Try SpotterConfigure virtual IP for IPv6.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the scripts
fmgr_fact:
facts:
selector: 'firewall_vip6'
params:
adom: 'ansible'
vip6: 'your_value'
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure virtual IP for IPv6.
fmgr_firewall_vip6:
bypass_validation: False
adom: ansible
state: present
firewall_vip6:
arp-reply: disable
color: 1
comment: 'ansible-comment'
id: 1
name: 'ansible-test-vip6'
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
firewall_vip6:
description: the top level parameters set
required: false
suboptions:
add-nat64-route:
choices:
- disable
- enable
description: Enable/disable adding NAT64 route.
type: str
arp-reply:
choices:
- disable
- enable
description: Enable to respond to ARP requests for this virtual IP address.
type: str
color:
description: Color of icon on the GUI.
type: int
comment:
description: Comment.
type: str
dynamic_mapping:
description: Dynamic_Mapping.
elements: dict
suboptions:
_scope:
description: _Scope.
elements: dict
suboptions:
name:
description: Name.
type: str
vdom:
description: Vdom.
type: str
type: list
add-nat64-route:
choices:
- disable
- enable
description: Enable/disable adding NAT64 route.
type: str
arp-reply:
choices:
- disable
- enable
description: Enable to respond to ARP requests for this virtual IP address.
type: str
color:
description: Color of icon on the GUI.
type: int
comment:
description: Comment.
type: str
embedded-ipv4-address:
choices:
- disable
- enable
description: Enable/disable use of the lower 32 bits of the external IPv6
address as mapped IPv4 address.
type: str
extip:
description: IP address or address range on the external interface that you
want to map to an address or address range on the destin...
type: str
extport:
description: Incoming port number range that you want to map to a port number
range on the destination network.
type: str
http-cookie-age:
description: Time in minutes that client web browsers should keep a cookie.
type: int
http-cookie-domain:
description: Domain that HTTP cookie persistence should apply to.
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: Enable/disable use of HTTP cookie domain from host field in HTTP.
type: str
http-cookie-generation:
description: Generation of HTTP cookie to be accepted.
type: int
http-cookie-path:
description: Limit HTTP cookie persistence to the specified path.
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: Control sharing of cookies across virtual servers.
type: str
http-ip-header:
choices:
- disable
- enable
description: For HTTP multiplexing, enable to add the original client IP address
in the XForwarded-For HTTP header.
type: str
http-ip-header-name:
description: For HTTP multiplexing, enter a custom HTTPS header name.
type: str
http-multiplex:
choices:
- disable
- enable
description: Enable/disable HTTP multiplexing.
type: str
http-redirect:
choices:
- disable
- enable
description: Enable/disable redirection of HTTP to HTTPS
type: str
https-cookie-secure:
choices:
- disable
- enable
description: Enable/disable verification that inserted HTTPS cookies are secure.
type: str
id:
description: Custom defined ID.
type: int
ipv4-mappedip:
description: Range of mapped IP addresses.
type: str
ipv4-mappedport:
description: IPv4 port number range on the destination network to which the
external port number range is mapped.
type: str
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: Method used to distribute sessions to real servers.
type: str
mappedip:
description: Mapped IP address range in the format startIP-endIP.
type: str
mappedport:
description: Port number range on the destination network to which the external
port number range is mapped.
type: str
max-embryonic-connections:
description: Maximum number of incomplete connections.
type: int
monitor:
description: Name of the health check monitor to use when polling to determine
a virtual servers connectivity status.
type: str
nat-source-vip:
choices:
- disable
- enable
description: Nat-Source-Vip.
type: str
nat64:
choices:
- disable
- enable
description: Enable/disable DNAT64.
type: str
nat66:
choices:
- disable
- enable
description: Enable/disable DNAT66.
type: str
ndp-reply:
choices:
- disable
- enable
description: Enable/disable this FortiGate units ability to respond to NDP
requests for this virtual IP address
type: str
outlook-web-access:
choices:
- disable
- enable
description: Enable to add the Front-End-Https header for Microsoft Outlook
Web Access.
type: str
persistence:
choices:
- none
- http-cookie
- ssl-session-id
description: Configure how to make sure that clients connect to the same server
every time they make a request that is part of the s...
type: str
portforward:
choices:
- disable
- enable
description: Enable port forwarding.
type: str
protocol:
choices:
- tcp
- udp
- sctp
description: Protocol to use when forwarding packets.
type: str
realservers:
description: description
elements: dict
suboptions:
client-ip:
description: Only clients in this IP range can connect to this real server.
type: str
healthcheck:
choices:
- disable
- enable
- vip
description: Enable to check the responsiveness of the real server before
forwarding traffic.
type: str
holddown-interval:
description: Time in seconds that the health check monitor continues to
monitor an unresponsive server that should be active.
