drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_sslsshprofile_ssl Configure SSL options. | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_sslsshprofile_ssl (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure SSL options. fmgr_firewall_sslsshprofile_ssl: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> ssl-ssh-profile: <your own value> firewall_sslsshprofile_ssl: allow-invalid-server-cert: <value in [disable, enable]> client-cert-request: <value in [bypass, inspect, block]> inspect-all: <value in [disable, certificate-inspection, deep-inspection]> unsupported-ssl: <value in [bypass, inspect, block]> untrusted-cert: <value in [allow, block, ignore]> invalid-server-cert: <value in [allow, block]> sni-server-cert-check: <value in [disable, enable, strict]> untrusted-server-cert: <value in [allow, block, ignore]> cert-validation-failure: <value in [allow, block, ignore]> cert-validation-timeout: <value in [allow, block, ignore]> client-certificate: <value in [bypass, inspect, block]> expired-server-cert: <value in [allow, block, ignore]> revoked-server-cert: <value in [allow, block, ignore]> unsupported-ssl-cipher: <value in [allow, block]> unsupported-ssl-negotiation: <value in [allow, block]> cert-probe-failure: <value in [block, allow]> min-allowed-ssl-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]> unsupported-ssl-version: <value in [block, allow, inspect]>
adom: description: the parameter (adom) in requested url required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str ssl-ssh-profile: description: the parameter (ssl-ssh-profile) in requested url required: true type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int firewall_sslsshprofile_ssl: description: the top level parameters set required: false suboptions: allow-invalid-server-cert: choices: - disable - enable description: When enabled, allows SSL sessions whose server certificate validation failed. type: str cert-probe-failure: choices: - block - allow description: Action based on certificate probe failure. type: str cert-validation-failure: choices: - allow - block - ignore description: Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Action based on server certificate is expired. type: str inspect-all: choices: - disable - certificate-inspection - deep-inspection description: Level of SSL inspection. type: str invalid-server-cert: choices: - allow - block description: Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Minimum SSL version to be allowed. type: str revoked-server-cert: choices: - allow - block - ignore description: Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str unsupported-ssl: choices: - bypass - inspect - block description: Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Action based on the SSL negotiation used being unsupported. type: str unsupported-ssl-version: choices: - block - allow - inspect description: Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Allow, ignore, or block the untrusted SSL session server certificate. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list