fortios_firewall_access_proxy6 – Configure IPv6 access proxy in Fortinet’s FortiOS and FortiGate.¶

New in version 2.0.0.

Synopsis
Requirements
Tips
FortiOS Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9

Tips ¶

Using member operation to add an element to an existing object.

FortiOS Version Compatibility ¶

	`v7.0.1`	`v7.0.2`	`v7.0.3`	`v7.0.4`	`v7.0.5`	`v7.0.6`	`v7.0.7`	`v7.0.8`	`v7.2.0`	`v7.2.1`	`v7.2.2`
fortios_firewall_access_proxy6	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Parameters ¶

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
firewall_access_proxy6 - Configure IPv6 access proxy. type: dict more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

firewall_access_proxy6 yes yes yes yes yes yes yes yes yes yes yes

add_vhost_domain_to_dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str choices: enable, disable more...

api_gateway - Set IPv4 API Gateway. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

api_gateway yes yes yes yes yes yes yes yes yes yes yes

application - SaaS application controlled by this Access Proxy. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

application no no no no no no no no no yes yes

name - SaaS application name. type: str more...

v7.2.1 v7.2.2

name yes yes

http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_age yes yes yes yes yes yes yes yes yes yes yes
http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes

http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable more...

http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes
http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_path yes yes yes yes yes yes yes yes yes yes yes

http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip more...

https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable more...

id - API Gateway ID. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

id yes yes yes yes yes yes yes yes yes yes yes

ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host more...

persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie more...

realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

realservers yes yes yes yes yes yes yes yes yes yes yes

addr_type - Type of address. type: str choices: ip, fqdn more...

address - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

address yes yes yes yes yes yes yes yes yes yes yes
domain - Wildcard domain name of the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

domain no no no yes yes yes yes yes yes yes yes

health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable more...

health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect more...

holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable more...

http_host - HTTP server domain name in HTTP header. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_host yes yes yes yes yes yes yes yes yes yes yes
id - Real server ID. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

id yes yes yes yes yes yes yes yes yes yes yes
ip - IP address of the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ip yes yes yes yes yes yes yes yes yes yes yes
mappedport - Port for communicating with the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

mappedport yes yes yes yes yes yes yes yes yes yes yes
port - Port for communicating with the real server. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

port yes yes yes yes yes yes yes yes yes yes yes
ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssh_client_cert yes yes yes yes yes yes yes yes yes yes yes
ssh_host_key - One or more server host key. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssh_host_key yes yes yes yes yes yes yes yes yes yes yes

name - Server host key name. Source firewall.ssh.host-key.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

name yes yes yes yes yes yes yes yes yes yes yes

ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable more...

status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...

type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh more...

weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

weight yes yes yes yes yes yes yes yes yes yes yes

saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable more...

saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

saml_server yes yes yes yes yes yes yes yes yes yes yes

service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas more...

ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low more...

ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes

cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA more...

	`v7.0.1`	`v7.0.2`	`v7.0.3`	`v7.0.4`	`v7.0.5`	`v7.0.6`	`v7.0.7`	`v7.0.8`	`v7.2.0`	`v7.2.1`	`v7.2.2`
cipher	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-SEED-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-SEED-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-SEED-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-RC4-128-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-RC4-128-MD5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-RC4-128-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-DES-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-DES-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-DES-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

priority - SSL/TLS cipher suites priority. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

priority yes yes yes yes yes yes yes yes yes yes yes

versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 more...

ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssl_vpn_web_portal no no no yes yes yes yes yes yes yes yes
url_map - URL pattern to match. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

url_map yes yes yes yes yes yes yes yes yes yes yes

url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex more...

virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

virtual_host yes yes yes yes yes yes yes yes yes yes yes

api_gateway6 - Set IPv6 API Gateway. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

api_gateway6 yes yes yes yes yes yes yes yes yes yes yes

application - SaaS application controlled by this Access Proxy. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

application no no no no no no no no no yes yes

name - SaaS application name. type: str more...

v7.2.1 v7.2.2

name yes yes

http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_age yes yes yes yes yes yes yes yes yes yes yes
http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes

http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable more...

http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes
http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_cookie_path yes yes yes yes yes yes yes yes yes yes yes

http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip more...

https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable more...

id - API Gateway ID. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

id yes yes yes yes yes yes yes yes yes yes yes

ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host more...

persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie more...

realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

realservers yes yes yes yes yes yes yes yes yes yes yes

addr_type - Type of address. type: str choices: ip, fqdn more...

address - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

address yes yes yes yes yes yes yes yes yes yes yes
domain - Wildcard domain name of the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

domain no no no yes yes yes yes yes yes yes yes

health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable more...

health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect more...

holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable more...

http_host - HTTP server domain name in HTTP header. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

http_host yes yes yes yes yes yes yes yes yes yes yes
id - Real server ID. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

id yes yes yes yes yes yes yes yes yes yes yes
ip - IPv6 address of the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ip yes yes yes yes yes yes yes yes yes yes yes
mappedport - Port for communicating with the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

mappedport yes yes yes yes yes yes yes yes yes yes yes
port - Port for communicating with the real server. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

port yes yes yes yes yes yes yes yes yes yes yes
ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssh_client_cert yes yes yes yes yes yes yes yes yes yes yes
ssh_host_key - One or more server host key. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssh_host_key yes yes yes yes yes yes yes yes yes yes yes

name - Server host key name. Source firewall.ssh.host-key.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

name yes yes yes yes yes yes yes yes yes yes yes

ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable more...

status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...

type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh more...

weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

weight yes yes yes yes yes yes yes yes yes yes yes

saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable more...

saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

saml_server yes yes yes yes yes yes yes yes yes yes yes

service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas more...

ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low more...

ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes

cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA more...

	`v7.0.1`	`v7.0.2`	`v7.0.3`	`v7.0.4`	`v7.0.5`	`v7.0.6`	`v7.0.7`	`v7.0.8`	`v7.2.0`	`v7.2.1`	`v7.2.2`
cipher	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-128-GCM-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-AES-256-GCM-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-SEED-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-SEED-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-SEED-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-RC4-128-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-3DES-EDE-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-RC4-128-MD5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-RC4-128-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-RSA-WITH-DES-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-DHE-DSS-WITH-DES-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
[TLS-RSA-WITH-DES-CBC-SHA]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

priority - SSL/TLS cipher suites priority. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

priority yes yes yes yes yes yes yes yes yes yes yes

versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 more...

ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

ssl_vpn_web_portal no no no yes yes yes yes yes yes yes yes
url_map - URL pattern to match. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

url_map yes yes yes yes yes yes yes yes yes yes yes

url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex more...

virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

virtual_host yes yes yes yes yes yes yes yes yes yes yes

auth_portal - Enable/disable authentication portal. type: str choices: disable, enable more...

auth_virtual_host - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

auth_virtual_host no no no yes yes yes yes yes yes yes yes

client_cert - Enable/disable to request client certificate. type: str choices: disable, enable more...

decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

decrypted_traffic_mirror no yes yes yes yes yes yes yes yes yes yes

empty_cert_action - Action of an empty client certificate. type: str choices: accept, block, accept-unmanageable more...

log_blocked_traffic - Enable/disable logging of blocked traffic. type: str choices: enable, disable more...

name - Access Proxy name. type: str required: true more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

name yes yes yes yes yes yes yes yes yes yes yes

user_agent_detect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str choices: disable, enable more...

