fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
|
fortios_vpn_ssl_web_portal | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- vpn_ssl_web_portal - Portal. type: dict more...
- allow_user_access - Allow user access to SSL-VPN applications. type: list choices: web, ftp, smb, sftp, telnet, ssh, vnc, rdp, ping, citrix, portforward more...
- auto_connect - Enable/disable automatic connect by client when system is up. type: str choices: enable, disable more...
- bookmark_group - Portal bookmark group. type: list more...
- bookmarks - Bookmark table. type: list more...
- additional_params - Additional parameters. type: str more...
- apptype - Application type. type: str choices: ftp, rdp, sftp, smb, ssh, telnet, vnc, web, citrix, portforward more...
- color_depth - Color depth per pixel. type: str choices: 32, 16, 8 more...
- description - Description. type: str more...
- domain - Login domain. type: str more...
- folder - Network shared file folder parameter. type: str more...
- form_data - Form data. type: list more...
- height - Screen height (range from 0 - 65535). type: int more...
- host - Host name/IP parameter. type: str more...
- keyboard_layout - Keyboard layout. type: str choices: ar-101, ar-102, ar-102-azerty, can-mul, cz, cz-qwerty, cz-pr, da, nl, de, de-ch, de-ibm, en-uk, en-uk-ext, en-us, en-us-dvorak, es, es-var, fi, fi-sami, fr, fr-apple, fr-ca, fr-ch, fr-be, hr, hu, hu-101, it, it-142, ja, ko, lt, lt-ibm, lt-std, lav-std, lav-leg, mk, mk-std, no, no-sami, pol-214, pol-pr, pt, pt-br, pt-br-abnt2, ru, ru-mne, ru-t, sl, sv, sv-sami, tuk, tur-f, tur-q, zh-sym-sg-us, zh-sym-us, zh-tr-hk, zh-tr-mo, zh-tr-us more...
- listening_port - Listening port (0 - 65535). type: int more...
- load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str more...
- logon_password - Logon password. type: str more...
- logon_user - Logon user. type: str more...
- name - Bookmark name. type: str more...
- port - Remote port. type: int more...
- preconnection_blob - An arbitrary string which identifies the RDP source. type: str more...
- preconnection_id - The numeric ID of the RDP source (0-4294967295). type: int more...
- remote_port - Remote port (0 - 65535). type: int more...
- restricted_admin - Enable/disable restricted admin mode for RDP. type: str choices: enable, disable more...
- security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any more...
- send_preconnection_id - Enable/disable sending of preconnection ID. type: str choices: enable, disable more...
- server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-ca-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe more...
- show_status_window - Enable/disable showing of status window. type: str choices: enable, disable more...
- sso - Single Sign-On. type: str choices: disable, static, auto more...
- sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative more...
- sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable more...
- sso_password - SSO password. type: str more...
- sso_username - SSO user name. type: str more...
- url - URL parameter. type: str more...
- width - Screen width (range from 0 - 65535). type: int more...
- name - Bookmark group name. type: str more...
- clipboard - Enable to support RDP/VPC clipboard functionality. type: str choices: enable, disable more...
- custom_lang - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str more...
- customize_forticlient_download_url - Enable support of customized download URL for FortiClient. type: str choices: enable, disable more...
- default_window_height - Screen height (range from 0 - 65535). type: int more...
- default_window_width - Screen width (range from 0 - 65535). type: int more...
- dhcp_ip_overlap - Configure overlapping DHCP IP allocation assignment. type: str choices: use-new, use-old more...
- display_bookmark - Enable to display the web portal bookmark widget. type: str choices: enable, disable more...
- display_connection_tools - Enable to display the web portal connection tools widget. type: str choices: enable, disable more...
- display_history - Enable to display the web portal user login history widget. type: str choices: enable, disable more...
- display_status - Enable to display the web portal status widget. type: str choices: enable, disable more...
- dns_server1 - IPv4 DNS server 1. type: str more...
- dns_server2 - IPv4 DNS server 2. type: str more...
- dns_suffix - DNS suffix. type: str more...
- exclusive_routing - Enable/disable all traffic go through tunnel only. type: str choices: enable, disable more...
- forticlient_download - Enable/disable download option for FortiClient. type: str choices: enable, disable more...
- forticlient_download_method - FortiClient download method. type: str choices: direct, ssl-vpn more...
- heading - Web portal heading message. type: str more...
