Steampunk Ansible Documentation - drmofu.fortimanager.fmgr_firewall_sslsshprofile_ftps (2.2.2) - module

Install collection

Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2

Add to requirements.yml

  collections:
    - name: drmofu.fortimanager
      version: 2.2.2

Description

This module is able to configure a FortiManager device.

Examples include all parameters and values which need to be adjusted to data sources before usage.

Usage examples

Scanned by Steampunk Spotter

 - hosts: fortimanager-inventory
   collections:
     - fortinet.fortimanager
   connection: httpapi
   vars:
      ansible_httpapi_use_ssl: True
      ansible_httpapi_validate_certs: False
      ansible_httpapi_port: 443
   tasks:
    - name: Configure FTPS options.
      fmgr_firewall_sslsshprofile_ftps:
         bypass_validation: False
         workspace_locking_adom: <value in [global, custom adom including root]>
         workspace_locking_timeout: 300
         rc_succeeded: [0, -2, -3, ...]
         rc_failed: [-2, -3, ...]
         adom: <your own value>
         ssl-ssh-profile: <your own value>
         firewall_sslsshprofile_ftps:
            allow-invalid-server-cert: <value in [disable, enable]>
            client-cert-request: <value in [bypass, inspect, block]>
            ports: <value of integer>
            status: <value in [disable, deep-inspection]>
            unsupported-ssl: <value in [bypass, inspect, block]>
            untrusted-cert: <value in [allow, block, ignore]>
            invalid-server-cert: <value in [allow, block]>
            sni-server-cert-check: <value in [disable, enable, strict]>
            untrusted-server-cert: <value in [allow, block, ignore]>
            cert-validation-failure: <value in [allow, block, ignore]>
            cert-validation-timeout: <value in [allow, block, ignore]>
            client-certificate: <value in [bypass, inspect, block]>
            expired-server-cert: <value in [allow, block, ignore]>
            revoked-server-cert: <value in [allow, block, ignore]>
            unsupported-ssl-cipher: <value in [allow, block]>
            unsupported-ssl-negotiation: <value in [allow, block]>
            min-allowed-ssl-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
            unsupported-ssl-version: <value in [block, allow, inspect]>

Inputs

adom:
description: the parameter (adom) in requested url
required: true
type: str

rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list

enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool

access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str

rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list

proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str

ssl-ssh-profile:
description: the parameter (ssl-ssh-profile) in requested url
required: true
type: str

bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool

workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str

forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str

workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int

firewall_sslsshprofile_ftps:
description: the top level parameters set
required: false
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: When enabled, allows SSL sessions whose server certificate validation
failed.
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Action based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Action based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Action based on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Action based on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Action based on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Allow or block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Minimum SSL version to be allowed.
type: str
ports:
description: description
type: int
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Action based on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Check the SNI in the client hello message with the CN or SAN fields
in the returned server certificate.
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Action based on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Action based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Action based on the SSL negotiation used being unsupported.
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Action based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Allow, ignore, or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Allow, ignore, or block the untrusted SSL session server certificate.
type: str
type: dict

Outputs

meta:
  contains:
    request_url:
      description: The full url requested.
      returned: always
      sample: /sys/login/user
      type: str
    response_code:
      description: The status of api request.
      returned: always
      sample: 0
      type: int
    response_data:
      description: The api response.
      returned: always
      type: list
    response_message:
      description: The descriptive message of the api response.
      returned: always
      sample: OK.
      type: str
    system_information:
      description: The information of the target system.
      returned: always
      type: dict
  description: The result of the request.
  returned: always
  type: dict
rc:
  description: The status the request.
  returned: always
  sample: 0
  type: int
version_check_warning:
  description: Warning if the parameters used in the playbook are not supported by
    the current FortiManager version.
  returned: complex
  type: list