vip - Virtual IP name. Source firewall.vip6.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.2.0 v7.2.1 v7.2.2

vip yes yes yes yes yes yes yes yes yes yes yes

Notes ¶

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples ¶

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure IPv6 access proxy.
    fortios_firewall_access_proxy6:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      firewall_access_proxy6:
        add_vhost_domain_to_dnsdb: "enable"
        api_gateway:
         -
            application:
             -
                name: "default_name_6"
            http_cookie_age: "60"
            http_cookie_domain: "<your_own_value>"
            http_cookie_domain_from_host: "disable"
            http_cookie_generation: "0"
            http_cookie_path: "<your_own_value>"
            http_cookie_share: "disable"
            https_cookie_secure: "disable"
            id:  "14"
            ldb_method: "static"
            persistence: "none"
            realservers:
             -
                addr_type: "ip"
                address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
                domain: "<your_own_value>"
                health_check: "disable"
                health_check_proto: "ping"
                holddown_interval: "enable"
                http_host: "myhostname"
                id:  "25"
                ip: "<your_own_value>"
                mappedport: "<your_own_value>"
                port: "443"
                ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
                ssh_host_key:
                 -
                    name: "default_name_31 (source firewall.ssh.host-key.name)"
                ssh_host_key_validation: "disable"
                status: "active"
                type: "tcp-forwarding"
                weight: "1"
            saml_redirect: "disable"
            saml_server: "<your_own_value> (source user.saml.name)"
            service: "http"
            ssl_algorithm: "high"
            ssl_cipher_suites:
             -
                cipher: "TLS-AES-128-GCM-SHA256"
                priority: "0"
                versions: "tls-1.0"
            ssl_dh_bits: "768"
            ssl_max_version: "tls-1.0"
            ssl_min_version: "tls-1.0"
            ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
            url_map: "<your_own_value>"
            url_map_type: "sub-string"
            virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
        api_gateway6:
         -
            application:
             -
                name: "default_name_53"
            http_cookie_age: "60"
            http_cookie_domain: "<your_own_value>"
            http_cookie_domain_from_host: "disable"
            http_cookie_generation: "0"
            http_cookie_path: "<your_own_value>"
            http_cookie_share: "disable"
            https_cookie_secure: "disable"
            id:  "61"
            ldb_method: "static"
            persistence: "none"
            realservers:
             -
                addr_type: "ip"
                address: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
                domain: "<your_own_value>"
                health_check: "disable"
                health_check_proto: "ping"
                holddown_interval: "enable"
                http_host: "myhostname"
                id:  "72"
                ip: "<your_own_value>"
                mappedport: "<your_own_value>"
                port: "443"
                ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
                ssh_host_key:
                 -
                    name: "default_name_78 (source firewall.ssh.host-key.name)"
                ssh_host_key_validation: "disable"
                status: "active"
                type: "tcp-forwarding"
                weight: "1"
            saml_redirect: "disable"
            saml_server: "<your_own_value> (source user.saml.name)"
            service: "http"
            ssl_algorithm: "high"
            ssl_cipher_suites:
             -
                cipher: "TLS-AES-128-GCM-SHA256"
                priority: "0"
                versions: "tls-1.0"
            ssl_dh_bits: "768"
            ssl_max_version: "tls-1.0"
            ssl_min_version: "tls-1.0"
            ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
            url_map: "<your_own_value>"
            url_map_type: "sub-string"
            virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
        auth_portal: "disable"
        auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
        client_cert: "disable"
        decrypted_traffic_mirror: "<your_own_value> (source firewall.decrypted-traffic-mirror.name)"
        empty_cert_action: "accept"
        log_blocked_traffic: "enable"
        name: "default_name_104"
        user_agent_detect: "disable"
        vip: "<your_own_value> (source firewall.vip6.name)"

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

	`v7.0.1`	`v7.0.2`	`v7.0.3`	`v7.0.4`	`v7.0.5`	`v7.0.6`	`v7.0.7`	`v7.0.8`	`v7.2.0`	`v7.2.1`	`v7.2.2`
add_vhost_domain_to_dnsdb	no	no	no	no	no	no	no	no	no	yes	yes
[enable]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes	yes
[disable]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes	yes