fortinet / fortinet.fortios / 2.3.6 / module / fortios_firewall_access_proxy6 Configure IPv6 access proxy in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_firewall_access_proxy6 (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure IPv6 access proxy. fortinet.fortios.fortios_firewall_access_proxy6: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_access_proxy6: add_vhost_domain_to_dnsdb: "enable" api_gateway: - application: - name: "default_name_6" h2_support: "enable" h3_support: "enable" http_cookie_age: "60" http_cookie_domain: "<your_own_value>" http_cookie_domain_from_host: "disable" http_cookie_generation: "0" http_cookie_path: "<your_own_value>" http_cookie_share: "disable" https_cookie_secure: "disable" id: "16" ldb_method: "static" persistence: "none" quic: ack_delay_exponent: "3" active_connection_id_limit: "2" active_migration: "enable" grease_quic_bit: "enable" max_ack_delay: "25" max_datagram_frame_size: "1500" max_idle_timeout: "30000" max_udp_payload_size: "1500" realservers: - addr_type: "ip" address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" domain: "<your_own_value>" external_auth: "enable" health_check: "disable" health_check_proto: "ping" holddown_interval: "enable" http_host: "myhostname" id: "37" ip: "<your_own_value>" mappedport: "<your_own_value>" port: "443" ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)" ssh_host_key: - name: "default_name_43 (source firewall.ssh.host-key.name)" ssh_host_key_validation: "disable" status: "active" translate_host: "enable" tunnel_encryption: "enable" type: "tcp-forwarding" weight: "1" saml_redirect: "disable" saml_server: "<your_own_value> (source user.saml.name)" service: "http" ssl_algorithm: "high" ssl_cipher_suites: - cipher: "TLS-AES-128-GCM-SHA256" priority: "<you_own_value>" versions: "tls-1.0" ssl_dh_bits: "768" ssl_max_version: "tls-1.0" ssl_min_version: "tls-1.0" ssl_renegotiation: "enable" ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)" url_map: "<your_own_value>" url_map_type: "sub-string" virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" api_gateway6: - application: - name: "default_name_68" h2_support: "enable" h3_support: "enable" http_cookie_age: "60" http_cookie_domain: "<your_own_value>" http_cookie_domain_from_host: "disable" http_cookie_generation: "0" http_cookie_path: "<your_own_value>" http_cookie_share: "disable" https_cookie_secure: "disable" id: "78" ldb_method: "static" persistence: "none" quic: ack_delay_exponent: "3" active_connection_id_limit: "2" active_migration: "enable" grease_quic_bit: "enable" max_ack_delay: "25" max_datagram_frame_size: "1500" max_idle_timeout: "30000" max_udp_payload_size: "1500" realservers: - addr_type: "ip" address: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" domain: "<your_own_value>" external_auth: "enable" health_check: "disable" health_check_proto: "ping" holddown_interval: "enable" http_host: "myhostname" id: "99" ip: "<your_own_value>" mappedport: "<your_own_value>" port: "443" ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)" ssh_host_key: - name: "default_name_105 (source firewall.ssh.host-key.name)" ssh_host_key_validation: "disable" status: "active" translate_host: "enable" tunnel_encryption: "enable" type: "tcp-forwarding" weight: "1" saml_redirect: "disable" saml_server: "<your_own_value> (source user.saml.name)" service: "http" ssl_algorithm: "high" ssl_cipher_suites: - cipher: "TLS-AES-128-GCM-SHA256" priority: "<you_own_value>" versions: "tls-1.0" ssl_dh_bits: "768" ssl_max_version: "tls-1.0" ssl_min_version: "tls-1.0" ssl_renegotiation: "enable" ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)" url_map: "<your_own_value>" url_map_type: "sub-string" virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" auth_portal: "disable" auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" client_cert: "disable" decrypted_traffic_mirror: "<your_own_value> (source firewall.decrypted-traffic-mirror.name)" empty_cert_action: "accept" http_supported_max_version: "http1" log_blocked_traffic: "enable" name: "default_name_135" svr_pool_multiplex: "enable" svr_pool_server_max_concurrent_request: "0" svr_pool_server_max_request: "0" svr_pool_ttl: "15" user_agent_detect: "disable" vip: "<your_own_value> (source firewall.vip6.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str firewall_access_proxy6: default: null description: - Configure IPv6 access proxy. suboptions: add_vhost_domain_to_dnsdb: choices: - enable - disable description: - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str api_gateway: description: - Set IPv4 API Gateway. elements: dict suboptions: application: description: - SaaS application controlled by this Access Proxy. elements: dict suboptions: name: description: - SaaS application name. required: true type: str type: list h2_support: choices: - enable - disable description: - HTTP2 support, default=Enable. type: str h3_support: choices: - enable - disable description: - HTTP3/QUIC support, default=Disable. type: str http_cookie_age: description: - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int http_cookie_domain: description: - Domain that HTTP cookie persistence should apply to. type: str http_cookie_domain_from_host: choices: - disable - enable description: - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http_cookie_generation: description: - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int http_cookie_path: description: - Limit HTTP cookie persistence to the specified path. type: str http_cookie_share: choices: - disable - same-ip description: - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str https_cookie_secure: choices: - disable - enable description: - Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: - API Gateway ID. see <a href='#notes'>Notes</a>. required: true type: int ldb_method: choices: - static - round-robin - weighted - first-alive - http-host description: - Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str