fortinet / fortinet.fortios / 2.3.6 / module / fortios_web_proxy_global Configure Web proxy global settings in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_web_proxy_global (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure Web proxy global settings. fortinet.fortios.fortios_web_proxy_global: vdom: "{{ vdom }}" web_proxy_global: fast_policy_match: "enable" forward_proxy_auth: "enable" forward_server_affinity_timeout: "30" ldap_user_cache: "enable" learn_client_ip: "enable" learn_client_ip_from_header: "true-client-ip" learn_client_ip_srcaddr: - name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" learn_client_ip_srcaddr6: - name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" log_app_id: "enable" log_forward_server: "enable" log_policy_pending: "enable" max_message_length: "32" max_request_length: "8" max_waf_body_cache_length: "32" policy_category_deep_inspect: "enable" proxy_fqdn: "<your_own_value>" src_affinity_exempt_addr: "<your_own_value>" src_affinity_exempt_addr6: "<your_own_value>" ssl_ca_cert: "<your_own_value> (source vpn.certificate.local.name)" ssl_cert: "<your_own_value> (source vpn.certificate.local.name)" strict_web_check: "enable" tunnel_non_http: "enable" unknown_http_version: "reject" webproxy_profile: "<your_own_value> (source web-proxy.profile.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str web_proxy_global: default: null description: - Configure Web proxy global settings. suboptions: fast_policy_match: choices: - enable - disable description: - Enable/disable fast matching algorithm for explicit and transparent proxy policy. type: str forward_proxy_auth: choices: - enable - disable description: - Enable/disable forwarding proxy authentication headers. type: str forward_server_affinity_timeout: description: - Period of time before the source IP"s traffic is no longer assigned to the forwarding server (6 - 60 min). type: int ldap_user_cache: choices: - enable - disable description: - Enable/disable LDAP user cache for explicit and transparent proxy user. type: str learn_client_ip: choices: - enable - disable description: - Enable/disable learning the client"s IP address from headers. type: str learn_client_ip_from_header: choices: - true-client-ip - x-real-ip - x-forwarded-for description: - Learn client IP address from the specified headers. elements: str type: list learn_client_ip_srcaddr: description: - Source address name (srcaddr or srcaddr6 must be set). elements: dict suboptions: name: description: - Address name. Source firewall.address.name firewall.addrgrp.name. required: true type: str type: list learn_client_ip_srcaddr6: description: - IPv6 Source address name (srcaddr or srcaddr6 must be set). elements: dict suboptions: name: description: - Address name. Source firewall.address6.name firewall.addrgrp6.name. required: true type: str type: list log_app_id: choices: - enable - disable description: - Enable/disable always log application type in traffic log. type: str log_forward_server: choices: - enable - disable description: - Enable/disable forward server name logging in forward traffic log. type: str log_policy_pending: choices: - enable - disable description: - Enable/disable logging sessions that are pending on policy matching. type: str max_message_length: description: - Maximum length of HTTP message, not including body (16 - 256 Kbytes). type: int max_request_length: description: - Maximum length of HTTP request line (2 - 64 Kbytes). type: int max_waf_body_cache_length: description: - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes). type: int policy_category_deep_inspect: choices: - enable - disable description: - Enable/disable deep inspection for application level category policy matching. type: str proxy_fqdn: description: - Fully Qualified Domain Name (FQDN) that clients connect to to connect to the explicit web proxy. type: str src_affinity_exempt_addr: description: - IPv4 source addresses to exempt proxy affinity. elements: str type: list src_affinity_exempt_addr6: description: - IPv6 source addresses to exempt proxy affinity. elements: str type: list ssl_ca_cert: description: - SSL CA certificate for SSL interception. Source vpn.certificate.local.name. type: str ssl_cert: description: - SSL certificate for SSL interception. Source vpn.certificate.local.name. type: str strict_web_check: choices: - enable - disable description: - Enable/disable strict web checking to block web sites that send incorrect headers that don"t conform to HTTP 1.1. type: str tunnel_non_http: choices: - enable - disable description: - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. type: str unknown_http_version: choices: - reject - tunnel - best-effort description: - 'Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort.' type: str webproxy_profile: description: - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str