type: int
http-host:
description: HTTP server domain name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IP address of the real server.
type: str
max-connections:
description: Max number of active connections that can directed to the
real server.
type: int
monitor:
description: description
type: str
port:
description: Port for communicating with the real server.
type: int
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can
accept traffic, or on standby or disabled so no traf...
type: str
translate-host:
choices:
- disable
- enable
description: Enable/disable translation of hostname/IP from virtual server
to real server.
type: str
weight:
description: Weight of the real server.
type: int
type: list
server-type:
choices:
- http
- https
- ssl
- tcp
- udp
- ip
- imaps
- pop3s
- smtps
description: Protocol to be load balanced by the virtual server
type: str
src-filter:
description: Source IP6 filter
type: str
ssl-accept-ffdhe-groups:
choices:
- disable
- enable
description: Enable/disable FFDHE cipher suite for SSL key exchange.
type: str
ssl-algorithm:
choices:
- high
- low
- medium
- custom
description: Permitted encryption algorithms for SSL sessions according to
encryption strength.
type: str
ssl-certificate:
description: The name of the SSL certificate to use for SSL acceleration.
type: str
ssl-cipher-suites:
description: description
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: description
elements: str
type: list
type: list
ssl-client-fallback:
choices:
- disable
- enable
description: Enable/disable support for preventing Downgrade Attacks on client
connections
type: str
ssl-client-rekey-count:
description: Maximum length of data in MB before triggering a client rekey
type: int
ssl-client-renegotiation:
choices:
- deny
- allow
- secure
description: Allow, deny, or require secure renegotiation of client sessions
to comply with RFC 5746.
type: str
ssl-client-session-state-max:
description: Maximum number of client to FortiGate SSL session states to keep.
type: int
ssl-client-session-state-timeout:
description: Number of minutes to keep client to FortiGate SSL session state.
type: int
ssl-client-session-state-type:
choices:
- disable
- time
- count
- both
description: How to expire SSL sessions for the segment of the SSL connection
between the client and the FortiGate.
type: str
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: Number of bits to use in the Diffie-Hellman exchange for RSA
encryption of SSL sessions.
type: str
ssl-hpkp:
choices:
- disable
- enable
- report-only
description: Enable/disable including HPKP header in response.
type: str
ssl-hpkp-age:
description: Number of minutes the web browser should keep HPKP.
type: int
ssl-hpkp-backup:
description: Certificate to generate backup HPKP pin from.
type: str
ssl-hpkp-include-subdomains:
choices:
- disable
- enable
description: Indicate that HPKP header applies to all subdomains.
type: str
ssl-hpkp-primary:
description: Certificate to generate primary HPKP pin from.
type: str
ssl-hpkp-report-uri:
description: URL to report HPKP violations to.
type: str
ssl-hsts:
choices:
- disable
- enable
description: Enable/disable including HSTS header in response.
type: str
ssl-hsts-age:
description: Number of seconds the client should honour the HSTS setting.
type: int
ssl-hsts-include-subdomains:
choices:
- disable
- enable
description: Indicate that HSTS header applies to all subdomains.
type: str
ssl-http-location-conversion:
choices:
- disable
- enable
description: Enable to replace HTTP with HTTPS in the replys Location HTTP
header field.
type: str
ssl-http-match-host:
choices:
- disable
- enable
description: Enable/disable HTTP host matching for location conversion.
type: str
ssl-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Highest SSL/TLS version acceptable from a client.
type: str
ssl-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Lowest SSL/TLS version acceptable from a client.
type: str
ssl-mode:
choices:
- half
- full
description: Apply SSL offloading between the client and the FortiGate
type: str
ssl-pfs:
choices:
- require
- deny
- allow
description: Select the cipher suites that can be used for SSL perfect forward
secrecy
type: str
ssl-send-empty-frags:
choices:
- disable
- enable
description: Enable/disable sending empty fragments to avoid CBC IV attacks
type: str
ssl-server-algorithm:
choices:
- high
- low
- medium
- custom
- client
description: Permitted encryption algorithms for the server side of SSL full
mode sessions according to encryption strength.
type: str
ssl-server-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Highest SSL/TLS version acceptable from a server.
type: str
ssl-server-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Lowest SSL/TLS version acceptable from a server.
type: str
ssl-server-renegotiation:
choices:
- disable
- enable
description: Enable/disable secure renegotiation to comply with RFC 5746.
type: str
ssl-server-session-state-max:
description: Maximum number of FortiGate to Server SSL session states to keep.
type: int
ssl-server-session-state-timeout:
description: Number of minutes to keep FortiGate to Server SSL session state.
type: int
ssl-server-session-state-type:
choices:
- disable
- time
- count
- both
description: How to expire SSL sessions for the segment of the SSL connection
between the server and the FortiGate.