- hide_sso_credential - Enable to prevent SSO credential being sent to client. type: str choices: enable, disable more...
- host_check - Type of host checking performed on endpoints. type: str choices: none, av, fw, av-fw, custom more...
- host_check_interval - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int more...
- host_check_policy - One or more policies to require the endpoint to have specific security software. type: list more...
- name - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str more...
- ip_mode - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str choices: range, user-group, dhcp more...
- ip_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- ipv6_dns_server1 - IPv6 DNS server 1. type: str more...
- ipv6_dns_server2 - IPv6 DNS server 2. type: str more...
- ipv6_exclusive_routing - Enable/disable all IPv6 traffic go through tunnel only. type: str choices: enable, disable more...
- ipv6_pools - IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list more...
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- ipv6_service_restriction - Enable/disable IPv6 tunnel service restriction. type: str choices: enable, disable more...
- ipv6_split_tunneling - Enable/disable IPv6 split tunneling. type: str choices: enable, disable more...
- ipv6_split_tunneling_routing_address - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list more...
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- ipv6_split_tunneling_routing_negate - Enable to negate IPv6 split tunneling routing address. type: str choices: enable, disable more...
- ipv6_tunnel_mode - Enable/disable IPv6 SSL-VPN tunnel mode. type: str choices: enable, disable more...
- ipv6_wins_server1 - IPv6 WINS server 1. type: str more...
- ipv6_wins_server2 - IPv6 WINS server 2. type: str more...
- keep_alive - Enable/disable automatic reconnect for FortiClient connections. type: str choices: enable, disable more...
- limit_user_logins - Enable to limit each user to one SSL-VPN session at a time. type: str choices: enable, disable more...
- mac_addr_action - Client MAC address action. type: str choices: allow, deny more...
- mac_addr_check - Enable/disable MAC address host checking. type: str choices: enable, disable more...
- mac_addr_check_rule - Client MAC address check rule. type: list more...
- mac_addr_list - Client MAC address list. type: list more...
- addr - Client MAC address. type: str more...
- mac_addr_mask - Client MAC address mask. type: int more...
- name - Client MAC address check rule name. type: str more...
- macos_forticlient_download_url - Download URL for Mac FortiClient. type: str more...
- name - Portal name. type: str required: true more...
- os_check - Enable to let the FortiGate decide action based on client OS. type: str choices: enable, disable more...
- os_check_list - SSL-VPN OS checks. type: list more...
- action - OS check options. type: str choices: deny, allow, check-up-to-date more...
- latest_patch_level - Latest OS patch level. type: str more...
- name - Name. type: str more...
- tolerance - OS patch level tolerance. type: int more...
- prefer_ipv6_dns - Prefer to query IPv6 DNS server first if enabled. type: str choices: enable, disable more...
- redir_url - Client login redirect URL. type: str more...
- rewrite_ip_uri_ui - Rewrite contents for URI contains IP and /ui/ . type: str choices: enable, disable more...
- save_password - Enable/disable FortiClient saving the user"s password. type: str choices: enable, disable more...
- service_restriction - Enable/disable tunnel service restriction. type: str choices: enable, disable more...
- skip_check_for_browser - Enable to skip host check for browser support. type: str choices: enable, disable more...
- skip_check_for_unsupported_browser - Enable to skip host check if browser does not support it. type: str choices: enable, disable more...
- skip_check_for_unsupported_os - Enable to skip host check if client OS does not support it. type: str choices: enable, disable more...
- smb_max_version - SMB maximum client protocol version. type: str choices: smbv1, smbv2, smbv3 more...
- smb_min_version - SMB minimum client protocol version. type: str choices: smbv1, smbv2, smbv3 more...
- smb_ntlmv1_auth - Enable support of NTLMv1 for Samba authentication. type: str choices: enable, disable more...
- smbv1 - SMB version 1. type: str choices: enable, disable more...
- split_dns - Split DNS for SSL-VPN. type: list more...
- dns_server1 - DNS server 1. type: str more...
- dns_server2 - DNS server 2. type: str more...
- domains - Split DNS domains used for SSL-VPN clients separated by comma. type: str more...
- id - ID. type: int more...
- ipv6_dns_server1 - IPv6 DNS server 1. type: str more...
- ipv6_dns_server2 - IPv6 DNS server 2. type: str more...
- split_tunneling - Enable/disable IPv4 split tunneling. type: str choices: enable, disable more...
