fortinet / fortinet.fortios / 2.3.6 / module / fortios_firewall_ssl_server Configure SSL servers in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_firewall_ssl_server (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure SSL servers. fortinet.fortios.fortios_firewall_ssl_server: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_ssl_server: add_header_x_forwarded_proto: "enable" ip: "<your_own_value>" mapped_port: "80" name: "default_name_6" port: "443" ssl_algorithm: "high" ssl_cert: "<your_own_value> (source vpn.certificate.local.name)" ssl_cert_dict: - name: "default_name_11 (source vpn.certificate.local.name)" ssl_client_renegotiation: "allow" ssl_dh_bits: "768" ssl_max_version: "tls-1.0" ssl_min_version: "tls-1.0" ssl_mode: "half" ssl_send_empty_frags: "enable" url_rewrite: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str firewall_ssl_server: default: null description: - Configure SSL servers. suboptions: add_header_x_forwarded_proto: choices: - enable - disable description: - Enable/disable adding an X-Forwarded-Proto header to forwarded requests. type: str ip: description: - IPv4 address of the SSL server. type: str mapped_port: description: - Mapped server service port (1 - 65535). type: int name: description: - Server name. required: true type: str port: description: - Server service port (1 - 65535). type: int ssl_algorithm: choices: - high - medium - low description: - Relative strength of encryption algorithms accepted in negotiation. type: str ssl_cert: description: - Name of certificate for SSL connections to this server . Source vpn.certificate.local.name. type: str ssl_cert_dict: description: - List of certificate names to use for SSL connections to this server. . Use the parameter ssl_cert if the fortiOS firmware version <= 7.4 .1 elements: dict suboptions: name: description: - Certificate list. Source vpn.certificate.local.name. required: true type: str type: list ssl_client_renegotiation: choices: - allow - deny - secure description: - Allow or block client renegotiation by server. type: str ssl_dh_bits: choices: - '768' - '1024' - '1536' - '2048' description: - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str ssl_max_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Highest SSL/TLS version to negotiate. type: str ssl_min_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Lowest SSL/TLS version to negotiate. type: str ssl_mode: choices: - half - full description: - SSL/TLS mode for encryption and decryption of traffic. type: str ssl_send_empty_frags: choices: - enable - disable description: - Enable/disable sending empty fragments to avoid attack on CBC IV. type: str url_rewrite: choices: - enable - disable description: - Enable/disable rewriting the URL. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str