Try SpotterConfigure virtual IP for IPv4.
| "added in version" 1.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Demo of cloning objects in FortiManager
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
initial_vip_object: "vip_object0"
cloned_vip_objects:
- name: "vip_object1"
comment: "vip_object1 is cloned!"
- name: "vip_object2"
comment: "vip_object2 is cloned!"
tasks:
- name: Create An VIP object
fortinet.fortimanager.fmgr_firewall_vip:
adom: "root"
state: "present"
firewall_vip:
arp-reply: "disable"
comment: "The VIP is created via Ansible"
name: "{{ initial_vip_object }}"
protocol: "tcp"
type: "load-balance"
- name: Clone an VIP object using fmgr_clone module.
fortinet.fortimanager.fmgr_clone:
rc_succeeded: [-2]
clone:
selector: "firewall_vip"
self:
adom: "root"
vip: "{{ initial_vip_object }}"
target:
name: "{{ item.name }}"
comment: "{{ item.comment }}"
with_items: "{{ cloned_vip_objects }}"
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure virtual IP for IPv4.
fortinet.fortimanager.fmgr_firewall_vip:
bypass_validation: true
adom: ansible
state: present
firewall_vip:
arp-reply: disable # <value in [disable, enable]>
color: 1
comment: "ansible-comment"
id: 1
name: "ansible-test-vip"
protocol: tcp # <value in [tcp, udp, sctp, ...]>
type: load-balance # <value in [static-nat, load-balance, server-load-balance, ...]>
- name: Gathering fortimanager facts
hosts: fortimanagers
gather_facts: false
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Retrieve all the virtual IPs for IPv4
fortinet.fortimanager.fmgr_fact:
facts:
selector: "firewall_vip"
params:
adom: "ansible"
vip: "your_value"
adom:
description: The parameter (adom) in requested url.
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
firewall_vip:
description: The top level parameters set.
required: false
suboptions:
add-nat46-route:
choices:
- disable
- enable
description: Deprecated, please rename it to add_nat46_route. Enable/disable adding
NAT46 route.
type: str
arp-reply:
choices:
- disable
- enable
description: Deprecated, please rename it to arp_reply. Enable to respond to ARP
requests for this virtual IP address.
type: str
color:
description: Color of icon on the GUI.
type: int
comment:
description: Comment.
type: str
dns-mapping-ttl:
description: Deprecated, please rename it to dns_mapping_ttl. DNS mapping TTL
type: int
dynamic_mapping:
description: Dynamic_Mapping.
elements: dict
suboptions:
_scope:
description: _Scope.
elements: dict
suboptions:
name:
description: Name.
type: str
vdom:
description: Vdom.
type: str
type: list
add-nat46-route:
choices:
- disable
- enable
description: Deprecated, please rename it to add_nat46_route. Enable/disable
adding NAT46 route.
type: str
arp-reply:
choices:
- disable
- enable
description: Deprecated, please rename it to arp_reply. Enable to respond
to ARP requests for this virtual IP address.
type: str
color:
description: Color of icon on the GUI.
type: int
comment:
description: Comment.
type: str
dns-mapping-ttl:
description: Deprecated, please rename it to dns_mapping_ttl. DNS mapping
TTL
type: int
extaddr:
description: (list or str) External FQDN address name.
type: raw
extintf:
description: Interface connected to the source network that receives the packets
that will be forwarded to the destination network.
type: str
extip:
description: IP address or address range on the external interface that you
want to map to an address or address range on the d...
type: str
extport:
description: Incoming port number range that you want to map to a port number
range on the destination network.
type: str
gratuitous-arp-interval:
description: Deprecated, please rename it to gratuitous_arp_interval. Enable
to have the VIP send gratuitous ARPs.
type: int
gslb-domain-name:
description: Deprecated, please rename it to gslb_domain_name. Domain to use
when integrating with FortiGSLB.
type: str
gslb-hostname:
description: Deprecated, please rename it to gslb_hostname. Hostname to use
within the configured FortiGSLB domain.
type: str
h2-support:
choices:
- disable
- enable
description: Deprecated, please rename it to h2_support. Enable/disable HTTP2
support
type: str
h3-support:
choices:
- disable
- enable
description: Deprecated, please rename it to h3_support. Enable/disable HTTP3/QUIC
support
type: str
http-cookie-age:
description: Deprecated, please rename it to http_cookie_age. Time in minutes
that client web browsers should keep a cookie.
type: int
http-cookie-domain:
description: Deprecated, please rename it to http_cookie_domain. Domain that
HTTP cookie persistence should apply to.
