Try SpotterConfigure WAN optimization profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.8 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.8.20
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify wanopt feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure WAN optimization profiles.
fortios_wanopt_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
wanopt_profile:
state: "present"
auth-group: "<your_own_value> (source wanopt.auth-group.name)"
cifs:
byte-caching: "enable"
log-traffic: "enable"
port: "7"
prefer-chunking: "dynamic"
secure-tunnel: "enable"
status: "enable"
tunnel-sharing: "private"
comments: "<your_own_value>"
ftp:
byte-caching: "enable"
log-traffic: "enable"
port: "16"
prefer-chunking: "dynamic"
secure-tunnel: "enable"
status: "enable"
tunnel-sharing: "private"
http:
byte-caching: "enable"
log-traffic: "enable"
port: "24"
prefer-chunking: "dynamic"
secure-tunnel: "enable"
ssl: "enable"
ssl-port: "28"
status: "enable"
tunnel-non-http: "enable"
tunnel-sharing: "private"
unknown-http-version: "reject"
mapi:
byte-caching: "enable"
log-traffic: "enable"
port: "36"
secure-tunnel: "enable"
status: "enable"
tunnel-sharing: "private"
name: "default_name_40"
tcp:
byte-caching: "enable"
byte-caching-opt: "mem-only"
log-traffic: "enable"
port: "<your_own_value>"
secure-tunnel: "enable"
ssl: "enable"
ssl-port: "48"
status: "enable"
tunnel-sharing: "private"
transparent: "enable"
host:
description:
- FortiOS or FortiGate ip address.
required: true
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol
type: bool
password:
default: ''
description:
- FortiOS or FortiGate password.
username:
description:
- FortiOS or FortiGate username.
required: true
wanopt_profile:
default: null
description:
- Configure WAN optimization profiles.
suboptions:
auth-group:
description:
- Optionally add an authentication group to restrict access to the WAN Optimization
tunnel to peers in the authentication group. Source wanopt.auth-group.name.
cifs:
description:
- Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN
Optimization features.
suboptions:
byte-caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of
traffic by caching file data sent across the WAN and in future serving if
from the cache.
log-traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
port:
description:
- Single port number or port number range for CIFS. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
prefer-chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
secure-tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
status:
choices:
- enable
- disable
description:
- Enable/disable HTTP WAN Optimization.
tunnel-sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
comments:
description:
- Comment.
ftp:
description:
- Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
suboptions:
byte-caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of
traffic by caching file data sent across the WAN and in future serving if
from the cache.
log-traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
port:
description:
- Single port number or port number range for FTP. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
prefer-chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
secure-tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
status:
choices:
- enable
- disable
description:
- Enable/disable HTTP WAN Optimization.
tunnel-sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
http:
description:
- Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
suboptions:
byte-caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of
traffic by caching file data sent across the WAN and in future serving if
from the cache.
log-traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
port:
description:
- Single port number or port number range for HTTP. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
prefer-chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
secure-tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
ssl:
choices:
- enable
- disable
description:
- Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic
in this tunnel.
ssl-port:
description:
- Port on which to expect HTTPS traffic for SSL/TLS offloading.
status:
choices:
- enable
- disable
description:
- Enable/disable HTTP WAN Optimization.
tunnel-non-http:
choices:
- enable
- disable
description:
- Configure how to process non-HTTP traffic when a profile configured for
HTTP traffic accepts a non-HTTP session. Can occur if an application sends
non-HTTP traffic using an HTTP destination port.
tunnel-sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
unknown-http-version:
choices:
- reject
- tunnel
- best-effort
description:
- How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
mapi:
description:
- Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization
features.
suboptions:
byte-caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of
traffic by caching file data sent across the WAN and in future serving if
from the cache.
log-traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
port:
description:
- Single port number or port number range for MAPI. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
secure-tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
status:
choices:
- enable
- disable
description:
- Enable/disable HTTP WAN Optimization.
tunnel-sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
name:
description:
- Profile name.
required: true
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object
tcp:
description:
- Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
suboptions:
byte-caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of
traffic by caching file data sent across the WAN and in future serving if
from the cache.
byte-caching-opt:
choices:
- mem-only
- mem-disk
description:
- Select whether TCP byte-caching uses system memory only or both memory and
disk space.
log-traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
port:
description:
- Single port number or port number range for TCP. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
secure-tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
ssl:
choices:
- enable
- disable
description:
- Enable/disable SSL/TLS offloading.
ssl-port:
description:
- Port on which to expect HTTPS traffic for SSL/TLS offloading.
status:
choices:
- enable
- disable
description:
- Enable/disable HTTP WAN Optimization.
tunnel-sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
transparent:
choices:
- enable
- disable
description:
- Enable/disable transparent mode.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str