Try SpotterSet API Gateway.
| "added in version" 2.1.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Set API Gateway.
fmgr_firewall_accessproxy_apigateway:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
access-proxy: <your own value>
state: <value in [present, absent]>
firewall_accessproxy_apigateway:
http-cookie-age: <value of integer>
http-cookie-domain: <value of string>
http-cookie-domain-from-host: <value in [disable, enable]>
http-cookie-generation: <value of integer>
http-cookie-path: <value of string>
http-cookie-share: <value in [disable, same-ip]>
https-cookie-secure: <value in [disable, enable]>
id: <value of integer>
ldb-method: <value in [static, round-robin, weighted, ...]>
persistence: <value in [none, http-cookie]>
realservers:
-
address: <value of string>
health-check: <value in [disable, enable]>
health-check-proto: <value in [ping, http, tcp-connect]>
http-host: <value of string>
id: <value of integer>
ip: <value of string>
mappedport: <value of string>
port: <value of integer>
status: <value in [active, standby, disable]>
weight: <value of integer>
addr-type: <value in [fqdn, ip]>
domain: <value of string>
holddown-interval: <value in [disable, enable]>
ssh-client-cert: <value of string>
ssh-host-key: <value of string>
ssh-host-key-validation: <value in [disable, enable]>
type: <value in [tcp-forwarding, ssh]>
translate-host: <value in [disable, enable]>
external-auth: <value in [disable, enable]>
tunnel-encryption: <value in [disable, enable]>
saml-server: <value of string>
service: <value in [http, https, tcp-forwarding, ...]>
ssl-algorithm: <value in [high, medium, low, ...]>
ssl-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
priority: <value of integer>
versions:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
ssl-dh-bits: <value in [768, 1024, 1536, ...]>
ssl-max-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]>
ssl-min-version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]>
url-map: <value of string>
url-map-type: <value in [sub-string, wildcard, regex]>
virtual-host: <value of string>
saml-redirect: <value in [disable, enable]>
ssl-vpn-web-portal: <value of string>
application: <value of string>
ssl-renegotiation: <value in [disable, enable]>
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access-proxy:
description: the parameter (access-proxy) in requested url
required: true
type: str
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
firewall_accessproxy_apigateway:
description: the top level parameters set
required: false
suboptions:
application:
description: description
type: str
http-cookie-age:
description: Time in minutes that client web browsers should keep a cookie.
type: int
http-cookie-domain:
description: Domain that HTTP cookie persistence should apply to.
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: Enable/disable use of HTTP cookie domain from host field in HTTP.
type: str
http-cookie-generation:
description: Generation of HTTP cookie to be accepted.
type: int
http-cookie-path:
description: Limit HTTP cookie persistence to the specified path.
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: Control sharing of cookies across API Gateway.
type: str
https-cookie-secure:
choices:
- disable
- enable
description: Enable/disable verification that inserted HTTPS cookies are secure.
type: str
id:
description: API Gateway ID.
type: int
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: Method used to distribute sessions to real servers.
type: str
persistence:
choices:
- none
- http-cookie
description: Configure how to make sure that clients connect to the same server
every time they make a request that is part of the same session.
type: str
realservers:
description: description
elements: dict
suboptions:
addr-type:
choices:
- fqdn
- ip
description: Type of address.
type: str
address:
description: Address or address group of the real server.
type: str
domain:
description: Wildcard domain name of the real server.
type: str
external-auth:
choices:
- disable
- enable
description: Enable/disable use of external browser as user-agent for SAML
user authentication.
type: str
health-check:
choices:
- disable
- enable
description: Enable to check the responsiveness of the real server before
forwarding traffic.
type: str
health-check-proto:
choices:
- ping
- http
- tcp-connect
description: Protocol of the health check monitor to use when polling to determine
servers connectivity status.
type: str
holddown-interval:
choices:
- disable
- enable
description: Enable/disable holddown timer.
type: str
http-host:
description: HTTP server domain name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IP address of the real server.
type: str
mappedport:
description: Port for communicating with the real server.
type: str
port:
description: Port for communicating with the real server.
type: int
ssh-client-cert:
description: Set access-proxy SSH client certificate profile.
type: str
ssh-host-key:
description: description
type: str
ssh-host-key-validation:
choices:
- disable
- enable
description: Enable/disable SSH real server host key validation.
type: str
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can accept
traffic, or on standby or disabled so no traffic is sent.
type: str
translate-host:
choices:
- disable
- enable
description: Enable/disable translation of hostname/IP from virtual server
to real server.
type: str
tunnel-encryption:
choices:
- disable
- enable
description: Tunnel encryption.
type: str
type:
choices:
- tcp-forwarding
- ssh
description: TCP forwarding server type.
type: str
weight:
description: Weight of the real server.
type: int
type: list
saml-redirect:
choices:
- disable
- enable
description: Enable/disable SAML redirection after successful authentication.
type: str
saml-server:
description: SAML service provider configuration for VIP authentication.
type: str
service:
choices:
- http
- https
- tcp-forwarding
- samlsp
- web-portal
- saas
description: Service.
type: str
ssl-algorithm:
choices:
- high
- medium
- low
- custom
description: Permitted encryption algorithms for the server side of SSL full mode
sessions according to encryption strength.
type: str
ssl-cipher-suites:
description: description
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: description
elements: str
type: list
type: list
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption
of SSL sessions.
type: str
ssl-max-version:
choices:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Highest SSL/TLS version acceptable from a server.
type: str
ssl-min-version:
choices:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Lowest SSL/TLS version acceptable from a server.
type: str
ssl-renegotiation:
choices:
- disable
- enable
description: Enable/disable secure renegotiation to comply with RFC 5746.
type: str
ssl-vpn-web-portal:
description: SSL-VPN web portal.
type: str
url-map:
description: URL pattern to match.
type: str
url-map-type:
choices:
- sub-string
- wildcard
- regex
description: Type of url-map.
type: str
virtual-host:
description: Virtual host.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list