fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.

New in version 2.10.

Synopsis

• This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.9.0

FortiOS Version Compatibility

	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
fortios_vpn_ssl_web_portal	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Parameters

• access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
• enable_log - Enable/Disable logging for task. type: bool required: False default: False
• vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
• state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
• vpn_ssl_web_portal - Portal. type: dict more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  vpn_ssl_web_portal	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• allow_user_access - Allow user access to SSL-VPN applications. type: list choices: web, ftp, smb, telnet, ssh, vnc, rdp, ping, citrix, portforward, sftp more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  allow_user_access	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [web]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ftp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [smb]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [telnet]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ssh]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [vnc]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [rdp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ping]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [citrix]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [portforward]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sftp]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes

• auto_connect - Enable/disable automatic connect by client when system is up. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  auto_connect	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• bookmark_group - Portal bookmark group. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  bookmark_group	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• bookmarks - Bookmark table. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  bookmarks	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• additional_params - Additional parameters. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  additional_params	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• apptype - Application type. type: str choices: citrix, ftp, portforward, rdp, smb, ssh, telnet, vnc, web, sftp more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  apptype	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [citrix]	yes	yes	yes	no	no	no	no	no	no	no	no
  [ftp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [portforward]	yes	yes	yes	no	no	no	no	no	no	no	no
  [rdp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [smb]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ssh]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [telnet]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [vnc]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [web]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sftp]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes

• description - Description. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  description	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• domain - Login domain. type: str more...

  	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  domain	yes	no	yes	yes

• folder - Network shared file folder parameter. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  folder	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• form_data - Form data. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  form_data	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• value - Value. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  value	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• host - Host name/IP parameter. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  host	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• listening_port - Listening port (0 - 65535). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  listening_port	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  load_balancing_info	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• logon_password - Logon password. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  logon_password	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• logon_user - Logon user. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  logon_user	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Bookmark name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• port - Remote port. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  port	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• preconnection_blob - An arbitrary string which identifies the RDP source. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  preconnection_blob	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• preconnection_id - The numeric ID of the RDP source (0-2147483648). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  preconnection_id	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• remote_port - Remote port (0 - 65535). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  remote_port	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  security	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [rdp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [nla]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [tls]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [any]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe, fr-ca-qwerty more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  server_layout	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [de-de-qwertz]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [en-gb-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [en-us-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [es-es-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [fr-fr-azerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [fr-ch-qwertz]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [it-it-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ja-jp-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [pt-br-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sv-se-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [tr-tr-qwerty]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [failsafe]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [fr-ca-qwerty]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes

• show_status_window - Enable/disable showing of status window. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  show_status_window	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• sso - Single Sign-On. type: str choices: disable, static, auto more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  sso	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [static]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [auto]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  sso_credential	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sslvpn-login]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [alternative]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  sso_credential_sent_once	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• sso_password - SSO password. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  sso_password	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• sso_username - SSO user name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  sso_username	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• url - URL parameter. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  url	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Bookmark group name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• custom_lang - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  custom_lang	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• customize_forticlient_download_url - Enable support of customized download URL for FortiClient. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  customize_forticlient_download_url	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• display_bookmark - Enable to display the web portal bookmark widget. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  display_bookmark	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• display_connection_tools - Enable to display the web portal connection tools widget. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  display_connection_tools	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• display_history - Enable to display the web portal user login history widget. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  display_history	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• display_status - Enable to display the web portal status widget. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  display_status	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dns_server1 - IPv4 DNS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dns_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dns_server2 - IPv4 DNS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dns_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dns_suffix - DNS suffix. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dns_suffix	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• exclusive_routing - Enable/disable all traffic go through tunnel only. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  exclusive_routing	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• forticlient_download - Enable/disable download option for FortiClient. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  forticlient_download	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• forticlient_download_method - FortiClient download method. type: str choices: direct, ssl-vpn more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  forticlient_download_method	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [direct]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ssl-vpn]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• heading - Web portal heading message. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  heading	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• hide_sso_credential - Enable to prevent SSO credential being sent to client. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  hide_sso_credential	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• host_check - Type of host checking performed on endpoints. type: str choices: none, av, fw, av-fw, custom more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  host_check	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [none]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [av]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [fw]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [av-fw]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [custom]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• host_check_interval - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  host_check_interval	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• host_check_policy - One or more policies to require the endpoint to have specific security software. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  host_check_policy	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ip_mode - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str choices: range, user-group more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ip_mode	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [range]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [user-group]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ip_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ip_pools	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server1 - IPv6 DNS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server2 - IPv6 DNS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_exclusive_routing - Enable/disable all IPv6 traffic go through tunnel only. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_exclusive_routing	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_pools	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_service_restriction - Enable/disable IPv6 tunnel service restriction. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_service_restriction	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_split_tunneling - Enable/disable IPv6 split tunneling. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_split_tunneling	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_split_tunneling_routing_address - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_split_tunneling_routing_address	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_split_tunneling_routing_negate - Enable to negate IPv6 split tunneling routing address. type: str choices: enable, disable more...