type: str
type:
choices:
- static-nat
- server-load-balance
- access-proxy
description: Configure a static NAT or server load balance VIP.
type: str
uuid:
description: Universally Unique Identifier
type: str
weblogic-server:
choices:
- disable
- enable
description: Enable to add an HTTP header to indicate SSL offloading for a
WebLogic server.
type: str
websphere-server:
choices:
- disable
- enable
description: Enable to add an HTTP header to indicate SSL offloading for a
WebSphere server.
type: str
type: list
embedded-ipv4-address:
choices:
- disable
- enable
description: Enable/disable use of the lower 32 bits of the external IPv6 address
as mapped IPv4 address.
type: str
extip:
description: IP address or address range on the external interface that you want
to map to an address or address range on the destination ne...
type: str
extport:
description: Incoming port number range that you want to map to a port number
range on the destination network.
type: str
http-cookie-age:
description: Time in minutes that client web browsers should keep a cookie.
type: int
http-cookie-domain:
description: Domain that HTTP cookie persistence should apply to.
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: Enable/disable use of HTTP cookie domain from host field in HTTP.
type: str
http-cookie-generation:
description: Generation of HTTP cookie to be accepted.
type: int
http-cookie-path:
description: Limit HTTP cookie persistence to the specified path.
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: Control sharing of cookies across virtual servers.
type: str
http-ip-header:
choices:
- disable
- enable
description: For HTTP multiplexing, enable to add the original client IP address
in the XForwarded-For HTTP header.
type: str
http-ip-header-name:
description: For HTTP multiplexing, enter a custom HTTPS header name.
type: str
http-multiplex:
choices:
- disable
- enable
description: Enable/disable HTTP multiplexing.
type: str
http-redirect:
choices:
- disable
- enable
description: Enable/disable redirection of HTTP to HTTPS
type: str
https-cookie-secure:
choices:
- disable
- enable
description: Enable/disable verification that inserted HTTPS cookies are secure.
type: str
id:
description: Custom defined ID.
type: int
ipv4-mappedip:
description: Range of mapped IP addresses.
type: str
ipv4-mappedport:
description: IPv4 port number range on the destination network to which the external
port number range is mapped.
type: str
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: Method used to distribute sessions to real servers.
type: str
mappedip:
description: Mapped IP address range in the format startIP-endIP.
type: str
mappedport:
description: Port number range on the destination network to which the external
port number range is mapped.
type: str
max-embryonic-connections:
description: Maximum number of incomplete connections.
type: int
monitor:
description: Name of the health check monitor to use when polling to determine
a virtual servers connectivity status.
type: str
name:
description: Virtual ip6 name.
type: str
nat-source-vip:
choices:
- disable
- enable
description: Enable to perform SNAT on traffic from mappedip to the extip for
all egress interfaces.
type: str
nat64:
choices:
- disable
- enable
description: Enable/disable DNAT64.
type: str
nat66:
choices:
- disable
- enable
description: Enable/disable DNAT66.
type: str
ndp-reply:
choices:
- disable
- enable
description: Enable/disable this FortiGate units ability to respond to NDP requests
for this virtual IP address
type: str
outlook-web-access:
choices:
- disable
- enable
description: Enable to add the Front-End-Https header for Microsoft Outlook Web
Access.
type: str
persistence:
choices:
- none
- http-cookie
- ssl-session-id
description: Configure how to make sure that clients connect to the same server
every time they make a request that is part of the same session.
type: str
portforward:
choices:
- disable
- enable
description: Enable port forwarding.
type: str
protocol:
choices:
- tcp
- udp
- sctp
description: Protocol to use when forwarding packets.
type: str
realservers:
description: Realservers.
elements: dict
suboptions:
client-ip:
description: Only clients in this IP range can connect to this real server.
type: str
healthcheck:
choices:
- disable
- enable
- vip
description: Enable to check the responsiveness of the real server before
forwarding traffic.
type: str
holddown-interval:
description: Time in seconds that the health check monitor continues to monitor
an unresponsive server that should be active.
type: int
http-host:
description: HTTP server domain name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IPv6 address of the real server.
type: str
max-connections:
description: Max number of active connections that can directed to the real
server.
type: int
monitor:
description: Name of the health check monitor to use when polling to determine
a virtual servers connectivity status.
type: str
port:
description: Port for communicating with the real server.
type: int
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can accept
traffic, or on standby or disabled so no traffic is sent.
type: str
translate-host:
choices:
- disable
- enable
description: Enable/disable translation of hostname/IP from virtual server
to real server.
type: str
weight:
description: Weight of the real server.
type: int
type: list
server-type:
choices:
- http
- https
- ssl
- tcp
- udp
- ip
- imaps
- pop3s
- smtps
description: Protocol to be load balanced by the virtual server
type: str
src-filter:
description: Source IP6 filter
type: str
ssl-accept-ffdhe-groups:
choices:
- disable
- enable
description: Enable/disable FFDHE cipher suite for SSL key exchange.
type: str
ssl-algorithm:
choices:
- high
- low
- medium
- custom
description: Permitted encryption algorithms for SSL sessions according to encryption
strength.
type: str
ssl-certificate:
description: The name of the SSL certificate to use for SSL acceleration.
type: str
ssl-cipher-suites:
description: Ssl-Cipher-Suites.
