fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_firewall_accessproxy Configure Access Proxy. | "added in version" 2.1.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_firewall_accessproxy (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure Access Proxy. fortinet.fortimanager.fmgr_firewall_accessproxy: # bypass_validation: false workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] adom: <your own value> state: present # <value in [present, absent]> firewall_accessproxy: api_gateway: - http_cookie_age: <integer> http_cookie_domain: <string> http_cookie_domain_from_host: <value in [disable, enable]> http_cookie_generation: <integer> http_cookie_path: <string> http_cookie_share: <value in [disable, same-ip]> https_cookie_secure: <value in [disable, enable]> id: <integer> ldb_method: <value in [static, round-robin, weighted, ...]> persistence: <value in [none, http-cookie]> realservers: - address: <string> health_check: <value in [disable, enable]> health_check_proto: <value in [ping, http, tcp-connect]> http_host: <string> id: <integer> ip: <string> mappedport: <list or string> port: <integer> status: <value in [active, standby, disable]> weight: <integer> addr_type: <value in [fqdn, ip]> domain: <string> holddown_interval: <value in [disable, enable]> ssh_client_cert: <string> ssh_host_key: <list or string> ssh_host_key_validation: <value in [disable, enable]> type: <value in [tcp-forwarding, ssh]> translate_host: <value in [disable, enable]> external_auth: <value in [disable, enable]> tunnel_encryption: <value in [disable, enable]> saml_server: <string> service: <value in [http, https, tcp-forwarding, ...]> ssl_algorithm: <value in [high, medium, low, ...]> ssl_cipher_suites: - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]> priority: <integer> versions: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 ssl_dh_bits: <value in [768, 1024, 1536, ...]> ssl_max_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl_min_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> url_map: <string> url_map_type: <value in [sub-string, wildcard, regex]> virtual_host: <string> saml_redirect: <value in [disable, enable]> ssl_vpn_web_portal: <string> application: <list or string> ssl_renegotiation: <value in [disable, enable]> h2_support: <value in [disable, enable]> h3_support: <value in [disable, enable]> quic: ack_delay_exponent: <integer> active_connection_id_limit: <integer> active_migration: <value in [disable, enable]> grease_quic_bit: <value in [disable, enable]> max_ack_delay: <integer> max_datagram_frame_size: <integer> max_idle_timeout: <integer> max_udp_payload_size: <integer> client_cert: <value in [disable, enable]> empty_cert_action: <value in [block, accept, accept-unmanageable]> ldb_method: <value in [static, round-robin, weighted, ...]> name: <string> realservers: - id: <integer> ip: <string> port: <integer> status: <value in [active, standby, disable]> weight: <integer> server_pubkey_auth: <value in [disable, enable]> server_pubkey_auth_settings: auth_ca: <string> cert_extension: - critical: <value in [no, yes]> data: <string> name: <string> type: <value in [fixed, user]> permit_agent_forwarding: <value in [disable, enable]> permit_port_forwarding: <value in [disable, enable]> permit_pty: <value in [disable, enable]> permit_user_rc: <value in [disable, enable]> permit_x11_forwarding: <value in [disable, enable]> source_address: <value in [disable, enable]> vip: <string> api_gateway6: - http_cookie_age: <integer> http_cookie_domain: <string> http_cookie_domain_from_host: <value in [disable, enable]> http_cookie_generation: <integer> http_cookie_path: <string> http_cookie_share: <value in [disable, same-ip]> https_cookie_secure: <value in [disable, enable]> id: <integer> ldb_method: <value in [static, round-robin, weighted, ...]> persistence: <value in [none, http-cookie]> realservers: - addr_type: <value in [fqdn, ip]> address: <string> domain: <string> health_check: <value in [disable, enable]> health_check_proto: <value in [ping, http, tcp-connect]> holddown_interval: <value in [disable, enable]> http_host: <string> id: <integer> ip: <string> mappedport: <list or string> port: <integer> ssh_client_cert: <string> ssh_host_key: <list or string> ssh_host_key_validation: <value in [disable, enable]> status: <value in [active, standby, disable]> type: <value in [tcp-forwarding, ssh]> weight: <integer> translate_host: <value in [disable, enable]> external_auth: <value in [disable, enable]> tunnel_encryption: <value in [disable, enable]> saml_redirect: <value in [disable, enable]> saml_server: <string> service: <value in [http, https, tcp-forwarding, ...]> ssl_algorithm: <value in [high, medium, low]> ssl_cipher_suites: - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]> priority: <integer> versions: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 ssl_dh_bits: <value in [768, 1024, 1536, ...]