- split_tunneling_routing_address - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- split_tunneling_routing_negate - Enable to negate split tunneling routing address. type: str choices: enable, disable more...
- theme - Web portal color scheme. type: str choices: jade, neutrino, mariner, graphite, melongene, dark-matter, onyx, eclipse, blue, green, red more...
- transform_backward_slashes - Transform backward slashes to forward slashes in URLs. type: str choices: enable, disable more...
- tunnel_mode - Enable/disable IPv4 SSL-VPN tunnel mode. type: str choices: enable, disable more...
- use_sdwan - Use SD-WAN rules to get output interface. type: str choices: enable, disable more...
- user_bookmark - Enable to allow web portal users to create their own bookmarks. type: str choices: enable, disable more...
- user_group_bookmark - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str choices: enable, disable more...
- web_mode - Enable/disable SSL-VPN web mode. type: str choices: enable, disable more...
- windows_forticlient_download_url - Download URL for Windows FortiClient. type: str more...
- wins_server1 - IPv4 WINS server 1. type: str more...
- wins_server2 - IPv4 WINS server 1. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Portal.
fortios_vpn_ssl_web_portal:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
vpn_ssl_web_portal:
allow_user_access: "web"
auto_connect: "enable"
bookmark_group:
-
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "ftp"
color_depth: "32"
description: "<your_own_value>"
domain: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_14"
value: "<your_own_value>"
height: "768"
host: "myhostname"
keyboard_layout: "ar-101"
listening_port: "0"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_23"
port: "0"
preconnection_blob: "<your_own_value>"
preconnection_id: "2147483648"
remote_port: "0"
restricted_admin: "enable"
security: "rdp"
send_preconnection_id: "enable"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
width: "1024"
name: "default_name_40"
clipboard: "enable"
custom_lang: "<your_own_value> (source system.custom-language.name)"
customize_forticlient_download_url: "enable"
default_window_height: "768"
default_window_width: "1024"
dhcp_ip_overlap: "use-new"
display_bookmark: "enable"
display_connection_tools: "enable"
display_history: "enable"
display_status: "enable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_suffix: "<your_own_value>"
exclusive_routing: "enable"
forticlient_download: "enable"
forticlient_download_method: "direct"
heading: "<your_own_value>"
hide_sso_credential: "enable"
host_check: "none"
host_check_interval: "0"
host_check_policy:
-
name: "default_name_62 (source vpn.ssl.web.host-check-software.name)"
ip_mode: "range"
ip_pools:
-
name: "default_name_65 (source firewall.address.name firewall.addrgrp.name)"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_exclusive_routing: "enable"
ipv6_pools:
-
name: "default_name_70 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_service_restriction: "enable"
ipv6_split_tunneling: "enable"
ipv6_split_tunneling_routing_address:
-
name: "default_name_74 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_tunneling_routing_negate: "enable"
ipv6_tunnel_mode: "enable"
ipv6_wins_server1: "<your_own_value>"
ipv6_wins_server2: "<your_own_value>"
keep_alive: "enable"
limit_user_logins: "enable"
mac_addr_action: "allow"
mac_addr_check: "enable"
mac_addr_check_rule:
-
mac_addr_list:
-
addr: "<your_own_value>"
mac_addr_mask: "48"
name: "default_name_87"
macos_forticlient_download_url: "<your_own_value>"
name: "default_name_89"
os_check: "enable"
os_check_list:
-
action: "deny"
latest_patch_level: "<your_own_value>"
name: "default_name_94"
tolerance: "0"
prefer_ipv6_dns: "enable"
redir_url: "<your_own_value>"
rewrite_ip_uri_ui: "enable"
save_password: "enable"
service_restriction: "enable"
skip_check_for_browser: "enable"
skip_check_for_unsupported_browser: "enable"
skip_check_for_unsupported_os: "enable"
smb_max_version: "smbv1"
smb_min_version: "smbv1"
smb_ntlmv1_auth: "enable"
smbv1: "enable"
split_dns:
-
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
domains: "<your_own_value>"
id: "112"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
split_tunneling: "enable"
split_tunneling_routing_address:
-
name: "default_name_117 (source firewall.address.name firewall.addrgrp.name)"
split_tunneling_routing_negate: "enable"
theme: "jade"
transform_backward_slashes: "enable"
tunnel_mode: "enable"
use_sdwan: "enable"
user_bookmark: "enable"
user_group_bookmark: "enable"
web_mode: "enable"
windows_forticlient_download_url: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3