Try SpotterConfigure explicit Web proxy settings in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure explicit Web proxy settings.
fortios_web_proxy_explicit:
vdom: "{{ vdom }}"
web_proxy_explicit:
ftp_incoming_port: "<your_own_value>"
ftp_over_http: "enable"
http_incoming_port: "<your_own_value>"
https_incoming_port: "<your_own_value>"
https_replacement_message: "enable"
incoming_ip: "<your_own_value>"
incoming_ip6: "<your_own_value>"
ipv6_status: "enable"
message_upon_server_error: "enable"
outgoing_ip: "<your_own_value>"
outgoing_ip6: "<your_own_value>"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
pac_file_server_port: "<your_own_value>"
pac_file_server_status: "enable"
pac_file_through_https: "enable"
pac_file_url: "<your_own_value>"
pac_policy:
-
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_23 (source firewall.address.name firewall.addrgrp.name)"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
policyid: "0"
srcaddr:
-
name: "default_name_28 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
srcaddr6:
-
name: "default_name_30 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
pref_dns_result: "ipv4"
realm: "<your_own_value>"
sec_default_action: "accept"
socks: "enable"
socks_incoming_port: "<your_own_value>"
ssl_algorithm: "high"
status: "enable"
strict_guest: "enable"
trace_auth_no_rsp: "enable"
unknown_http_version: "reject"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
web_proxy_explicit:
default: null
description:
- Configure explicit Web proxy settings.
suboptions:
ftp_incoming_port:
description:
- Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535).
type: str
ftp_over_http:
choices:
- enable
- disable
description:
- Enable to proxy FTP-over-HTTP sessions sent from a web browser.
type: str
http_incoming_port:
description:
- Accept incoming HTTP requests on one or more ports (0 - 65535).
type: str
https_incoming_port:
description:
- Accept incoming HTTPS requests on one or more ports (0 - 65535).
type: str
https_replacement_message:
choices:
- enable
- disable
description:
- Enable/disable sending the client a replacement message for HTTPS requests.
type: str
incoming_ip:
description:
- Restrict the explicit HTTP proxy to only accept sessions from this IP address.
An interface must have this IP address.
type: str
incoming_ip6:
description:
- Restrict the explicit web proxy to only accept sessions from this IPv6 address.
An interface must have this IPv6 address.
type: str
ipv6_status:
choices:
- enable
- disable
description:
- Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6
related entries in this command.
type: str
message_upon_server_error:
choices:
- enable
- disable
description:
- Enable/disable displaying a replacement message when a server error is detected.
type: str
outgoing_ip:
description:
- Outgoing HTTP requests will have this IP address as their source address. An
interface must have this IP address.
elements: str
type: list
outgoing_ip6:
description:
- Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified.
Interfaces must have these IPv6 addresses.
elements: str
type: list
pac_file_data:
description:
- PAC file contents enclosed in quotes (maximum of 256K bytes).
type: str
pac_file_name:
description:
- Pac file name.
type: str
pac_file_server_port:
description:
- Port number that PAC traffic from client web browsers uses to connect to the
explicit web proxy (0 - 65535).
type: str
pac_file_server_status:
choices:
- enable
- disable
description:
- Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy
profile.
type: str
pac_file_through_https:
choices:
- enable
- disable
description:
- Enable/disable to get Proxy Auto-Configuration (PAC) through HTTPS.
type: str
pac_file_url:
description:
- PAC file access URL.
type: str
pac_policy:
description:
- PAC policies.
elements: dict
suboptions:
comments:
description:
- Optional comments.
type: str
dstaddr:
description:
- Destination address objects.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address.name firewall.addrgrp.name.
type: str
type: list
pac_file_data:
description:
- PAC file contents enclosed in quotes (maximum of 256K bytes).
type: str
pac_file_name:
description:
- Pac file name.
type: str
policyid:
description:
- Policy ID.
type: int
srcaddr:
description:
- Source address objects.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name
firewall.proxy-addrgrp.name.
type: str
type: list
srcaddr6:
description:
- Source address6 objects.
elements: dict
suboptions:
name:
description:
- Address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
type: list
status:
choices:
- enable
- disable
description:
- Enable/disable policy.
type: str
type: list
pref_dns_result:
choices:
- ipv4
- ipv6
description:
- Prefer resolving addresses using the configured IPv4 or IPv6 DNS server .
type: str
realm:
description:
- Authentication realm used to identify the explicit web proxy (maximum of 63
characters).
type: str
sec_default_action:
choices:
- accept
- deny
description:
- Accept or deny explicit web proxy sessions when no web proxy firewall policy
exists.
type: str
socks:
choices:
- enable
- disable
description:
- Enable/disable the SOCKS proxy.
type: str
socks_incoming_port:
description:
- Accept incoming SOCKS proxy requests on one or more ports (0 - 65535).
type: str
ssl_algorithm:
choices:
- high
- medium
- low
description:
- 'Relative strength of encryption algorithms accepted in HTTPS deep scan: high,
medium, or low.'
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable the explicit Web proxy for HTTP and HTTPS session.
type: str
strict_guest:
choices:
- enable
- disable
description:
- Enable/disable strict guest user checking by the explicit web proxy.
type: str
trace_auth_no_rsp:
choices:
- enable
- disable
description:
- Enable/disable logging timed-out authentication requests.
type: str
unknown_http_version:
choices:
- reject
- best-effort
- tunnel
description:
- How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str