drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_accessproxy_apigateway Set API Gateway. | "added in version" 2.1.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_accessproxy_apigateway (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Set API Gateway. fmgr_firewall_accessproxy_apigateway: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> access-proxy: <your own value> state: <value in [present, absent]> firewall_accessproxy_apigateway: http-cookie-age: <value of integer> http-cookie-domain: <value of string> http-cookie-domain-from-host: <value in [disable, enable]> http-cookie-generation: <value of integer> http-cookie-path: <value of string> http-cookie-share: <value in [disable, same-ip]> https-cookie-secure: <value in [disable, enable]> id: <value of integer> ldb-method: <value in [static, round-robin, weighted, ...]> persistence: <value in [none, http-cookie]> realservers: - address: <value of string> health-check: <value in [disable, enable]> health-check-proto: <value in [ping, http, tcp-connect]> http-host: <value of string> id: <value of integer> ip: <value of string> mappedport: <value of string> port: <value of integer> status: <value in [active, standby, disable]> weight: <value of integer> addr-type: <value in [fqdn, ip]> domain: <value of string> holddown-interval: <value in [disable, enable]> ssh-client-cert: <value of string> ssh-host-key: <value of string> ssh-host-key-validation: <value in [disable, enable]> type: <value in [tcp-forwarding, ssh]> translate-host: <value in [disable, enable]> external-auth: <value in [disable, enable]> tunnel-encryption: <value in [disable, enable]> saml-server: <value of string> service: <value in [http, https, tcp-forwarding, ...]> ssl-algorithm: <value in [high, medium, low, ...]> ssl-cipher-suites: - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]> priority: <value of integer> versions: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 ssl-dh-bits: <value in [768, 1024, 1536, ...]> ssl-max-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl-min-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> url-map: <value of string> url-map-type: <value in [sub-string, wildcard, regex]> virtual-host: <value of string> saml-redirect: <value in [disable, enable]> ssl-vpn-web-portal: <value of string> application: <value of string> ssl-renegotiation: <value in [disable, enable]>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access-proxy: description: the parameter (access-proxy) in requested url required: true type: str access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int firewall_accessproxy_apigateway: description: the top level parameters set required: false suboptions: application: description: description type: str http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across API Gateway. type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: API Gateway ID. type: int ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str realservers: description: description elements: dict suboptions: addr-type: choices: - fqdn - ip description: Type of address. type: str address: description: Address or address group of the real server. type: str domain: description: Wildcard domain name of the real server. type: str external-auth: choices: - disable - enable description: Enable/disable use of external browser as user-agent for SAML user authentication. type: str health-check: choices: - disable - enable description: Enable to check the responsiveness of the real server before forwarding traffic. type: str health-check-proto: choices: - ping - http - tcp-connect description: Protocol of the health check monitor to use when polling to determine servers connectivity status. type: str holddown-interval: choices: - disable - enable description: Enable/disable holddown timer. type: str http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str mappedport: description: Port for communicating with the real server. type: str port: description: Port for communicating with the real server. type: int ssh-client-cert: description: Set access-proxy SSH client certificate profile. type: str ssh-host-key: description: description type: str ssh-host-key-validation: choices: - disable - enable description: Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str tunnel-encryption: choices: - disable - enable description: Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: TCP forwarding server type. type: str weight: description: Weight of the real server. type: int type: list saml-redirect: choices: - disable - enable description: Enable/disable SAML redirection after successful authentication. type: str saml-server: description: SAML service provider configuration for VIP authentication. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: Service. type: str ssl-algorithm: choices: - high - medium - low - custom description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-cipher-suites: description: description elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: description elements: str type: list type: list ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-max-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-min-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-vpn-web-portal: description: SSL-VPN web portal. type: str url-map: description: URL pattern to match. type: str url-map-type: choices: - sub-string - wildcard - regex description: Type of url-map. type: str virtual-host: description: Virtual host. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list