fortinet / fortinet.fortios / 1.1.7 / module / fortios_firewall_ssl_setting SSL proxy settings in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_firewall_ssl_setting (1.1.7) — module
Install with ansible-galaxy collection install fortinet.fortios:==1.1.7
collections: - name: fortinet.fortios version: 1.1.7
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssl feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.4.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: SSL proxy settings. fortios_firewall_ssl_setting: vdom: "{{ vdom }}" firewall_ssl_setting: abbreviate_handshake: "enable" cert_cache_capacity: "4" cert_cache_timeout: "5" no_matching_cipher_action: "bypass" proxy_connect_timeout: "7" session_cache_capacity: "8" session_cache_timeout: "9" ssl_dh_bits: "768" ssl_send_empty_frags: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str firewall_ssl_setting: default: null description: - SSL proxy settings. suboptions: abbreviate_handshake: choices: - enable - disable description: - Enable/disable use of SSL abbreviated handshake. type: str cert_cache_capacity: description: - Maximum capacity of the host certificate cache (0 - 500). type: int cert_cache_timeout: description: - Time limit to keep certificate cache (1 - 120 min). type: int no_matching_cipher_action: choices: - bypass - drop description: - Bypass or drop the connection when no matching cipher is found. type: str proxy_connect_timeout: description: - Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec). type: int session_cache_capacity: description: - Capacity of the SSL session cache (--Obsolete--) (1 - 1000). type: int session_cache_timeout: description: - Time limit to keep SSL session state (1 - 60 min). type: int ssl_dh_bits: choices: - 768 - 1024 - 1536 - 2048 description: - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str ssl_send_empty_frags: choices: - enable - disable description: - Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str