lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_firewall_access_proxy6 Configure IPv6 access proxy in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_firewall_access_proxy6 (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure IPv6 access proxy. fortios_firewall_access_proxy6: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_access_proxy6: add_vhost_domain_to_dnsdb: "enable" api_gateway: - application: - name: "default_name_6" http_cookie_age: "60" http_cookie_domain: "<your_own_value>" http_cookie_domain_from_host: "disable" http_cookie_generation: "0" http_cookie_path: "<your_own_value>" http_cookie_share: "disable" https_cookie_secure: "disable" id: "14" ldb_method: "static" persistence: "none" realservers: - addr_type: "ip" address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" domain: "<your_own_value>" health_check: "disable" health_check_proto: "ping" holddown_interval: "enable" http_host: "myhostname" id: "25" ip: "<your_own_value>" mappedport: "<your_own_value>" port: "443" ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)" ssh_host_key: - name: "default_name_31 (source firewall.ssh.host-key.name)" ssh_host_key_validation: "disable" status: "active" type: "tcp-forwarding" weight: "1" saml_redirect: "disable" saml_server: "<your_own_value> (source user.saml.name)" service: "http" ssl_algorithm: "high" ssl_cipher_suites: - cipher: "TLS-AES-128-GCM-SHA256" priority: "0" versions: "tls-1.0" ssl_dh_bits: "768" ssl_max_version: "tls-1.0" ssl_min_version: "tls-1.0" ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)" url_map: "<your_own_value>" url_map_type: "sub-string" virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" api_gateway6: - application: - name: "default_name_53" http_cookie_age: "60" http_cookie_domain: "<your_own_value>" http_cookie_domain_from_host: "disable" http_cookie_generation: "0" http_cookie_path: "<your_own_value>" http_cookie_share: "disable" https_cookie_secure: "disable" id: "61" ldb_method: "static" persistence: "none" realservers: - addr_type: "ip" address: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" domain: "<your_own_value>" health_check: "disable" health_check_proto: "ping" holddown_interval: "enable" http_host: "myhostname" id: "72" ip: "<your_own_value>" mappedport: "<your_own_value>" port: "443" ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)" ssh_host_key: - name: "default_name_78 (source firewall.ssh.host-key.name)" ssh_host_key_validation: "disable" status: "active" type: "tcp-forwarding" weight: "1" saml_redirect: "disable" saml_server: "<your_own_value> (source user.saml.name)" service: "http" ssl_algorithm: "high" ssl_cipher_suites: - cipher: "TLS-AES-128-GCM-SHA256" priority: "0" versions: "tls-1.0" ssl_dh_bits: "768" ssl_max_version: "tls-1.0" ssl_min_version: "tls-1.0" ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)" url_map: "<your_own_value>" url_map_type: "sub-string" virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" auth_portal: "disable" auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" client_cert: "disable" decrypted_traffic_mirror: "<your_own_value> (source firewall.decrypted-traffic-mirror.name)" empty_cert_action: "accept" log_blocked_traffic: "enable" name: "default_name_104" user_agent_detect: "disable" vip: "<your_own_value> (source firewall.vip6.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str firewall_access_proxy6: default: null description: - Configure IPv6 access proxy. suboptions: add_vhost_domain_to_dnsdb: choices: - enable - disable description: - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str api_gateway: description: - Set IPv4 API Gateway. elements: dict suboptions: application: description: - SaaS application controlled by this Access Proxy. elements: dict suboptions: name: description: - SaaS application name. type: str type: list http_cookie_age: description: - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int http_cookie_domain: description: - Domain that HTTP cookie persistence should apply to. type: str http_cookie_domain_from_host: choices: - disable - enable description: - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http_cookie_generation: description: - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int http_cookie_path: description: - Limit HTTP cookie persistence to the specified path. type: str http_cookie_share: choices: - disable - same-ip description: - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str https_cookie_secure: choices: - disable - enable description: - Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: - API Gateway ID. type: int ldb_method: choices: - static - round-robin - weighted - first-alive - http-host description: - Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str realservers: description: - Select the real servers that this Access Proxy will distribute traffic to. elements: dict suboptions: addr_type: choices: - ip - fqdn description: - Type of address. type: str address: description: - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str domain: description: - Wildcard domain name of the real server. type: str health_check: choices: - disable - enable description: - Enable to check the responsiveness of the real server before forwarding traffic. type: str health_check_proto: choices: - ping - http - tcp-connect description: - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str holddown_interval: choices: - enable - disable description: - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str http_host: description: - HTTP server domain name in HTTP header. type: str id: description: - Real server ID. type: int ip: description: - IP address of the real server. type: str mappedport: description: - Port for communicating with the real server. type: str port: description: - Port for communicating with the real server. type: int ssh_client_cert: description: - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str ssh_host_key: description: - One or more server host key. elements: dict suboptions: name: description: - Server host key name. Source firewall.ssh.host-key.name. type: str type: list ssh_host_key_validation: choices: - disable - enable description: - Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str type: choices: - tcp-forwarding - ssh description: - TCP forwarding server type. type: str weight: description: - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int type: list saml_redirect: choices: - disable - enable description: - Enable/disable SAML redirection after successful authentication. type: str saml_server: description: - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: - Service. type: str ssl_algorithm: choices: - high - medium - low description: - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl_cipher_suites: description: - SSL/TLS cipher suites to offer to a server, ordered by priority. elements: dict suboptions: cipher: choices: - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-RSA-WITH-DES-CBC-SHA description: - Cipher suite name. type: str priority: description: - SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl_dh_bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl_max_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Highest