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: Deprecated, please rename it to http_cookie_domain_from_host.
Enable/disable use of HTTP cookie domain from host f...
type: str
http-cookie-generation:
description: Deprecated, please rename it to http_cookie_generation. Generation
of HTTP cookie to be accepted.
type: int
http-cookie-path:
description: Deprecated, please rename it to http_cookie_path. Limit HTTP
cookie persistence to the specified path.
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: Deprecated, please rename it to http_cookie_share. Control sharing
of cookies across virtual servers.
type: str
http-ip-header:
choices:
- disable
- enable
description: Deprecated, please rename it to http_ip_header. For HTTP multiplexing,
enable to add the original client IP addres...
type: str
http-ip-header-name:
description: Deprecated, please rename it to http_ip_header_name. For HTTP
multiplexing, enter a custom HTTPS header name.
type: str
http-multiplex:
choices:
- disable
- enable
description: Deprecated, please rename it to http_multiplex. Enable/disable
HTTP multiplexing.
type: str
http-multiplex-max-concurrent-request:
description: Deprecated, please rename it to http_multiplex_max_concurrent_request.
Maximum number of concurrent requests that ...
type: int
http-multiplex-max-request:
description: Deprecated, please rename it to http_multiplex_max_request. Maximum
number of requests that a multiplex server can...
type: int
http-multiplex-ttl:
description: Deprecated, please rename it to http_multiplex_ttl. Time-to-live
for idle connections to servers.
type: int
http-redirect:
choices:
- disable
- enable
description: Deprecated, please rename it to http_redirect. Enable/disable
redirection of HTTP to HTTPS
type: str
http-supported-max-version:
choices:
- http1
- http2
description: Deprecated, please rename it to http_supported_max_version. Maximum
supported HTTP versions.
type: str
https-cookie-secure:
choices:
- disable
- enable
description: Deprecated, please rename it to https_cookie_secure. Enable/disable
verification that inserted HTTPS cookies are s...
type: str
id:
description: Custom defined ID.
type: int
ipv6-mappedip:
description: Deprecated, please rename it to ipv6_mappedip. Range of mapped
IPv6 addresses.
type: str
ipv6-mappedport:
description: Deprecated, please rename it to ipv6_mappedport. IPv6 port number
range on the destination network to which the ex...
type: str
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: Deprecated, please rename it to ldb_method. Method used to distribute
sessions to real servers.
type: str
mapped-addr:
description: Deprecated, please rename it to mapped_addr. Mapped FQDN address
name.
type: str
mappedip:
description: (list) IP address or address range on the destination network
to which the external IP address is mapped.
type: raw
mappedport:
description: Port number range on the destination network to which the external
port number range is mapped.
type: str
max-embryonic-connections:
description: Deprecated, please rename it to max_embryonic_connections. Maximum
number of incomplete connections.
type: int
monitor:
description: (list or str) Name of the health check monitor to use when polling
to determine a virtual servers connectivity status.
type: raw
nat-source-vip:
choices:
- disable
- enable
description: Deprecated, please rename it to nat_source_vip. Enable/disable
forcing the source NAT mapped IP to the external IP...
type: str
nat44:
choices:
- disable
- enable
description: Enable/disable NAT44.
type: str
nat46:
choices:
- disable
- enable
description: Enable/disable NAT46.
type: str
one-click-gslb-server:
choices:
- disable
- enable
description: Deprecated, please rename it to one_click_gslb_server. Enable/disable
one click GSLB server integration with Forti...
type: str
outlook-web-access:
choices:
- disable
- enable
description: Deprecated, please rename it to outlook_web_access. Enable to
add the Front-End-Https header for Microsoft Outlook...
type: str
persistence:
choices:
- none
- http-cookie
- ssl-session-id
description: Configure how to make sure that clients connect to the same server
every time they make a request that is part of ...