quic: description: - QUIC setting. suboptions: ack_delay_exponent: description: - ACK delay exponent (1 - 20). type: int active_connection_id_limit: description: - Active connection ID limit (1 - 8). type: int active_migration: choices: - enable - disable description: - Enable/disable active migration . type: str grease_quic_bit: choices: - enable - disable description: - Enable/disable grease QUIC bit . type: str max_ack_delay: description: - Maximum ACK delay in milliseconds (1 - 16383). type: int max_datagram_frame_size: description: - Maximum datagram frame size in bytes (1 - 1500). type: int max_idle_timeout: description: - Maximum idle timeout milliseconds (1 - 60000). type: int max_udp_payload_size: description: - Maximum UDP payload size in bytes (1200 - 1500). type: int type: dict realservers: description: - Select the real servers that this Access Proxy will distribute traffic to. elements: dict suboptions: addr_type: choices: - ip - fqdn description: - Type of address. type: str address: description: - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str domain: description: - Wildcard domain name of the real server. type: str external_auth: choices: - enable - disable description: - Enable/disable use of external browser as user-agent for SAML user authentication. type: str health_check: choices: - disable - enable description: - Enable to check the responsiveness of the real server before forwarding traffic. type: str health_check_proto: choices: - ping - http - tcp-connect description: - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str holddown_interval: choices: - enable - disable description: - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str http_host: description: - HTTP server domain name in HTTP header. type: str id: description: - Real server ID. see <a href='#notes'>Notes</a>. required: true type: int ip: description: - IP address of the real server. type: str mappedport: description: - Port for communicating with the real server. type: str port: description: - Port for communicating with the real server. type: int ssh_client_cert: description: - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str ssh_host_key: description: - One or more server host key. elements: dict suboptions: name: description: - Server host key name. Source firewall.ssh.host-key.name. required: true type: str type: list ssh_host_key_validation: choices: - disable - enable description: - Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str translate_host: choices: - enable - disable description: - Enable/disable translation of hostname/IP from virtual server to real server. type: str tunnel_encryption: choices: - enable - disable description: - Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: - TCP forwarding server type. type: str weight: description: - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int type: list saml_redirect: choices: - disable - enable description: - Enable/disable SAML redirection after successful authentication. type: str saml_server: description: - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: - Service. type: str ssl_algorithm: choices: - high - medium - low description: - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl_cipher_suites: description: - SSL/TLS cipher suites to offer to a server, ordered by priority. elements: dict suboptions: cipher: choices: - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-RSA-WITH-DES-CBC-SHA description: - Cipher suite name. type: str priority: description: - SSL/TLS cipher suites priority. see <a href='#notes'>Notes</a>. required: true type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl_dh_bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl_max_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Highest SSL/TLS version acceptable from a server. type: str ssl_min_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Lowest SSL/TLS version acceptable from a server. type: str ssl_renegotiation: choices: - enable - disable description: - Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl_vpn_web_portal: description: - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str url_map: description: - URL pattern to match. type: str url_map_type: choices: - sub-string - wildcard - regex description: - Type of url-map. type: str virtual_host: description: - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str type: list api_gateway6: description: - Set IPv6 API Gateway. elements: dict suboptions: application: description: - SaaS application controlled by this Access Proxy. elements: dict suboptions: name: description: - SaaS application name. required: true type: str type: list h2_support: choices: - enable - disable description: - HTTP2 support, default=Enable. type: str h3_support: choices: - enable - disable description: - HTTP3/QUIC support, default=Disable. type: str http_cookie_age: description: - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int http_cookie_domain: description: - Domain that HTTP cookie persistence should apply to. type: str http_cookie_domain_from_host: choices: - disable - enable description: - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http_cookie_generation: description: - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int http_cookie_path: description: - Limit HTTP cookie persistence to the specified path. type: str http_cookie_share: choices: - disable - same-ip description: - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str https_cookie_secure: choices: - disable - enable description: - Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: - API Gateway ID. see <a href='#notes'>Notes</a>. required: true type: int ldb_method: choices: - static - round-robin - weighted - first-alive - http-host description: - Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str quic: description: - QUIC setting. suboptions: ack_delay_exponent: description: - ACK delay