Try SpotterPortal in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Portal.
fortios_vpn_ssl_web_portal:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
vpn_ssl_web_portal:
allow_user_access: "web"
auto_connect: "enable"
bookmark_group:
-
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "ftp"
color_depth: "32"
description: "<your_own_value>"
domain: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_14"
value: "<your_own_value>"
height: "768"
host: "myhostname"
keyboard_layout: "ar-101"
listening_port: "0"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_23"
port: "0"
preconnection_blob: "<your_own_value>"
preconnection_id: "2147483648"
remote_port: "0"
restricted_admin: "enable"
security: "rdp"
send_preconnection_id: "enable"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
width: "1024"
name: "default_name_40"
clipboard: "enable"
custom_lang: "<your_own_value> (source system.custom-language.name)"
customize_forticlient_download_url: "enable"
default_window_height: "768"
default_window_width: "1024"
dhcp_ip_overlap: "use-new"
display_bookmark: "enable"
display_connection_tools: "enable"
display_history: "enable"
display_status: "enable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_suffix: "<your_own_value>"
exclusive_routing: "enable"
forticlient_download: "enable"
forticlient_download_method: "direct"
heading: "<your_own_value>"
hide_sso_credential: "enable"
host_check: "none"
host_check_interval: "0"
host_check_policy:
-
name: "default_name_62 (source vpn.ssl.web.host-check-software.name)"
ip_mode: "range"
ip_pools:
-
name: "default_name_65 (source firewall.address.name firewall.addrgrp.name)"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_exclusive_routing: "enable"
ipv6_pools:
-
name: "default_name_70 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_service_restriction: "enable"
ipv6_split_tunneling: "enable"
ipv6_split_tunneling_routing_address:
-
name: "default_name_74 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_tunneling_routing_negate: "enable"
ipv6_tunnel_mode: "enable"
ipv6_wins_server1: "<your_own_value>"
ipv6_wins_server2: "<your_own_value>"
keep_alive: "enable"
limit_user_logins: "enable"
mac_addr_action: "allow"
mac_addr_check: "enable"
mac_addr_check_rule:
-
mac_addr_list:
-
addr: "<your_own_value>"
mac_addr_mask: "48"
name: "default_name_87"
macos_forticlient_download_url: "<your_own_value>"
name: "default_name_89"
os_check: "enable"
os_check_list:
-
action: "deny"
latest_patch_level: "<your_own_value>"
name: "default_name_94"
tolerance: "0"
prefer_ipv6_dns: "enable"
redir_url: "<your_own_value>"
rewrite_ip_uri_ui: "enable"
save_password: "enable"
service_restriction: "enable"
skip_check_for_browser: "enable"
skip_check_for_unsupported_browser: "enable"
skip_check_for_unsupported_os: "enable"
smb_max_version: "smbv1"
smb_min_version: "smbv1"
smb_ntlmv1_auth: "enable"
smbv1: "enable"
split_dns:
-
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
domains: "<your_own_value>"
id: "112"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
split_tunneling: "enable"
split_tunneling_routing_address:
-
name: "default_name_117 (source firewall.address.name firewall.addrgrp.name)"
split_tunneling_routing_negate: "enable"
theme: "jade"
transform_backward_slashes: "enable"
tunnel_mode: "enable"
use_sdwan: "enable"
user_bookmark: "enable"
user_group_bookmark: "enable"
web_mode: "enable"
windows_forticlient_download_url: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
vpn_ssl_web_portal:
default: null
description:
- Portal.
suboptions:
allow_user_access:
choices:
- web
- ftp
- smb
- sftp
- telnet
- ssh
- vnc
- rdp
- ping
- citrix
- portforward
description:
- Allow user access to SSL-VPN applications.
elements: str
type: list
auto_connect:
choices:
- enable
- disable
description:
- Enable/disable automatic connect by client when system is up.
type: str
bookmark_group:
description:
- Portal bookmark group.
elements: dict
suboptions:
bookmarks:
description:
- Bookmark table.
elements: dict
suboptions:
additional_params:
description:
- Additional parameters.
type: str
apptype:
choices:
- ftp
- rdp
- sftp
- smb
- ssh
- telnet
- vnc
- web
- citrix
- portforward
description:
- Application type.
