fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_firewall_accessproxy_apigateway Set API Gateway. | "added in version" 2.1.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_firewall_accessproxy_apigateway (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Set API Gateway. fortinet.fortimanager.fmgr_firewall_accessproxy_apigateway: # bypass_validation: false workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] adom: <your own value> access_proxy: <your own value> state: present # <value in [present, absent]> firewall_accessproxy_apigateway: http_cookie_age: <integer> http_cookie_domain: <string> http_cookie_domain_from_host: <value in [disable, enable]> http_cookie_generation: <integer> http_cookie_path: <string> http_cookie_share: <value in [disable, same-ip]> https_cookie_secure: <value in [disable, enable]> id: <integer> ldb_method: <value in [static, round-robin, weighted, ...]> persistence: <value in [none, http-cookie]> realservers: - address: <string> health_check: <value in [disable, enable]> health_check_proto: <value in [ping, http, tcp-connect]> http_host: <string> id: <integer> ip: <string> mappedport: <list or string> port: <integer> status: <value in [active, standby, disable]> weight: <integer> addr_type: <value in [fqdn, ip]> domain: <string> holddown_interval: <value in [disable, enable]> ssh_client_cert: <string> ssh_host_key: <list or string> ssh_host_key_validation: <value in [disable, enable]> type: <value in [tcp-forwarding, ssh]> translate_host: <value in [disable, enable]> external_auth: <value in [disable, enable]> tunnel_encryption: <value in [disable, enable]> saml_server: <string> service: <value in [http, https, tcp-forwarding, ...]> ssl_algorithm: <value in [high, medium, low, ...]> ssl_cipher_suites: - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]> priority: <integer> versions: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 ssl_dh_bits: <value in [768, 1024, 1536, ...]> ssl_max_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> ssl_min_version: <value in [tls-1.0, tls-1.1, tls-1.2, ...]> url_map: <string> url_map_type: <value in [sub-string, wildcard, regex]> virtual_host: <string> saml_redirect: <value in [disable, enable]> ssl_vpn_web_portal: <string> application: <list or string> ssl_renegotiation: <value in [disable, enable]> h2_support: <value in [disable, enable]> h3_support: <value in [disable, enable]> quic: ack_delay_exponent: <integer> active_connection_id_limit: <integer> active_migration: <value in [disable, enable]> grease_quic_bit: <value in [disable, enable]> max_ack_delay: <integer> max_datagram_frame_size: <integer> max_idle_timeout: <integer> max_udp_payload_size: <integer>
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access-proxy: description: Deprecated, please use "access_proxy" type: str access_proxy: description: The parameter (access-proxy) in requested url. type: str access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int firewall_accessproxy_apigateway: description: The top level parameters set. required: false suboptions: application: description: (list) No description. type: raw h2-support: choices: - disable - enable description: Deprecated, please rename it to h2_support. HTTP2 support, default=Enable. type: str h3-support: choices: - disable - enable description: Deprecated, please rename it to h3_support. HTTP3/QUIC support, default=Disable. type: str http-cookie-age: description: Deprecated, please rename it to http_cookie_age. Time in minutes that client web browsers should keep a cookie. type: int http-cookie-domain: description: Deprecated, please rename it to http_cookie_domain. Domain that HTTP cookie persistence should apply to. type: str http-cookie-domain-from-host: choices: - disable - enable description: Deprecated, please rename it to http_cookie_domain_from_host. Enable/disable use of HTTP cookie domain from host field in ... type: str http-cookie-generation: description: Deprecated, please rename it to http_cookie_generation. Generation of HTTP cookie to be accepted. type: int http-cookie-path: description: Deprecated, please rename it to http_cookie_path. Limit HTTP cookie persistence to the specified path. type: str http-cookie-share: choices: - disable - same-ip description: Deprecated, please rename it to http_cookie_share. Control sharing of cookies across API Gateway. type: str https-cookie-secure: choices: - disable - enable description: Deprecated, please rename it to https_cookie_secure. Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: API Gateway ID. required: true type: int ldb-method: choices: - static - round-robin - weighted - least-session - least-rtt - first-alive - http-host description: Deprecated, please rename it to ldb_method. Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: Configure how to make sure that clients connect to the same server every time they make a request that is part of the same... type: str quic: description: No description. suboptions: ack-delay-exponent: description: Deprecated, please rename it to ack_delay_exponent. ACK delay exponent type: int active-connection-id-limit: description: Deprecated, please rename it to active_connection_id_limit. Active connection ID limit type: int active-migration: choices: - disable - enable description: Deprecated, please rename it to active_migration. Enable/disable active migration type: str grease-quic-bit: choices: - disable - enable description: Deprecated, please rename it to grease_quic_bit. Enable/disable grease QUIC bit type: str max-ack-delay: description: Deprecated, please rename it to max_ack_delay. Maximum ACK delay in milliseconds type: int max-datagram-frame-size: description: Deprecated, please rename it to max_datagram_frame_size. Maximum datagram frame size in bytes type: int max-idle-timeout: description: Deprecated, please rename it to max_idle_timeout. Maximum idle timeout milliseconds type: int max-udp-payload-size: description: Deprecated, please rename it to max_udp_payload_size. Maximum UDP payload size in bytes type: int type: dict realservers: description: No description. elements: dict suboptions: addr-type: choices: - fqdn - ip description: Deprecated, please rename it to addr_type. Type of address. type: str address: description: Address or address group of the real server. type: str domain: description: Wildcard domain name of the real server. type: str external-auth: choices: - disable - enable description: Deprecated, please rename it to external_auth. Enable/disable use of external browser as user-agent for SAML user ... type: str health-check: choices: - disable - enable description: Deprecated, please rename it to health_check. Enable to check the responsiveness of the real server before forward... type: str health-check-proto: choices: - ping - http - tcp-connect description: Deprecated, please rename it to health_check_proto. Protocol of the health check monitor to use when polling to de... type: str holddown-interval: choices: - disable - enable description: Deprecated, please rename it to holddown_interval. Enable/disable holddown timer. type: str http-host: description: Deprecated, please rename it to http_host. HTTP server domain name in HTTP header. type: str id: description: Real server ID. type: int ip: description: IP address of the real server. type: str mappedport: description: (list or str) Port for communicating with the real server. type: raw port: description: Port for communicating with the real server. type: int ssh-client-cert: description: Deprecated, please rename it to ssh_client_cert. Set access-proxy SSH client certificate profile. type: str ssh-host-key: description: (list or str) Deprecated, please rename it to ssh_host_key. type: raw ssh-host-key-validation: choices: - disable - enable description: Deprecated, please rename it to ssh_host_key_validation. Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic... type: str translate-host: choices: - disable - enable description: Deprecated, please rename it to translate_host. Enable/disable translation of hostname/IP from virtual server to r... type: str tunnel-encryption: choices: - disable - enable description: Deprecated, please rename it to tunnel_encryption. Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: TCP forwarding server type. type: str weight: description: Weight of the real server. type: int type: list saml-redirect: choices: - disable - enable description: Deprecated, please rename it to saml_redirect. Enable/disable SAML redirection after successful authentication. type: str saml-server: description: Deprecated, please rename it to saml_server. SAML service provider configuration for VIP authentication. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: Service. type: str ssl-algorithm: choices: - high - medium - low - custom description: Deprecated, please rename it to ssl_algorithm. Permitted encryption algorithms for the server side of SSL full mode sessio... type: str ssl-cipher-suites: description: Deprecated, please rename it to ssl_cipher_suites. elements: dict suboptions: cipher: choices: - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-RSA-WITH-DES-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA description: Cipher suite name. type: str priority: description: SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: No description. elements: str type: list type: list ssl-dh-bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: Deprecated, please rename it to ssl_dh_bits. Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SS... type: str ssl-max-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to ssl_max_version. Highest SSL/TLS version acceptable from a server. type: str ssl-min-version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS version acceptable from a server. type: str ssl-renegotiation: choices: - disable - enable description: Deprecated, please rename it to ssl_renegotiation. Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl-vpn-web-portal: description: Deprecated, please rename it to ssl_vpn_web_portal. SSL-VPN web portal. type: str url-map: description: Deprecated, please rename it to url_map. URL pattern to match. type: str url-map-type: choices: - sub-string - wildcard - regex description: Deprecated, please rename it to url_map_type. Type of url-map. type: str virtual-host: description: Deprecated, please rename it to virtual_host. Virtual host. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list