fortios_firewall_access_proxy6 – Configure IPv6 access proxy in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_firewall_access_proxy6 | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_access_proxy6 - Configure IPv6 access proxy. type: dict more...
- add_vhost_domain_to_dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str choices: enable, disable more...
- api_gateway - Set IPv4 API Gateway. type: list member_path: api_gateway:id more...
- application - SaaS application controlled by this Access Proxy. type: list member_path: api_gateway:id/application:name more...
- name - SaaS application name. type: str required: true more...
- http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int more...
- http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str more...
- http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable more...
- http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int more...
- http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str more...
- http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip more...
- https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable more...
- id - API Gateway ID. type: int required: true more...
- ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host more...
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie more...
- realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway:id/realservers:id more...
- addr_type - Type of address. type: str choices: ip, fqdn more...
- address - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str more...
- domain - Wildcard domain name of the real server. type: str more...
- external_auth - Enable/disable use of external browser as user-agent for SAML user authentication. type: str choices: enable, disable more...
- health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable more...
- health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect more...
- holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable more...
- http_host - HTTP server domain name in HTTP header. type: str more...
- id - Real server ID. type: int required: true more...
- ip - IP address of the real server. type: str more...
- mappedport - Port for communicating with the real server. type: str more...
- port - Port for communicating with the real server. type: int more...
- ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str more...
- ssh_host_key - One or more server host key. type: list member_path: api_gateway:id/realservers:id/ssh_host_key:name more...
- name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true more...
- ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable more...
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...
- translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable more...
- tunnel_encryption - Tunnel encryption. type: str choices: enable, disable more...
- type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh more...
- weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...
- saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable more...
- saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str more...
- service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas more...
- ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low more...
- ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway:id/ssl_cipher_suites:priority more...
- cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA more...
- priority - SSL/TLS cipher suites priority. type: int required: true more...
- versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
- ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 more...
- ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
- ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
- ssl_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable more...
- ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str more...
- url_map - URL pattern to match. type: str more...
- url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex more...
- virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str more...
- api_gateway6 - Set IPv6 API Gateway. type: list member_path: api_gateway6:id more...
- application - SaaS application controlled by this Access Proxy. type: list member_path: api_gateway6:id/application:name more...
- name - SaaS application name. type: str required: true more...
- http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int more...
- http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str more...
- http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable more...
- http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int more...
- http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str more...
- http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip more...
- https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable more...
- id - API Gateway ID. type: int required: true more...
- ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host more...
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie more...
- realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway6:id/realservers:id more...
- addr_type - Type of address. type: str choices: ip, fqdn more...
- address - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- domain - Wildcard domain name of the real server. type: str more...
- external_auth - Enable/disable use of external browser as user-agent for SAML user authentication. type: str choices: enable, disable more...
- health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable more...
- health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect more...
- holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable more...
- http_host - HTTP server domain name in HTTP header. type: str more...
- id - Real server ID. type: int required: true more...
- ip - IPv6 address of the real server. type: str more...
- mappedport - Port for communicating with the real server. type: str more...
- port - Port for communicating with the real server. type: int more...
- ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str more...
- ssh_host_key - One or more server host key. type: list member_path: api_gateway6:id/realservers:id/ssh_host_key:name more...
- name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true more...
- ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable more...
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...
- translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable more...
- tunnel_encryption - Tunnel encryption. type: str choices: enable, disable more...
- type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh more...
- weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...
- saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable more...
- saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str more...
- service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas more...
- ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low more...
- ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway6:id/ssl_cipher_suites:priority more...
- cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA more...
- priority - SSL/TLS cipher suites priority. type: int required: true more...
- versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
- ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 more...
- ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
- ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
- ssl_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable more...
- ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str more...
- url_map - URL pattern to match. type: str more...
- url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex more...
- virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str more...
- auth_portal - Enable/disable authentication portal. type: str choices: disable, enable more...
- auth_virtual_host - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str more...
