fortinet / fortinet.fortios / 2.3.6 / module / fortios_vpn_ipsec_phase1_interface Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_vpn_ipsec_phase1_interface (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure VPN remote gateway. fortinet.fortios.fortios_vpn_ipsec_phase1_interface: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" vpn_ipsec_phase1_interface: acct_verify: "enable" add_gw_route: "enable" add_route: "disable" aggregate_member: "enable" aggregate_weight: "1" assign_ip: "disable" assign_ip_from: "range" authmethod: "psk" authmethod_remote: "psk" authpasswd: "<your_own_value>" authusr: "<your_own_value>" authusrgrp: "<your_own_value> (source user.group.name)" auto_discovery_crossover: "allow" auto_discovery_forwarder: "enable" auto_discovery_offer_interval: "5" auto_discovery_psk: "enable" auto_discovery_receiver: "enable" auto_discovery_sender: "enable" auto_discovery_shortcuts: "independent" auto_negotiate: "enable" azure_ad_autoconnect: "enable" backup_gateway: - address: "<your_own_value>" banner: "<your_own_value>" cert_id_validation: "enable" cert_trust_store: "local" certificate: - name: "default_name_30 (source vpn.certificate.local.name)" childless_ike: "enable" client_auto_negotiate: "disable" client_keep_alive: "disable" comments: "<your_own_value>" default_gw: "<your_own_value>" default_gw_priority: "0" dev_id: "<your_own_value>" dev_id_notification: "disable" dhcp_ra_giaddr: "<your_own_value>" dhcp6_ra_linkaddr: "<your_own_value>" dhgrp: "1" digital_signature_auth: "enable" distance: "15" dns_mode: "manual" domain: "<your_own_value>" dpd: "disable" dpd_retrycount: "3" dpd_retryinterval: "<your_own_value>" eap: "enable" eap_cert_auth: "enable" eap_exclude_peergrp: "<your_own_value> (source user.peergrp.name)" eap_identity: "use-id-payload" ems_sn_check: "enable" encap_local_gw4: "<your_own_value>" encap_local_gw6: "<your_own_value>" encap_remote_gw4: "<your_own_value>" encap_remote_gw6: "<your_own_value>" encapsulation: "none" encapsulation_address: "ike" enforce_unique_id: "disable" esn: "require" exchange_fgt_device_id: "enable" exchange_interface_ip: "enable" exchange_ip_addr4: "<your_own_value>" exchange_ip_addr6: "<your_own_value>" fallback_tcp_threshold: "15" fec_base: "10" fec_codec: "rs" fec_egress: "enable" fec_health_check: "<your_own_value> (source system.sdwan.health-check.name)" fec_ingress: "enable" fec_mapping_profile: "<your_own_value> (source vpn.ipsec.fec.name)" fec_receive_timeout: "50" fec_redundant: "1" fec_send_timeout: "5" fgsp_sync: "enable" forticlient_enforcement: "enable" fortinet_esp: "enable" fragmentation: "enable" fragmentation_mtu: "1200" group_authentication: "enable" group_authentication_secret: "<your_own_value>" ha_sync_esp_seqno: "enable" idle_timeout: "enable" idle_timeoutinterval: "15" ike_version: "1" inbound_dscp_copy: "enable" include_local_lan: "disable" interface: "<your_own_value> (source system.interface.name)" internal_domain_list: - domain_name: "<your_own_value>" ip_delay_interval: "0" ip_fragmentation: "pre-encapsulation" ip_version: "4" ipv4_dns_server1: "<your_own_value>" ipv4_dns_server2: "<your_own_value>" ipv4_dns_server3: "<your_own_value>" ipv4_end_ip: "<your_own_value>" ipv4_exclude_range: - end_ip: "<your_own_value>" id: "101" start_ip: "<your_own_value>" ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" ipv4_netmask: "<your_own_value>" ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" ipv4_start_ip: "<your_own_value>" ipv4_wins_server1: "<your_own_value>" ipv4_wins_server2: "<your_own_value>" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" ipv6_dns_server3: "<your_own_value>" ipv6_end_ip: "<your_own_value>" ipv6_exclude_range: - end_ip: "<your_own_value>" id: "116" start_ip: "<your_own_value>" ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" ipv6_prefix: "128" ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" ipv6_start_ip: "<your_own_value>" keepalive: "10" keylife: "86400" kms: "<your_own_value> (source vpn.kmip-server.name)" link_cost: "0" local_gw: "<your_own_value>" local_gw6: "<your_own_value>" localid: "<your_own_value>" localid_type: "auto" loopback_asymroute: "enable" mesh_selector_type: "disable" mode: "aggressive" mode_cfg: "disable" mode_cfg_allow_client_selector: "disable" monitor: "<your_own_value> (source vpn.ipsec.phase1-interface.name)" monitor_dict: - name: "default_name_138 (source vpn.ipsec.phase1-interface.name)" monitor_hold_down_delay: "0" monitor_hold_down_time: "<your_own_value>" monitor_hold_down_type: "immediate" monitor_hold_down_weekday: "everyday" monitor_min: "0" name: "default_name_144" nattraversal: "enable" negotiate_timeout: "30" net_device: "enable" network_id: "0" network_overlay: "disable" npu_offload: "enable" packet_redistribution: "enable" passive_mode: "enable" peer: "<your_own_value> (source user.peer.name)" peergrp: "<your_own_value> (source user.peergrp.name)" peerid: "<your_own_value>" peertype: "any" ppk: "disable" ppk_identity: "<your_own_value>" ppk_secret: "<your_own_value>" priority: "1" proposal: "des-md5" psksecret: "<your_own_value>" psksecret_remote: "<your_own_value>" qkd: "disable" qkd_profile: "<your_own_value> (source vpn.qkd.name)" reauth: "disable" rekey: "enable" remote_gw: "<your_own_value>" remote_gw6: "<your_own_value>" remotegw_ddns: "<your_own_value>" rsa_signature_format: "pkcs1" rsa_signature_hash_override: "enable" save_password: "disable" send_cert_chain: "enable" signature_hash_alg: "sha1" split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)" suite_b: "disable" transport: "udp" tunnel_search: "selectors" type: "static" unity_support: "disable" usrgrp: "<your_own_value> (source user.group.name)" vni: "0" wizard_type: "custom" xauthtype: "disable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str vpn_ipsec_phase1_interface: default: null description: - Configure VPN remote gateway. suboptions: acct_verify: choices: - enable - disable description: - Enable/disable verification of RADIUS accounting record. type: str add_gw_route: choices: - enable - disable description: - Enable/disable automatically add a route to the remote gateway. type: str add_route: choices: - disable - enable description: - Enable/disable control addition of a route to peer destination selector. type: str aggregate_member: choices: - enable - disable description: - Enable/disable use as an aggregate member. type: str aggregate_weight: description: - Link weight for aggregate. type: int assign_ip: choices: - disable - enable description: - Enable/disable assignment of IP to IPsec interface via configuration method. type: str assign_ip_from: choices: - range - usrgrp - dhcp - name description: - Method by which the IP address will be assigned. type: str authmethod: choices: - psk - signature description: - Authentication method. type: str authmethod_remote: choices: - psk - signature description: - Authentication method (remote side). type: str authpasswd: description: - XAuth password (max 35 characters). type: str authusr: description: - XAuth user name. type: str authusrgrp: description: - Authentication user group. Source user.group.name. type: str auto_discovery_crossover: choices: - allow - block description: - Allow/block set-up of short-cut tunnels between different network IDs. type: str auto_discovery_forwarder: choices: - enable - disable description: - Enable/disable forwarding auto-discovery short-cut messages. type: str auto_discovery_offer_interval: description: - Interval between shortcut offer messages in seconds (1 - 300). type: int auto_discovery_psk: choices: - enable - disable description: - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. type: str auto_discovery_receiver: choices: - enable - disable description: - Enable/disable accepting auto-discovery short-cut messages. type: str auto_discovery_sender: choices: - enable - disable description: - Enable/disable sending auto-discovery short-cut messages. type: str auto_discovery_shortcuts: choices: - independent - dependent description: - Control deletion of child short-cut tunnels when the parent tunnel goes down. type: str auto_negotiate: choices: - enable - disable description: - Enable/disable automatic initiation of IKE SA negotiation. type: str azure_ad_autoconnect: choices: - enable - disable description: - Enable/disable Azure AD Auto-Connect for FortiClient. type: str backup_gateway: description: - Instruct unity clients about the backup gateway address(es). elements: dict suboptions: address: description: - Address of backup gateway. required: true type: str type: list banner: description: - Message that unity client should display after connecting. type: str cert_id_validation: choices: - enable - disable description: - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str cert_trust_store: choices: - local - ems description: - CA certificate trust store. type: str certificate: description: - The names of up to 4 signed personal certificates. elements: dict suboptions: name: description: - Certificate name. Source vpn.certificate.local.name. required: true type: str type: list childless_ike: choices: - enable - disable description: - Enable/disable childless IKEv2 initiation (RFC 6023). type: str client_auto_negotiate: choices: - disable - enable description: - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str client_keep_alive: choices: - disable - enable description: - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str comments: description: - Comment. type: str default_gw: description: - IPv4 address of default route gateway to use for traffic exiting the interface. type: str default_gw_priority: description: - Priority for default gateway route. A higher priority number signifies a less preferred route. type: int dev_id: description: - Device ID carried by the device ID notification. type: str dev_id_notification: choices: - disable - enable description: - Enable/disable device ID notification. type: str dhcp6_ra_linkaddr: description: - Relay agent IPv6 link address to use in DHCP6 requests. type: str dhcp_ra_giaddr: description: - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str dhgrp: choices: - '1' - '2' - '5' - '14' - '15' - '16' - '17' - '18' - '19' - '20' - '21' - '27' - '28' - '29' - '30' - '31' - '32' description: - DH group. elements: str type: list digital_signature_auth: choices: - enable - disable description: - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str distance: description: - Distance for routes added by IKE (1 - 255). type: int dns_mode: choices: - manual - auto description: - DNS server mode. type: str domain: description: - Instruct unity clients about the single default DNS domain. type: str dpd: choices: - disable - on-idle - on-demand description: - Dead Peer Detection mode. type: str dpd_retrycount: description: - Number of DPD retry attempts. type: int dpd_retryinterval: description: - DPD retry interval. type: str eap: choices: - enable - disable description: - Enable/disable IKEv2 EAP authentication. type: str eap_cert_auth: choices: - enable - disable description: - Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. type: str eap_exclude_peergrp: description: - Peer group excluded from EAP authentication. Source user.peergrp.name. type: str eap_identity: choices: - use-id-payload - send-request description: - IKEv2 EAP peer identity type. type: str ems_sn_check: choices: - enable - disable description: - Enable/disable verification of EMS serial number. type: str encap_local_gw4: description: - Local IPv4 address of GRE/VXLAN tunnel. type: str encap_local_gw6: description: - Local IPv6 address of GRE/VXLAN tunnel. type: str encap_remote_gw4: description: - Remote IPv4 address of GRE/VXLAN tunnel. type: str encap_remote_gw6: description: - Remote IPv6 address of GRE/VXLAN tunnel. type: str encapsulation: choices: - none - gre - vxlan - vpn-id-ipip description: - Enable/disable GRE/VXLAN/VPNID encapsulation. type: str encapsulation_address: choices: - ike - ipv4 - ipv6 description: - Source for GRE/VXLAN tunnel address. type: str enforce_unique_id: choices: - disable - keep-new - keep-old description: - Enable/disable peer ID uniqueness check. type: str esn: choices: - require - allow - disable description: - Extended sequence number (ESN) negotiation. type: str exchange_fgt_device_id: choices: - enable - disable description: - Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. type: str exchange_interface_ip: choices: - enable - disable description: - Enable/disable exchange of IPsec interface IP address. type: str exchange_ip_addr4: description: - IPv4 address to exchange with peers. type: str exchange_ip_addr6: description: - IPv6 address to exchange with peers. type: str fallback_tcp_threshold: description: - Timeout in seconds before falling back IKE/IPsec traffic to tcp. type: int fec_base: description: - Number of base Forward Error Correction