lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_firewall_ssl_ssh_profile Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_firewall_ssl_ssh_profile (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_ssh_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure SSL/SSH protocol options. fortios_firewall_ssl_ssh_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_ssl_ssh_profile: allowlist: "enable" block_blacklisted_certificates: "disable" block_blocklisted_certificates: "disable" caname: "<your_own_value> (source vpn.certificate.local.name)" comment: "Optional comments." dot: cert_validation_failure: "allow" cert_validation_timeout: "allow" client_certificate: "bypass" expired_server_cert: "allow" proxy_after_tcp_handshake: "enable" revoked_server_cert: "allow" sni_server_cert_check: "enable" status: "disable" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_server_cert: "allow" ftps: allow_invalid_server_cert: "enable" cert_validation_failure: "allow" cert_validation_timeout: "allow" client_cert_request: "bypass" client_certificate: "bypass" expired_server_cert: "allow" invalid_server_cert: "allow" min_allowed_ssl_version: "ssl-3.0" ports: "<your_own_value>" revoked_server_cert: "allow" sni_server_cert_check: "enable" status: "disable" unsupported_ssl: "bypass" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_cert: "allow" untrusted_server_cert: "allow" https: allow_invalid_server_cert: "enable" cert_probe_failure: "allow" cert_validation_failure: "allow" cert_validation_timeout: "allow" client_cert_request: "bypass" client_certificate: "bypass" expired_server_cert: "allow" invalid_server_cert: "allow" min_allowed_ssl_version: "ssl-3.0" ports: "<your_own_value>" proxy_after_tcp_handshake: "enable" revoked_server_cert: "allow" sni_server_cert_check: "enable" status: "disable" unsupported_ssl: "bypass" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_cert: "allow" untrusted_server_cert: "allow" imaps: allow_invalid_server_cert: "enable" cert_validation_failure: "allow" cert_validation_timeout: "allow" client_cert_request: "bypass" client_certificate: "bypass" expired_server_cert: "allow" invalid_server_cert: "allow" ports: "<your_own_value>" proxy_after_tcp_handshake: "enable" revoked_server_cert: "allow" sni_server_cert_check: "enable" status: "disable" unsupported_ssl: "bypass" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_cert: "allow" untrusted_server_cert: "allow" mapi_over_https: "enable" name: "default_name_81" pop3s: allow_invalid_server_cert: "enable" cert_validation_failure: "allow" cert_validation_timeout: "allow" client_cert_request: "bypass" client_certificate: "bypass" expired_server_cert: "allow" invalid_server_cert: "allow" ports: "<your_own_value>" proxy_after_tcp_handshake: "enable" revoked_server_cert: "allow" sni_server_cert_check: "enable" status: "disable" unsupported_ssl: "bypass" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_cert: "allow" untrusted_server_cert: "allow" rpc_over_https: "enable" server_cert: - name: "default_name_103 (source vpn.certificate.local.name)" server_cert_mode: "re-sign" smtps: allow_invalid_server_cert: "enable" cert_validation_failure: "allow" cert_validation_timeout: "allow" client_cert_request: "bypass" client_certificate: "bypass" expired_server_cert: "allow" invalid_server_cert: "allow" ports: "<your_own_value>" proxy_after_tcp_handshake: "enable" revoked_server_cert: "allow" sni_server_cert_check: "enable" status: "disable" unsupported_ssl: "bypass" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_cert: "allow" untrusted_server_cert: "allow" ssh: inspect_all: "disable" ports: "<your_own_value>" proxy_after_tcp_handshake: "enable" ssh_algorithm: "compatible" ssh_policy_check: "disable" ssh_tun_policy_check: "disable" status: "disable" unsupported_version: "bypass" ssl: allow_invalid_server_cert: "enable" cert_probe_failure: "allow" cert_validation_failure: "allow" cert_validation_timeout: "allow" client_cert_request: "bypass" client_certificate: "bypass" expired_server_cert: "allow" inspect_all: "disable" invalid_server_cert: "allow" min_allowed_ssl_version: "ssl-3.0" revoked_server_cert: "allow" sni_server_cert_check: "enable" unsupported_ssl: "bypass" unsupported_ssl_cipher: "allow" unsupported_ssl_negotiation: "allow" unsupported_ssl_version: "allow" untrusted_cert: "allow" untrusted_server_cert: "allow" ssl_anomalies_log: "disable" ssl_anomaly_log: "disable" ssl_exempt: - address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" address6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" fortiguard_category: "0" id: "158" regex: "<your_own_value>" type: "fortiguard-category" wildcard_fqdn: "<your_own_value> (source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name)" ssl_exemption_ip_rating: "enable" ssl_exemption_log: "disable" ssl_exemptions_log: "disable" ssl_handshake_log: "disable" ssl_negotiation_log: "disable" ssl_server: - ftps_client_cert_request: "bypass" ftps_client_certificate: "bypass" https_client_cert_request: "bypass" https_client_certificate: "bypass" id: "172" imaps_client_cert_request: "bypass" imaps_client_certificate: "bypass" ip: "<your_own_value>" pop3s_client_cert_request: "bypass" pop3s_client_certificate: "bypass" smtps_client_cert_request: "bypass" smtps_client_certificate: "bypass" ssl_other_client_cert_request: "bypass" ssl_other_client_certificate: "bypass" ssl_server_cert_log: "disable" supported_alpn: "http1-1" untrusted_caname: "<your_own_value> (source vpn.certificate.local.name)" use_ssl_server: "disable" whitelist: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str firewall_ssl_ssh_profile: default: null description: - Configure SSL/SSH protocol options. suboptions: allowlist: choices: - enable - disable description: - Enable/disable exempting servers by FortiGuard allowlist. type: str block_blacklisted_certificates: choices: - disable - enable description: - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. type: str block_blocklisted_certificates: choices: - disable - enable description: - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. type: str caname: description: - CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str comment: description: - Optional comments. type: str dot: description: - Configure DNS over TLS options. suboptions: cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str proxy_after_tcp_handshake: choices: - enable - disable description: - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str status: choices: - disable - deep-inspection description: - Configure protocol inspection status. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict ftps: description: - Configure FTPS options. suboptions: allow_invalid_server_cert: choices: - enable - disable description: - When enabled, allows SSL sessions whose server certificate validation failed. type: str cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str invalid_server_cert: choices: - allow - block description: - Allow or block the invalid SSL session server certificate. type: str min_allowed_ssl_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Minimum SSL version to be allowed. type: str ports: description: - Ports to use for scanning (1 - 65535). elements: int type: list revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str status: choices: - disable - deep-inspection description: - Configure protocol inspection status. type: str unsupported_ssl: choices: - bypass - inspect - block description: - Action based on the SSL encryption used being unsupported. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_cert: choices: - allow - block - ignore description: - Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict https: description: - Configure HTTPS options. suboptions: allow_invalid_server_cert: choices: - enable - disable description: - When enabled, allows SSL sessions whose server certificate validation failed. type: str cert_probe_failure: choices: - allow - block description: - Action based on certificate probe failure. type: str cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str invalid_server_cert: choices: - allow - block description: - Allow or block the invalid SSL session server certificate. type: str min_allowed_ssl_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Minimum SSL version to be allowed. type: str ports: description: - Ports to use for scanning (1 - 65535). elements: int type: list proxy_after_tcp_handshake: choices: - enable - disable description: - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str status: choices: - disable - certificate-inspection - deep-inspection description: - Configure protocol inspection status. type: str unsupported_ssl: choices: - bypass - inspect - block description: - Action based on the SSL encryption used being unsupported. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_cert: choices: - allow - block - ignore description: - Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict imaps: description: - Configure IMAPS options. suboptions: allow_invalid_server_cert: choices: - enable - disable description: - When enabled, allows SSL sessions whose server certificate validation failed. type: str cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str invalid_server_cert: choices: - allow - block description: - Allow or block the invalid SSL session server certificate. type: str ports: description: - Ports to use for scanning (1 - 65535). elements: int type: list proxy_after_tcp_handshake: choices: - enable - disable description: - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str status: choices: - disable - deep-inspection description: - Configure protocol inspection status. type: str unsupported_ssl: choices: - bypass - inspect - block description: - Action based on the SSL encryption used being unsupported. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_cert: choices: - allow - block - ignore description: - Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict mapi_over_https: choices: - enable - disable description: - Enable/disable inspection of MAPI over HTTPS. type: str name: description: - Name. required: true type: str pop3s: description: - Configure POP3S options. suboptions: allow_invalid_server_cert: choices: - enable - disable description: - When enabled, allows SSL sessions whose server certificate validation failed. type: str cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str invalid_server_cert: choices: - allow - block description: - Allow or block the invalid SSL session server certificate. type: str ports: description: - Ports to use for scanning (1 - 65535). elements: int type: list proxy_after_tcp_handshake: choices: - enable - disable description: - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str status: choices: - disable - deep-inspection description: - Configure protocol inspection status. type: str unsupported_ssl: choices: - bypass - inspect - block description: - Action based on the SSL encryption used being unsupported. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_cert: choices: - allow - block - ignore description: - Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict rpc_over_https: choices: - enable - disable description: - Enable/disable inspection of RPC over HTTPS. type: str server_cert: description: - Certificate used by SSL Inspection to replace server certificate. Source vpn.certificate.local.name. elements: dict suboptions: name: description: - Certificate list. Source vpn.certificate.local.name. type: str type: list server_cert_mode: choices: - re-sign - replace description: - Re-sign or replace the server"s certificate. type: str smtps: description: - Configure SMTPS options. suboptions: allow_invalid_server_cert: choices: - enable - disable description: - When enabled, allows SSL sessions whose server certificate validation failed. type: str cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str invalid_server_cert: choices: - allow - block description: - Allow or block the invalid SSL session server certificate. type: str ports: description: - Ports to use for scanning (1 - 65535). elements: int type: list proxy_after_tcp_handshake: choices: - enable - disable description: - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str status: choices: - disable - deep-inspection description: - Configure protocol inspection status. type: str unsupported_ssl: choices: - bypass - inspect - block description: - Action based on the SSL encryption used being unsupported. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_cert: choices: - allow - block - ignore description: - Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict ssh: description: - Configure SSH options. suboptions: inspect_all: choices: - disable - deep-inspection description: - Level of SSL inspection. type: str ports: description: - Ports to use for scanning (1 - 65535). elements: int type: list proxy_after_tcp_handshake: choices: - enable - disable description: - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str ssh_algorithm: choices: - compatible - high-encryption description: - Relative strength of encryption algorithms accepted during negotiation. type: str ssh_policy_check: choices: - disable - enable description: - Enable/disable SSH policy check. type: str ssh_tun_policy_check: choices: - disable - enable description: - Enable/disable SSH tunnel policy check. type: str status: choices: - disable - deep-inspection description: - Configure protocol inspection status. type: str unsupported_version: choices: - bypass - block description: - Action based on SSH version being unsupported. type: str type: dict ssl: description: - Configure SSL options. suboptions: allow_invalid_server_cert: choices: - enable - disable description: - When enabled, allows SSL sessions whose server certificate validation failed. type: str cert_probe_failure: choices: - allow - block description: - Action based on certificate probe failure. type: str cert_validation_failure: choices: - allow - block - ignore description: - Action based on certificate validation failure. type: str cert_validation_timeout: choices: - allow - block - ignore description: - Action based on certificate validation timeout. type: str client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request. type: str client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate. type: str expired_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is expired. type: str inspect_all: choices: - disable - certificate-inspection - deep-inspection description: - Level of SSL inspection. type: str invalid_server_cert: choices: - allow - block description: - Allow or block the invalid SSL session server certificate. type: str min_allowed_ssl_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Minimum SSL version to be