Try SpotterWAN optimization
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Manage WanOpt security profiles in FortiManager via API
- name: DELETE Profile
fmgr_secprof_wanopt:
name: "Ansible_WanOpt_Profile"
mode: "delete"
- name: Create FMGR_WANOPT_PROFILE
fmgr_secprof_wanopt:
mode: "set"
adom: "root"
transparent: "enable"
name: "Ansible_WanOpt_Profile"
comments: "Created by Ansible"
cifs: {byte-caching: "enable",
log-traffic: "enable",
port: 80,
prefer-chunking: "dynamic",
status: "enable",
tunnel-sharing: "private"}
ftp: {byte-caching: "enable",
log-traffic: "enable",
port: 80,
prefer-chunking: "dynamic",
secure-tunnel: "disable",
status: "enable",
tunnel-sharing: "private"}
ftp:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
tcp:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
adom:
default: root
description:
- The ADOM the configuration should belong to.
required: false
cifs:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
http:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
mapi:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
mode:
choices:
- add
- set
- delete
- update
default: add
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
required: false
name:
description:
- Profile name.
required: false
tcp_ssl:
choices:
- disable
- enable
description:
- Enable/disable SSL/TLS offloading.
required: false
comments:
description:
- Comment.
required: false
ftp_port:
description:
- Single port number or port number range for FTP. Only packets with a destination
port number that matches this port number or range are accepted by this profile.
required: false
http_ssl:
choices:
- disable
- enable
description:
- Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this
tunnel.
required: false
tcp_port:
description:
- Single port number or port number range for TCP. Only packets with a destination
port number that matches this port number or range are accepted by this profile.
required: false
cifs_port:
description:
- Single port number or port number range for CIFS. Only packets with a destination
port number that matches this port number or range are accepted by this profile.
required: false
http_port:
description:
- Single port number or port number range for HTTP. Only packets with a destination
port number that matches this port number or range are accepted by this profile.
required: false
mapi_port:
description:
- Single port number or port number range for MAPI. Only packets with a destination
port number that matches this port number or range are accepted by this profile.
required: false
auth_group:
description:
- Optionally add an authentication group to restrict access to the WAN Optimization
tunnel to peers in the authentication group.
required: false
ftp_status:
choices:
- disable
- enable
description:
- Enable/disable HTTP WAN Optimization.
required: false
tcp_status:
choices:
- disable
- enable
description:
- Enable/disable HTTP WAN Optimization.
required: false
cifs_status:
choices:
- disable
- enable
description:
- Enable/disable HTTP WAN Optimization.
required: false
http_status:
choices:
- disable
- enable
description:
- Enable/disable HTTP WAN Optimization.
required: false
mapi_status:
choices:
- disable
- enable
description:
- Enable/disable HTTP WAN Optimization.
required: false
transparent:
choices:
- disable
- enable
description:
- Enable/disable transparent mode.
required: false
tcp_ssl_port:
description:
- Port on which to expect HTTPS traffic for SSL/TLS offloading.
required: false
http_ssl_port:
description:
- Port on which to expect HTTPS traffic for SSL/TLS offloading.
required: false
ftp_log_traffic:
choices:
- disable
- enable
description:
- Enable/disable logging.
required: false
tcp_log_traffic:
choices:
- disable
- enable
description:
- Enable/disable logging.
required: false
cifs_log_traffic:
choices:
- disable
- enable
description:
- Enable/disable logging.
required: false
ftp_byte_caching:
choices:
- disable
- enable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the cache.
required: false
http_log_traffic:
choices:
- disable
- enable
description:
- Enable/disable logging.
required: false
mapi_log_traffic:
choices:
- disable
- enable
description:
- Enable/disable logging.
required: false
tcp_byte_caching:
choices:
- disable
- enable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the cache.
required: false
cifs_byte_caching:
choices:
- disable
- enable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the cache.
required: false
ftp_secure_tunnel:
choices:
- disable
- enable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels
use the same TCP port (7810).
required: false
http_byte_caching:
choices:
- disable
- enable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the cache.
required: false
mapi_byte_caching:
choices:
- disable
- enable
description:
- Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the cache.
required: false
tcp_secure_tunnel:
choices:
- disable
- enable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels
use the same TCP port (7810).
required: false
cifs_secure_tunnel:
choices:
- disable
- enable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels
use the same TCP port (7810).
required: false
ftp_tunnel_sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
required: false
http_secure_tunnel:
choices:
- disable
- enable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels
use the same TCP port (7810).
required: false
mapi_secure_tunnel:
choices:
- disable
- enable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels
use the same TCP port (7810).
required: false
tcp_tunnel_sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
required: false
cifs_tunnel_sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
required: false
ftp_prefer_chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
required: false
http_tunnel_sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
required: false
mapi_tunnel_sharing:
choices:
- private
- shared
- express-shared
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
required: false
cifs_prefer_chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
required: false
http_prefer_chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
required: false
http_tunnel_non_http:
choices:
- disable
- enable
description:
- Configure how to process non-HTTP traffic when a profile configured for HTTP traffic
accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using
an HTTP destination port.
required: false
tcp_byte_caching_opt:
choices:
- mem-only
- mem-disk
description:
- Select whether TCP byte-caching uses system memory only or both memory and disk
space.
required: false
http_unknown_http_version:
choices:
- best-effort
- reject
- tunnel
description:
- How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
required: false
api_result: description: full API response, includes status code and message returned: always type: str