drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_vip6 Configure virtual IP for IPv6. | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_vip6 (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: gathering fortimanager facts hosts: fortimanager00 gather_facts: no connection: httpapi collections: - fortinet.fortimanager vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: retrieve all the scripts fmgr_fact: facts: selector: 'firewall_vip6' params: adom: 'ansible' vip6: 'your_value'
- hosts: fortimanager00 collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure virtual IP for IPv6. fmgr_firewall_vip6: bypass_validation: False adom: ansible state: present firewall_vip6: arp-reply: disable color: 1 comment: 'ansible-comment' id: 1 name: 'ansible-test-vip6'
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list firewall_vip6: description: the top level parameters set required: false suboptions: add-nat64-route: choices: - disable - enable description: Enable/disable adding NAT64 route. type: str arp-reply: choices: - disable - enable description: Enable to respond to ARP requests for this virtual IP address. type: str color: description: Color of icon on the GUI. type: int comment: description: Comment. type: str dynamic_mapping: description: Dynamic_Mapping. elements: dict suboptions: _scope: description: _Scope. elements: dict suboptions: name: description: Name. type: str vdom: description: Vdom. type: str type: list add-nat64-route: choices: - disable - enable description: Enable/disable adding NAT64 route. type: str arp-reply: choices: - disable - enable description: Enable to respond to ARP requests for this virtual IP address. type: str color: description: Color of icon on the GUI. type: int comment: description: Comment. type: str embedded-ipv4-address: choices: - disable - enable description: Enable/disable use of the lower 32 bits of the external IPv6 address as mapped IPv4 address. type: str extip: description: IP address or address range on the external interface that you want to map to an address or address range on the destin... type: str extport: description: Incoming port number range that you want to map to a port number range on the destination network. type: str http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across virtual servers. type: str http-ip-header: choices: - disable - enable description: For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str http-ip-header-name: description: For HTTP multiplexing, enter a custom HTTPS header name. type: str http-multiplex: choices: - disable - enable description: Enable/disable HTTP multiplexing. type: str http-redirect: choices: - disable - enable description: Enable/disable redirection of HTTP to HTTPS type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: Custom defined ID. type: int ipv4-mappedip: description: Range of mapped IP addresses. type: str ipv4-mappedport: description: IPv4 port number range on the destination network to which the external port number range is mapped. type: str ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Method used to distribute sessions to real servers. type: str mappedip: description: Mapped IP address range in the format startIP-endIP. type: str mappedport: description: Port number range on the destination network to which the external port number range is mapped. type: str max-embryonic-connections: description: Maximum number of incomplete connections. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str nat-source-vip: choices: - disable - enable description: Nat-Source-Vip. type: str nat64: choices: - disable - enable description: Enable/disable DNAT64. type: str nat66: choices: - disable - enable description: Enable/disable DNAT66. type: str ndp-reply: choices: - disable - enable description: Enable/disable this FortiGate units ability to respond to NDP requests for this virtual IP address type: str outlook-web-access: choices: - disable - enable description: Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str persistence: choices: - none - http-cookie - ssl-session-id description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the s... type: str portforward: choices: - disable - enable description: Enable port forwarding. type: str protocol: choices: - tcp - udp - sctp description: Protocol to use when forwarding packets. type: str realservers: description: description elements: dict suboptions: client-ip: description: Only clients in this IP range can connect to this real server. type: str healthcheck: choices: - disable - enable - vip description: Enable to check the responsiveness of the real server before forwarding traffic. type: str holddown-interval: description: Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str max-connections: description: Max number of active connections that can directed to the real server. type: int monitor: description: description type: str port: description: Port for communicating with the real server. type: int status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traf... type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str weight: description: Weight of the real server. type: int type: list server-type: choices: - http - https - ssl - tcp - udp - ip - imaps - pop3s - smtps description: Protocol to be load balanced by the virtual server type: str src-filter: description: Source IP6 filter type: str ssl-accept-ffdhe-groups: choices: - disable - enable description: Enable/disable FFDHE cipher suite for SSL key exchange. type: str ssl-algorithm: choices: - high - low - medium - custom description: Permitted encryption algorithms for SSL sessions according to encryption strength. type: str ssl-certificate: description: The name of the SSL certificate to use for SSL acceleration. type: str ssl-cipher-suites: description: description elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: description elements: str type: list type: list ssl-client-fallback: