fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_firewall_sslsshprofile Configure SSL/SSH protocol options. | "added in version" 1.0.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_firewall_sslsshprofile (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure SSL/SSH protocol options. fortinet.fortimanager.fmgr_firewall_sslsshprofile: bypass_validation: false adom: ansible state: present firewall_sslsshprofile: comment: "ansible-comment1" mapi-over-https: disable # <value in [disable, enable]> name: "ansible-test" use-ssl-server: disable # <value in [disable, enable]> whitelist: enable # <value in [disable, enable]>
- name: Gathering fortimanager facts hosts: fortimanagers gather_facts: false connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Retrieve all the SSL/SSH protocol options fortinet.fortimanager.fmgr_fact: facts: selector: "firewall_sslsshprofile" params: adom: "ansible" ssl-ssh-profile: "your_value"
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool firewall_sslsshprofile: description: The top level parameters set. required: false suboptions: allowlist: choices: - disable - enable description: Enable/disable exempting servers by FortiGuard allowlist. type: str block-blacklisted-certificates: choices: - disable - enable description: Deprecated, please rename it to block_blacklisted_certificates. Enable/disable blocking SSL-based botnet communication by ... type: str block-blocklisted-certificates: choices: - disable - enable description: Deprecated, please rename it to block_blocklisted_certificates. Enable/disable blocking SSL-based botnet communication by ... type: str caname: description: CA certificate used by SSL Inspection. type: str certname: description: Certificate containing the key to use when re-signing server certificates for SSL inspection. type: str comment: description: Optional comments. type: str dot: description: No description. suboptions: cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. type: str proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str quic: choices: - disable - enable - bypass - block - inspect description: Enable/disable QUIC inspection type: str revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - enable - strict - disable description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str status: choices: - disable - deep-inspection description: Configure protocol inspection status. type: str unsupported-ssl-cipher: choices: - block - allow description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - block - allow description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict ftps: description: No description. suboptions: allow-invalid-server-cert: choices: - disable - enable description: Deprecated, please rename it to allow_invalid_server_cert. When enabled, allows SSL sessions whose server certific... type: str cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to client_cert_request. Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str invalid-server-cert: choices: - allow - block description: Deprecated, please rename it to invalid_server_cert. Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. Minimum SSL version to be allowed. type: str ports: description: (list) Ports to use for scanning type: raw revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str status: choices: - disable - deep-inspection description: Configure protocol inspection status. type: str unsupported-ssl: choices: - bypass - inspect - block description: Deprecated, please rename it to unsupported_ssl. Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict https: description: No description. suboptions: allow-invalid-server-cert: choices: - disable - enable description: Deprecated, please rename it to allow_invalid_server_cert. When enabled, allows SSL sessions whose server certific... type: str cert-probe-failure: choices: - block - allow description: Deprecated, please rename it to cert_probe_failure. Action based on certificate probe failure. type: str cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to client_cert_request. Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str invalid-server-cert: choices: - allow - block description: Deprecated, please rename it to invalid_server_cert. Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. Minimum SSL version to be allowed. type: str ports: description: (list) Ports to use for scanning type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str quic: choices: - disable - enable - bypass - block - inspect description: Enable/disable QUIC inspection type: str revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str status: choices: - disable - certificate-inspection - deep-inspection description: Configure protocol inspection status. type: str unsupported-ssl: choices: - bypass - inspect - block description: Deprecated, please rename it to unsupported_ssl. Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict imaps: description: No description. suboptions: allow-invalid-server-cert: choices: - disable - enable description: Deprecated, please rename it to allow_invalid_server_cert. When enabled, allows SSL sessions whose server certific... type: str cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to client_cert_request. Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str invalid-server-cert: choices: - allow - block description: Deprecated, please rename it to invalid_server_cert. Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. type: str ports: description: (list) Ports to use for scanning type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str status: choices: - disable - deep-inspection description: Configure protocol inspection status. type: str unsupported-ssl: choices: - bypass - inspect - block description: Deprecated, please rename it to unsupported_ssl. Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict mapi-over-https: choices: - disable - enable description: Deprecated, please rename it to mapi_over_https. Enable/disable inspection of MAPI over HTTPS. type: str name: description: Name. required: true type: str pop3s: description: No description. suboptions: allow-invalid-server-cert: choices: - disable - enable description: Deprecated, please rename it to allow_invalid_server_cert. When enabled, allows SSL sessions whose server certific... type: str cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to client_cert_request. Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str invalid-server-cert: choices: - allow - block description: Deprecated, please rename it to invalid_server_cert. Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. type: str ports: description: (list) Ports to use for scanning type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str status: choices: - disable - deep-inspection description: Configure protocol inspection status. type: str unsupported-ssl: choices: - bypass - inspect - block description: Deprecated, please rename it to unsupported_ssl. Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict rpc-over-https: choices: - disable - enable description: Deprecated, please rename it to rpc_over_https. Enable/disable inspection of RPC over HTTPS. type: str server-cert: description: (list or str) Deprecated, please rename it to server_cert. Certificate used by SSL Inspection to replace server certificate. type: raw server-cert-mode: choices: - re-sign - replace description: Deprecated, please rename it to server_cert_mode. Re-sign or replace the servers certificate. type: str smtps: description: No description. suboptions: allow-invalid-server-cert: choices: - disable - enable description: Deprecated, please rename it to allow_invalid_server_cert. When enabled, allows SSL sessions whose server certific... type: str cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to client_cert_request. Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str invalid-server-cert: choices: - allow - block description: Deprecated, please rename it to invalid_server_cert. Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. type: str ports: description: (list) Ports to use for scanning type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str status: choices: - disable - deep-inspection description: Configure protocol inspection status. type: str unsupported-ssl: choices: - bypass - inspect - block description: Deprecated, please rename it to unsupported_ssl. Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict ssh: description: No description. suboptions: block: choices: - x11-filter - ssh-shell - exec - port-forward description: No description. elements: str type: list inspect-all: choices: - disable - deep-inspection description: Deprecated, please rename it to inspect_all. Level of SSL inspection. type: str log: choices: - x11-filter - ssh-shell - exec - port-forward description: No description. elements: str type: list ports: description: (list) Ports to use for scanning type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str ssh-algorithm: choices: - compatible - high-encryption description: Deprecated, please rename it to ssh_algorithm. Relative strength of encryption algorithms accepted during negotiation. type: str ssh-policy-check: choices: - disable - enable description: Deprecated, please rename it to ssh_policy_check. Enable/disable SSH policy check. type: str ssh-tun-policy-check: choices: - disable - enable description: Deprecated, please rename it to ssh_tun_policy_check. Enable/disable SSH tunnel policy check. type: str status: choices: - disable - deep-inspection description: Configure protocol inspection status. type: str unsupported-version: choices: - block - bypass description: Deprecated, please rename it to unsupported_version. Action based on SSH version being unsupported. type: str type: dict ssl: description: No description. suboptions: allow-invalid-server-cert: choices: - disable - enable description: Deprecated, please rename it to allow_invalid_server_cert. When enabled, allows SSL sessions whose server certific... type: str cert-probe-failure: choices: - block - allow description: Deprecated, please rename it to cert_probe_failure. Action based on certificate probe failure. type: str cert-validation-failure: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_failure. Action based on certificate validation failure. type: str cert-validation-timeout: choices: - allow - block - ignore description: Deprecated, please rename it to cert_validation_timeout. Action based on certificate validation timeout. type: str client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to client_cert_request. Action based on client certificate request. type: str client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to client_certificate. Action based on received client certificate. type: str expired-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to expired_server_cert. Action based on server certificate is expired. type: str inspect-all: choices: - disable - certificate-inspection - deep-inspection description: Deprecated, please rename it to inspect_all. Level of SSL inspection. type: str invalid-server-cert: choices: - allow - block description: Deprecated, please rename it to invalid_server_cert. Allow or block the invalid SSL session server certificate. type: str min-allowed-ssl-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: Deprecated, please rename it to min_allowed_ssl_version. Minimum SSL version to be allowed. type: str revoked-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to revoked_server_cert. Action based on server certificate is revoked. type: str sni-server-cert-check: choices: - disable - enable - strict description: Deprecated, please rename it to sni_server_cert_check. Check the SNI in the client hello message with the CN or SA... type: str unsupported-ssl: choices: - bypass - inspect - block description: Deprecated, please rename it to unsupported_ssl. Action based on the SSL