:source: fortios_vpn_ipsec_phase1.py :orphan: .. fortios_vpn_ipsec_phase1: fortios_vpn_ipsec_phase1 -- Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 2.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.15 Tips ---- Using member operation to add an element to an existing object. FortiOS Version Compatibility ----------------------------- Supported Version Ranges: v6.0.0 -> v7.6.6 Parameters ---------- .. raw:: html Notes ----- .. note:: - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks - The module supports check_mode. Examples -------- .. code-block:: yaml+jinja - name: Configure VPN remote gateway. fortinet.fortios.fortios_vpn_ipsec_phase1: vdom: "{{ vdom }}" state: "present" access_token: "" vpn_ipsec_phase1: acct_verify: "enable" add_gw_route: "enable" add_route: "disable" addke1: "0" addke2: "0" addke3: "0" addke4: "0" addke5: "0" addke6: "0" addke7: "0" assign_ip: "disable" assign_ip_from: "range" authmethod: "psk" authmethod_remote: "psk" authpasswd: "" authusr: "" authusrgrp: " (source user.group.name)" auto_negotiate: "enable" auto_transport_threshold: "15" azure_ad_autoconnect: "enable" backup_gateway: - address: "" banner: "" cert_id_validation: "enable" cert_peer_username_strip: "disable" cert_peer_username_validation: "none" cert_trust_store: "local" certificate: - name: "default_name_31 (source vpn.certificate.local.name)" childless_ike: "enable" client_auto_negotiate: "disable" client_keep_alive: "disable" client_resume: "enable" client_resume_interval: "7200" comments: "" dev_id: "" dev_id_notification: "disable" dhcp_ra_giaddr: "" dhcp6_ra_linkaddr: "" dhgrp: "1" digital_signature_auth: "enable" distance: "15" dns_mode: "manual" dns_suffix_search: - dns_suffix: "" domain: "" dpd: "disable" dpd_retrycount: "3" dpd_retryinterval: "" eap: "enable" eap_cert_auth: "enable" eap_exclude_peergrp: " (source user.peergrp.name)" eap_identity: "use-id-payload" ems_sn_check: "enable" enforce_unique_id: "disable" esn: "require" exchange_fgt_device_id: "enable" fallback_tcp_threshold: "15" fec_base: "10" fec_codec: "rs" fec_egress: "enable" fec_health_check: " (source system.sdwan.health-check.name)" fec_ingress: "enable" fec_mapping_profile: " (source vpn.ipsec.fec.name)" fec_receive_timeout: "50" fec_redundant: "1" fec_send_timeout: "5" fgsp_sync: "enable" forticlient_enforcement: "enable" fortinet_esp: "enable" fragmentation: "enable" fragmentation_mtu: "1200" group_authentication: "enable" group_authentication_secret: "" ha_sync_esp_seqno: "enable" idle_timeout: "enable" idle_timeoutinterval: "15" ike_version: "1" inbound_dscp_copy: "enable" include_local_lan: "disable" interface: " (source system.interface.name)" internal_domain_list: - domain_name: "" ip_delay_interval: "0" ipv4_dns_server1: "" ipv4_dns_server2: "" ipv4_dns_server3: "" ipv4_end_ip: "" ipv4_exclude_range: - end_ip: "" id: "93" start_ip: "" ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" ipv4_netmask: "" ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" ipv4_start_ip: "" ipv4_wins_server1: "" ipv4_wins_server2: "" ipv6_auto_linklocal: "enable" ipv6_dns_server1: "" ipv6_dns_server2: "" ipv6_dns_server3: "" ipv6_end_ip: "" ipv6_exclude_range: - end_ip: "" id: "109" start_ip: "" ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" ipv6_prefix: "128" ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" ipv6_start_ip: "" keepalive: "10" keylife: "86400" kms: " (source vpn.kmip-server.name)" link_cost: "0" local_gw: "" localid: "" localid_type: "auto" loopback_asymroute: "enable" mesh_selector_type: "disable" mode: "aggressive" mode_cfg: "disable" mode_cfg_allow_client_selector: "disable" name: "default_name_128" nattraversal: "enable" negotiate_timeout: "30" network_id: "0" network_overlay: "disable" npu_offload: "enable" peer: " (source user.peer.name)" peergrp: " (source user.peergrp.name)" peerid: "" peertype: "any" ppk: "disable" ppk_identity: "" ppk_secret: "" priority: "1" proposal: "des-md5" psksecret: "" psksecret_remote: "" qkd: "disable" qkd_hybrid: "disable" qkd_profile: " (source vpn.qkd.name)" reauth: "disable" rekey: "enable" remote_gw: "" remote_gw_country: "" remote_gw_end_ip: "" remote_gw_match: "any" remote_gw_start_ip: "" remote_gw_subnet: "" remote_gw_ztna_tags: - name: "default_name_157 (source firewall.address.name firewall.addrgrp.name)" remote_gw6_country: "" remote_gw6_end_ip: "" remote_gw6_match: "any" remote_gw6_start_ip: "" remote_gw6_subnet: "" remotegw_ddns: "" rsa_signature_format: "pkcs1" rsa_signature_hash_override: "enable" save_password: "disable" send_cert_chain: "enable" shared_idle_timeout: "enable" signature_hash_alg: "sha1" split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" suite_b: "disable" transport: "udp" type: "static" unity_support: "disable" usrgrp: " (source user.group.name)" wizard_type: "custom" xauthtype: "disable" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • build - Build number of the fortigate image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
  • status - Indication of the operation's result returned: always type: str sample: success
  • vdom - Virtual domain used returned: always type: str sample: root
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) - Nicolas Thomas (@thomnico) .. hint:: If you notice any issues in this documentation, you can create a pull request to improve it.