choices: - disable - enable description: Enable/disable support for preventing Downgrade Attacks on client connections type: str ssl-client-rekey-count: description: Maximum length of data in MB before triggering a client rekey type: int ssl-client-renegotiation: choices: - deny - allow - secure description: Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str ssl-client-session-state-max: description: Maximum number of client to FortiGate SSL session states to keep. type: int ssl-client-session-state-timeout: description: Number of minutes to keep client to FortiGate SSL session state. type: int ssl-client-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-hpkp: choices: - disable - enable - report-only description: Enable/disable including HPKP header in response. type: str ssl-hpkp-age: description: Number of minutes the web browser should keep HPKP. type: int ssl-hpkp-backup: description: Certificate to generate backup HPKP pin from. type: str ssl-hpkp-include-subdomains: choices: - disable - enable description: Indicate that HPKP header applies to all subdomains. type: str ssl-hpkp-primary: description: Certificate to generate primary HPKP pin from. type: str ssl-hpkp-report-uri: description: URL to report HPKP violations to. type: str ssl-hsts: choices: - disable - enable description: Enable/disable including HSTS header in response. type: str ssl-hsts-age: description: Number of seconds the client should honour the HSTS setting. type: int ssl-hsts-include-subdomains: choices: - disable - enable description: Indicate that HSTS header applies to all subdomains. type: str ssl-http-location-conversion: choices: - disable - enable description: Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str ssl-http-match-host: choices: - disable - enable description: Enable/disable HTTP host matching for location conversion. type: str ssl-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a client. type: str ssl-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a client. type: str ssl-mode: choices: - half - full description: Apply SSL offloading between the client and the FortiGate type: str ssl-pfs: choices: - require - deny - allow description: Select the cipher suites that can be used for SSL perfect forward secrecy type: str ssl-send-empty-frags: choices: - disable - enable description: Enable/disable sending empty fragments to avoid CBC IV attacks type: str ssl-server-algorithm: choices: - high - low - medium - custom - client description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-server-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-server-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-server-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-server-session-state-max: description: Maximum number of FortiGate to Server SSL session states to keep. type: int ssl-server-session-state-timeout: description: Number of minutes to keep FortiGate to Server SSL session state. type: int ssl-server-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str type: choices: - static-nat - server-load-balance - access-proxy description: Configure a static NAT or server load balance VIP. type: str uuid: description: Universally Unique Identifier type: str weblogic-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str websphere-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str type: list embedded-ipv4-address: choices: - disable - enable description: Enable/disable use of the lower 32 bits of the external IPv6 address as mapped IPv4 address. type: str extip: description: IP address or address range on the external interface that you want to map to an address or address range on the destination ne... type: str extport: description: Incoming port number range that you want to map to a port number range on the destination network. type: str http-cookie-age: description: Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http-cookie-generation: description: Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Control sharing of cookies across virtual servers. type: str http-ip-header: choices: - disable - enable description: For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str http-ip-header-name: description: For HTTP multiplexing, enter a custom HTTPS header name. type: str http-multiplex: choices: - disable - enable description: Enable/disable HTTP multiplexing. type: str http-redirect: choices: - disable - enable description: Enable/disable redirection of HTTP to HTTPS type: str https-cookie-secure: choices: - disable - enable description: Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: Custom defined ID. type: int ipv4-mappedip: description: Range of mapped IP addresses. type: str ipv4-mappedport: description: IPv4 port number range on the destination network to which the external port number range is mapped. type: str ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Method used to distribute sessions to real servers. type: str mappedip: description: Mapped IP address range in the format startIP-endIP. type: str mappedport: description: Port number range on the destination network to which the external port number range is mapped. type: str max-embryonic-connections: description: Maximum number of incomplete connections. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str name: description: Virtual ip6 name. type: str nat-source-vip: choices: - disable - enable description: Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. type: str nat64: choices: - disable - enable description: Enable/disable DNAT64. type: str nat66: choices: - disable - enable description: Enable/disable DNAT66. type: str ndp-reply: choices: - disable - enable description: Enable/disable this FortiGate units ability to respond to NDP requests for this virtual IP address type: str outlook-web-access: choices: - disable - enable description: Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str persistence: choices: - none - http-cookie - ssl-session-id description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str portforward: choices: - disable - enable description: Enable port forwarding. type: str protocol: choices: - tcp - udp - sctp description: Protocol to use when forwarding packets. type: str realservers: description: Realservers. elements: dict suboptions: client-ip: description: Only clients in this IP range can connect to this real server. type: str healthcheck: choices: - disable - enable - vip description: Enable to check the responsiveness of the real server before forwarding traffic. type: str holddown-interval: description: Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int http-host: description: HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IPv6 address of the real server. type: str max-connections: description: Max number of active connections that can directed to the real server. type: int monitor: description: Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str port: description: Port for communicating with the real server. type: int status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str translate-host: choices: - disable - enable description: Enable/disable translation of hostname/IP from virtual server to real server. type: str weight: description: Weight of the real server. type: int type: list server-type: choices: - http - https - ssl - tcp - udp - ip - imaps - pop3s - smtps description: Protocol to be load balanced by the virtual server type: str src-filter: description: Source IP6 filter type: str ssl-accept-ffdhe-groups: choices: - disable - enable description: Enable/disable FFDHE cipher suite for SSL key exchange. type: str ssl-algorithm: choices: - high - low - medium - custom description: Permitted encryption algorithms for SSL sessions according to encryption strength. type: str ssl-certificate: description: The name of the SSL certificate to use for SSL acceleration. type: str ssl-cipher-suites: description: Ssl-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-client-fallback: choices: - disable - enable description: Enable/disable support for preventing Downgrade Attacks on client connections type: str ssl-client-rekey-count: description: Maximum length of data in MB before triggering a client rekey type: int ssl-client-renegotiation: choices: - deny - allow - secure description: Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str ssl-client-session-state-max: description: Maximum number of client to FortiGate SSL session states to keep. type: int ssl-client-session-state-timeout: description: Number of minutes to keep client to FortiGate SSL session state. type: int ssl-client-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl-hpkp: choices: - disable - enable - report-only description: Enable/disable including HPKP header in response. type: str ssl-hpkp-age: description: Number of minutes the web browser should keep HPKP. type: int ssl-hpkp-backup: description: Certificate to generate backup HPKP pin from. type: str ssl-hpkp-include-subdomains: choices: - disable - enable description: Indicate that HPKP header applies to all subdomains. type: str ssl-hpkp-primary: description: Certificate to generate primary HPKP pin from. type: str ssl-hpkp-report-uri: description: URL to report HPKP violations to. type: str ssl-hsts: choices: - disable - enable description: Enable/disable including HSTS header in response. type: str ssl-hsts-age: description: Number of seconds the client should honour the HSTS setting. type: int ssl-hsts-include-subdomains: choices: - disable - enable description: Indicate that HSTS header applies to all subdomains. type: str ssl-http-location-conversion: choices: - disable - enable description: Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str ssl-http-match-host: choices: - disable - enable description: Enable/disable HTTP host matching for location conversion. type: str ssl-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Highest SSL/TLS version acceptable from a client. type: str ssl-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Lowest SSL/TLS version acceptable from a client. type: str ssl-mode: choices: - half - full description: Apply SSL offloading between the client and the FortiGate type: str ssl-pfs: choices: - require - deny - allow description: Select the cipher suites that can be used for SSL perfect forward secrecy type: str ssl-send-empty-frags: choices: - disable - enable description: Enable/disable sending empty fragments to avoid CBC IV attacks type: str ssl-server-algorithm: choices: - high - low - medium - custom - client description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl-server-cipher-suites: description: Ssl-Server-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-server-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Highest SSL/TLS version acceptable from a server. type: str ssl-server-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - client - tls-1.3 description: Lowest SSL/TLS version acceptable from a server. type: str ssl-server-renegotiation: choices: - disable - enable description: Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-server-session-state-max: description: Maximum number of FortiGate to Server SSL session states to keep. type: int ssl-server-session-state-timeout: description: Number of minutes to keep FortiGate to Server SSL session state. type: int ssl-server-session-state-type: choices: - disable - time - count - both description: How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str type: choices: - static-nat - server-load-balance - access-proxy description: Configure a static NAT VIP. type: str uuid: description: Universally Unique Identifier type: str weblogic-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str websphere-server: choices: - disable - enable description: Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str type: dict proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list