type: str
color_depth:
choices:
- '32'
- '16'
- '8'
description:
- Color depth per pixel.
type: str
description:
description:
- Description.
type: str
domain:
description:
- Login domain.
type: str
folder:
description:
- Network shared file folder parameter.
type: str
form_data:
description:
- Form data.
elements: dict
suboptions:
name:
description:
- Name.
type: str
value:
description:
- Value.
type: str
type: list
height:
description:
- Screen height (range from 0 - 65535).
type: int
host:
description:
- Host name/IP parameter.
type: str
keyboard_layout:
choices:
- ar-101
- ar-102
- ar-102-azerty
- can-mul
- cz
- cz-qwerty
- cz-pr
- da
- nl
- de
- de-ch
- de-ibm
- en-uk
- en-uk-ext
- en-us
- en-us-dvorak
- es
- es-var
- fi
- fi-sami
- fr
- fr-apple
- fr-ca
- fr-ch
- fr-be
- hr
- hu
- hu-101
- it
- it-142
- ja
- ko
- lt
- lt-ibm
- lt-std
- lav-std
- lav-leg
- mk
- mk-std
- 'no'
- no-sami
- pol-214
- pol-pr
- pt
- pt-br
- pt-br-abnt2
- ru
- ru-mne
- ru-t
- sl
- sv
- sv-sami
- tuk
- tur-f
- tur-q
- zh-sym-sg-us
- zh-sym-us
- zh-tr-hk
- zh-tr-mo
- zh-tr-us
description:
- Keyboard layout.
type: str
listening_port:
description:
- Listening port (0 - 65535).
type: int
load_balancing_info:
description:
- The load balancing information or cookie which should be provided to
the connection broker.
type: str
logon_password:
description:
- Logon password.
type: str
logon_user:
description:
- Logon user.
type: str
name:
description:
- Bookmark name.
type: str
port:
description:
- Remote port.
type: int
preconnection_blob:
description:
- An arbitrary string which identifies the RDP source.
type: str
preconnection_id:
description:
- The numeric ID of the RDP source (0-4294967295).
type: int
remote_port:
description:
- Remote port (0 - 65535).
type: int
restricted_admin:
choices:
- enable
- disable
description:
- Enable/disable restricted admin mode for RDP.
type: str
security:
choices:
- rdp
- nla
- tls
- any
description:
- Security mode for RDP connection.
type: str
send_preconnection_id:
choices:
- enable
- disable
description:
- Enable/disable sending of preconnection ID.
type: str
server_layout:
choices:
- de-de-qwertz
- en-gb-qwerty
- en-us-qwerty
- es-es-qwerty
- fr-ca-qwerty
- fr-fr-azerty
- fr-ch-qwertz
- it-it-qwerty
- ja-jp-qwerty
- pt-br-qwerty
- sv-se-qwerty
- tr-tr-qwerty
- failsafe
description:
- Server side keyboard layout.
type: str
show_status_window:
choices:
- enable
- disable
description:
- Enable/disable showing of status window.
type: str
sso:
choices:
- disable
- static
- auto
description:
- Single Sign-On.
type: str
sso_credential:
choices:
- sslvpn-login
- alternative
description:
- Single sign-on credentials.
type: str
sso_credential_sent_once:
choices:
- enable
- disable
description:
- Single sign-on credentials are only sent once to remote server.
type: str
sso_password:
description:
- SSO password.
type: str
sso_username:
description:
- SSO user name.
type: str
url:
description:
- URL parameter.
type: str
width:
description:
- Screen width (range from 0 - 65535).
type: int
type: list
name:
description:
- Bookmark group name.
type: str
type: list
clipboard:
choices:
- enable
- disable
description:
- Enable to support RDP/VPC clipboard functionality.
type: str
custom_lang:
description:
- Change the web portal display language. Overrides config system global set language.