allowed. type: str revoked_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is revoked. type: str sni_server_cert_check: choices: - enable - strict - disable description: - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str unsupported_ssl: choices: - bypass - inspect - block description: - Action based on the SSL encryption used being unsupported. type: str unsupported_ssl_cipher: choices: - allow - block description: - Action based on the SSL cipher used being unsupported. type: str unsupported_ssl_negotiation: choices: - allow - block description: - Action based on the SSL negotiation used being unsupported. type: str unsupported_ssl_version: choices: - allow - block - inspect description: - Action based on the SSL version used being unsupported. type: str untrusted_cert: choices: - allow - block - ignore description: - Allow, ignore, or block the untrusted SSL session server certificate. type: str untrusted_server_cert: choices: - allow - block - ignore description: - Action based on server certificate is not issued by a trusted CA. type: str type: dict ssl_anomalies_log: choices: - disable - enable description: - Enable/disable logging SSL anomalies. type: str ssl_anomaly_log: choices: - disable - enable description: - Enable/disable logging of SSL anomalies. type: str ssl_exempt: description: - Servers to exempt from SSL inspection. elements: dict suboptions: address: description: - IPv4 address object. Source firewall.address.name firewall.addrgrp.name. type: str address6: description: - IPv6 address object. Source firewall.address6.name firewall.addrgrp6.name. type: str fortiguard_category: description: - FortiGuard category ID. type: int id: description: - ID number. type: int regex: description: - Exempt servers by regular expression. type: str type: choices: - fortiguard-category - address - address6 - wildcard-fqdn - regex description: - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str wildcard_fqdn: description: - Exempt servers by wildcard FQDN. Source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name. type: str type: list ssl_exemption_ip_rating: choices: - enable - disable description: - Enable/disable IP based URL rating. type: str ssl_exemption_log: choices: - disable - enable description: - Enable/disable logging SSL exemptions. type: str ssl_exemptions_log: choices: - disable - enable description: - Enable/disable logging SSL exemptions. type: str ssl_handshake_log: choices: - disable - enable description: - Enable/disable logging of TLS handshakes. type: str ssl_negotiation_log: choices: - disable - enable description: - Enable/disable logging SSL negotiation. type: str ssl_server: description: - SSL server settings used for client certificate request. elements: dict suboptions: ftps_client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request during the FTPS handshake. type: str ftps_client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate during the FTPS handshake. type: str https_client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request during the HTTPS handshake. type: str https_client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate during the HTTPS handshake. type: str id: description: - SSL server ID. type: int imaps_client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request during the IMAPS handshake. type: str imaps_client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate during the IMAPS handshake. type: str ip: description: - IPv4 address of the SSL server. type: str pop3s_client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request during the POP3S handshake. type: str pop3s_client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate during the POP3S handshake. type: str smtps_client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request during the SMTPS handshake. type: str smtps_client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate during the SMTPS handshake. type: str ssl_other_client_cert_request: choices: - bypass - inspect - block description: - Action based on client certificate request during an SSL protocol handshake. type: str ssl_other_client_certificate: choices: - bypass - inspect - block description: - Action based on received client certificate during an SSL protocol handshake. type: str type: list ssl_server_cert_log: choices: - disable - enable description: - Enable/disable logging of server certificate information. type: str supported_alpn: choices: - http1-1 - http2 - all - none description: - Configure ALPN option. type: str untrusted_caname: description: - Untrusted CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str use_ssl_server: choices: - disable - enable description: - Enable/disable the use of SSL server table for SSL offloading. type: str whitelist: choices: - enable - disable description: - Enable/disable exempting servers by FortiGuard whitelist. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str