- client_cert - Enable/disable to request client certificate. type: str choices: disable, enable more...
- decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str more...
- empty_cert_action - Action of an empty client certificate. type: str choices: accept, block, accept-unmanageable more...
- http_supported_max_version - Maximum supported HTTP versions. default = HTTP2 type: str choices: http1, http2 more...
- log_blocked_traffic - Enable/disable logging of blocked traffic. type: str choices: enable, disable more...
- name - Access Proxy name. type: str required: true more...
- svr_pool_multiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. type: str choices: enable, disable more...
- svr_pool_server_max_request - Maximum number of requests that servers in server pool handle before disconnecting . type: int more...
- svr_pool_ttl - Time-to-live in the server pool for idle connections to servers. type: int more...
- user_agent_detect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str choices: disable, enable more...
- vip - Virtual IP name. Source firewall.vip6.name. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 access proxy.
fortios_firewall_access_proxy6:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_access_proxy6:
add_vhost_domain_to_dnsdb: "enable"
api_gateway:
-
application:
-
name: "default_name_6"
http_cookie_age: "60"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "0"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
https_cookie_secure: "disable"
id: "14"
ldb_method: "static"
persistence: "none"
realservers:
-
addr_type: "ip"
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
domain: "<your_own_value>"
external_auth: "enable"
health_check: "disable"
health_check_proto: "ping"
holddown_interval: "enable"
http_host: "myhostname"
id: "26"
ip: "<your_own_value>"
mappedport: "<your_own_value>"
port: "443"
ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
ssh_host_key:
-
name: "default_name_32 (source firewall.ssh.host-key.name)"
ssh_host_key_validation: "disable"
status: "active"
translate_host: "enable"
tunnel_encryption: "enable"
type: "tcp-forwarding"
weight: "1"
saml_redirect: "disable"
saml_server: "<your_own_value> (source user.saml.name)"
service: "http"
ssl_algorithm: "high"
ssl_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "0"
versions: "tls-1.0"
ssl_dh_bits: "768"
ssl_max_version: "tls-1.0"
ssl_min_version: "tls-1.0"
ssl_renegotiation: "enable"
ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
url_map: "<your_own_value>"
url_map_type: "sub-string"
virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
api_gateway6:
-
application:
-
name: "default_name_57"
http_cookie_age: "60"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "0"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
https_cookie_secure: "disable"
id: "65"
ldb_method: "static"
persistence: "none"
realservers:
-
addr_type: "ip"
address: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
domain: "<your_own_value>"
external_auth: "enable"
health_check: "disable"
health_check_proto: "ping"
holddown_interval: "enable"
http_host: "myhostname"
id: "77"
ip: "<your_own_value>"
mappedport: "<your_own_value>"
port: "443"
ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
ssh_host_key:
-
name: "default_name_83 (source firewall.ssh.host-key.name)"
ssh_host_key_validation: "disable"
status: "active"
translate_host: "enable"
tunnel_encryption: "enable"
type: "tcp-forwarding"
weight: "1"
saml_redirect: "disable"
saml_server: "<your_own_value> (source user.saml.name)"
service: "http"
ssl_algorithm: "high"
ssl_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "0"
versions: "tls-1.0"
ssl_dh_bits: "768"
ssl_max_version: "tls-1.0"
ssl_min_version: "tls-1.0"
ssl_renegotiation: "enable"
ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
url_map: "<your_own_value>"
url_map_type: "sub-string"
virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
auth_portal: "disable"
auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
client_cert: "disable"
decrypted_traffic_mirror: "<your_own_value> (source firewall.decrypted-traffic-mirror.name)"
empty_cert_action: "accept"
http_supported_max_version: "http1"
log_blocked_traffic: "enable"
name: "default_name_113"
svr_pool_multiplex: "enable"
svr_pool_server_max_request: "0"
svr_pool_ttl: "15"
user_agent_detect: "disable"
vip: "<your_own_value> (source firewall.vip6.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3