Try SpotterConfigure Web proxy global settings in Fortinet's FortiOS and FortiGate.
| "added in version" 2.8 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==1.1.7
collections:
- name: fortinet.fortios
version: 1.1.7This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.4.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Web proxy global settings.
fortios_web_proxy_global:
vdom: "{{ vdom }}"
web_proxy_global:
fast_policy_match: "enable"
forward_proxy_auth: "enable"
forward_server_affinity_timeout: "5"
learn_client_ip: "enable"
learn_client_ip_from_header: "true-client-ip"
learn_client_ip_srcaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
learn_client_ip_srcaddr6:
-
name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)"
max_message_length: "12"
max_request_length: "13"
max_waf_body_cache_length: "14"
proxy_fqdn: "<your_own_value>"
ssl_ca_cert: "<your_own_value> (source vpn.certificate.local.name)"
ssl_cert: "<your_own_value> (source vpn.certificate.local.name)"
strict_web_check: "enable"
webproxy_profile: "<your_own_value> (source web-proxy.profile.name)"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
web_proxy_global:
default: null
description:
- Configure Web proxy global settings.
suboptions:
fast_policy_match:
choices:
- enable
- disable
description:
- Enable/disable fast matching algorithm for explicit and transparent proxy policy.
type: str
forward_proxy_auth:
choices:
- enable
- disable
description:
- Enable/disable forwarding proxy authentication headers.
type: str
forward_server_affinity_timeout:
description:
- Period of time before the source IP"s traffic is no longer assigned to the forwarding
server (6 - 60 min).
type: int
learn_client_ip:
choices:
- enable
- disable
description:
- Enable/disable learning the client"s IP address from headers.
type: str
learn_client_ip_from_header:
choices:
- true-client-ip
- x-real-ip
- x-forwarded-for
description:
- Learn client IP address from the specified headers.
type: str
learn_client_ip_srcaddr:
description:
- Source address name (srcaddr or srcaddr6 must be set).
suboptions:
name:
description:
- Address name. Source firewall.address.name firewall.addrgrp.name.
required: true
type: str
type: list
learn_client_ip_srcaddr6:
description:
- IPv6 Source address name (srcaddr or srcaddr6 must be set).
suboptions:
name:
description:
- Address name. Source firewall.address6.name firewall.addrgrp6.name.
required: true
type: str
type: list
max_message_length:
description:
- Maximum length of HTTP message, not including body (16 - 256 Kbytes).
type: int
max_request_length:
description:
- Maximum length of HTTP request line (2 - 64 Kbytes).
type: int
max_waf_body_cache_length:
description:
- Maximum length of HTTP messages processed by Web Application Firewall (WAF)
(10 - 1024 Kbytes).
type: int
proxy_fqdn:
description:
- Fully Qualified Domain Name (FQDN) that clients connect to to connect to the
explicit web proxy.
type: str
ssl_ca_cert:
description:
- SSL CA certificate for SSL interception. Source vpn.certificate.local.name.
type: str
ssl_cert:
description:
- SSL certificate for SSL interception. Source vpn.certificate.local.name.
type: str
strict_web_check:
choices:
- enable
- disable
description:
- Enable/disable strict web checking to block web sites that send incorrect headers
that don"t conform to HTTP 1.1.
type: str
webproxy_profile:
description:
- Name of the web proxy profile to apply when explicit proxy traffic is allowed
by default and traffic is accepted that does not match an explicit proxy policy.
Source web-proxy.profile.name.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str