Try SpotterConfigure virtual IP for IPv6.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure dynamic mappings of virtual IP for IPv6
fmgr_firewall_vip6_dynamicmapping:
bypass_validation: False
adom: ansible
vip6: 'ansible-test-vip6' # name
state: present
firewall_vip6_dynamicmapping:
_scope:
-
name: FGT_AWS # need a valid device name
vdom: root # need a valid vdom name under the device
arp-reply: disable
color: 1
comment: 'ansible-comment'
id: 1
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the dynamic mappings of virtual IP for IPv6
fmgr_fact:
facts:
selector: 'firewall_vip6_dynamicmapping'
params:
adom: 'ansible'
vip6: 'ansible-test-vip6' # name
dynamic_mapping: 'your_value'
adom:
description: the parameter (adom) in requested url
required: true
type: str
vip6:
description: the parameter (vip6) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
firewall_vip6_dynamicmapping:
description: the top level parameters set
required: false
suboptions:
_scope:
description: description
elements: dict
suboptions:
name:
description: no description
type: str
vdom:
description: no description
type: str
type: list
add-nat64-route:
choices:
- disable
- enable
description: Enable/disable adding NAT64 route.
type: str
arp-reply:
choices:
- disable
- enable
description: no description
type: str
color:
description: no description
type: int
comment:
description: no description
type: str
embedded-ipv4-address:
choices:
- disable
- enable
description: Enable/disable use of the lower 32 bits of the external IPv6 address
as mapped IPv4 address.
type: str
extip:
description: no description
type: str
extport:
description: no description
type: str
http-cookie-age:
description: no description
type: int
http-cookie-domain:
description: no description
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: no description
type: str
http-cookie-generation:
description: no description
type: int
http-cookie-path:
description: no description
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: no description
type: str
http-ip-header:
choices:
- disable
- enable
description: no description
type: str
http-ip-header-name:
description: no description
type: str
http-multiplex:
choices:
- disable
- enable
description: no description
type: str
http-redirect:
choices:
- disable
- enable
description: no description
type: str
https-cookie-secure:
choices:
- disable
- enable
description: no description
type: str
id:
description: no description
type: int
ipv4-mappedip:
description: Range of mapped IP addresses.
type: str
ipv4-mappedport:
description: IPv4 port number range on the destination network to which the external
port number range is mapped.
type: str
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: no description
type: str
mappedip:
description: no description
type: str
mappedport:
description: no description
type: str
max-embryonic-connections:
description: no description
type: int
monitor:
description: no description
type: str
nat-source-vip:
choices:
- disable
- enable
description: no description
type: str
nat64:
choices:
- disable
- enable
description: Enable/disable DNAT64.
type: str
nat66:
choices:
- disable
- enable
description: Enable/disable DNAT66.
type: str
ndp-reply:
choices:
- disable
- enable
description: Enable/disable this FortiGate units ability to respond to NDP requests
for this virtual IP address
type: str
outlook-web-access:
choices:
- disable
- enable
description: no description
type: str
persistence:
choices:
- none
- http-cookie
- ssl-session-id
description: no description
type: str
portforward:
choices:
- disable
- enable
description: no description
type: str
protocol:
choices:
- tcp
- udp
- sctp
description: no description
type: str
realservers:
description: description
elements: dict
suboptions:
client-ip:
description: Only clients in this IP range can connect to this real server.
type: str
healthcheck:
choices:
- disable
- enable
- vip
description: Enable to check the responsiveness of the real server before
forwarding traffic.
type: str
holddown-interval:
description: Time in seconds that the health check monitor continues to monitor
an unresponsive server that should be active.
type: int
http-host:
description: HTTP server domain name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IP address of the real server.
type: str
max-connections:
description: Max number of active connections that can directed to the real
server.
type: int
monitor:
description: description
type: str
port:
description: Port for communicating with the real server.
type: int
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can accept
traffic, or on standby or disabled so no traffic is sent.
type: str
translate-host:
choices:
- disable
- enable
description: Enable/disable translation of hostname/IP from virtual server
to real server.
type: str
weight:
description: Weight of the real server.
type: int
type: list
server-type:
choices:
- http
- https
- ssl
- tcp
- udp
- ip
- imaps
- pop3s
- smtps
description: no description
type: str
src-filter:
description: description
type: str
ssl-accept-ffdhe-groups:
choices:
- disable
- enable
description: Enable/disable FFDHE cipher suite for SSL key exchange.
type: str
ssl-algorithm:
choices:
- high
- low
- medium
- custom
description: no description
type: str
ssl-certificate:
description: no description
type: str
ssl-cipher-suites:
description: description
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: description
elements: str
type: list
type: list
ssl-client-fallback:
choices:
- disable
- enable
description: no description
type: str
ssl-client-rekey-count:
description: no description
type: int
ssl-client-renegotiation:
choices:
- deny
- allow
- secure
description: no description
type: str
ssl-client-session-state-max:
description: no description
type: int
ssl-client-session-state-timeout:
description: no description
type: int
ssl-client-session-state-type:
choices:
- disable
- time
- count
- both
description: no description
type: str
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: no description
type: str
ssl-hpkp:
choices:
- disable
- enable
- report-only
description: no description
type: str
ssl-hpkp-age:
description: no description
type: int
ssl-hpkp-backup:
description: no description
type: str
ssl-hpkp-include-subdomains:
choices:
- disable
- enable
description: no description
type: str
ssl-hpkp-primary:
description: no description
type: str
ssl-hpkp-report-uri:
description: no description
type: str
ssl-hsts:
choices:
- disable
- enable
description: no description
type: str
ssl-hsts-age:
description: no description
type: int
ssl-hsts-include-subdomains:
choices:
- disable
- enable
description: no description
type: str
ssl-http-location-conversion:
choices:
- disable
- enable
description: no description
type: str
ssl-http-match-host:
choices:
- disable
- enable
description: no description
type: str
ssl-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: no description
type: str
ssl-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: no description
type: str
ssl-mode:
choices:
- half
- full
description: no description
type: str
ssl-pfs:
choices:
- require
- deny
- allow
description: no description
type: str
ssl-send-empty-frags:
choices:
- disable
- enable
description: no description
type: str
ssl-server-algorithm:
choices:
- high
- low
- medium
- custom
- client
description: no description
type: str
ssl-server-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: no description
type: str
ssl-server-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: no description
type: str
ssl-server-renegotiation:
choices:
- disable
- enable
description: Enable/disable secure renegotiation to comply with RFC 5746.
type: str
ssl-server-session-state-max:
description: no description
type: int
ssl-server-session-state-timeout:
description: no description
type: int
ssl-server-session-state-type:
choices:
- disable
- time
- count
- both
description: no description
type: str
type:
choices:
- static-nat
- server-load-balance
- access-proxy
description: no description
type: str
uuid:
description: no description
type: str
weblogic-server:
choices:
- disable
- enable
description: no description
type: str
websphere-server:
choices:
- disable
- enable
description: no description
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list