type: str
portforward:
choices:
- disable
- enable
description: Enable/disable port forwarding.
type: str
portmapping-type:
choices:
- 1-to-1
- m-to-n
description: Deprecated, please rename it to portmapping_type. Port mapping
type.
type: str
protocol:
choices:
- tcp
- udp
- sctp
- icmp
description: Protocol to use when forwarding packets.
type: str
realservers:
description: Realservers.
elements: dict
suboptions:
address:
description: Address.
type: str
client-ip:
description: (list) Deprecated, please rename it to client_ip. Only clients
in this IP range can connect to this real s...
type: raw
health-check-proto:
choices:
- ping
- http
description: Deprecated, please rename it to health_check_proto.
type: str
healthcheck:
choices:
- disable
- enable
- vip
description: Enable to check the responsiveness of the real server before
forwarding traffic.
type: str
holddown-interval:
description: Deprecated, please rename it to holddown_interval. Time in
seconds that the health check monitor continues...
type: int
http-host:
description: Deprecated, please rename it to http_host. HTTP server domain
name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IP address of the real server.
type: str
max-connections:
description: Deprecated, please rename it to max_connections. Max number
of active connections that can be directed to ...
type: int
monitor:
description: (list or str) Name of the health check monitor to use when
polling to determine a virtual servers connecti...
type: raw
port:
description: Port for communicating with the real server.
type: int
seq:
description: Seq.
type: int
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can
accept traffic, or on standby or disabled so no...
type: str
translate-host:
choices:
- disable
- enable
description: Deprecated, please rename it to translate_host. Enable/disable
translation of hostname/IP from virtual ser...
type: str
type:
choices:
- ip
- address
description: Type.
type: str
weight:
description: Weight of the real server.
type: int
type: list
server-type:
choices:
- http
- https
- ssl
- tcp
- udp
- ip
- imaps
- pop3s
- smtps
- ssh
description: Deprecated, please rename it to server_type. Protocol to be load
balanced by the virtual server
type: str
service:
description: (list or str) Service name.
type: raw
src-filter:
description: (list) Deprecated, please rename it to src_filter. Source address
filter.
type: raw
srcintf-filter:
description: (list) Deprecated, please rename it to srcintf_filter. Interfaces
to which the VIP applies.
type: raw
ssl-accept-ffdhe-groups:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_accept_ffdhe_groups. Enable/disable
FFDHE cipher suite for SSL key exchange.
type: str
ssl-algorithm:
choices:
- high
- medium
- low
- custom
description: Deprecated, please rename it to ssl_algorithm. Permitted encryption
algorithms for SSL sessions according to encry...
type: str
ssl-certificate:
description: Deprecated, please rename it to ssl_certificate. The name of
the SSL certificate to use for SSL acceleration.
type: str
ssl-cipher-suites:
description: Deprecated, please rename it to ssl_cipher_suites. Ssl-Cipher-Suites.
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
id:
description: Id.
type: int
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: SSL/TLS versions that the cipher suite can be used with.
elements: str
type: list
type: list
ssl-client-fallback:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_client_fallback. Enable/disable
support for preventing Downgrade Attacks on cl...
type: str
ssl-client-rekey-count:
description: Deprecated, please rename it to ssl_client_rekey_count. Maximum
length of data in MB before triggering a client rekey
type: int
ssl-client-renegotiation:
choices:
- deny
- allow
- secure
description: Deprecated, please rename it to ssl_client_renegotiation. Allow,
deny, or require secure renegotiation of client s...
type: str
ssl-client-session-state-max:
description: Deprecated, please rename it to ssl_client_session_state_max.
Maximum number of client to FortiGate SSL session st...
type: int
ssl-client-session-state-timeout:
description: Deprecated, please rename it to ssl_client_session_state_timeout.
Number of minutes to keep client to FortiGate SS...
type: int
ssl-client-session-state-type:
choices:
- disable
- time
- count
- both
description: Deprecated, please rename it to ssl_client_session_state_type.