encryption used being unsupported. type: str unsupported-ssl-cipher: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_cipher. Action based on the SSL cipher used being unsupported. type: str unsupported-ssl-negotiation: choices: - allow - block description: Deprecated, please rename it to unsupported_ssl_negotiation. Action based on the SSL negotiation used being unsupp... type: str unsupported-ssl-version: choices: - block - allow - inspect description: Deprecated, please rename it to unsupported_ssl_version. Action based on the SSL version used being unsupported. type: str untrusted-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted-server-cert: choices: - allow - block - ignore description: Deprecated, please rename it to untrusted_server_cert. Action based on server certificate is not issued by a trust... type: str type: dict ssl-anomalies-log: choices: - disable - enable description: Deprecated, please rename it to ssl_anomalies_log. Enable/disable logging SSL anomalies. type: str ssl-anomaly-log: choices: - disable - enable description: Deprecated, please rename it to ssl_anomaly_log. Enable/disable logging of SSL anomalies. type: str ssl-exempt: description: Deprecated, please rename it to ssl_exempt. Ssl-Exempt. elements: dict suboptions: address: description: IPv4 address object. type: str address6: description: IPv6 address object. type: str fortiguard-category: description: Deprecated, please rename it to fortiguard_category. FortiGuard category ID. type: str id: description: ID number. type: int regex: description: Exempt servers by regular expression. type: str type: choices: - fortiguard-category - address - address6 - wildcard-fqdn - regex - finger-print description: Type of address object type: str wildcard-fqdn: description: Deprecated, please rename it to wildcard_fqdn. Exempt servers by wildcard FQDN. type: str type: list ssl-exemption-ip-rating: choices: - disable - enable description: Deprecated, please rename it to ssl_exemption_ip_rating. Enable/disable IP based URL rating. type: str ssl-exemption-log: choices: - disable - enable description: Deprecated, please rename it to ssl_exemption_log. Enable/disable logging SSL exemptions. type: str ssl-exemptions-log: choices: - disable - enable description: Deprecated, please rename it to ssl_exemptions_log. Enable/disable logging SSL exemptions. type: str ssl-handshake-log: choices: - disable - enable description: Deprecated, please rename it to ssl_handshake_log. Enable/disable logging of TLS handshakes. type: str ssl-invalid-server-cert-log: choices: - disable - enable description: Deprecated, please rename it to ssl_invalid_server_cert_log. Enable/disable SSL server certificate validation logging. type: str ssl-negotiation-log: choices: - disable - enable description: Deprecated, please rename it to ssl_negotiation_log. Enable/disable logging SSL negotiation. type: str ssl-server: description: Deprecated, please rename it to ssl_server. Ssl-Server. elements: dict suboptions: ftps-client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to ftps_client_cert_request. Action based on client certificate request during the FT... type: str ftps-client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to ftps_client_certificate. Action based on received client certificate during the FT... type: str https-client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to https_client_cert_request. Action based on client certificate request during the H... type: str https-client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to https_client_certificate. Action based on received client certificate during the H... type: str id: description: SSL server ID. type: int imaps-client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to imaps_client_cert_request. Action based on client certificate request during the I... type: str imaps-client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to imaps_client_certificate. Action based on received client certificate during the I... type: str ip: description: IPv4 address of the SSL server. type: str pop3s-client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to pop3s_client_cert_request. Action based on client certificate request during the P... type: str pop3s-client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to pop3s_client_certificate. Action based on received client certificate during the P... type: str smtps-client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to smtps_client_cert_request. Action based on client certificate request during the S... type: str smtps-client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to smtps_client_certificate. Action based on received client certificate during the S... type: str ssl-other-client-cert-request: choices: - bypass - inspect - block description: Deprecated, please rename it to ssl_other_client_cert_request. Action based on client certificate request during a... type: str ssl-other-client-certificate: choices: - bypass - inspect - block description: Deprecated, please rename it to ssl_other_client_certificate. Action based on received client certificate during a... type: str type: list ssl-server-cert-log: choices: - disable - enable description: Deprecated, please rename it to ssl_server_cert_log. Enable/disable logging of server certificate information. type: str supported-alpn: choices: - none - http1-1 - http2 - all description: Deprecated, please rename it to supported_alpn. Configure ALPN option. type: str untrusted-caname: description: Deprecated, please rename it to untrusted_caname. Untrusted CA certificate used by SSL Inspection. type: str use-ssl-server: choices: - disable - enable description: Deprecated, please rename it to use_ssl_server. Enable/disable the use of SSL server table for SSL offloading. type: str whitelist: choices: - disable - enable description: Enable/disable exempting servers by FortiGuard whitelist. type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list