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: SSL/TLS versions that the cipher suite can be used with.
elements: str
type: list
type: list
ssl-client-fallback:
choices:
- disable
- enable
description: Enable/disable support for preventing Downgrade Attacks on client
connections
type: str
ssl-client-rekey-count:
description: Maximum length of data in MB before triggering a client rekey
type: int
ssl-client-renegotiation:
choices:
- deny
- allow
- secure
description: Allow, deny, or require secure renegotiation of client sessions to
comply with RFC 5746.
type: str
ssl-client-session-state-max:
description: Maximum number of client to FortiGate SSL session states to keep.
type: int
ssl-client-session-state-timeout:
description: Number of minutes to keep client to FortiGate SSL session state.
type: int
ssl-client-session-state-type:
choices:
- disable
- time
- count
- both
description: How to expire SSL sessions for the segment of the SSL connection
between the client and the FortiGate.
type: str
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption
of SSL sessions.
type: str
ssl-hpkp:
choices:
- disable
- enable
- report-only
description: Enable/disable including HPKP header in response.
type: str
ssl-hpkp-age:
description: Number of minutes the web browser should keep HPKP.
type: int
ssl-hpkp-backup:
description: Certificate to generate backup HPKP pin from.
type: str
ssl-hpkp-include-subdomains:
choices:
- disable
- enable
description: Indicate that HPKP header applies to all subdomains.
type: str
ssl-hpkp-primary:
description: Certificate to generate primary HPKP pin from.
type: str
ssl-hpkp-report-uri:
description: URL to report HPKP violations to.
type: str
ssl-hsts:
choices:
- disable
- enable
description: Enable/disable including HSTS header in response.
type: str
ssl-hsts-age:
description: Number of seconds the client should honour the HSTS setting.
type: int
ssl-hsts-include-subdomains:
choices:
- disable
- enable
description: Indicate that HSTS header applies to all subdomains.
type: str
ssl-http-location-conversion:
choices:
- disable
- enable
description: Enable to replace HTTP with HTTPS in the replys Location HTTP header
field.
type: str
ssl-http-match-host:
choices:
- disable
- enable
description: Enable/disable HTTP host matching for location conversion.
type: str
ssl-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Highest SSL/TLS version acceptable from a client.
type: str
ssl-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Lowest SSL/TLS version acceptable from a client.
type: str
ssl-mode:
choices:
- half
- full
description: Apply SSL offloading between the client and the FortiGate
type: str
ssl-pfs:
choices:
- require
- deny
- allow
description: Select the cipher suites that can be used for SSL perfect forward
secrecy
type: str
ssl-send-empty-frags:
choices:
- disable
- enable
description: Enable/disable sending empty fragments to avoid CBC IV attacks
type: str
ssl-server-algorithm:
choices:
- high
- low
- medium
- custom
- client
description: Permitted encryption algorithms for the server side of SSL full mode
sessions according to encryption strength.
type: str
ssl-server-cipher-suites:
description: Ssl-Server-Cipher-Suites.
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: SSL/TLS versions that the cipher suite can be used with.
elements: str
type: list
type: list
ssl-server-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Highest SSL/TLS version acceptable from a server.
type: str
ssl-server-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Lowest SSL/TLS version acceptable from a server.
type: str
ssl-server-renegotiation:
choices:
- disable
- enable
description: Enable/disable secure renegotiation to comply with RFC 5746.
type: str
ssl-server-session-state-max:
description: Maximum number of FortiGate to Server SSL session states to keep.
type: int
ssl-server-session-state-timeout:
description: Number of minutes to keep FortiGate to Server SSL session state.
type: int
ssl-server-session-state-type:
choices:
- disable
- time
- count
- both
description: How to expire SSL sessions for the segment of the SSL connection
between the server and the FortiGate.
type: str
type:
choices:
- static-nat
- server-load-balance
- access-proxy
description: Configure a static NAT VIP.
type: str
uuid:
description: Universally Unique Identifier
type: str
weblogic-server:
choices:
- disable
- enable
description: Enable to add an HTTP header to indicate SSL offloading for a WebLogic
server.
type: str
websphere-server:
choices:
- disable
- enable
description: Enable to add an HTTP header to indicate SSL offloading for a WebSphere
server.
type: str
type: dict
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list