How to expire SSL sessions for the segment of the S...
type: str
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: Deprecated, please rename it to ssl_dh_bits. Number of bits to
use in the Diffie-Hellman exchange for RSA encrypti...
type: str
ssl-hpkp:
choices:
- disable
- enable
- report-only
description: Deprecated, please rename it to ssl_hpkp. Enable/disable including
HPKP header in response.
type: str
ssl-hpkp-age:
description: Deprecated, please rename it to ssl_hpkp_age. Number of seconds
the client should honour the HPKP setting.
type: int
ssl-hpkp-backup:
description: Deprecated, please rename it to ssl_hpkp_backup. Certificate
to generate backup HPKP pin from.
type: str
ssl-hpkp-include-subdomains:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_hpkp_include_subdomains.
Indicate that HPKP header applies to all subdomains.
type: str
ssl-hpkp-primary:
description: Deprecated, please rename it to ssl_hpkp_primary. Certificate
to generate primary HPKP pin from.
type: str
ssl-hpkp-report-uri:
description: Deprecated, please rename it to ssl_hpkp_report_uri. URL to report
HPKP violations to.
type: str
ssl-hsts:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_hsts. Enable/disable including
HSTS header in response.
type: str
ssl-hsts-age:
description: Deprecated, please rename it to ssl_hsts_age. Number of seconds
the client should honour the HSTS setting.
type: int
ssl-hsts-include-subdomains:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_hsts_include_subdomains.
Indicate that HSTS header applies to all subdomains.
type: str
ssl-http-location-conversion:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_http_location_conversion.
Enable to replace HTTP with HTTPS in the replys Loca...
type: str
ssl-http-match-host:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_http_match_host. Enable/disable
HTTP host matching for location conversion.
type: str
ssl-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to ssl_max_version. Highest SSL/TLS
version acceptable from a client.
type: str
ssl-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS
version acceptable from a client.
type: str
ssl-mode:
choices:
- half
- full
description: Deprecated, please rename it to ssl_mode. Apply SSL offloading
between the client and the FortiGate
type: str
ssl-pfs:
choices:
- require
- deny
- allow
description: Deprecated, please rename it to ssl_pfs. Select the cipher suites
that can be used for SSL perfect forward secrecy
type: str
ssl-send-empty-frags:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_send_empty_frags. Enable/disable
sending empty fragments to avoid CBC IV attacks
type: str
ssl-server-algorithm:
choices:
- high
- low
- medium
- custom
- client
description: Deprecated, please rename it to ssl_server_algorithm. Permitted
encryption algorithms for the server side of SSL f...
type: str
ssl-server-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Deprecated, please rename it to ssl_server_max_version. Highest
SSL/TLS version acceptable from a server.
type: str
ssl-server-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Deprecated, please rename it to ssl_server_min_version. Lowest
SSL/TLS version acceptable from a server.
type: str
ssl-server-renegotiation:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_server_renegotiation. Enable/disable
secure renegotiation to comply with RFC 5746.
type: str
ssl-server-session-state-max:
description: Deprecated, please rename it to ssl_server_session_state_max.
Maximum number of FortiGate to Server SSL session st...
type: int
ssl-server-session-state-timeout:
description: Deprecated, please rename it to ssl_server_session_state_timeout.
Number of minutes to keep FortiGate to Server SS...
type: int
ssl-server-session-state-type:
choices:
- disable
- time
- count
- both
description: Deprecated, please rename it to ssl_server_session_state_type.
How to expire SSL sessions for the segment of the S...
type: str
status:
choices:
- disable
- enable
description: Enable/disable VIP.
type: str
type:
choices:
- static-nat
- load-balance
- server-load-balance
- dns-translation
- fqdn
- access-proxy
description: Configure a static NAT, load balance, server load balance, DNS
translation, or FQDN VIP.
type: str
uuid:
description: Universally Unique Identifier
type: str
weblogic-server:
choices:
- disable
- enable
description: Deprecated, please rename it to weblogic_server. Enable to add
an HTTP header to indicate SSL offloading for a Web...
type: str
websphere-server:
choices:
- disable
- enable
description: Deprecated, please rename it to websphere_server. Enable to add
an HTTP header to indicate SSL offloading for a We...
type: str
type: list
extaddr:
description: (list or str) External FQDN address name.