packets (1 - 20). type: int fec_codec: choices: - rs - xor description: - Forward Error Correction encoding/decoding algorithm. type: str fec_egress: choices: - enable - disable description: - Enable/disable Forward Error Correction for egress IPsec traffic. type: str fec_health_check: description: - SD-WAN health check. Source system.sdwan.health-check.name. type: str fec_ingress: choices: - enable - disable description: - Enable/disable Forward Error Correction for ingress IPsec traffic. type: str fec_mapping_profile: description: - Forward Error Correction (FEC) mapping profile. Source vpn.ipsec.fec.name. type: str fec_receive_timeout: description: - Timeout in milliseconds before dropping Forward Error Correction packets (1 - 1000). type: int fec_redundant: description: - Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon, 1 for xor). type: int fec_send_timeout: description: - Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000). type: int fgsp_sync: choices: - enable - disable description: - Enable/disable IPsec syncing of tunnels for FGSP IPsec. type: str forticlient_enforcement: choices: - enable - disable description: - Enable/disable FortiClient enforcement. type: str fortinet_esp: choices: - enable - disable description: - Enable/disable Fortinet ESP encapsulaton. type: str fragmentation: choices: - enable - disable description: - Enable/disable fragment IKE message on re-transmission. type: str fragmentation_mtu: description: - IKE fragmentation MTU (500 - 16000). type: int group_authentication: choices: - enable - disable description: - Enable/disable IKEv2 IDi group authentication. type: str group_authentication_secret: description: - Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x. type: str ha_sync_esp_seqno: choices: - enable - disable description: - Enable/disable sequence number jump ahead for IPsec HA. type: str idle_timeout: choices: - enable - disable description: - Enable/disable IPsec tunnel idle timeout. type: str idle_timeoutinterval: description: - IPsec tunnel idle timeout in minutes (5 - 43200). type: int ike_version: choices: - '1' - '2' description: - IKE protocol version. type: str inbound_dscp_copy: choices: - enable - disable description: - Enable/disable copy the dscp in the ESP header to the inner IP Header. type: str include_local_lan: choices: - disable - enable description: - Enable/disable allow local LAN access on unity clients. type: str interface: description: - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str internal_domain_list: description: - One or more internal domain names in quotes separated by spaces. elements: dict suboptions: domain_name: description: - Domain name. required: true type: str type: list ip_delay_interval: description: - IP address reuse delay interval in seconds (0 - 28800). type: int ip_fragmentation: choices: - pre-encapsulation - post-encapsulation description: - Determine whether IP packets are fragmented before or after IPsec encapsulation. type: str ip_version: choices: - '4' - '6' description: - IP version to use for VPN interface. type: str ipv4_dns_server1: description: - IPv4 DNS server 1. type: str ipv4_dns_server2: description: - IPv4 DNS server 2. type: str ipv4_dns_server3: description: - IPv4 DNS server 3. type: str ipv4_end_ip: description: - End of IPv4 range. type: str ipv4_exclude_range: description: - Configuration Method IPv4 exclude ranges. elements: dict suboptions: end_ip: description: - End of IPv4 exclusive range. type: str id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int start_ip: description: - Start of IPv4 exclusive range. type: str type: list ipv4_name: description: - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str ipv4_netmask: description: - IPv4 Netmask. type: str ipv4_split_exclude: description: - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str ipv4_split_include: description: - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str ipv4_start_ip: description: - Start of IPv4 range. type: str ipv4_wins_server1: description: - WINS server 1. type: str ipv4_wins_server2: description: - WINS server 2. type: str ipv6_dns_server1: description: - IPv6 DNS server 1. type: str ipv6_dns_server2: description: - IPv6 DNS server 2. type: str ipv6_dns_server3: description: - IPv6 DNS server 