SSL/TLS version acceptable from a server. type: str ssl_min_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Lowest SSL/TLS version acceptable from a server. type: str ssl_vpn_web_portal: description: - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str url_map: description: - URL pattern to match. type: str url_map_type: choices: - sub-string - wildcard - regex description: - Type of url-map. type: str virtual_host: description: - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str type: list api_gateway6: description: - Set IPv6 API Gateway. elements: dict suboptions: application: description: - SaaS application controlled by this Access Proxy. elements: dict suboptions: name: description: - SaaS application name. type: str type: list http_cookie_age: description: - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int http_cookie_domain: description: - Domain that HTTP cookie persistence should apply to. type: str http_cookie_domain_from_host: choices: - disable - enable description: - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str http_cookie_generation: description: - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int http_cookie_path: description: - Limit HTTP cookie persistence to the specified path. type: str http_cookie_share: choices: - disable - same-ip description: - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str https_cookie_secure: choices: - disable - enable description: - Enable/disable verification that inserted HTTPS cookies are secure. type: str id: description: - API Gateway ID. type: int ldb_method: choices: - static - round-robin - weighted - first-alive - http-host description: - Method used to distribute sessions to real servers. type: str persistence: choices: - none - http-cookie description: - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str realservers: description: - Select the real servers that this Access Proxy will distribute traffic to. elements: dict suboptions: addr_type: choices: - ip - fqdn description: - Type of address. type: str address: description: - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str domain: description: - Wildcard domain name of the real server. type: str health_check: choices: - disable - enable description: - Enable to check the responsiveness of the real server before forwarding traffic. type: str health_check_proto: choices: - ping - http - tcp-connect description: - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str holddown_interval: choices: - enable - disable description: - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str http_host: description: - HTTP server domain name in HTTP header. type: str id: description: - Real server ID. type: int ip: description: - IPv6 address of the real server. type: str mappedport: description: - Port for communicating with the real server. type: str port: description: - Port for communicating with the real server. type: int ssh_client_cert: description: - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str ssh_host_key: description: - One or more server host key. elements: dict suboptions: name: description: - Server host key name. Source firewall.ssh.host-key.name. type: str type: list ssh_host_key_validation: choices: - disable - enable description: - Enable/disable SSH real server host key validation. type: str status: choices: - active - standby - disable description: - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str type: choices: - tcp-forwarding - ssh description: - TCP forwarding server type. type: str weight: description: - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int type: list saml_redirect: choices: - disable - enable description: - Enable/disable SAML redirection after successful authentication. type: str saml_server: description: - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str service: choices: - http - https - tcp-forwarding - samlsp - web-portal - saas description: - Service. type: str ssl_algorithm: choices: - high - medium - low description: - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str ssl_cipher_suites: description: - SSL/TLS cipher suites to offer to a server, ordered by priority. elements: dict suboptions: cipher: choices: - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 - TLS-DHE-RSA-WITH-AES-128-CBC-SHA - TLS-DHE-RSA-WITH-AES-256-CBC-SHA - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA - TLS-DHE-DSS-WITH-AES-256-CBC-SHA - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-AES-128-CBC-SHA - TLS-RSA-WITH-AES-256-CBC-SHA - TLS-RSA-WITH-AES-128-CBC-SHA256 - TLS-RSA-WITH-AES-128-GCM-SHA256 - TLS-RSA-WITH-AES-256-CBC-SHA256 - TLS-RSA-WITH-AES-256-GCM-SHA384 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 - TLS-DHE-RSA-WITH-SEED-CBC-SHA - TLS-DHE-DSS-WITH-SEED-CBC-SHA - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 - TLS-RSA-WITH-SEED-CBC-SHA - TLS-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 - TLS-ECDHE-RSA-WITH-RC4-128-SHA - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-3DES-EDE-CBC-SHA - TLS-RSA-WITH-RC4-128-MD5 - TLS-RSA-WITH-RC4-128-SHA - TLS-DHE-RSA-WITH-DES-CBC-SHA - TLS-DHE-DSS-WITH-DES-CBC-SHA - TLS-RSA-WITH-DES-CBC-SHA description: - Cipher suite name. type: str priority: description: - SSL/TLS cipher suites priority. type: int versions: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - SSL/TLS versions that the cipher suite can be used with. elements: str type: list type: list ssl_dh_bits: choices: - '768' - '1024' - '1536' - '2048' - '3072' - '4096' description: - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str ssl_max_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Highest SSL/TLS version acceptable from a server. type: str ssl_min_version: choices: - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Lowest SSL/TLS version acceptable from a server. type: str ssl_vpn_web_portal: description: - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str url_map: description: - URL pattern to match. type: str url_map_type: choices: - sub-string - wildcard - regex description: - Type of url-map. type: str virtual_host: description: - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str type: list auth_portal: choices: - disable - enable description: - Enable/disable authentication portal. type: str auth_virtual_host: description: - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str client_cert: choices: - disable - enable description: - Enable/disable to request client certificate. type: str decrypted_traffic_mirror: description: - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str empty_cert_action: choices: - accept - block - accept-unmanageable description: - Action of an empty client certificate. type: str log_blocked_traffic: choices: - enable - disable description: - Enable/disable logging of blocked traffic. type: str name: description: - Access Proxy name. required: true type: str user_agent_detect: choices: - disable - enable description: - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str vip: description: - Virtual IP name. Source firewall.vip6.name. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str