Try SpotterConfigure WAN optimization profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure WAN optimization profiles.
fortinet.fortios.fortios_wanopt_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
wanopt_profile:
auth_group: "<your_own_value> (source wanopt.auth-group.name)"
cifs:
byte_caching: "enable"
log_traffic: "enable"
port: "32767"
prefer_chunking: "dynamic"
protocol_opt: "protocol"
secure_tunnel: "enable"
status: "enable"
tunnel_sharing: "shared"
comments: "<your_own_value>"
ftp:
byte_caching: "enable"
log_traffic: "enable"
port: "32767"
prefer_chunking: "dynamic"
protocol_opt: "protocol"
secure_tunnel: "enable"
ssl: "enable"
status: "enable"
tunnel_sharing: "shared"
http:
byte_caching: "enable"
log_traffic: "enable"
port: "32767"
prefer_chunking: "dynamic"
protocol_opt: "protocol"
secure_tunnel: "enable"
ssl: "enable"
ssl_port: "32767"
status: "enable"
tunnel_non_http: "enable"
tunnel_sharing: "shared"
unknown_http_version: "reject"
mapi:
byte_caching: "enable"
log_traffic: "enable"
port: "32767"
secure_tunnel: "enable"
status: "enable"
tunnel_sharing: "shared"
name: "default_name_44"
tcp:
byte_caching: "enable"
byte_caching_opt: "mem-only"
log_traffic: "enable"
port: "<your_own_value>"
secure_tunnel: "enable"
ssl: "enable"
ssl_port: "<your_own_value>"
status: "enable"
tunnel_sharing: "shared"
transparent: "enable"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
wanopt_profile:
default: null
description:
- Configure WAN optimization profiles.
suboptions:
auth_group:
description:
- Optionally add an authentication group to restrict access to the WAN Optimization
tunnel to peers in the authentication group. Source wanopt.auth-group.name.
type: str
cifs:
description:
- Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN
Optimization features.
suboptions:
byte_caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the
cache.
type: str
log_traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
type: str
port:
description:
- Single port number or port number range for CIFS. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
type: int
prefer_chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for WAN Optimization.
type: str
protocol_opt:
choices:
- protocol
- tcp
description:
- Select protocol specific optimization or generic TCP optimization.
type: str
secure_tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable WAN Optimization.
type: str
tunnel_sharing:
choices:
- shared
- express-shared
- private
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
type: str
type: dict
comments:
description:
- Comment.
type: str
ftp:
description:
- Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
suboptions:
byte_caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the
cache.
type: str
log_traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
type: str
port:
description:
- Single port number or port number range for FTP. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
type: int
prefer_chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for WAN Optimization.
type: str
protocol_opt:
choices:
- protocol
- tcp
description:
- Select protocol specific optimization or generic TCP optimization.
type: str
secure_tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
type: str
ssl:
choices:
- enable
- disable
description:
- Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in
this tunnel.
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable WAN Optimization.
type: str
tunnel_sharing:
choices:
- shared
- express-shared
- private
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
type: str
type: dict
http:
description:
- Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
suboptions:
byte_caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the
cache.
type: str
log_traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
type: str
port:
description:
- Single port number or port number range for HTTP. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
type: int
prefer_chunking:
choices:
- dynamic
- fix
description:
- Select dynamic or fixed-size data chunking for WAN Optimization.
type: str
protocol_opt:
choices:
- protocol
- tcp
description:
- Select protocol specific optimization or generic TCP optimization.
type: str
secure_tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
type: str
ssl:
choices:
- enable
- disable
description:
- Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in
this tunnel.
type: str
ssl_port:
description:
- Port on which to expect HTTPS traffic for SSL/TLS offloading.
type: int
status:
choices:
- enable
- disable
description:
- Enable/disable WAN Optimization.
type: str
tunnel_non_http:
choices:
- enable
- disable
description:
- Configure how to process non-HTTP traffic when a profile configured for
HTTP traffic accepts a non-HTTP session. Can occur if an application sends
non-HTTP traffic using an HTTP destination port.
type: str
tunnel_sharing:
choices:
- shared
- express-shared
- private
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
type: str
unknown_http_version:
choices:
- reject
- tunnel
- best-effort
description:
- How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
type: str
type: dict
mapi:
description:
- Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization
features.
suboptions:
byte_caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the
cache.
type: str
log_traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
type: str
port:
description:
- Single port number or port number range for MAPI. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
type: int
secure_tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable WAN Optimization.
type: str
tunnel_sharing:
choices:
- shared
- express-shared
- private
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
type: str
type: dict
name:
description:
- Profile name.
required: true
type: str
tcp:
description:
- Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
suboptions:
byte_caching:
choices:
- enable
- disable
description:
- Enable/disable byte-caching. Byte caching reduces the amount of traffic
by caching file data sent across the WAN and in future serving if from the
cache.
type: str
byte_caching_opt:
choices:
- mem-only
- mem-disk
description:
- Select whether TCP byte-caching uses system memory only or both memory and
disk space.
type: str
log_traffic:
choices:
- enable
- disable
description:
- Enable/disable logging.
type: str
port:
description:
- Port numbers or port number ranges for TCP. Only packets with a destination
port number that matches this port number or range are accepted by this
profile.
type: str
secure_tunnel:
choices:
- enable
- disable
description:
- Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure
tunnels use the same TCP port (7810).
type: str
ssl:
choices:
- enable
- disable
description:
- Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in
this tunnel.
type: str
ssl_port:
description:
- Port numbers or port number ranges on which to expect HTTPS traffic for
SSL/TLS offloading.
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable WAN Optimization.
type: str
tunnel_sharing:
choices:
- shared
- express-shared
- private
description:
- Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive
protocols.
type: str
type: dict
transparent:
choices:
- enable
- disable
description:
- Enable/disable transparent mode.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str