3. type: str ipv6_end_ip: description: - End of IPv6 range. type: str ipv6_exclude_range: description: - Configuration method IPv6 exclude ranges. elements: dict suboptions: end_ip: description: - End of IPv6 exclusive range. type: str id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int start_ip: description: - Start of IPv6 exclusive range. type: str type: list ipv6_name: description: - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str ipv6_prefix: description: - IPv6 prefix. type: int ipv6_split_exclude: description: - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str ipv6_split_include: description: - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str ipv6_start_ip: description: - Start of IPv6 range. type: str keepalive: description: - NAT-T keep alive interval. type: int keylife: description: - Time to wait in seconds before phase 1 encryption key expires. type: int kms: description: - Key Management Services server. Source vpn.kmip-server.name. type: str link_cost: description: - VPN tunnel underlay link cost. type: int local_gw: description: - IPv4 address of the local gateway"s external interface. type: str local_gw6: description: - IPv6 address of the local gateway"s external interface. type: str localid: description: - Local ID. type: str localid_type: choices: - auto - fqdn - user-fqdn - keyid - address - asn1dn description: - Local ID type. type: str loopback_asymroute: choices: - enable - disable description: - Enable/disable asymmetric routing for IKE traffic on loopback interface. type: str mesh_selector_type: choices: - disable - subnet - host description: - Add selectors containing subsets of the configuration depending on traffic. type: str mode: choices: - aggressive - main description: - The ID protection mode used to establish a secure channel. type: str mode_cfg: choices: - disable - enable description: - Enable/disable configuration method. type: str mode_cfg_allow_client_selector: choices: - disable - enable description: - Enable/disable mode-cfg client to use custom phase2 selectors. type: str monitor: description: - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. type: str monitor_dict: description: - IPsec interface as backup for primary interface.(Use the parameter monitor instead if the fortios firmwear version <= 7.4.0.) elements: dict suboptions: name: description: - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. required: true type: str type: list monitor_hold_down_delay: description: - Time to wait in seconds before recovery once primary re-establishes. type: int monitor_hold_down_time: description: - Time of day at which to fail back to primary after it re-establishes. type: str monitor_hold_down_type: choices: - immediate - delay - time description: - Recovery time method when primary interface re-establishes. type: str monitor_hold_down_weekday: choices: - everyday - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: - Day of the week to recover once primary re-establishes. type: str monitor_min: description: - Minimum number of links to become degraded before activating this interface. Zero (0) means all links must be down before activating this interface. type: int name: description: - IPsec remote gateway name. required: true type: str nattraversal: choices: - enable - disable - forced description: - Enable/disable NAT traversal. type: str negotiate_timeout: description: - IKE SA negotiation timeout in seconds (1 - 300). type: int net_device: choices: - enable - disable description: - Enable/disable kernel device creation. type: str network_id: description: - VPN gateway network ID. type: int network_overlay: choices: - disable - enable description: - Enable/disable network overlays. type: str npu_offload: choices: - enable - disable description: - Enable/disable offloading NPU. type: str packet_redistribution: choices: - enable - disable description: - Enable/disable packet distribution (RPS) on the IPsec interface. type: str passive_mode: choices: - enable - disable description: - Enable/disable IPsec passive mode for static tunnels. type: str peer: description: - Accept this peer certificate. Source user.peer.name. type: str peergrp: description: - Accept this peer certificate group. Source user.peergrp.name. type: str peerid: description: - Accept