> ssl_max_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl_min_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl_vpn_web_portal: <string> url_map: <string> url_map_type: <value in [sub-string, wildcard, regex]> virtual_host: <string> application: <list or string> ssl_renegotiation: <value in [disable, enable]> h2_support: <value in [disable, enable]> h3_support: <value in [disable, enable]> quic: ack_delay_exponent: <integer> active_connection_id_limit: <integer> active_migration: <value in [disable, enable]> grease_quic_bit: <value in [disable, enable]> max_ack_delay: <integer> max_datagram_frame_size: <integer> max_idle_timeout: <integer> max_udp_payload_size: <integer> auth_portal: <value in [disable, enable]> auth_virtual_host: <string> decrypted_traffic_mirror: <string> log_blocked_traffic: <value in [disable, enable]> add_vhost_domain_to_dnsdb: <value in [disable, enable]> user_agent_detect: <value in [disable, enable]> http_supported_max_version: <value in [http1, http2]> svr_pool_multiplex: <value in [disable, enable]> svr_pool_server_max_request: <integer> svr_pool_ttl: <integer> svr_pool_server_max_concurrent_request: <integer>
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool firewall_accessproxy: description: The top level parameters set. required: false suboptions: add-vhost-domain-to-dnsdb: choices: - disable - enable description: Deprecated, please rename it to add_vhost_domain_to_dnsdb. Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str api-gateway: description: Deprecated, please rename it to api_gateway. Api-Gateway. elements: dict suboptions: application: description: (list) No description. type: raw h2-support: choices: - disable - enable description: Deprecated, please rename it to h2_support. HTTP2 support, default=Enable. type: str h3-support: choices: - disable - enable description: Deprecated, please rename it to h3_support. HTTP3/QUIC support, default=Disable. type: str http-cookie-age: description: Deprecated, please rename it to http_cookie_age. Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Deprecated, please rename it to http_cookie_domain. Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Deprecated, please rename it to http_cookie_domain_from_host. Enable/disable use of HTTP cookie domain from host f... type: str http-cookie-generation: description: Deprecated, please rename it to http_cookie_generation. Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Deprecated, please rename it to http_cookie_path. Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Deprecated, please rename it to http_cookie_share. Control sharing of cookies across API Gateway. type: str https-cookie-secure: choices: - disable - enable description: Deprecated, please rename it to https_cookie_secure. Enable/disable verification that inserted HTTPS cookies are s... type: str id: description: API Gateway ID. type: int ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Deprecated, please rename it to ldb_method. Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: Configure how to make sure that clients connect to the same server every time they make a request that is part of ... type: str quic: description: No description. suboptions: ack-delay-exponent: description: Deprecated, please rename it to ack_delay_exponent. ACK delay exponent type: int active-connection-id-limit: description: Deprecated, please rename it to active_connection_id_limit. Active connection ID limit type: int active-migration: choices: - disable - enable description: Deprecated, please rename it to active_migration. Enable/disable active migration type: str grease-quic-bit: choices: - disable - enable description: Deprecated, please rename it to grease_quic_bit. Enable/disable grease QUIC bit type: str max-ack-delay: description: Deprecated, please rename it to max_ack_delay. Maximum ACK delay in milliseconds type: int max-datagram-frame-size: description: Deprecated, please rename it to max_datagram_frame_size. Maximum datagram frame size in bytes type: int max-idle-timeout: description: Deprecated, please rename it to max_idle_timeout. Maximum idle timeout milliseconds type: int max-udp-payload-size: description: Deprecated, please rename it to max_udp_payload_size. Maximum UDP payload size in bytes type: int type: dict realservers: description: Realservers. elements: dict suboptions: addr-type: choices: - fqdn - ip description: Deprecated, please rename it to addr_type. Type of address. type: str address: description: Address or address group of the real server. type: str domain: description: Wildcard domain name of the real server. type: str external-auth: choices: - disable - enable description: Deprecated, please rename it to external_auth. Enable/disable use of external browser as user-agent for SA... type: str health-check: choices: - disable - enable description: Deprecated, please rename it to health_check. Enable to check the