tunnel-non-http: choices: - enable - disable description: - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. unknown-http-version: choices: - reject - tunnel - best-effort description: - 'Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort.' webproxy-profile: description: - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str