exponent (1 - 20). type: int active_connection_id_limit: description: - Active connection ID limit (1 - 8). type: int active_migration: choices: - enable - disable description: - Enable/disable active migration . type: str grease_quic_bit: choices: - enable - disable description: - Enable/disable grease QUIC bit . type: str max_ack_delay: description: - Maximum ACK delay in milliseconds (1 - 16383). type: int max_datagram_frame_size: description: - Maximum datagram frame size in bytes (1 - 1500). type: int max_idle_timeout: description: - Maximum idle timeout milliseconds (1 - 60000). type: int max_udp_payload_size: description: - Maximum UDP payload size in bytes (1200 - 1500). type: int type: dict realservers: description: - Select the real servers that this Access Proxy will distribute traffic to. elements: dict suboptions: addr_type: choices: - ip - fqdn description: - Type of address. type: str address: description: - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str domain: description: - Wildcard domain name of the real server. type: str external_auth: choices: - enable - disable description: - Enable/disable use of external browser as user-agent for SAML user authentication. type: str health_check: choices: - disable - enable description: - Enable to check the responsiveness of the real server before forwarding traffic. type: str health_check_proto: choices: - ping - http - tcp-connect description: - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str holddown_interval: choices: - enable - disable description: - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str http_host: description: - HTTP server domain name in HTTP header. type: str id: description: - Real server ID. see <a href='#notes'>Notes</a>. required: true type: int ip: description: - IPv6 address of the real server. type: str mappedport: description: - Port for communicating with the real server. type: str port: description: - Port for communicating with the real server. type: int ssh_client_cert: description: - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str ssh_host_key: description: - One or more server host key. elements: dict suboptions: name: description: - Server host key name. Source firewall.ssh.host-key.name. required: true type: str type: list ssh_host_key_validation: choices: - disable - enable description: - Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str translate_host: choices: - enable - disable description: - Enable/disable translation of hostname/IP from virtual server to real server. type: str tunnel_encryption: choices: - enable - disable description: - Tunnel encryption. type: str type: choices: - tcp-forwarding - ssh description: - TCP forwarding server type. type: str weight: description: - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int type: list saml_redirect: choices: - disable - enable description: - Enable/disable SAML redirection after successful authentication. type: str saml_server: description: - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: - Service. type: str ssl_algorithm: choices: - high - medium - low description: - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl_cipher_suites: description: - SSL/TLS cipher suites to offer to a server, ordered by priority. elements: dict suboptions: cipher: choices: - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-RSA-WITH-DES-CBC-SHA description: - Cipher suite name. type: str priority: description: - SSL/TLS cipher suites priority. see <a href='#notes'>Notes</a>. required: true type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl_dh_bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl_max_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Highest SSL/TLS version acceptable from a server. type: str ssl_min_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Lowest SSL/TLS version acceptable from a server. type: str ssl_renegotiation: choices: - enable - disable description: - Enable/disable secure renegotiation to comply with RFC 5746. type: str ssl_vpn_web_portal: description: - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str url_map: description: - URL pattern to match. type: str url_map_type: choices: - sub-string - wildcard - regex description: - Type of url-map. type: str virtual_host: description: - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str type: list auth_portal: choices: - disable - enable description: - Enable/disable authentication portal. type: str auth_virtual_host: description: - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str client_cert: choices: - disable - enable description: - Enable/disable to request client certificate. type: str decrypted_traffic_mirror: description: - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str empty_cert_action: choices: - accept - block - accept-unmanageable description: - Action of an empty client certificate. type: str http_supported_max_version: choices: - http1 - http2 description: - Maximum supported HTTP versions. default = HTTP2 type: str log_blocked_traffic: choices: - enable - disable description: - Enable/disable logging of blocked traffic. type: str name: description: - Access Proxy name. required: true type: str svr_pool_multiplex: choices: - enable - disable description: - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. type: str svr_pool_server_max_concurrent_request: description: - Maximum number of concurrent requests that servers in server pool could handle . type: int svr_pool_server_max_request: description: - Maximum number of requests that servers in server pool handle before disconnecting . type: int svr_pool_ttl: description: - Time-to-live in the server pool for idle connections to servers. type: int user_agent_detect: choices: - disable - enable description: - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str vip: description: - Virtual IP name. Source firewall.vip6.name. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str