responsiveness of the real server before... type: str health-check-proto: choices: - ping - http - tcp-connect description: Deprecated, please rename it to health_check_proto. Protocol of the health check monitor to use when polli... type: str holddown-interval: choices: - disable - enable description: Deprecated, please rename it to holddown_interval. Enable/disable holddown timer. type: str http-host: description: Deprecated, please rename it to http_host. HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str mappedport: description: (list or str) Port for communicating with the real server. type: raw port: description: Port for communicating with the real server. type: int ssh-client-cert: description: Deprecated, please rename it to ssh_client_cert. Set access-proxy SSH client certificate profile. type: str ssh-host-key: description: (list or str) Deprecated, please rename it to ssh_host_key. type: raw ssh-host-key-validation: choices: - disable - enable description: Deprecated, please rename it to ssh_host_key_validation. Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no... type: str translate-host: choices: - disable - enable description: Deprecated, please rename it to translate_host. Enable/disable translation of hostname/IP from virtual ser... type: str tunnel-encryption: choices: - disable - enable description: Deprecated, please rename it to tunnel_encryption. Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: TCP forwarding server type. type: str weight: description: Weight of the real server. type: int type: list saml-redirect: choices: - disable - enable description: Deprecated, please rename it to saml_redirect. Enable/disable SAML redirection after successful authentication. type: str saml-server: description: Deprecated, please rename it to saml_server. SAML service provider configuration for VIP authentication. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: Service. type: str ssl-algorithm: choices: - high - medium - low - custom description: Deprecated, please rename it to ssl_algorithm. Permitted encryption algorithms for the server side of SSL full mod... type: str ssl-cipher-suites: description: Deprecated, please rename it to ssl_cipher_suites. Ssl-Cipher-Suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Deprecated, please rename it to ssl_dh_bits. Number of bits to use in the Diffie-Hellman exchange for RSA encrypti... type: str ssl-max-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to ssl_max_version. Highest SSL/TLS version acceptable from a server. type: str ssl-min-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS version acceptable from a server. type: str ssl-renegotiation: choices: - disable - enable description: Deprecated, please rename it to ssl_renegotiation. Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-vpn-web-portal: description: Deprecated, please rename it to ssl_vpn_web_portal. SSL-VPN web portal. type: str url-map: description: Deprecated, please rename it to url_map. URL pattern to match. type: str url-map-type: choices: - sub-string - wildcard - regex description: Deprecated, please rename it to url_map_type. Type of url-map. type: str virtual-host: description: Deprecated, please rename it to virtual_host. Virtual host. type: str type: list api-gateway6: description: Deprecated, please rename it to api_gateway6. elements: dict suboptions: application: description: (list) No description. type: raw h2-support: choices: - disable - enable description: Deprecated, please rename it to h2_support. HTTP2 support, default=Enable. type: str h3-support: choices: - disable - enable description: Deprecated, please rename it to h3_support. HTTP3/QUIC support, default=Disable. type: str http-cookie-age: description: Deprecated, please rename it to http_cookie_age. Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Deprecated, please rename it to http_cookie_domain. Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Deprecated, please rename it to http_cookie_domain_from_host. Enable/disable use of HTTP cookie domain from host f... type: str http-cookie-generation: description: Deprecated, please rename it to http_cookie_generation. Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Deprecated, please rename it to http_cookie_path. Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Deprecated, please rename it to http_cookie_share. Control sharing of cookies across API Gateway. type: str https-cookie-secure: choices: - disable - enable description: Deprecated, please rename it to https_cookie_secure. Enable/disable verification that inserted HTTPS cookies are s... type: str id: description: API Gateway ID. type: int ldb-method: choices: - static - round-robin - weighted - first-alive - http-host description: Deprecated, please rename it to ldb_method. Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: Configure how to make sure that clients connect to the same server every time they make a request that is part of ... type: str quic: description: No description. suboptions: ack-delay-exponent: description: Deprecated, please rename it to ack_delay_exponent. ACK delay exponent type: int active-connection-id-limit: description: Deprecated, please rename it to active_connection_id_limit. Active connection ID limit type: int active-migration: choices: - disable - enable description: Deprecated, please rename it to active_migration. Enable/disable active migration type: str grease-quic-bit: choices: - disable - enable description: Deprecated, please rename it to grease_quic_bit. Enable/disable grease QUIC bit type: str max-ack-delay: description: Deprecated, please rename it to max_ack_delay. Maximum ACK delay in milliseconds type: int max-datagram-frame-size: description: Deprecated, please rename it to max_datagram_frame_size. Maximum datagram frame size in bytes type: int max-idle-timeout: description: Deprecated, please rename it to max_idle_timeout. Maximum idle timeout milliseconds type: int max-udp-payload-size: description: Deprecated, please rename it to max_udp_payload_size. Maximum UDP payload size in bytes type: int type: dict realservers: description: No description. elements: dict suboptions: addr-type: choices: - fqdn - ip description: Deprecated, please rename it to addr_type. Type of address. type: str address: description: Address or address group of the real server. type: str domain: description: Wildcard domain name of the real server. type: str external-auth: choices: - disable - enable description: Deprecated, please rename it to external_auth. Enable/disable use of external browser as user-agent for SA... type: str health-check: choices: - disable - enable description: Deprecated, please rename it to health_check. Enable to check the responsiveness of the real server before... type: str health-check-proto: choices: - ping - http - tcp-connect description: Deprecated, please rename it to health_check_proto. Protocol of the health check monitor to use when polli... type: str holddown-interval: choices: - disable - enable description: Deprecated, please rename it to holddown_interval. Enable/disable holddown timer. type: str http-host: description: Deprecated, please rename it to http_host. HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IPv6 address of the real server. type: str mappedport: description: (list or str) Port for communicating with the real server. type: raw port: description: Port for communicating with the real server. type: int ssh-client-cert: description: Deprecated, please rename it to ssh_client_cert. Set access-proxy SSH client certificate profile. type: str ssh-host-key: description: (list or str) Deprecated, please rename it to ssh_host_key. type: raw ssh-host-key-validation: choices: - disable - enable description: Deprecated, please rename it to ssh_host_key_validation. Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no... type: str translate-host: choices: - disable - enable description: Deprecated, please rename it to translate_host. Enable/disable translation of hostname/IP from virtual ser... type: str tunnel-encryption: choices: - disable - enable description: Deprecated, please rename it to tunnel_encryption. Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: TCP forwarding server type. type: str weight: description: Weight of the real server. type: int type: list saml-redirect: choices: - disable - enable description: Deprecated, please rename it to saml_redirect. Enable/disable SAML redirection after successful authentication. type: str saml-server: description: Deprecated, please rename it to saml_server. SAML service provider configuration for VIP authentication. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: Service. type: str ssl-algorithm: choices: - high - medium - low description: Deprecated, please rename it to ssl_algorithm. Permitted encryption algorithms for the server side of SSL full mod... type: str ssl-cipher-suites: description: Deprecated, please rename it to ssl_cipher_suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: No description. elements: str type: list type: list ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Deprecated, please rename it to ssl_dh_bits. Number of bits to use in the Diffie-Hellman exchange for RSA encrypti... type: str ssl-max-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to ssl_max_version. Highest SSL/TLS version acceptable from a server. type: str ssl-min-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS version acceptable from a server. type: str ssl-renegotiation: choices: - disable - enable description: Deprecated, please rename it to ssl_renegotiation. Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-vpn-web-portal: description: Deprecated, please rename it to ssl_vpn_web_portal. SSL-VPN web portal. type: str url-map: description: Deprecated, please rename it to url_map. URL pattern to match. type: str url-map-type: choices: - sub-string - wildcard - regex description: Deprecated, please rename it to url_map_type. Type of url-map. type: str virtual-host: description: Deprecated, please rename it to virtual_host. Virtual host. type: str type: list auth-portal: choices: - disable - enable description: Deprecated, please rename it to auth_portal. Enable/disable authentication portal. type: str auth-virtual-host: description: Deprecated, please rename it to auth_virtual_host. Virtual host for authentication portal. type: str client-cert: choices: - disable - enable description: Deprecated, please rename it to client_cert. Enable/disable to request client certificate. type: str decrypted-traffic-mirror: description: Deprecated, please rename it to decrypted_traffic_mirror. Decrypted traffic mirror. type: str empty-cert-action: choices: - block - accept - accept-unmanageable description: Deprecated, please rename it to empty_cert_action. Action of an empty client certificate. type: str http-supported-max-version: choices: - http1 - http2 description: Deprecated, please rename it to http_supported_max_version. Maximum supported HTTP versions. type: str ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive description: Deprecated, please rename it to ldb_method. Method used to distribute sessions to SSL real servers. type: str log-blocked-traffic: choices: - disable - enable description: Deprecated, please rename it to log_blocked_traffic. Enable/disable logging of blocked traffic. type: str name: description: Access Proxy name. required: true type: str realservers: description: Realservers. elements: dict suboptions: id: description: Real server ID. type: int ip: description: IP address of the real server. type: str port: description: Port for communicating with the real server. type: int status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic... type: str weight: description: Weight of the real server. type: int type: list server-pubkey-auth: choices: - disable - enable description: Deprecated, please rename it to server_pubkey_auth. Enable/disable SSH real server public key authentication. type: str server-pubkey-auth-settings: description: Deprecated, please rename it to server_pubkey_auth_settings. suboptions: auth-ca: description: Deprecated, please rename it to auth_ca. Name of the SSH server public key authentication CA. type: str cert-extension: description: Deprecated, please rename it to cert_extension. Cert-Extension. elements: dict suboptions: critical: choices: - 'no' - 'yes' description: Critical option. type: str data: description: Name of certificate extension. type: str name: description: Name of certificate extension. type: str type: choices: - fixed - user description: Type of certificate extension. type: str type: list permit-agent-forwarding: choices: - disable - enable description: Deprecated, please rename it to permit_agent_forwarding. Enable/disable appending permit-agent-forwarding certific... type: str permit-port-forwarding: choices: - disable - enable description: Deprecated, please rename it to permit_port_forwarding. Enable/disable appending permit-port-forwarding certificat... type: str permit-pty: choices: - disable - enable description: Deprecated, please rename it to permit_pty. Enable/disable appending permit-pty certificate extension. type: str permit-user-rc: choices: - disable - enable description: Deprecated, please rename it to permit_user_rc. Enable/disable appending permit-user-rc certificate extension. type: str permit-x11-forwarding: choices: - disable - enable description: Deprecated, please rename it to permit_x11_forwarding. Enable/disable appending permit-x11-forwarding certificate ... type: str source-address: choices: - disable - enable description: Deprecated, please rename it to source_address. Enable/disable appending source-address certificate critical option. type: str type: dict svr-pool-multiplex: choices: - disable - enable description: Deprecated, please rename it to svr_pool_multiplex. Enable/disable server pool multiplexing. type: str svr-pool-server-max-concurrent-request: description: Deprecated, please rename it to svr_pool_server_max_concurrent_request. Maximum number of concurrent requests that servers... type: int svr-pool-server-max-request: description: Deprecated, please rename it to svr_pool_server_max_request. Maximum number of requests that servers in server pool handle... type: int svr-pool-ttl: description: Deprecated, please rename it to svr_pool_ttl. Time-to-live in the server pool for idle connections to servers. type: int user-agent-detect: choices: - disable - enable description: Deprecated, please rename it to user_agent_detect. Enable/disable to detect device type by HTTP user-agent if no client ce... type: str vip: description: Virtual IP name. type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list