Try SpotterSet API Gateway.
| "added in version" 2.1.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Set API Gateway.
fortinet.fortimanager.fmgr_firewall_accessproxy_apigateway:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
access_proxy: <your own value>
state: present # <value in [present, absent]>
firewall_accessproxy_apigateway:
http_cookie_age: <integer>
http_cookie_domain: <string>
http_cookie_domain_from_host: <value in [disable, enable]>
http_cookie_generation: <integer>
http_cookie_path: <string>
http_cookie_share: <value in [disable, same-ip]>
https_cookie_secure: <value in [disable, enable]>
id: <integer>
ldb_method: <value in [static, round-robin, weighted, ...]>
persistence: <value in [none, http-cookie]>
realservers:
-
address: <string>
health_check: <value in [disable, enable]>
health_check_proto: <value in [ping, http, tcp-connect]>
http_host: <string>
id: <integer>
ip: <string>
mappedport: <list or string>
port: <integer>
status: <value in [active, standby, disable]>
weight: <integer>
addr_type: <value in [fqdn, ip]>
domain: <string>
holddown_interval: <value in [disable, enable]>
ssh_client_cert: <string>
ssh_host_key: <list or string>
ssh_host_key_validation: <value in [disable, enable]>
type: <value in [tcp-forwarding, ssh]>
translate_host: <value in [disable, enable]>
external_auth: <value in [disable, enable]>
tunnel_encryption: <value in [disable, enable]>
saml_server: <string>
service: <value in [http, https, tcp-forwarding, ...]>
ssl_algorithm: <value in [high, medium, low, ...]>
ssl_cipher_suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
priority: <integer>
versions:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
ssl_dh_bits: <value in [768, 1024, 1536, ...]>
ssl_max_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]>
ssl_min_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]>
url_map: <string>
url_map_type: <value in [sub-string, wildcard, regex]>
virtual_host: <string>
saml_redirect: <value in [disable, enable]>
ssl_vpn_web_portal: <string>
application: <list or string>
ssl_renegotiation: <value in [disable, enable]>
h2_support: <value in [disable, enable]>
h3_support: <value in [disable, enable]>
quic:
ack_delay_exponent: <integer>
active_connection_id_limit: <integer>
active_migration: <value in [disable, enable]>
grease_quic_bit: <value in [disable, enable]>
max_ack_delay: <integer>
max_datagram_frame_size: <integer>
max_idle_timeout: <integer>
max_udp_payload_size: <integer>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access-proxy:
description: Deprecated, please use "access_proxy"
type: str
access_proxy:
description: The parameter (access-proxy) in requested url.
type: str
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
firewall_accessproxy_apigateway:
description: The top level parameters set.
required: false
suboptions:
application:
description: (list) No description.
type: raw
h2-support:
choices:
- disable
- enable
description: Deprecated, please rename it to h2_support. HTTP2 support, default=Enable.
type: str
h3-support:
choices:
- disable
- enable
description: Deprecated, please rename it to h3_support. HTTP3/QUIC support, default=Disable.
type: str
http-cookie-age:
description: Deprecated, please rename it to http_cookie_age. Time in minutes
that client web browsers should keep a cookie.
type: int
http-cookie-domain:
description: Deprecated, please rename it to http_cookie_domain. Domain that HTTP
cookie persistence should apply to.
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: Deprecated, please rename it to http_cookie_domain_from_host. Enable/disable
use of HTTP cookie domain from host field in ...
type: str
http-cookie-generation:
description: Deprecated, please rename it to http_cookie_generation. Generation
of HTTP cookie to be accepted.
type: int
http-cookie-path:
description: Deprecated, please rename it to http_cookie_path. Limit HTTP cookie
persistence to the specified path.
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: Deprecated, please rename it to http_cookie_share. Control sharing
of cookies across API Gateway.
type: str
https-cookie-secure:
choices:
- disable
- enable
description: Deprecated, please rename it to https_cookie_secure. Enable/disable
verification that inserted HTTPS cookies are secure.
type: str
id:
description: API Gateway ID.
required: true
type: int
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: Deprecated, please rename it to ldb_method. Method used to distribute
sessions to real servers.
type: str
persistence:
choices:
- none
- http-cookie
description: Configure how to make sure that clients connect to the same server
every time they make a request that is part of the same...
type: str
quic:
description: No description.