this peer identity. type: str peertype: choices: - any - one - dialup - peer - peergrp description: - Accept this peer type. type: str ppk: choices: - disable - allow - require description: - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str ppk_identity: description: - IKEv2 Postquantum Preshared Key Identity. type: str ppk_secret: description: - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str priority: description: - Priority for routes added by IKE (1 - 65535). type: int proposal: choices: - des-md5 - des-sha1 - des-sha256 - des-sha384 - des-sha512 - 3des-md5 - 3des-sha1 - 3des-sha256 - 3des-sha384 - 3des-sha512 - aes128-md5 - aes128-sha1 - aes128-sha256 - aes128-sha384 - aes128-sha512 - aes128gcm-prfsha1 - aes128gcm-prfsha256 - aes128gcm-prfsha384 - aes128gcm-prfsha512 - aes192-md5 - aes192-sha1 - aes192-sha256 - aes192-sha384 - aes192-sha512 - aes256-md5 - aes256-sha1 - aes256-sha256 - aes256-sha384 - aes256-sha512 - aes256gcm-prfsha1 - aes256gcm-prfsha256 - aes256gcm-prfsha384 - aes256gcm-prfsha512 - chacha20poly1305-prfsha1 - chacha20poly1305-prfsha256 - chacha20poly1305-prfsha384 - chacha20poly1305-prfsha512 - aria128-md5 - aria128-sha1 - aria128-sha256 - aria128-sha384 - aria128-sha512 - aria192-md5 - aria192-sha1 - aria192-sha256 - aria192-sha384 - aria192-sha512 - aria256-md5 - aria256-sha1 - aria256-sha256 - aria256-sha384 - aria256-sha512 - seed-md5 - seed-sha1 - seed-sha256 - seed-sha384 - seed-sha512 description: - Phase1 proposal. elements: str type: list psksecret: description: - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str psksecret_remote: description: - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str qkd: choices: - disable - allow - require description: - Enable/disable use of Quantum Key Distribution (QKD) server. type: str qkd_profile: description: - Quantum Key Distribution (QKD) server profile. Source vpn.qkd.name. type: str reauth: choices: - disable - enable description: - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str rekey: choices: - enable - disable description: - Enable/disable phase1 rekey. type: str remote_gw: description: - IPv4 address of the remote gateway"s external interface. type: str remote_gw6: description: - IPv6 address of the remote gateway"s external interface. type: str remotegw_ddns: description: - Domain name of remote gateway. For example, name.ddns.com. type: str rsa_signature_format: choices: - pkcs1 - pss description: - Digital Signature Authentication RSA signature format. type: str rsa_signature_hash_override: choices: - enable - disable description: - Enable/disable IKEv2 RSA signature hash algorithm override. type: str save_password: choices: - disable - enable description: - Enable/disable saving XAuth username and password on VPN clients. type: str send_cert_chain: choices: - enable - disable description: - Enable/disable sending certificate chain. type: str signature_hash_alg: choices: - sha1 - sha2-256 - sha2-384 - sha2-512 description: - Digital Signature Authentication hash algorithms. elements: str type: list split_include_service: description: - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str suite_b: choices: - disable - suite-b-gcm-128 - suite-b-gcm-256 description: - Use Suite-B. type: str transport: choices: - udp - udp-fallback-tcp - tcp description: - Set IKE transport protocol. type: str tunnel_search: choices: - selectors - nexthop description: - Tunnel search method for when the interface is shared. type: str type: choices: - static - dynamic - ddns description: - Remote gateway type. type: str unity_support: choices: - disable - enable description: - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str usrgrp: description: - User group name for dialup peers. Source user.group.name. type: str vni: description: - VNI of VXLAN tunnel. type: int wizard_type: choices: - custom - dialup-forticlient - dialup-ios - dialup-android - dialup-windows - dialup-cisco - static-fortigate - dialup-fortigate - static-cisco - dialup-cisco-fw - simplified-static-fortigate - hub-fortigate-auto-discovery - spoke-fortigate-auto-discovery description: - GUI VPN Wizard Type. type: str xauthtype: choices: - disable - client - pap - chap - auto description: - XAuth type. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str