You can use config system custom-language and execute system custom-language
to add custom language files. Source system.custom-language.name.
type: str
customize_forticlient_download_url:
choices:
- enable
- disable
description:
- Enable support of customized download URL for FortiClient.
type: str
default_window_height:
description:
- Screen height (range from 0 - 65535).
type: int
default_window_width:
description:
- Screen width (range from 0 - 65535).
type: int
dhcp_ip_overlap:
choices:
- use-new
- use-old
description:
- Configure overlapping DHCP IP allocation assignment.
type: str
display_bookmark:
choices:
- enable
- disable
description:
- Enable to display the web portal bookmark widget.
type: str
display_connection_tools:
choices:
- enable
- disable
description:
- Enable to display the web portal connection tools widget.
type: str
display_history:
choices:
- enable
- disable
description:
- Enable to display the web portal user login history widget.
type: str
display_status:
choices:
- enable
- disable
description:
- Enable to display the web portal status widget.
type: str
dns_server1:
description:
- IPv4 DNS server 1.
type: str
dns_server2:
description:
- IPv4 DNS server 2.
type: str
dns_suffix:
description:
- DNS suffix.
type: str
exclusive_routing:
choices:
- enable
- disable
description:
- Enable/disable all traffic go through tunnel only.
type: str
forticlient_download:
choices:
- enable
- disable
description:
- Enable/disable download option for FortiClient.
type: str
forticlient_download_method:
choices:
- direct
- ssl-vpn
description:
- FortiClient download method.
type: str
heading:
description:
- Web portal heading message.
type: str
hide_sso_credential:
choices:
- enable
- disable
description:
- Enable to prevent SSO credential being sent to client.
type: str
host_check:
choices:
- none
- av
- fw
- av-fw
- custom
description:
- Type of host checking performed on endpoints.
type: str
host_check_interval:
description:
- Periodic host check interval. Value of 0 means disabled and host checking only
happens when the endpoint connects.
type: int
host_check_policy:
description:
- One or more policies to require the endpoint to have specific security software.
elements: dict
suboptions:
name:
description:
- Host check software list name. Source vpn.ssl.web.host-check-software.name.
type: str
type: list
ip_mode:
choices:
- range
- user-group
- dhcp
description:
- Method by which users of this SSL-VPN tunnel obtain IP addresses.
type: str
ip_pools:
description:
- IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address.name firewall.addrgrp.name.
type: str
type: list
ipv6_dns_server1:
description:
- IPv6 DNS server 1.
type: str
ipv6_dns_server2:
description:
- IPv6 DNS server 2.
type: str
ipv6_exclusive_routing:
choices:
- enable
- disable
description:
- Enable/disable all IPv6 traffic go through tunnel only.
type: str
ipv6_pools:
description:
- IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
type: list
ipv6_service_restriction:
choices:
- enable
- disable
description:
- Enable/disable IPv6 tunnel service restriction.
type: str
ipv6_split_tunneling:
choices:
- enable
- disable
description:
- Enable/disable IPv6 split tunneling.
type: str
ipv6_split_tunneling_routing_address:
description:
- IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy
destination addresses to control split-tunneling access.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
type: list
ipv6_split_tunneling_routing_negate:
choices:
- enable
- disable
description:
- Enable to negate IPv6 split tunneling routing address.
type: str
ipv6_tunnel_mode:
choices:
- enable
- disable
description:
- Enable/disable IPv6 SSL-VPN tunnel mode.
type: str
ipv6_wins_server1:
description:
- IPv6 WINS server 1.
type: str
ipv6_wins_server2:
description:
- IPv6 WINS server 2.
type: str
keep_alive:
choices:
- enable
- disable
description:
- Enable/disable automatic reconnect for FortiClient connections.
type: str
limit_user_logins:
choices:
- enable
- disable
description:
- Enable to limit each user to one SSL-VPN session at a time.
type: str
mac_addr_action:
choices:
- allow
- deny
description:
- Client MAC address action.
type: str
mac_addr_check:
choices:
- enable
- disable
description:
- Enable/disable MAC address host checking.
type: str
mac_addr_check_rule:
description:
- Client MAC address check rule.
elements: dict
suboptions:
mac_addr_list:
description:
- Client MAC address list.
elements: dict
suboptions:
addr:
description:
- Client MAC address.
type: str
type: list
mac_addr_mask:
description:
- Client MAC address mask.
type: int
name:
description:
- Client MAC address check rule name.