type: raw
extintf:
description: Interface connected to the source network that receives the packets
that will be forwarded to the destination network.
type: str
extip:
description: IP address or address range on the external interface that you want
to map to an address or address range on the destinati...
type: str
extport:
description: Incoming port number range that you want to map to a port number
range on the destination network.
type: str
gratuitous-arp-interval:
description: Deprecated, please rename it to gratuitous_arp_interval. Enable to
have the VIP send gratuitous ARPs.
type: int
gslb-domain-name:
description: Deprecated, please rename it to gslb_domain_name. Domain to use when
integrating with FortiGSLB.
type: str
gslb-hostname:
description: Deprecated, please rename it to gslb_hostname. Hostname to use within
the configured FortiGSLB domain.
type: str
gslb-public-ips:
description: Deprecated, please rename it to gslb_public_ips.
elements: dict
suboptions:
index:
description: Index of this public IP setting.
type: int
ip:
description: The publicly accessible IP address.
type: str
type: list
h2-support:
choices:
- disable
- enable
description: Deprecated, please rename it to h2_support. Enable/disable HTTP2
support
type: str
h3-support:
choices:
- disable
- enable
description: Deprecated, please rename it to h3_support. Enable/disable HTTP3/QUIC
support
type: str
http-cookie-age:
description: Deprecated, please rename it to http_cookie_age. Time in minutes
that client web browsers should keep a cookie.
type: int
http-cookie-domain:
description: Deprecated, please rename it to http_cookie_domain. Domain that HTTP
cookie persistence should apply to.
type: str
http-cookie-domain-from-host:
choices:
- disable
- enable
description: Deprecated, please rename it to http_cookie_domain_from_host. Enable/disable
use of HTTP cookie domain from host field in ...
type: str
http-cookie-generation:
description: Deprecated, please rename it to http_cookie_generation. Generation
of HTTP cookie to be accepted.
type: int
http-cookie-path:
description: Deprecated, please rename it to http_cookie_path. Limit HTTP cookie
persistence to the specified path.
type: str
http-cookie-share:
choices:
- disable
- same-ip
description: Deprecated, please rename it to http_cookie_share. Control sharing
of cookies across virtual servers.
type: str
http-ip-header:
choices:
- disable
- enable
description: Deprecated, please rename it to http_ip_header. For HTTP multiplexing,
enable to add the original client IP address in the...
type: str
http-ip-header-name:
description: Deprecated, please rename it to http_ip_header_name. For HTTP multiplexing,
enter a custom HTTPS header name.
type: str
http-multiplex:
choices:
- disable
- enable
description: Deprecated, please rename it to http_multiplex. Enable/disable HTTP
multiplexing.
type: str
http-multiplex-max-concurrent-request:
description: Deprecated, please rename it to http_multiplex_max_concurrent_request.
Maximum number of concurrent requests that a multip...
type: int
http-multiplex-max-request:
description: Deprecated, please rename it to http_multiplex_max_request. Maximum
number of requests that a multiplex server can handle ...
type: int
http-multiplex-ttl:
description: Deprecated, please rename it to http_multiplex_ttl. Time-to-live
for idle connections to servers.
type: int
http-redirect:
choices:
- disable
- enable
description: Deprecated, please rename it to http_redirect. Enable/disable redirection
of HTTP to HTTPS
type: str
http-supported-max-version:
choices:
- http1
- http2
description: Deprecated, please rename it to http_supported_max_version. Maximum
supported HTTP versions.
type: str
https-cookie-secure:
choices:
- disable
- enable
description: Deprecated, please rename it to https_cookie_secure. Enable/disable
verification that inserted HTTPS cookies are secure.
type: str
id:
description: Custom defined ID.
type: int
ipv6-mappedip:
description: Deprecated, please rename it to ipv6_mappedip. Range of mapped IPv6
addresses.
type: str
ipv6-mappedport:
description: Deprecated, please rename it to ipv6_mappedport. IPv6 port number
range on the destination network to which the external p...
type: str
ldb-method:
choices:
- static
- round-robin
- weighted
- least-session
- least-rtt
- first-alive
- http-host
description: Deprecated, please rename it to ldb_method. Method used to distribute
sessions to real servers.
