Try SpotterConfigure FTPS options.
| "added in version" 2.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure FTPS options.
fortinet.fortimanager.fmgr_firewall_sslsshprofile_ftps:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
ssl_ssh_profile: <your own value>
firewall_sslsshprofile_ftps:
allow_invalid_server_cert: <value in [disable, enable]>
client_cert_request: <value in [bypass, inspect, block]>
ports: <list or integer>
status: <value in [disable, deep-inspection]>
unsupported_ssl: <value in [bypass, inspect, block]>
untrusted_cert: <value in [allow, block, ignore]>
invalid_server_cert: <value in [allow, block]>
sni_server_cert_check: <value in [disable, enable, strict]>
untrusted_server_cert: <value in [allow, block, ignore]>
cert_validation_failure: <value in [allow, block, ignore]>
cert_validation_timeout: <value in [allow, block, ignore]>
client_certificate: <value in [bypass, inspect, block]>
expired_server_cert: <value in [allow, block, ignore]>
revoked_server_cert: <value in [allow, block, ignore]>
unsupported_ssl_cipher: <value in [allow, block]>
unsupported_ssl_negotiation: <value in [allow, block]>
min_allowed_ssl_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
unsupported_ssl_version: <value in [block, allow, inspect]>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
ssl-ssh-profile:
description: Deprecated, please use "ssl_ssh_profile"
type: str
ssl_ssh_profile:
description: The parameter (ssl-ssh-profile) in requested url.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
firewall_sslsshprofile_ftps:
description: The top level parameters set.
required: false
suboptions:
allow-invalid-server-cert:
choices:
- disable
- enable
description: Deprecated, please rename it to allow_invalid_server_cert. When enabled,
allows SSL sessions whose server certificate vali...
type: str
cert-validation-failure:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_failure. Action based
on certificate validation failure.
type: str
cert-validation-timeout:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to cert_validation_timeout. Action based
on certificate validation timeout.
type: str
client-cert-request:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_cert_request. Action based
on client certificate request.
type: str
client-certificate:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to client_certificate. Action based
on received client certificate.
type: str
expired-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to expired_server_cert. Action based
on server certificate is expired.
type: str
invalid-server-cert:
choices:
- allow
- block
description: Deprecated, please rename it to invalid_server_cert. Allow or block
the invalid SSL session server certificate.
type: str
min-allowed-ssl-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to min_allowed_ssl_version. Minimum
SSL version to be allowed.
type: str
ports:
description: (list) No description.
type: raw
revoked-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to revoked_server_cert. Action based
on server certificate is revoked.
type: str
sni-server-cert-check:
choices:
- disable
- enable
- strict
description: Deprecated, please rename it to sni_server_cert_check. Check the
SNI in the client hello message with the CN or SAN fields...
type: str
status:
choices:
- disable
- deep-inspection
description: Configure protocol inspection status.
type: str
unsupported-ssl:
choices:
- bypass
- inspect
- block
description: Deprecated, please rename it to unsupported_ssl. Action based on
the SSL encryption used being unsupported.
type: str
unsupported-ssl-cipher:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_cipher. Action based
on the SSL cipher used being unsupported.
type: str
unsupported-ssl-negotiation:
choices:
- allow
- block
description: Deprecated, please rename it to unsupported_ssl_negotiation. Action
based on the SSL negotiation used being unsupported.
type: str
unsupported-ssl-version:
choices:
- block
- allow
- inspect
description: Deprecated, please rename it to unsupported_ssl_version. Action based
on the SSL version used being unsupported.
type: str
untrusted-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_cert. Allow, ignore, or
block the untrusted SSL session server certificate.
type: str
untrusted-server-cert:
choices:
- allow
- block
- ignore
description: Deprecated, please rename it to untrusted_server_cert. Allow, ignore,
or block the untrusted SSL session server certificate.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list