type: str
type: list
macos_forticlient_download_url:
description:
- Download URL for Mac FortiClient.
type: str
name:
description:
- Portal name.
required: true
type: str
os_check:
choices:
- enable
- disable
description:
- Enable to let the FortiGate decide action based on client OS.
type: str
os_check_list:
description:
- SSL-VPN OS checks.
elements: dict
suboptions:
action:
choices:
- deny
- allow
- check-up-to-date
description:
- OS check options.
type: str
latest_patch_level:
description:
- Latest OS patch level.
type: str
name:
description:
- Name.
type: str
tolerance:
description:
- OS patch level tolerance.
type: int
type: list
prefer_ipv6_dns:
choices:
- enable
- disable
description:
- Prefer to query IPv6 DNS server first if enabled.
type: str
redir_url:
description:
- Client login redirect URL.
type: str
rewrite_ip_uri_ui:
choices:
- enable
- disable
description:
- Rewrite contents for URI contains IP and /ui/ .
type: str
save_password:
choices:
- enable
- disable
description:
- Enable/disable FortiClient saving the user"s password.
type: str
service_restriction:
choices:
- enable
- disable
description:
- Enable/disable tunnel service restriction.
type: str
skip_check_for_browser:
choices:
- enable
- disable
description:
- Enable to skip host check for browser support.
type: str
skip_check_for_unsupported_browser:
choices:
- enable
- disable
description:
- Enable to skip host check if browser does not support it.
type: str
skip_check_for_unsupported_os:
choices:
- enable
- disable
description:
- Enable to skip host check if client OS does not support it.
type: str
smb_max_version:
choices:
- smbv1
- smbv2
- smbv3
description:
- SMB maximum client protocol version.
type: str
smb_min_version:
choices:
- smbv1
- smbv2
- smbv3
description:
- SMB minimum client protocol version.
type: str
smb_ntlmv1_auth:
choices:
- enable
- disable
description:
- Enable support of NTLMv1 for Samba authentication.
type: str
smbv1:
choices:
- enable
- disable
description:
- SMB version 1.
type: str
split_dns:
description:
- Split DNS for SSL-VPN.
elements: dict
suboptions:
dns_server1:
description:
- DNS server 1.
type: str
dns_server2:
description:
- DNS server 2.
type: str
domains:
description:
- Split DNS domains used for SSL-VPN clients separated by comma.
type: str
id:
description:
- ID.
type: int
ipv6_dns_server1:
description:
- IPv6 DNS server 1.
type: str
ipv6_dns_server2:
description:
- IPv6 DNS server 2.
type: str
type: list
split_tunneling:
choices:
- enable
- disable
description:
- Enable/disable IPv4 split tunneling.
type: str
split_tunneling_routing_address:
description:
- IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy
destination addresses to control split-tunneling access.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address.name firewall.addrgrp.name.
type: str
type: list
split_tunneling_routing_negate:
choices:
- enable
- disable
description:
- Enable to negate split tunneling routing address.
type: str
theme:
choices:
- jade
- neutrino
- mariner
- graphite
- melongene
- dark-matter
- onyx
- eclipse
- blue
- green
- red
description:
- Web portal color scheme.
type: str
transform_backward_slashes:
choices:
- enable
- disable
description:
- Transform backward slashes to forward slashes in URLs.
type: str
tunnel_mode:
choices:
- enable
- disable
description:
- Enable/disable IPv4 SSL-VPN tunnel mode.
type: str
use_sdwan:
choices:
- enable
- disable
description:
- Use SD-WAN rules to get output interface.
type: str
user_bookmark:
choices:
- enable
- disable
description:
- Enable to allow web portal users to create their own bookmarks.
type: str
user_group_bookmark:
choices:
- enable
- disable
description:
- Enable to allow web portal users to create bookmarks for all users in the same
user group.
type: str
web_mode:
choices:
- enable
- disable
description:
- Enable/disable SSL-VPN web mode.
type: str
windows_forticlient_download_url:
description:
- Download URL for Windows FortiClient.
type: str
wins_server1:
description:
- IPv4 WINS server 1.
type: str
wins_server2:
description:
- IPv4 WINS server 1.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str