fortios_web_proxy_explicit – Configure explicit Web proxy settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_web_proxy_explicit | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- web_proxy_explicit - Configure explicit Web proxy settings. type: dict more...
- ftp_incoming_port - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). type: str more...
- ftp_over_http - Enable to proxy FTP-over-HTTP sessions sent from a web browser. type: str choices: enable, disable more...
- http_connection_mode - HTTP connection mode . type: str choices: static, multiplex, serverpool more...
- http_incoming_port - Accept incoming HTTP requests on one or more ports (0 - 65535). type: str more...
- https_incoming_port - Accept incoming HTTPS requests on one or more ports (0 - 65535). type: str more...
- https_replacement_message - Enable/disable sending the client a replacement message for HTTPS requests. type: str choices: enable, disable more...
- incoming_ip - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. type: str more...
- incoming_ip6 - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. type: str more...
- ipv6_status - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. type: str choices: enable, disable more...
- message_upon_server_error - Enable/disable displaying a replacement message when a server error is detected. type: str choices: enable, disable more...
- outgoing_ip - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. type: list
- outgoing_ip6 - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. type: list
- pac_file_data - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str more...
- pac_file_name - Pac file name. type: str more...
- pac_file_server_port - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). type: str more...
- pac_file_server_status - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. type: str choices: enable, disable more...
- pac_file_through_https - Enable/disable to get Proxy Auto-Configuration (PAC) through HTTPS. type: str choices: enable, disable more...
- pac_file_url - PAC file access URL. type: str more...
- pac_policy - PAC policies. type: list member_path: pac_policy:policyid more...
- comments - Optional comments. type: str more...
- dstaddr - Destination address objects. type: list member_path: pac_policy:policyid/dstaddr:name more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true more...
- pac_file_data - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str more...
- pac_file_name - Pac file name. type: str more...
- policyid - Policy ID. type: int required: true more...
- srcaddr - Source address objects. type: list member_path: pac_policy:policyid/srcaddr:name more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. type: str required: true more...
- srcaddr6 - Source address6 objects. type: list member_path: pac_policy:policyid/srcaddr6:name more...
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true more...
- status - Enable/disable policy. type: str choices: enable, disable more...
- pref_dns_result - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . type: str choices: ipv4, ipv6 more...
- realm - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). type: str more...
- sec_default_action - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. type: str choices: accept, deny more...
- secure_web_proxy - Enable/disable/require the secure web proxy for HTTP and HTTPS session. type: str choices: disable, enable, secure more...
- secure_web_proxy_cert - Name of certificates for secure web proxy. type: list member_path: secure_web_proxy_cert:name more...
- name - Certificate list. Source vpn.certificate.local.name. type: str required: true more...
- socks - Enable/disable the SOCKS proxy. type: str choices: enable, disable more...
- socks_incoming_port - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). type: str more...
- ssl_algorithm - Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. type: str choices: high, medium, low more...
- ssl_dh_bits - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str choices: 768, 1024, 1536, 2048 more...
- status - Enable/disable the explicit Web proxy for HTTP and HTTPS session. type: str choices: enable, disable more...
- strict_guest - Enable/disable strict guest user checking by the explicit web proxy. type: str choices: enable, disable more...
- trace_auth_no_rsp - Enable/disable logging timed-out authentication requests. type: str choices: enable, disable more...
- unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, best-effort, tunnel more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure explicit Web proxy settings.
fortios_web_proxy_explicit:
vdom: "{{ vdom }}"
web_proxy_explicit:
ftp_incoming_port: "<your_own_value>"
ftp_over_http: "enable"
http_connection_mode: "static"
http_incoming_port: "<your_own_value>"
https_incoming_port: "<your_own_value>"
https_replacement_message: "enable"
incoming_ip: "<your_own_value>"
incoming_ip6: "<your_own_value>"
ipv6_status: "enable"
message_upon_server_error: "enable"
outgoing_ip: "<your_own_value>"
outgoing_ip6: "<your_own_value>"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
pac_file_server_port: "<your_own_value>"
pac_file_server_status: "enable"
pac_file_through_https: "enable"
pac_file_url: "<your_own_value>"
pac_policy:
-
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_24 (source firewall.address.name firewall.addrgrp.name)"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
policyid: "0"
srcaddr:
-
name: "default_name_29 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
srcaddr6:
-
name: "default_name_31 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
pref_dns_result: "ipv4"
realm: "<your_own_value>"
sec_default_action: "accept"
secure_web_proxy: "disable"
secure_web_proxy_cert:
-
name: "default_name_38 (source vpn.certificate.local.name)"
socks: "enable"
socks_incoming_port: "<your_own_value>"
ssl_algorithm: "high"
ssl_dh_bits: "768"
status: "enable"
strict_guest: "enable"
trace_auth_no_rsp: "enable"
unknown_http_version: "reject"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3