drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_accessproxy Configure Access Proxy. | "added in version" 2.1.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_accessproxy (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure Access Proxy. fmgr_firewall_accessproxy: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> firewall_accessproxy: api-gateway: - http-cookie-age: <value of integer> http-cookie-domain: <value of string> http-cookie-domain-from-host: <value in [disable, enable]> http-cookie-generation: <value of integer> http-cookie-path: <value of string> http-cookie-share: <value in [disable, same-ip]> https-cookie-secure: <value in [disable, enable]> id: <value of integer> ldb-method: <value in [static, round-robin, weighted, ...]> persistence: <value in [none, http-cookie]> realservers: - address: <value of string> health-check: <value in [disable, enable]> health-check-proto: <value in [ping, http, tcp-connect]> http-host: <value of string> id: <value of integer> ip: <value of string> mappedport: <value of string> port: <value of integer> status: <value in [active, standby, disable]> weight: <value of integer> addr-type: <value in [fqdn, ip]> domain: <value of string> holddown-interval: <value in [disable, enable]> ssh-client-cert: <value of string> ssh-host-key: <value of string> ssh-host-key-validation: <value in [disable, enable]> type: <value in [tcp-forwarding, ssh]> translate-host: <value in [disable, enable]> external-auth: <value in [disable, enable]> tunnel-encryption: <value in [disable, enable]> saml-server: <value of string> service: <value in [http, https, tcp-forwarding, ...]> ssl-algorithm: <value in [high, medium, low, ...]> ssl-cipher-suites: - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]> priority: <value of integer> versions: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 ssl-dh-bits: <value in [768, 1024, 1536, ...]> ssl-max-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl-min-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> url-map: <value of string> url-map-type: <value in [sub-string, wildcard, regex]> virtual-host: <value of string> saml-redirect: <value in [disable, enable]> ssl-vpn-web-portal: <value of string> application: <value of string> ssl-renegotiation: <value in [disable, enable]> client-cert: <value in [disable, enable]> empty-cert-action: <value in [block, accept, accept-unmanageable]> ldb-method: <value in [static, round-robin, weighted, ...]> name: <value of string> realservers: - id: <value of integer> ip: <value of string> port: <value of integer> status: <value in [active, standby, disable]> weight: <value of integer> server-pubkey-auth: <value in [disable, enable]> server-pubkey-auth-settings: auth-ca: <value of string> cert-extension: - critical: <value in [no, yes]> data: <value of string> name: <value of string> type: <value in [fixed, user]> permit-agent-forwarding: <value in [disable, enable]> permit-port-forwarding: <value in [disable, enable]> permit-pty: <value in [disable, enable]> permit-user-rc: <value in [disable, enable]> permit-x11-forwarding: <value in [disable, enable]> source-address: <value in [disable, enable]> vip: <value of string> api-gateway6: - http-cookie-age: <value of integer> http-cookie-domain: <value of string> http-cookie-domain-from-host: <value in [disable, enable]> http-cookie-generation: <value of integer> http-cookie-path: <value of string> http-cookie-share: <value in [disable, same-ip]> https-cookie-secure: <value in [disable, enable]> id: <value of integer> ldb-method: <value in [static, round-robin, weighted, ...]> persistence: <value in [none, http-cookie]> realservers: - addr-type: <value in [fqdn, ip]> address: <value of string> domain: <value of string> health-check: <value in [disable, enable]> health-check-proto: <value in [ping, http, tcp-connect]> holddown-interval: <value in [disable, enable]> http-host: <value of string> id: <value of integer> ip: <value of string> mappedport: <value of string> port: <value of integer> ssh-client-cert: <value of string> ssh-host-key: <value of string> ssh-host-key-validation: <value in [disable, enable]> status: <value in [active, standby, disable]> type: <value in [tcp-forwarding, ssh]> weight: <value of integer> translate-host: <value in [disable, enable]> external-auth: <value in [disable, enable]> tunnel-encryption: <value in [disable, enable]> saml-redirect: <value in [disable, enable]> saml-server: <value of string> service: <value in [http, https, tcp-forwarding, ...]> ssl-algorithm: <value in [high, medium, low]> ssl-cipher-suites: - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]> priority: <value of integer> versions: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 ssl-dh-bits: <value in [768, 1024, 1536, ...]> ssl-max-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl-min-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl-vpn-web-portal: <value of string> url-map: <value of string> url-map-type: <value in [sub-string, wildcard, regex]> virtual-host: <value of string> application: <value of string> ssl-renegotiation: <value in [disable, enable]> auth-portal: <value in [disable, enable]> auth-virtual-host: <value of string> decrypted-traffic-mirror: <value of string> log-blocked-traffic: <value in [disable, enable]> add-vhost-domain-to-dnsdb: <value in [disable, enable]> user-agent-detect: <value in [disable, enable]> http-supported-max-version: <value in [http1, http2]> svr-pool-multiplex: <value in [disable, enable]> svr-pool-server-max-request: <value of integer> svr-pool-ttl: <value of integer>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool firewall_accessproxy: description: the top level parameters set required: false suboptions: add-vhost-domain-to-dnsdb: choices: - disable - enable description: Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str api-gateway: description: Api-Gateway. elements: dict suboptions: application: description: description type: str http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across API Gateway. type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: API Gateway ID. type: int ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the s... type: str realservers: description: Realservers. elements: dict suboptions: addr-type: choices: - fqdn - ip description: Type of address. type: str address: description: Address or address group of the real server. type: str domain: description: Wildcard domain name of the real server. type: str external-auth: choices: - disable - enable description: Enable/disable use of external browser as user-agent for SAML user authentication. type: str health-check: choices: - disable - enable description: Enable to check the responsiveness of the real server before forwarding traffic. type: str health-check-proto: choices: - ping - http - tcp-connect description: Protocol of the health check monitor to use when polling to determine servers connectivity status. type: str holddown-interval: choices: - disable - enable description: Enable/disable holddown timer. type: str http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str mappedport: description: Port for communicating with the real server. type: str port: description: Port for communicating with the real server. type: int ssh-client-cert: description: Set access-proxy SSH client certificate profile. type: str ssh-host-key: description: description type: str ssh-host-key-validation: choices: - disable - enable description: Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traf... type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str tunnel-encryption: choices: - disable - enable description: Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: TCP forwarding server type. type: str weight: description: Weight of the real server. type: int type: list saml-redirect: choices: - disable - enable description: Enable/disable SAML redirection after successful authentication. type: str saml-server: description: SAML service provider configuration for VIP authentication. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: Service. type: str ssl-algorithm: choices: - high - medium - low - custom description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-cipher-suites: description: Ssl-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-max-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-min-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-vpn-web-portal: description: SSL-VPN web portal. type: str url-map: description: URL pattern to match. type: str url-map-type: choices: - sub-string - wildcard - regex description: Type of url-map. type: str virtual-host: description: Virtual host. type: str type: list api-gateway6: description: description elements: dict suboptions: application: description: description type: str http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across API Gateway. type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: API Gateway ID. type: int ldb-method: choices: - static - round-robin - weighted - first-alive - http-host description: Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the s... type: str realservers: description: description elements: dict suboptions: addr-type: choices: - fqdn - ip description: Type of address. type: str address: description: Address or address group of the real server. type: str domain: description: Wildcard domain name of the real server. type: str external-auth: choices: - disable - enable description: Enable/disable use of external browser as user-agent for SAML user authentication. type: str health-check: choices: - disable - enable description: Enable to check the responsiveness of the real server before forwarding traffic. type: str health-check-proto: choices: - ping - http - tcp-connect description: Protocol of the health check monitor to use when polling to determine servers connectivity status. type: str holddown-interval: choices: - disable - enable description: Enable/disable holddown timer. type: str http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IPv6 address of the real server. type: str mappedport: description: Port for communicating with the real server. type: str port: description: Port for communicating with the real server. type: int ssh-client-cert: description: Set access-proxy SSH client certificate profile. type: str ssh-host-key: description: description type: str ssh-host-key-validation: choices: - disable - enable description: Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traf... type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str tunnel-encryption: choices: - disable - enable description: Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: TCP forwarding server type. type: str weight: description: Weight of the real server. type: int type: list saml-redirect: choices: - disable - enable description: Enable/disable SAML redirection after successful authentication. type: str saml-server: description: SAML service provider configuration for VIP authentication. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: Service. type: str ssl-algorithm: choices: - high - medium - low description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-cipher-suites: description: description elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: description elements: str type: list type: list ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-max-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-min-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-vpn-web-portal: description: SSL-VPN web portal. type: str url-map: description: URL pattern to match. type: str url-map-type: choices: - sub-string - wildcard - regex description: Type of url-map. type: str virtual-host: description: Virtual host. type: str type: list auth-portal: choices: - disable - enable description: Enable/disable authentication portal. type: str auth-virtual-host: description: Virtual host for authentication portal. type: str client-cert: choices: - disable - enable description: Enable/disable to request client certificate. type: str decrypted-traffic-mirror: description: Decrypted traffic mirror. type: str empty-cert-action: choices: - block - accept - accept-unmanageable description: Action of an empty client certificate. type: str http-supported-max-version: choices: - http1 - http2 description: Maximum supported HTTP versions. type: str ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive description: Method used to distribute sessions to SSL real servers. type: str log-blocked-traffic: choices: - disable - enable description: Enable/disable logging of blocked traffic. type: str name: description: Access Proxy name. type: str realservers: description: Realservers. elements: dict suboptions: id: description: Real server ID. type: int ip: description: IP address of the real server. type: str port: description: Port for communicating with the real server. type: int status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str weight: description: Weight of the real server. type: int type: list server-pubkey-auth: choices: - disable - enable description: Enable/disable SSH real server public key authentication. type: str server-pubkey-auth-settings: description: no description required: false suboptions: auth-ca: description: Name of the SSH server public key authentication CA. type: str cert-extension: description: Cert-Extension. elements: dict suboptions: critical: choices: - 'no' - 'yes' description: Critical option. type: str data: description: Name of certificate extension. type: str name: description: Name of certificate extension. type: str type: choices: - fixed - user description: Type of certificate extension. type: str type: list permit-agent-forwarding: choices: - disable - enable description: Enable/disable appending permit-agent-forwarding certificate extension. type: str permit-port-forwarding: choices: - disable - enable description: Enable/disable appending permit-port-forwarding certificate extension. type: str permit-pty: choices: - disable - enable description: Enable/disable appending permit-pty certificate extension. type: str permit-user-rc: choices: - disable - enable description: Enable/disable appending permit-user-rc certificate extension. type: str permit-x11-forwarding: choices: - disable - enable description: Enable/disable appending permit-x11-forwarding certificate extension. type: str source-address: choices: - disable - enable description: Enable/disable appending source-address certificate critical option. type: str type: dict svr-pool-multiplex: choices: - disable - enable description: Enable/disable server pool multiplexing. type: str svr-pool-server-max-request: description: Maximum number of requests that servers in server pool handle before disconnecting type: int svr-pool-ttl: description: Time-to-live in the server pool for idle connections to servers. type: int user-agent-detect: choices: - disable - enable description: Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str vip: description: Virtual IP name. type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list