fortios_web_proxy_global – Configure Web proxy global settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_web_proxy_global | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- web_proxy_global - Configure Web proxy global settings. type: dict more...
- fast_policy_match - Enable/disable fast matching algorithm for explicit and transparent proxy policy. type: str choices: enable, disable more...
- forward_proxy_auth - Enable/disable forwarding proxy authentication headers. type: str choices: enable, disable more...
- forward_server_affinity_timeout - Period of time before the source IP"s traffic is no longer assigned to the forwarding server (6 - 60 min). type: int more...
- ldap_user_cache - Enable/disable LDAP user cache for explicit and transparent proxy user. type: str choices: enable, disable more...
- learn_client_ip - Enable/disable learning the client"s IP address from headers. type: str choices: enable, disable more...
- learn_client_ip_from_header - Learn client IP address from the specified headers. type: list choices: true-client-ip, x-real-ip, x-forwarded-for more...
- learn_client_ip_srcaddr - Source address name (srcaddr or srcaddr6 must be set). type: list member_path: learn_client_ip_srcaddr:name more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true more...
- learn_client_ip_srcaddr6 - IPv6 Source address name (srcaddr or srcaddr6 must be set). type: list member_path: learn_client_ip_srcaddr6:name more...
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true more...
- log_forward_server - Enable/disable forward server name logging in forward traffic log. type: str choices: enable, disable more...
- max_message_length - Maximum length of HTTP message, not including body (16 - 256 Kbytes). type: int more...
- max_request_length - Maximum length of HTTP request line (2 - 64 Kbytes). type: int more...
- max_waf_body_cache_length - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes). type: int more...
- proxy_fqdn - Fully Qualified Domain Name (FQDN) that clients connect to to connect to the explicit web proxy. type: str more...
- src_affinity_exempt_addr - IPv4 source addresses to exempt proxy affinity. type: list
- src_affinity_exempt_addr6 - IPv6 source addresses to exempt proxy affinity. type: list
- ssl_ca_cert - SSL CA certificate for SSL interception. Source vpn.certificate.local.name. type: str more...
- ssl_cert - SSL certificate for SSL interception. Source vpn.certificate.local.name. type: str more...
- strict_web_check - Enable/disable strict web checking to block web sites that send incorrect headers that don"t conform to HTTP 1.1. type: str choices: enable, disable more...
- tunnel_non_http - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. type: str choices: enable, disable more...
- unknown_http_version - Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort. type: str choices: reject, tunnel, best-effort more...
- webproxy_profile - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Web proxy global settings.
fortios_web_proxy_global:
vdom: "{{ vdom }}"
web_proxy_global:
fast_policy_match: "enable"
forward_proxy_auth: "enable"
forward_server_affinity_timeout: "30"
ldap_user_cache: "enable"
learn_client_ip: "enable"
learn_client_ip_from_header: "true-client-ip"
learn_client_ip_srcaddr:
-
name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)"
learn_client_ip_srcaddr6:
-
name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)"
log_forward_server: "enable"
max_message_length: "32"
max_request_length: "8"
max_waf_body_cache_length: "32"
proxy_fqdn: "<your_own_value>"
src_affinity_exempt_addr: "<your_own_value>"
src_affinity_exempt_addr6: "<your_own_value>"
ssl_ca_cert: "<your_own_value> (source vpn.certificate.local.name)"
ssl_cert: "<your_own_value> (source vpn.certificate.local.name)"
strict_web_check: "enable"
tunnel_non_http: "enable"
unknown_http_version: "reject"
webproxy_profile: "<your_own_value> (source web-proxy.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3