fortinet / fortinet.fortios / 2.3.6 / module / fortios_web_proxy_explicit Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_web_proxy_explicit (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure explicit Web proxy settings. fortinet.fortios.fortios_web_proxy_explicit: vdom: "{{ vdom }}" web_proxy_explicit: ftp_incoming_port: "<your_own_value>" ftp_over_http: "enable" http_connection_mode: "static" http_incoming_port: "<your_own_value>" https_incoming_port: "<your_own_value>" https_replacement_message: "enable" incoming_ip: "<your_own_value>" incoming_ip6: "<your_own_value>" ipv6_status: "enable" message_upon_server_error: "enable" outgoing_ip: "<your_own_value>" outgoing_ip6: "<your_own_value>" pac_file_data: "<your_own_value>" pac_file_name: "<your_own_value>" pac_file_server_port: "<your_own_value>" pac_file_server_status: "enable" pac_file_through_https: "enable" pac_file_url: "<your_own_value>" pac_policy: - comments: "<your_own_value>" dstaddr: - name: "default_name_24 (source firewall.address.name firewall.addrgrp.name)" pac_file_data: "<your_own_value>" pac_file_name: "<your_own_value>" policyid: "<you_own_value>" srcaddr: - name: "default_name_29 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" srcaddr6: - name: "default_name_31 (source firewall.address6.name firewall.addrgrp6.name)" status: "enable" pref_dns_result: "ipv4" realm: "<your_own_value>" sec_default_action: "accept" secure_web_proxy: "disable" secure_web_proxy_cert: - name: "default_name_38 (source vpn.certificate.local.name)" socks: "enable" socks_incoming_port: "<your_own_value>" ssl_algorithm: "high" ssl_dh_bits: "768" status: "enable" strict_guest: "enable" trace_auth_no_rsp: "enable" unknown_http_version: "reject"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str web_proxy_explicit: default: null description: - Configure explicit Web proxy settings. suboptions: ftp_incoming_port: description: - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). type: str ftp_over_http: choices: - enable - disable description: - Enable to proxy FTP-over-HTTP sessions sent from a web browser. type: str http_connection_mode: choices: - static - multiplex - serverpool description: - HTTP connection mode . type: str http_incoming_port: description: - Accept incoming HTTP requests on one or more ports (0 - 65535). type: str https_incoming_port: description: - Accept incoming HTTPS requests on one or more ports (0 - 65535). type: str https_replacement_message: choices: - enable - disable description: - Enable/disable sending the client a replacement message for HTTPS requests. type: str incoming_ip: description: - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. type: str incoming_ip6: description: - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. type: str ipv6_status: choices: - enable - disable description: - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. type: str message_upon_server_error: choices: - enable - disable description: - Enable/disable displaying a replacement message when a server error is detected. type: str outgoing_ip: description: - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. elements: str type: list outgoing_ip6: description: - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. elements: str type: list pac_file_data: description: - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str pac_file_name: description: - Pac file name. type: str pac_file_server_port: description: - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). type: str pac_file_server_status: choices: - enable - disable description: - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. type: str pac_file_through_https: choices: - enable - disable description: - Enable/disable to get Proxy Auto-Configuration (PAC) through HTTPS. type: str pac_file_url: description: - PAC file access URL. type: str pac_policy: description: - PAC policies. elements: dict suboptions: comments: description: - Optional comments. type: str dstaddr: description: - Destination address objects. elements: dict suboptions: name: description: - Address name. Source firewall.address.name firewall.addrgrp.name. required: true type: str type: list pac_file_data: description: - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str pac_file_name: description: - Pac file name. type: str policyid: description: - Policy ID. see <a href='#notes'>Notes</a>. required: true type: int srcaddr: description: - Source address objects. elements: dict suboptions: name: description: - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. required: true type: str type: list srcaddr6: description: - Source address6 objects. elements: dict suboptions: name: description: - Address name. Source firewall.address6.name firewall.addrgrp6.name. required: true type: str type: list status: choices: - enable - disable description: - Enable/disable policy. type: str type: list pref_dns_result: choices: - ipv4 - ipv6 description: - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . type: str realm: description: - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). type: str sec_default_action: choices: - accept - deny description: - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. type: str secure_web_proxy: choices: - disable - enable - secure description: - Enable/disable/require the secure web proxy for HTTP and HTTPS session. type: str secure_web_proxy_cert: description: - Name of certificates for secure web proxy. elements: dict suboptions: name: description: - Certificate list. Source vpn.certificate.local.name. required: true type: str type: list socks: choices: - enable - disable description: - Enable/disable the SOCKS proxy. type: str socks_incoming_port: description: - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). type: str ssl_algorithm: choices: - high - medium - low description: - 'Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low.' type: str ssl_dh_bits: choices: - '768' - '1024' - '1536' - '2048' description: - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str status: choices: - enable - disable description: - Enable/disable the explicit Web proxy for HTTP and HTTPS session. type: str strict_guest: choices: - enable - disable description: - Enable/disable strict guest user checking by the explicit web proxy. type: str trace_auth_no_rsp: choices: - enable - disable description: - Enable/disable logging timed-out authentication requests. type: str unknown_http_version: choices: - reject - best-effort - tunnel description: - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str