type: str
mapped-addr:
description: Deprecated, please rename it to mapped_addr. Mapped FQDN address
name.
type: str
mappedip:
description: (list) IP address or address range on the destination network to
which the external IP address is mapped.
type: raw
mappedport:
description: Port number range on the destination network to which the external
port number range is mapped.
type: str
max-embryonic-connections:
description: Deprecated, please rename it to max_embryonic_connections. Maximum
number of incomplete connections.
type: int
monitor:
description: (list or str) Name of the health check monitor to use when polling
to determine a virtual servers connectivity status.
type: raw
name:
description: Virtual IP name.
required: true
type: str
nat-source-vip:
choices:
- disable
- enable
description: Deprecated, please rename it to nat_source_vip. Enable/disable forcing
the source NAT mapped IP to the external IP for all...
type: str
nat44:
choices:
- disable
- enable
description: Enable/disable NAT44.
type: str
nat46:
choices:
- disable
- enable
description: Enable/disable NAT46.
type: str
one-click-gslb-server:
choices:
- disable
- enable
description: Deprecated, please rename it to one_click_gslb_server. Enable/disable
one click GSLB server integration with FortiGSLB.
type: str
outlook-web-access:
choices:
- disable
- enable
description: Deprecated, please rename it to outlook_web_access. Enable to add
the Front-End-Https header for Microsoft Outlook Web Access.
type: str
persistence:
choices:
- none
- http-cookie
- ssl-session-id
description: Configure how to make sure that clients connect to the same server
every time they make a request that is part of the same...
type: str
portforward:
choices:
- disable
- enable
description: Enable/disable port forwarding.
type: str
portmapping-type:
choices:
- 1-to-1
- m-to-n
description: Deprecated, please rename it to portmapping_type. Port mapping type.
type: str
protocol:
choices:
- tcp
- udp
- sctp
- icmp
description: Protocol to use when forwarding packets.
type: str
quic:
description: No description.
suboptions:
ack-delay-exponent:
description: Deprecated, please rename it to ack_delay_exponent. ACK delay
exponent
type: int
active-connection-id-limit:
description: Deprecated, please rename it to active_connection_id_limit. Active
connection ID limit
type: int
active-migration:
choices:
- disable
- enable
description: Deprecated, please rename it to active_migration. Enable/disable
active migration
type: str
grease-quic-bit:
choices:
- disable
- enable
description: Deprecated, please rename it to grease_quic_bit. Enable/disable
grease QUIC bit
type: str
max-ack-delay:
description: Deprecated, please rename it to max_ack_delay. Maximum ACK delay
in milliseconds
type: int
max-datagram-frame-size:
description: Deprecated, please rename it to max_datagram_frame_size. Maximum
datagram frame size in bytes
type: int
max-idle-timeout:
description: Deprecated, please rename it to max_idle_timeout. Maximum idle
timeout milliseconds
type: int
max-udp-payload-size:
description: Deprecated, please rename it to max_udp_payload_size. Maximum
UDP payload size in bytes
type: int
type: dict
realservers:
description: Realservers.
elements: dict
suboptions:
address:
description: Dynamic address of the real server.
type: str
client-ip:
description: (list) Deprecated, please rename it to client_ip. Only clients
in this IP range can connect to this real server.
type: raw
healthcheck:
choices:
- disable
- enable
- vip
description: Enable to check the responsiveness of the real server before
forwarding traffic.
type: str
holddown-interval:
description: Deprecated, please rename it to holddown_interval. Time in seconds
that the health check monitor continues to moni...
type: int
http-host:
description: Deprecated, please rename it to http_host. HTTP server domain
name in HTTP header.
type: str
id:
description: Real server ID.
type: int
ip:
description: IP address of the real server.
type: str
max-connections:
description: Deprecated, please rename it to max_connections. Max number of
active connections that can be directed to the real...
type: int
monitor:
description: (list or str) Name of the health check monitor to use when polling
to determine a virtual servers connectivity status.
type: raw
port:
description: Port for communicating with the real server.
type: int
seq:
description: Seq.
type: int
status:
choices:
- active
- standby
- disable
description: Set the status of the real server to active so that it can accept
traffic, or on standby or disabled so no traffic...
