drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_vip Configure virtual IP for IPv4. | "added in version" 1.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_vip (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: gathering fortimanager facts hosts: fortimanager00 gather_facts: no connection: httpapi collections: - fortinet.fortimanager vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: retrieve all the virtual IPs for IPv4 fmgr_fact: facts: selector: 'firewall_vip' params: adom: 'ansible' vip: 'your_value'
- hosts: fortimanager00 collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure virtual IP for IPv4. fmgr_firewall_vip: bypass_validation: True adom: ansible state: present firewall_vip: arp-reply: disable #<value in [disable, enable]> color: 1 comment: 'ansible-comment' id: 1 name: 'ansible-test-vip' protocol: tcp #<value in [tcp, udp, sctp, ...]> type: load-balance #<value in [static-nat, load-balance, server-load-balance, ...]>
- name: Demo of cloning objects in FortiManager hosts: fortimanager00 connection: httpapi collections: - fortinet.fortimanager vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 initial_vip_object: 'vip_object0' cloned_vip_objects: - name: 'vip_object1' comment: 'vip_object1 is cloned!' - name: 'vip_object2' comment: 'vip_object2 is cloned!' tasks: - name: Create An VIP object fmgr_firewall_vip: adom: 'root' state: 'present' firewall_vip: arp-reply: 'disable' comment: 'The VIP is created via Ansible' name: '{{ initial_vip_object }}' protocol: 'tcp' type: 'load-balance' - name: Clone an VIP object using fmgr_clone module. fmgr_clone: rc_succeeded: [-2] clone: selector: 'firewall_vip' self: adom: 'root' vip: '{{ initial_vip_object }}' target: name: '{{ item.name }}' comment: '{{ item.comment }}' with_items: '{{ cloned_vip_objects }}'
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str firewall_vip: description: the top level parameters set required: false suboptions: add-nat46-route: choices: - disable - enable description: Enable/disable adding NAT46 route. type: str arp-reply: choices: - disable - enable description: Enable to respond to ARP requests for this virtual IP address. type: str color: description: Color of icon on the GUI. type: int comment: description: Comment. type: str dns-mapping-ttl: description: DNS mapping TTL type: int dynamic_mapping: description: Dynamic_Mapping. elements: dict suboptions: _scope: description: _Scope. elements: dict suboptions: name: description: Name. type: str vdom: description: Vdom. type: str type: list add-nat46-route: choices: - disable - enable description: Enable/disable adding NAT46 route. type: str arp-reply: choices: - disable - enable description: Enable to respond to ARP requests for this virtual IP address. type: str color: description: Color of icon on the GUI. type: int comment: description: Comment. type: str dns-mapping-ttl: description: DNS mapping TTL type: int extaddr: description: External FQDN address name. type: str extintf: description: Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str extip: description: IP address or address range on the external interface that you want to map to an address or address range on the destin... type: str extport: description: Incoming port number range that you want to map to a port number range on the destination network. type: str gratuitous-arp-interval: description: Enable to have the VIP send gratuitous ARPs. type: int http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across virtual servers. type: str http-ip-header: choices: - disable - enable description: For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str http-ip-header-name: description: For HTTP multiplexing, enter a custom HTTPS header name. type: str http-multiplex: choices: - disable - enable description: Enable/disable HTTP multiplexing. type: str http-multiplex-max-request: description: Maximum number of requests that a multiplex server can handle before disconnecting sessions type: int http-multiplex-ttl: description: Time-to-live for idle connections to servers. type: int http-redirect: choices: - disable - enable description: Enable/disable redirection of HTTP to HTTPS type: str http-supported-max-version: choices: - http1 - http2 description: Maximum supported HTTP versions. type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: Custom defined ID. type: int ipv6-mappedip: description: Range of mapped IPv6 addresses. type: str ipv6-mappedport: description: IPv6 port number range on the destination network to which the external port number range is mapped. type: str ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Method used to distribute sessions to real servers. type: str mapped-addr: description: Mapped FQDN address name. type: str mappedip: description: IP address or address range on the destination network to which the external IP address is mapped. type: str mappedport: description: Port number range on the destination network to which the external port number range is mapped. type: str max-embryonic-connections: description: Maximum number of incomplete connections. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str nat-source-vip: choices: - disable - enable description: Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str nat44: choices: - disable - enable description: Enable/disable NAT44. type: str nat46: choices: - disable - enable description: Enable/disable NAT46. type: str outlook-web-access: choices: - disable - enable description: Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str persistence: choices: - none - http-cookie - ssl-session-id description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the s... type: str portforward: choices: - disable - enable description: Enable/disable port forwarding. type: str portmapping-type: choices: - 1-to-1 - m-to-n description: Port mapping type. type: str protocol: choices: - tcp - udp - sctp - icmp description: Protocol to use when forwarding packets. type: str realservers: description: Realservers. elements: dict suboptions: address: description: Address. type: str client-ip: description: Only clients in this IP range can connect to this real server. type: str health-check-proto: choices: - ping - http description: no description type: str healthcheck: choices: - disable - enable - vip description: Enable to check the responsiveness of the real server before forwarding traffic. type: str holddown-interval: description: Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str max-connections: description: Max number of active connections that can be directed to the real server. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str port: description: Port for communicating with the real server. type: int seq: description: Seq. type: int status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traf... type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str type: choices: - ip - address description: Type. type: str weight: description: Weight of the real server. type: int type: list server-type: choices: - http - https - ssl - tcp - udp - ip - imaps - pop3s - smtps - ssh description: Protocol to be load balanced by the virtual server type: str service: description: Service name. type: str src-filter: description: Source address filter. type: str srcintf-filter: description: Interfaces to which the VIP applies. type: str ssl-accept-ffdhe-groups: choices: - disable - enable description: Enable/disable FFDHE cipher suite for SSL key exchange. type: str ssl-algorithm: choices: - high - medium - low - custom description: Permitted encryption algorithms for SSL sessions according to encryption strength. type: str ssl-certificate: description: The name of the SSL certificate to use for SSL acceleration. type: str ssl-cipher-suites: description: Ssl-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str id: description: Id. type: int priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-client-fallback: choices: - disable - enable description: Enable/disable support for preventing Downgrade Attacks on client connections type: str ssl-client-rekey-count: description: Maximum length of data in MB before triggering a client rekey type: int ssl-client-renegotiation: choices: - deny - allow - secure description: Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str ssl-client-session-state-max: description: Maximum number of client to FortiGate SSL session states to keep. type: int ssl-client-session-state-timeout: description: Number of minutes to keep client to FortiGate SSL session state. type: int ssl-client-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-hpkp: choices: - disable - enable - report-only description: Enable/disable including HPKP header in response. type: str ssl-hpkp-age: description: Number of seconds the client should honour the HPKP setting. type: int ssl-hpkp-backup: description: Certificate to generate backup HPKP pin from. type: str ssl-hpkp-include-subdomains: choices: - disable - enable description: Indicate that HPKP header applies to all subdomains. type: str ssl-hpkp-primary: description: Certificate to generate primary HPKP pin from. type: str ssl-hpkp-report-uri: description: URL to report HPKP violations to. type: str ssl-hsts: choices: - disable - enable description: Enable/disable including HSTS header in response. type: str ssl-hsts-age: description: Number of seconds the client should honour the HSTS setting. type: int ssl-hsts-include-subdomains: choices: - disable - enable description: Indicate that HSTS header applies to all subdomains. type: str ssl-http-location-conversion: choices: - disable - enable description: Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str ssl-http-match-host: choices: - disable - enable description: Enable/disable HTTP host matching for location conversion. type: str ssl-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a client. type: str ssl-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a client. type: str ssl-mode: choices: - half - full description: Apply SSL offloading between the client and the FortiGate type: str ssl-pfs: choices: - require - deny - allow description: Select the cipher suites that can be used for SSL perfect forward secrecy type: str ssl-send-empty-frags: choices: - disable - enable description: Enable/disable sending empty fragments to avoid CBC IV attacks type: str ssl-server-algorithm: choices: - high - low - medium - custom - client description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-server-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-server-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-server-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-server-session-state-max: description: Maximum number of FortiGate to Server SSL session states to keep. type: int ssl-server-session-state-timeout: description: Number of minutes to keep FortiGate to Server SSL session state. type: int ssl-server-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str status: choices: - disable - enable description: Enable/disable VIP. type: str type: choices: - static-nat - load-balance - server-load-balance - dns-translation - fqdn - access-proxy description: Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. type: str uuid: description: Universally Unique Identifier type: str weblogic-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str websphere-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str type: list extaddr: description: External FQDN address name. type: str extintf: description: Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str extip: description: IP address or address range on the external interface that you want to map to an address or address range on the destination ne... type: str extport: description: Incoming port number range that you want to map to a port number range on the destination network. type: str gratuitous-arp-interval: description: Enable to have the VIP send gratuitous ARPs. type: int http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across virtual servers. type: str http-ip-header: choices: - disable - enable description: For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str http-ip-header-name: description: For HTTP multiplexing, enter a custom HTTPS header name. type: str http-multiplex: choices: - disable - enable description: Enable/disable HTTP multiplexing. type: str http-multiplex-max-request: description: Maximum number of requests that a multiplex server can handle before disconnecting sessions type: int http-multiplex-ttl: description: Time-to-live for idle connections to servers. type: int http-redirect: choices: - disable - enable description: Enable/disable redirection of HTTP to HTTPS type: str http-supported-max-version: choices: - http1 - http2 description: Maximum supported HTTP versions. type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: Custom defined ID. type: int ipv6-mappedip: description: Range of mapped IPv6 addresses. type: str ipv6-mappedport: description: IPv6 port number range on the destination network to which the external port number range is mapped. type: str ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Method used to distribute sessions to real servers. type: str mapped-addr: description: Mapped FQDN address name. type: str mappedip: description: IP address or address range on the destination network to which the external IP address is mapped. type: str mappedport: description: Port number range on the destination network to which the external port number range is mapped. type: str max-embryonic-connections: description: Maximum number of incomplete connections. