Try SpotterConfigure SSL/SSH protocol options.
| "added in version" 1.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure SSL/SSH protocol options.
fortinet.fortimanager.fmgr_firewall_sslsshprofile:
bypass_validation: false
adom: ansible
state: present
firewall_sslsshprofile:
comment: "ansible-comment1"
mapi-over-https: disable # <value in [disable, enable]>
name: "ansible-test"
use-ssl-server: disable # <value in [disable, enable]>
whitelist: enable # <value in [disable, enable]>
- name: Gathering fortimanager facts
hosts: fortimanagers
gather_facts: false
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Retrieve all the SSL/SSH protocol options
fortinet.fortimanager.fmgr_fact:
facts:
selector: "firewall_sslsshprofile"
params:
adom: "ansible"
ssl-ssh-profile: "your_value"
adom:
description: The parameter (adom) in requested url.
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
firewall_sslsshprofile:
description: The top level parameters set.
required: false
suboptions:
allowlist:
choices:
- disable
- enable
description: Enable/disable exempting servers by FortiGuard allowlist.
type: str
block-blacklisted-certificates:
choices:
- disable
- enable
description: Deprecated, please rename it to block_blacklisted_certificates. Enable/disable
blocking SSL-based botnet communication by ...
type: str
block-blocklisted-certificates:
choices:
- disable
- enable
description: Deprecated, please rename it to block_blocklisted_certificates. Enable/disable
blocking SSL-based botnet communication by ...
type: str
caname:
description: CA certificate used by SSL Inspection.
type: str
certname:
description: Certificate containing the key to use when re-signing server certificates
for SSL inspection.
type: str
comment:
description: Optional comments.
type: str
dot:
description: No description.
suboptions:
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version.
type: str
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been es...
type: str
quic:
choices:
- disable
- enable
- bypass
- block
- inspect
description: Enable/disable QUIC inspection
type: str
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- enable
- strict
- disable
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl-cipher:
choices:
- block
- allow
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- block
- allow
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
ftps:
description: No description.
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When
enabled, allows SSL sessions whose server certific...
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or
block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version. Minimum
SSL version to be allowed.
type: str
ports:
description: (list) Ports to use for scanning
type: raw
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based
on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
https:
description: No description.
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When
enabled, allows SSL sessions whose server certific...
type: str
cert-probe-failure:
choices:
- block
- allow
description: Deprecated, please rename it to cert_probe_failure. Action based
on certificate probe failure.
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or
block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version. Minimum
SSL version to be allowed.
type: str
ports:
description: (list) Ports to use for scanning
type: raw
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been es...
type: str
quic:
choices:
- disable
- enable
- bypass
- block
- inspect
description: Enable/disable QUIC inspection
type: str
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
status:
choices:
- disable
- certificate-inspection
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based
on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
imaps:
description: No description.
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When
enabled, allows SSL sessions whose server certific...
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or
block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version.
type: str
ports:
description: (list) Ports to use for scanning
type: raw
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been es...
type: str
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based
on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
mapi-over-https:
choices:
- disable
- enable
description: Deprecated, please rename it to mapi_over_https. Enable/disable inspection
of MAPI over HTTPS.
type: str
name:
description: Name.
required: true
type: str
pop3s:
description: No description.
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When
enabled, allows SSL sessions whose server certific...
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or
block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version.
type: str
ports:
description: (list) Ports to use for scanning
type: raw
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been es...
type: str
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based
on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
rpc-over-https:
choices:
- disable
- enable
description: Deprecated, please rename it to rpc_over_https. Enable/disable inspection
of RPC over HTTPS.
type: str
server-cert:
description: (list or str) Deprecated, please rename it to server_cert. Certificate
used by SSL Inspection to replace server certificate.
type: raw
server-cert-mode:
choices:
- re-sign
- replace
description: Deprecated, please rename it to server_cert_mode. Re-sign or replace
the servers certificate.
type: str
smtps:
description: No description.
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When
enabled, allows SSL sessions whose server certific...
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or
block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version.
type: str
ports:
description: (list) Ports to use for scanning
type: raw
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been es...
type: str
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based
on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
ssh:
description: No description.
suboptions:
block:
choices:
- x11-filter
- ssh-shell
- exec
- port-forward
description: No description.
elements: str
type: list
inspect-all:
choices:
- disable
- deep-inspection
description: Deprecated, please rename it to inspect_all. Level of SSL inspection.
type: str
log:
choices:
- x11-filter
- ssh-shell
- exec
- port-forward
description: No description.
elements: str
type: list
ports:
description: (list) Ports to use for scanning
type: raw
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been es...
type: str
ssh-algorithm:
choices:
- compatible
- high-encryption
description: Deprecated, please rename it to ssh_algorithm. Relative strength
of encryption algorithms accepted during negotiation.
type: str
ssh-policy-check:
choices:
- disable
- enable
description: Deprecated, please rename it to ssh_policy_check. Enable/disable
SSH policy check.
type: str
ssh-tun-policy-check:
choices:
- disable
- enable
description: Deprecated, please rename it to ssh_tun_policy_check. Enable/disable
SSH tunnel policy check.