type: str
translate-host:
choices:
- disable
- enable
description: Deprecated, please rename it to translate_host. Enable/disable
translation of hostname/IP from virtual server to r...
type: str
type:
choices:
- ip
- address
description: Type of address.
type: str
weight:
description: Weight of the real server.
type: int
type: list
server-type:
choices:
- http
- https
- ssl
- tcp
- udp
- ip
- imaps
- pop3s
- smtps
- ssh
description: Deprecated, please rename it to server_type. Protocol to be load
balanced by the virtual server
type: str
service:
description: (list or str) Service name.
type: raw
src-filter:
description: (list) Deprecated, please rename it to src_filter. Source address
filter.
type: raw
srcintf-filter:
description: (list or str) Deprecated, please rename it to srcintf_filter. Interfaces
to which the VIP applies.
type: raw
ssl-accept-ffdhe-groups:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_accept_ffdhe_groups. Enable/disable
FFDHE cipher suite for SSL key exchange.
type: str
ssl-algorithm:
choices:
- high
- medium
- low
- custom
description: Deprecated, please rename it to ssl_algorithm. Permitted encryption
algorithms for SSL sessions according to encryption st...
type: str
ssl-certificate:
description: Deprecated, please rename it to ssl_certificate. The name of the
SSL certificate to use for SSL acceleration.
type: str
ssl-cipher-suites:
description: Deprecated, please rename it to ssl_cipher_suites. Ssl-Cipher-Suites.
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
id:
description: Id.
type: int
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: SSL/TLS versions that the cipher suite can be used with.
elements: str
type: list
type: list
ssl-client-fallback:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_client_fallback. Enable/disable
support for preventing Downgrade Attacks on client con...
type: str
ssl-client-rekey-count:
description: Deprecated, please rename it to ssl_client_rekey_count. Maximum length
of data in MB before triggering a client rekey
type: int
ssl-client-renegotiation:
choices:
- deny
- allow
- secure
description: Deprecated, please rename it to ssl_client_renegotiation. Allow,
deny, or require secure renegotiation of client sessions ...
type: str
ssl-client-session-state-max:
description: Deprecated, please rename it to ssl_client_session_state_max. Maximum
number of client to FortiGate SSL session states to ...
type: int
ssl-client-session-state-timeout:
description: Deprecated, please rename it to ssl_client_session_state_timeout.
Number of minutes to keep client to FortiGate SSL sessio...
type: int
ssl-client-session-state-type:
choices:
- disable
- time
- count
- both
description: Deprecated, please rename it to ssl_client_session_state_type. How
to expire SSL sessions for the segment of the SSL conne...
type: str
ssl-dh-bits:
choices:
- '768'
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
description: Deprecated, please rename it to ssl_dh_bits. Number of bits to use
in the Diffie-Hellman exchange for RSA encryption of SS...
type: str
ssl-hpkp:
choices:
- disable
- enable
- report-only
description: Deprecated, please rename it to ssl_hpkp. Enable/disable including
HPKP header in response.
type: str
ssl-hpkp-age:
description: Deprecated, please rename it to ssl_hpkp_age. Number of seconds the
client should honour the HPKP setting.
type: int
ssl-hpkp-backup:
description: Deprecated, please rename it to ssl_hpkp_backup. Certificate to generate
backup HPKP pin from.
type: str
ssl-hpkp-include-subdomains:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_hpkp_include_subdomains. Indicate
that HPKP header applies to all subdomains.
type: str
ssl-hpkp-primary:
description: Deprecated, please rename it to ssl_hpkp_primary. Certificate to
generate primary HPKP pin from.
type: str
ssl-hpkp-report-uri:
description: Deprecated, please rename it to ssl_hpkp_report_uri. URL to report
HPKP violations to.
type: str
ssl-hsts:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_hsts. Enable/disable including
HSTS header in response.
type: str
ssl-hsts-age:
description: Deprecated, please rename it to ssl_hsts_age. Number of seconds the
client should honour the HSTS setting.
type: int
ssl-hsts-include-subdomains:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_hsts_include_subdomains. Indicate
that HSTS header applies to all subdomains.
