lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_vpn_ssl_web_portal Portal in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_vpn_ssl_web_portal (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Portal. fortios_vpn_ssl_web_portal: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" vpn_ssl_web_portal: allow_user_access: "web" auto_connect: "enable" bookmark_group: - bookmarks: - additional_params: "<your_own_value>" apptype: "ftp" color_depth: "32" description: "<your_own_value>" domain: "<your_own_value>" folder: "<your_own_value>" form_data: - name: "default_name_14" value: "<your_own_value>" height: "768" host: "myhostname" keyboard_layout: "ar-101" listening_port: "0" load_balancing_info: "<your_own_value>" logon_password: "<your_own_value>" logon_user: "<your_own_value>" name: "default_name_23" port: "0" preconnection_blob: "<your_own_value>" preconnection_id: "2147483648" remote_port: "0" restricted_admin: "enable" security: "rdp" send_preconnection_id: "enable" server_layout: "de-de-qwertz" show_status_window: "enable" sso: "disable" sso_credential: "sslvpn-login" sso_credential_sent_once: "enable" sso_password: "<your_own_value>" sso_username: "<your_own_value>" url: "myurl.com" width: "1024" name: "default_name_40" clipboard: "enable" custom_lang: "<your_own_value> (source system.custom-language.name)" customize_forticlient_download_url: "enable" default_window_height: "768" default_window_width: "1024" dhcp_ip_overlap: "use-new" display_bookmark: "enable" display_connection_tools: "enable" display_history: "enable" display_status: "enable" dns_server1: "<your_own_value>" dns_server2: "<your_own_value>" dns_suffix: "<your_own_value>" exclusive_routing: "enable" forticlient_download: "enable" forticlient_download_method: "direct" heading: "<your_own_value>" hide_sso_credential: "enable" host_check: "none" host_check_interval: "0" host_check_policy: - name: "default_name_62 (source vpn.ssl.web.host-check-software.name)" ip_mode: "range" ip_pools: - name: "default_name_65 (source firewall.address.name firewall.addrgrp.name)" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" ipv6_exclusive_routing: "enable" ipv6_pools: - name: "default_name_70 (source firewall.address6.name firewall.addrgrp6.name)" ipv6_service_restriction: "enable" ipv6_split_tunneling: "enable" ipv6_split_tunneling_routing_address: - name: "default_name_74 (source firewall.address6.name firewall.addrgrp6.name)" ipv6_split_tunneling_routing_negate: "enable" ipv6_tunnel_mode: "enable" ipv6_wins_server1: "<your_own_value>" ipv6_wins_server2: "<your_own_value>" keep_alive: "enable" limit_user_logins: "enable" mac_addr_action: "allow" mac_addr_check: "enable" mac_addr_check_rule: - mac_addr_list: - addr: "<your_own_value>" mac_addr_mask: "48" name: "default_name_87" macos_forticlient_download_url: "<your_own_value>" name: "default_name_89" os_check: "enable" os_check_list: - action: "deny" latest_patch_level: "<your_own_value>" name: "default_name_94" tolerance: "0" prefer_ipv6_dns: "enable" redir_url: "<your_own_value>" rewrite_ip_uri_ui: "enable" save_password: "enable" service_restriction: "enable" skip_check_for_browser: "enable" skip_check_for_unsupported_browser: "enable" skip_check_for_unsupported_os: "enable" smb_max_version: "smbv1" smb_min_version: "smbv1" smb_ntlmv1_auth: "enable" smbv1: "enable" split_dns: - dns_server1: "<your_own_value>" dns_server2: "<your_own_value>" domains: "<your_own_value>" id: "112" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" split_tunneling: "enable" split_tunneling_routing_address: - name: "default_name_117 (source firewall.address.name firewall.addrgrp.name)" split_tunneling_routing_negate: "enable" theme: "jade" transform_backward_slashes: "enable" tunnel_mode: "enable" use_sdwan: "enable" user_bookmark: "enable" user_group_bookmark: "enable" web_mode: "enable" windows_forticlient_download_url: "<your_own_value>" wins_server1: "<your_own_value>" wins_server2: "<your_own_value>"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str vpn_ssl_web_portal: default: null description: - Portal. suboptions: allow_user_access: choices: - web - ftp - smb - sftp - telnet - ssh - vnc - rdp - ping - citrix - portforward description: - Allow user access to SSL-VPN applications. elements: str type: list auto_connect: choices: - enable - disable description: - Enable/disable automatic connect by client when system is up. type: str bookmark_group: description: - Portal bookmark group. elements: dict suboptions: bookmarks: description: - Bookmark table. elements: dict suboptions: additional_params: description: - Additional parameters. type: str apptype: choices: - ftp - rdp - sftp - smb - ssh - telnet - vnc - web - citrix - portforward description: - Application type. type: str color_depth: choices: - '32' - '16' - '8' description: - Color depth per pixel. type: str description: description: - Description. type: str domain: description: - Login domain. type: str folder: description: - Network shared file folder parameter. type: str form_data: description: - Form data. elements: dict suboptions: name: description: - Name. type: str value: description: - Value. type: str type: list height: description: - Screen height (range from 0 - 65535). type: int host: description: - Host name/IP parameter. type: str keyboard_layout: choices: - ar-101 - ar-102 - ar-102-azerty - can-mul - cz - cz-qwerty - cz-pr - da - nl - de - de-ch - de-ibm - en-uk - en-uk-ext - en-us - en-us-dvorak - es - es-var - fi - fi-sami - fr - fr-apple - fr-ca - fr-ch - fr-be - hr - hu - hu-101 - it - it-142 - ja - ko - lt - lt-ibm - lt-std - lav-std - lav-leg - mk - mk-std - 'no' - no-sami - pol-214 - pol-pr - pt - pt-br - pt-br-abnt2 - ru - ru-mne - ru-t - sl - sv - sv-sami - tuk - tur-f - tur-q - zh-sym-sg-us - zh-sym-us - zh-tr-hk - zh-tr-mo - zh-tr-us description: - Keyboard layout. type: str listening_port: description: - Listening port (0 - 65535). type: int load_balancing_info: description: - The load balancing information or cookie which should be provided to the connection broker. type: str logon_password: description: - Logon password. type: str logon_user: description: - Logon user. type: str name: description: - Bookmark name. type: str port: description: - Remote port. type: int preconnection_blob: description: - An arbitrary string which identifies the RDP source. type: str preconnection_id: description: - The numeric ID of the RDP source (0-4294967295). type: int remote_port: description: - Remote port (0 - 65535). type: int restricted_admin: choices: - enable - disable description: - Enable/disable restricted admin mode for RDP. type: str security: choices: - rdp - nla - tls - any description: - Security mode for RDP connection. type: str send_preconnection_id: choices: - enable - disable description: - Enable/disable sending of preconnection ID. type: str server_layout: choices: - de-de-qwertz - en-gb-qwerty - en-us-qwerty - es-es-qwerty - fr-ca-qwerty - fr-fr-azerty - fr-ch-qwertz - it-it-qwerty - ja-jp-qwerty - pt-br-qwerty - sv-se-qwerty - tr-tr-qwerty - failsafe description: - Server side keyboard layout. type: str show_status_window: choices: - enable - disable description: - Enable/disable showing of status window. type: str sso: choices: - disable - static - auto description: - Single Sign-On. type: str sso_credential: choices: - sslvpn-login - alternative description: - Single sign-on credentials. type: str sso_credential_sent_once: choices: - enable - disable description: - Single sign-on credentials are only sent once to remote server. type: str sso_password: description: - SSO password. type: str sso_username: description: - SSO user name. type: str url: description: - URL parameter. type: str width: description: - Screen width (range from 0 - 65535). type: int type: list name: description: - Bookmark group name. type: str type: list clipboard: choices: - enable - disable description: - Enable to support RDP/VPC clipboard functionality. type: str custom_lang: description: - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str customize_forticlient_download_url: choices: - enable - disable description: - Enable support of customized download URL for FortiClient. type: str default_window_height: description: - Screen height (range from 0 - 65535). type: int default_window_width: description: - Screen width (range from 0 - 65535). type: int dhcp_ip_overlap: choices: - use-new - use-old description: - Configure overlapping DHCP IP allocation assignment. type: str display_bookmark: choices: - enable - disable description: - Enable to display the web portal bookmark widget. type: str display_connection_tools: choices: - enable - disable description: - Enable to display the web portal connection tools widget. type: str display_history: choices: - enable - disable description: - Enable to display the web portal user login history widget. type: str display_status: choices: - enable - disable description: - Enable to display the web portal status widget. type: str dns_server1: description: - IPv4 DNS server 1. type: str dns_server2: description: - IPv4 DNS server 2. type: str dns_suffix: description: - DNS suffix. type: str exclusive_routing: choices: - enable - disable description: - Enable/disable all traffic go through tunnel only. type: str forticlient_download: choices: - enable - disable description: - Enable/disable download option for FortiClient. type: str forticlient_download_method: choices: - direct - ssl-vpn description: - FortiClient download method. type: str heading: description: - Web portal heading message. type: str hide_sso_credential: choices: - enable - disable description: - Enable to prevent SSO credential being sent to client. type: str host_check: choices: - none - av - fw - av-fw - custom description: - Type of host checking performed on endpoints. type: str host_check_interval: description: - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int host_check_policy: description: - One or more policies to require the endpoint to have specific security software. elements: dict suboptions: name: description: - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str type: list ip_mode: choices: - range - user-group - dhcp description: - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str ip_pools: description: - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. elements: dict suboptions: name: description: - Address name. Source firewall.address.name firewall.addrgrp.name. type: str type: list ipv6_dns_server1: description: - IPv6 DNS server 1. type: str ipv6_dns_server2: description: - IPv6 DNS server 2. type: str ipv6_exclusive_routing: choices: - enable - disable description: - Enable/disable all IPv6 traffic go through tunnel only. type: str ipv6_pools: description: - IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients. elements: dict suboptions: name: description: - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str type: list ipv6_service_restriction: choices: - enable - disable description: - Enable/disable IPv6 tunnel service restriction. type: str ipv6_split_tunneling: choices: - enable - disable description: - Enable/disable IPv6 split tunneling. type: str ipv6_split_tunneling_routing_address: description: - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. elements: dict suboptions: name: description: - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str type: list ipv6_split_tunneling_routing_negate: choices: - enable - disable description: - Enable to negate IPv6 split tunneling routing address. type: str ipv6_tunnel_mode: choices: - enable - disable description: - Enable/disable IPv6 SSL-VPN tunnel mode. type: str ipv6_wins_server1: description: - IPv6 WINS server 1. type: str ipv6_wins_server2: description: - IPv6 WINS server 2. type: str keep_alive: choices: - enable - disable description: - Enable/disable automatic reconnect for FortiClient connections. type: str limit_user_logins: choices: - enable - disable description: - Enable to limit each user to one SSL-VPN session at a time. type: str mac_addr_action: choices: - allow - deny description: - Client MAC address action. type: str mac_addr_check: choices: - enable - disable description: - Enable/disable MAC address host checking. type: str mac_addr_check_rule: description: - Client MAC address check rule. elements: dict suboptions: mac_addr_list: description: - Client MAC address list. elements: dict suboptions: addr: description: - Client MAC address. type: str type: list mac_addr_mask: description: - Client MAC address mask. type: int name: description: - Client MAC address check rule name. type: str type: list macos_forticlient_download_url: description: - Download URL for Mac FortiClient. type: str name: description: - Portal name. required: true type: str os_check: choices: - enable - disable description: - Enable to let the FortiGate decide action based on client OS. type: str os_check_list: description: - SSL-VPN OS checks. elements: dict suboptions: action: choices: - deny - allow - check-up-to-date description: - OS check options. type: str latest_patch_level: description: - Latest OS patch level. type: str name: description: - Name. type: str tolerance: description: - OS patch level tolerance. type: int type: list prefer_ipv6_dns: choices: - enable - disable description: - Prefer to query IPv6 DNS server first if enabled. type: str redir_url: description: - Client login redirect URL. type: str rewrite_ip_uri_ui: choices: - enable - disable description: - Rewrite contents for URI contains IP and /ui/ . type: str save_password: choices: - enable - disable description: - Enable/disable FortiClient saving the user"s password. type: str service_restriction: choices: - enable - disable description: - Enable/disable tunnel service restriction. type: str skip_check_for_browser: choices: - enable - disable description: - Enable to skip host check for browser support. type: str skip_check_for_unsupported_browser: choices: - enable - disable description: - Enable to skip host check if browser does not support it. type: str skip_check_for_unsupported_os: choices: - enable - disable description: - Enable to skip host check if client OS does not support it. type: str smb_max_version: choices: - smbv1 - smbv2 - smbv3 description: - SMB maximum client protocol version. type: str smb_min_version: choices: - smbv1 - smbv2 - smbv3 description: - SMB minimum client protocol version. type: str smb_ntlmv1_auth: choices: - enable - disable description: - Enable support of NTLMv1 for Samba authentication. type: str smbv1: choices: - enable - disable description: - SMB version 1. type: str split_dns: description: - Split DNS for SSL-VPN. elements: dict suboptions: dns_server1: description: - DNS server 1. type: str dns_server2: description: - DNS server 2. type: str domains: description: - Split DNS domains used for SSL-VPN clients separated by comma. type: str id: description: - ID. type: int ipv6_dns_server1: description: - IPv6 DNS server 1. type: str ipv6_dns_server2: description: - IPv6 DNS server 2. type: str type: list split_tunneling: choices: - enable - disable description: - Enable/disable IPv4 split tunneling. type: str split_tunneling_routing_address: description: - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. elements: dict suboptions: name: description: - Address name. Source firewall.address.name firewall.addrgrp.name. type: str type: list split_tunneling_routing_negate: choices: - enable - disable description: - Enable to negate split tunneling routing address. type: str theme: choices: - jade - neutrino - mariner - graphite - melongene - dark-matter - onyx - eclipse - blue - green - red description: - Web portal color scheme. type: str transform_backward_slashes: choices: - enable - disable description: - Transform backward slashes to forward slashes in URLs. type: str tunnel_mode: choices: - enable - disable description: - Enable/disable IPv4 SSL-VPN tunnel mode. type: str use_sdwan: choices: - enable - disable description: - Use SD-WAN rules to get output interface. type: str user_bookmark: choices: - enable - disable description: - Enable to allow web portal users to create their own bookmarks. type: str user_group_bookmark: choices: - enable - disable description: - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str web_mode: choices: - enable - disable description: - Enable/disable SSL-VPN web mode. type: str windows_forticlient_download_url: description: - Download URL for Windows FortiClient. type: str wins_server1: description: - IPv4 WINS server 1. type: str wins_server2: description: - IPv4 WINS server 1. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str