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-version:
choices:
- block
- bypass
description: Deprecated, please rename it to unsupported_version. Action based
on SSH version being unsupported.
type: str
type: dict
ssl:
description: No description.
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When
enabled, allows SSL sessions whose server certific...
type: str
cert-probe-failure:
choices:
- block
- allow
description: Deprecated, please rename it to cert_probe_failure. Action based
on certificate probe failure.
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action
based on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action
based on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
inspect-all:
choices:
- disable
- certificate-inspection
- deep-inspection
description: Deprecated, please rename it to inspect_all. Level of SSL inspection.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or
block the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version. Minimum
SSL version to be allowed.
type: str
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check
the SNI in the client hello message with the CN or SA...
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based
on the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action
based on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation.
Action based on the SSL negotiation used being unsupp...
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action
based on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Action
based on server certificate is not issued by a trust...
type: str
type: dict
ssl-anomalies-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_anomalies_log. Enable/disable
logging SSL anomalies.
type: str
ssl-anomaly-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_anomaly_log. Enable/disable logging
of SSL anomalies.
type: str
ssl-exempt:
description: Deprecated, please rename it to ssl_exempt. Ssl-Exempt.
elements: dict
suboptions:
address:
description: IPv4 address object.
type: str
address6:
description: IPv6 address object.
type: str
fortiguard-category:
description: Deprecated, please rename it to fortiguard_category. FortiGuard
category ID.
type: str
id:
description: ID number.
type: int
regex:
description: Exempt servers by regular expression.
type: str
type:
choices:
- fortiguard-category
- address
- address6
- wildcard-fqdn
- regex
- finger-print
description: Type of address object
type: str
wildcard-fqdn:
description: Deprecated, please rename it to wildcard_fqdn. Exempt servers
by wildcard FQDN.
type: str
type: list
ssl-exemption-ip-rating:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_exemption_ip_rating. Enable/disable
IP based URL rating.
type: str
ssl-exemption-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_exemption_log. Enable/disable
logging SSL exemptions.
type: str
ssl-exemptions-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_exemptions_log. Enable/disable
logging SSL exemptions.
type: str
ssl-handshake-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_handshake_log. Enable/disable
logging of TLS handshakes.
type: str
ssl-invalid-server-cert-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_invalid_server_cert_log. Enable/disable
SSL server certificate validation logging.
type: str
ssl-negotiation-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_negotiation_log. Enable/disable
logging SSL negotiation.
type: str
ssl-server:
description: Deprecated, please rename it to ssl_server. Ssl-Server.
elements: dict
suboptions:
ftps-client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to ftps_client_cert_request. Action
based on client certificate request during the FT...
type: str
ftps-client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to ftps_client_certificate. Action
based on received client certificate during the FT...
type: str
https-client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to https_client_cert_request. Action
based on client certificate request during the H...
type: str
https-client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to https_client_certificate. Action
based on received client certificate during the H...
type: str
id:
description: SSL server ID.
type: int
imaps-client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to imaps_client_cert_request. Action
based on client certificate request during the I...
type: str
imaps-client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to imaps_client_certificate. Action
based on received client certificate during the I...
type: str
ip:
description: IPv4 address of the SSL server.
type: str
pop3s-client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to pop3s_client_cert_request. Action
based on client certificate request during the P...
type: str
pop3s-client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to pop3s_client_certificate. Action
based on received client certificate during the P...
type: str
smtps-client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to smtps_client_cert_request. Action
based on client certificate request during the S...
type: str
smtps-client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to smtps_client_certificate. Action
based on received client certificate during the S...
type: str
ssl-other-client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to ssl_other_client_cert_request.
Action based on client certificate request during a...
type: str
ssl-other-client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to ssl_other_client_certificate.
Action based on received client certificate during a...
type: str
type: list
ssl-server-cert-log:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_server_cert_log. Enable/disable
logging of server certificate information.
type: str
supported-alpn:
choices:
- none
- http1-1
- http2
- all
description: Deprecated, please rename it to supported_alpn. Configure ALPN option.
type: str
untrusted-caname:
description: Deprecated, please rename it to untrusted_caname. Untrusted CA certificate
used by SSL Inspection.
type: str
use-ssl-server:
choices:
- disable
- enable
description: Deprecated, please rename it to use_ssl_server. Enable/disable the
use of SSL server table for SSL offloading.
type: str
whitelist:
choices:
- disable
- enable
description: Enable/disable exempting servers by FortiGuard whitelist.
type: str
type: dict
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list