type: str
ssl-http-location-conversion:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_http_location_conversion. Enable
to replace HTTP with HTTPS in the replys Location HTT...
type: str
ssl-http-match-host:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_http_match_host. Enable/disable
HTTP host matching for location conversion.
type: str
ssl-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to ssl_max_version. Highest SSL/TLS
version acceptable from a client.
type: str
ssl-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS version
acceptable from a client.
type: str
ssl-mode:
choices:
- half
- full
description: Deprecated, please rename it to ssl_mode. Apply SSL offloading between
the client and the FortiGate
type: str
ssl-pfs:
choices:
- require
- deny
- allow
description: Deprecated, please rename it to ssl_pfs. Select the cipher suites
that can be used for SSL perfect forward secrecy
type: str
ssl-send-empty-frags:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_send_empty_frags. Enable/disable
sending empty fragments to avoid CBC IV attacks
type: str
ssl-server-algorithm:
choices:
- high
- low
- medium
- custom
- client
description: Deprecated, please rename it to ssl_server_algorithm. Permitted encryption
algorithms for the server side of SSL full mode...
type: str
ssl-server-cipher-suites:
description: Deprecated, please rename it to ssl_server_cipher_suites. Ssl-Server-Cipher-Suites.
elements: dict
suboptions:
cipher:
choices:
- TLS-RSA-WITH-RC4-128-MD5
- TLS-RSA-WITH-RC4-128-SHA
- TLS-RSA-WITH-DES-CBC-SHA
- TLS-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA
- TLS-RSA-WITH-AES-256-CBC-SHA
- TLS-RSA-WITH-AES-128-CBC-SHA256
- TLS-RSA-WITH-AES-256-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-RSA-WITH-SEED-CBC-SHA
- TLS-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-RSA-WITH-DES-CBC-SHA
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-RSA-WITH-SEED-CBC-SHA
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-RC4-128-SHA
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA
- TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
- TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
- TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-RSA-WITH-AES-128-GCM-SHA256
- TLS-RSA-WITH-AES-256-GCM-SHA384
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
- TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
- TLS-DHE-DSS-WITH-SEED-CBC-SHA
- TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
- TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
- TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
- TLS-DHE-DSS-WITH-DES-CBC-SHA
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
description: Cipher suite name.
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
versions:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: SSL/TLS versions that the cipher suite can be used with.
elements: str
type: list
type: list
ssl-server-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Deprecated, please rename it to ssl_server_max_version. Highest SSL/TLS
version acceptable from a server.
type: str
ssl-server-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- client
- tls-1.3
description: Deprecated, please rename it to ssl_server_min_version. Lowest SSL/TLS
version acceptable from a server.
type: str
ssl-server-renegotiation:
choices:
- disable
- enable
description: Deprecated, please rename it to ssl_server_renegotiation. Enable/disable
secure renegotiation to comply with RFC 5746.
type: str
ssl-server-session-state-max:
description: Deprecated, please rename it to ssl_server_session_state_max. Maximum
number of FortiGate to Server SSL session states to ...
type: int
ssl-server-session-state-timeout:
description: Deprecated, please rename it to ssl_server_session_state_timeout.
Number of minutes to keep FortiGate to Server SSL sessio...
type: int
ssl-server-session-state-type:
choices:
- disable
- time
- count
- both
description: Deprecated, please rename it to ssl_server_session_state_type. How
to expire SSL sessions for the segment of the SSL conne...
type: str
status:
choices:
- disable
- enable
description: Enable/disable VIP.
type: str
type:
choices:
- static-nat
- load-balance
- server-load-balance
- dns-translation
- fqdn
- access-proxy
description: Configure a static NAT, load balance, DNS translation, or FQDN VIP.
type: str
uuid:
description: Universally Unique Identifier
type: str
weblogic-server:
choices:
- disable
- enable
description: Deprecated, please rename it to weblogic_server. Enable to add an
HTTP header to indicate SSL offloading for a WebLogic se...
type: str
websphere-server:
choices:
- disable
- enable
description: Deprecated, please rename it to websphere_server. Enable to add an
HTTP header to indicate SSL offloading for a WebSphere ...
type: str
type: dict
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list