suboptions:
ack-delay-exponent:
description: Deprecated, please rename it to ack_delay_exponent. ACK delay
exponent
type: int
active-connection-id-limit:
description: Deprecated, please rename it to active_connection_id_limit. Active
connection ID limit
type: int
active-migration:
choices:
- disable
- enable
description: Deprecated, please rename it to active_migration. Enable/disable
active migration
type: str
grease-quic-bit:
choices:
- disable
- enable
description: Deprecated, please rename it to grease_quic_bit. Enable/disable
grease QUIC bit
type: str
max-ack-delay:
description: Deprecated, please rename it to max_ack_delay. Maximum ACK delay
in milliseconds
type: int
max-datagram-frame-size:
description: Deprecated, please rename it to max_datagram_frame_size. Maximum
datagram frame size in bytes
type: int
max-idle-timeout:
description: Deprecated, please rename it to max_idle_timeout. Maximum idle
timeout milliseconds
type: int
max-udp-payload-size:
description: Deprecated, please rename it to max_udp_payload_size. Maximum
UDP payload size in bytes
type: int
type: dict
realservers:
description: No description.
elements: dict
suboptions:
addr-type:
choices:
- fqdn
- ip
description: Deprecated, please rename it to addr_type. Type of address.
type: str
address:
description: Address or address group of the real server.
type: str
domain:
description: Wildcard domain name of the real server.
type: str
external-auth:
choices:
- disable
- enable
description: Deprecated, please rename it to external_auth. Enable/disable
use of external browser as user-agent for SAML user ...
type: str
health-check:
choices:
- disable
- enable
description: Deprecated, please rename it to health_check. Enable to check
the responsiveness of the real server before forward...
type: str
health-check-proto:
choices:
- ping
- http
- tcp-connect
description: Deprecated, please rename it to health_check_proto. Protocol
of the health check monitor to use when polling to de...
type: str
holddown-interval:
choices:
- disable
- enable
description: Deprecated, please rename it to holddown_interval. Enable/disable
holddown timer.
type: str
http-host:
description: Deprecated, please rename it to http_host. HTTP server domain
name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IP address of the real server.
type: str
mappedport:
description: (list or str) Port for communicating with the real server.
type: raw
port:
description: Port for communicating with the real server.
type: int
ssh-client-cert:
description: Deprecated, please rename it to ssh_client_cert. Set access-proxy
SSH client certificate profile.
type: str
ssh-host-key:
description: (list or str) Deprecated, please rename it to ssh_host_key.
type: raw
ssh-host-key-validation:
choices:
- disable
- enable
description: Deprecated, please rename it to ssh_host_key_validation. Enable/disable
SSH real server host key validation.
type: str
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can accept
traffic, or on standby or disabled so no traffic...
type: str
translate-host:
choices:
- disable
- enable
description: Deprecated, please rename it to translate_host. Enable/disable
translation of hostname/IP from virtual server to r...
type: str
tunnel-encryption:
choices:
- disable
- enable
description: Deprecated, please rename it to tunnel_encryption. Tunnel encryption.
type: str
type:
choices:
- tcp-forwarding
- ssh
description: TCP forwarding server type.
type: str
weight:
description: Weight of the real server.
type: int
type: list
saml-redirect:
choices:
- disable
- enable
description: Deprecated, please rename it to saml_redirect. Enable/disable SAML
redirection after successful authentication.
type: str
saml-server:
description: Deprecated, please rename it to saml_server. SAML service provider
configuration for VIP authentication.
type: str
service:
choices:
- http
- https
- tcp-forwarding
- samlsp
- web-portal
- saas
description: Service.
type: str
ssl-algorithm:
choices:
- high
- medium
- low
- custom
description: Deprecated, please rename it to ssl_algorithm. Permitted encryption
algorithms for the server side of SSL full mode sessio...
type: str
ssl-cipher-suites:
description: Deprecated, please rename it to ssl_cipher_suites.
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: No description.
elements: str
type: list
type: list
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: Deprecated, please rename it to ssl_dh_bits. Number of bits to use
in the Diffie-Hellman exchange for RSA encryption of SS...
type: str
ssl-max-version:
choices:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to ssl_max_version. Highest SSL/TLS
version acceptable from a server.
type: str
ssl-min-version:
choices:
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS version
acceptable from a server.
type: str
ssl-renegotiation:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_renegotiation. Enable/disable
secure renegotiation to comply with RFC 5746.
type: str
ssl-vpn-web-portal:
description: Deprecated, please rename it to ssl_vpn_web_portal. SSL-VPN web portal.
type: str
url-map:
description: Deprecated, please rename it to url_map. URL pattern to match.
type: str
url-map-type:
choices:
- sub-string
- wildcard
- regex
description: Deprecated, please rename it to url_map_type. Type of url-map.
type: str
virtual-host:
description: Deprecated, please rename it to virtual_host. Virtual host.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list