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str name: description: Virtual IP name. type: str nat-source-vip: choices: - disable - enable description: Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str nat44: choices: - disable - enable description: Enable/disable NAT44. type: str nat46: choices: - disable - enable description: Enable/disable NAT46. type: str outlook-web-access: choices: - disable - enable description: Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str persistence: choices: - none - http-cookie - ssl-session-id description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str portforward: choices: - disable - enable description: Enable/disable port forwarding. type: str portmapping-type: choices: - 1-to-1 - m-to-n description: Port mapping type. type: str protocol: choices: - tcp - udp - sctp - icmp description: Protocol to use when forwarding packets. type: str realservers: description: Realservers. elements: dict suboptions: address: description: Dynamic address of the real server. type: str client-ip: description: Only clients in this IP range can connect to this real server. type: str healthcheck: choices: - disable - enable - vip description: Enable to check the responsiveness of the real server before forwarding traffic. type: str holddown-interval: description: Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str max-connections: description: Max number of active connections that can be directed to the real server. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str port: description: Port for communicating with the real server. type: int seq: description: Seq. type: int status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str type: choices: - ip - address description: Type of address. type: str weight: description: Weight of the real server. type: int type: list server-type: choices: - http - https - ssl - tcp - udp - ip - imaps - pop3s - smtps - ssh description: Protocol to be load balanced by the virtual server type: str service: description: Service name. type: str src-filter: description: Source address filter. type: str srcintf-filter: description: Interfaces to which the VIP applies. type: str ssl-accept-ffdhe-groups: choices: - disable - enable description: Enable/disable FFDHE cipher suite for SSL key exchange. type: str ssl-algorithm: choices: - high - medium - low - custom description: Permitted encryption algorithms for SSL sessions according to encryption strength. type: str ssl-certificate: description: The name of the SSL certificate to use for SSL acceleration. type: str ssl-cipher-suites: description: Ssl-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str id: description: Id. type: int priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-client-fallback: choices: - disable - enable description: Enable/disable support for preventing Downgrade Attacks on client connections type: str ssl-client-rekey-count: description: Maximum length of data in MB before triggering a client rekey type: int ssl-client-renegotiation: choices: - deny - allow - secure description: Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str ssl-client-session-state-max: description: Maximum number of client to FortiGate SSL session states to keep. type: int ssl-client-session-state-timeout: description: Number of minutes to keep client to FortiGate SSL session state. type: int ssl-client-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-hpkp: choices: - disable - enable - report-only description: Enable/disable including HPKP header in response. type: str ssl-hpkp-age: description: Number of seconds the client should honour the HPKP setting. type: int ssl-hpkp-backup: description: Certificate to generate backup HPKP pin from. type: str ssl-hpkp-include-subdomains: choices: - disable - enable description: Indicate that HPKP header applies to all subdomains. type: str ssl-hpkp-primary: description: Certificate to generate primary HPKP pin from. type: str ssl-hpkp-report-uri: description: URL to report HPKP violations to. type: str ssl-hsts: choices: - disable - enable description: Enable/disable including HSTS header in response. type: str ssl-hsts-age: description: Number of seconds the client should honour the HSTS setting. type: int ssl-hsts-include-subdomains: choices: - disable - enable description: Indicate that HSTS header applies to all subdomains. type: str ssl-http-location-conversion: choices: - disable - enable description: Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str ssl-http-match-host: choices: - disable - enable description: Enable/disable HTTP host matching for location conversion. type: str ssl-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a client. type: str ssl-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a client. type: str ssl-mode: choices: - half - full description: Apply SSL offloading between the client and the FortiGate type: str ssl-pfs: choices: - require - deny - allow description: Select the cipher suites that can be used for SSL perfect forward secrecy type: str ssl-send-empty-frags: choices: - disable - enable description: Enable/disable sending empty fragments to avoid CBC IV attacks type: str ssl-server-algorithm: choices: - high - low - medium - custom - client description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-server-cipher-suites: description: Ssl-Server-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-server-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-server-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-server-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-server-session-state-max: description: Maximum number of FortiGate to Server SSL session states to keep. type: int ssl-server-session-state-timeout: description: Number of minutes to keep FortiGate to Server SSL session state. type: int ssl-server-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str status: choices: - disable - enable description: Enable/disable VIP. type: str type: choices: - static-nat - load-balance - server-load-balance - dns-translation - fqdn - access-proxy description: Configure a static NAT, load balance, DNS translation, or FQDN VIP. type: str uuid: description: Universally Unique Identifier type: str weblogic-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str websphere-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str type: dict rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list