  	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_split_tunneling_routing_negate	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes

• ipv6_tunnel_mode - Enable/disable IPv6 SSL-VPN tunnel mode. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_tunnel_mode	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_wins_server1 - IPv6 WINS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_wins_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_wins_server2 - IPv6 WINS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_wins_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• keep_alive - Enable/disable automatic reconnect for FortiClient connections. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  keep_alive	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• limit_user_logins - Enable to limit each user to one SSL-VPN session at a time. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  limit_user_logins	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mac_addr_action - Client MAC address action. type: str choices: allow, deny more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mac_addr_action	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [allow]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [deny]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mac_addr_check - Enable/disable MAC address host checking. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mac_addr_check	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mac_addr_check_rule - Client MAC address check rule. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mac_addr_check_rule	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mac_addr_list - Client MAC address list. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mac_addr_list	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• addr - Client MAC address. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  addr	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mac_addr_mask - Client MAC address mask. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mac_addr_mask	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Client MAC address check rule name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• macos_forticlient_download_url - Download URL for Mac FortiClient. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  macos_forticlient_download_url	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Portal name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• os_check - Enable to let the FortiGate decide action based on client OS. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  os_check	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• os_check_list - SSL VPN OS checks. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  os_check_list	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• action - OS check options. type: str choices: deny, allow, check-up-to-date more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  action	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [deny]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [allow]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [check-up-to-date]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• latest_patch_level - Latest OS patch level. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  latest_patch_level	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• tolerance - OS patch level tolerance. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  tolerance	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• prefer_ipv6_dns - prefer to query IPv6 dns first if enabled. type: str choices: enable, disable more...

  	v7.0.0
  prefer_ipv6_dns	yes
  [enable]	yes
  [disable]	yes

• redir_url - Client login redirect URL. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  redir_url	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• rewrite_ip_uri_ui - Rewrite contents for URI contains IP and "/ui/". type: str choices: enable, disable more...

  	v7.0.0
  rewrite_ip_uri_ui	yes
  [enable]	yes
  [disable]	yes

• save_password - Enable/disable FortiClient saving the user"s password. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  save_password	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• service_restriction - Enable/disable tunnel service restriction. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  service_restriction	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• skip_check_for_browser - Enable to skip host check for browser support. type: str choices: enable, disable more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  skip_check_for_browser	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes

• skip_check_for_unsupported_browser - Enable to skip host check if browser does not support it. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  skip_check_for_unsupported_browser	yes	yes	yes	no	no	no	no	no	no	no	no
  [enable]	yes	yes	yes	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a
  [disable]	yes	yes	yes	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a

• skip_check_for_unsupported_os - Enable to skip host check if client OS does not support it. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  skip_check_for_unsupported_os	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• smb_max_version - SMB maximum client protocol version. type: str choices: smbv1, smbv2, smbv3 more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  smb_max_version	yes	yes	yes	yes	yes	yes	yes	yes
  [smbv1]	yes	yes	yes	yes	yes	yes	yes	yes
  [smbv2]	yes	yes	yes	yes	yes	yes	yes	yes
  [smbv3]	yes	yes	yes	yes	yes	yes	yes	yes

• smb_min_version - SMB minimum client protocol version. type: str choices: smbv1, smbv2, smbv3 more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  smb_min_version	yes	yes	yes	yes	yes	yes	yes	yes
  [smbv1]	yes	yes	yes	yes	yes	yes	yes	yes
  [smbv2]	yes	yes	yes	yes	yes	yes	yes	yes
  [smbv3]	yes	yes	yes	yes	yes	yes	yes	yes

• smb_ntlmv1_auth - Enable support of NTLMv1 for Samba authentication. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  smb_ntlmv1_auth	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• smbv1 - Enable/disable support of SMBv1 for Samba. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  smbv1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• split_dns - Split DNS for SSL VPN. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  split_dns	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dns_server1 - DNS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dns_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dns_server2 - DNS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dns_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• domains - Split DNS domains used for SSL-VPN clients separated by comma(,). type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  domains	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• id - ID. type: int required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  id	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server1 - IPv6 DNS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server2 - IPv6 DNS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• split_tunneling - Enable/disable IPv4 split tunneling. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  split_tunneling	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• split_tunneling_routing_address - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  split_tunneling_routing_address	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• split_tunneling_routing_negate - Enable to negate split tunneling routing address. type: str choices: enable, disable more...

  	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  split_tunneling_routing_negate	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes

• theme - Web portal color scheme. type: str choices: blue, green, red, melongene, mariner, neutrino, jade, graphite, dark-matter, onyx, eclipse more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  theme	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [blue]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	no
  [green]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	no
  [red]	yes	yes	yes	no	no	no	no	no	no	no	no
  [melongene]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [mariner]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [neutrino]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes
  [jade]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes
  [graphite]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes
  [dark-matter]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes
  [onyx]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes
  [eclipse]	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	n/a	yes

• transform_backward_slashes - Transform backward slashes to forward slashes in URLs. type: str choices: enable, disable more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  transform_backward_slashes	yes	yes	yes	yes	no	no	no	no
  [enable]	yes	yes	yes	yes	n/a	n/a	n/a	n/a
  [disable]	yes	yes	yes	yes	n/a	n/a	n/a	n/a

• tunnel_mode - Enable/disable IPv4 SSL-VPN tunnel mode. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  tunnel_mode	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• use_sdwan - Use SD-WAN rules to get output interface. type: str choices: enable, disable more...

  	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  use_sdwan	yes	no	no	yes	yes
  [enable]	yes	n/a	n/a	yes	yes
  [disable]	yes	n/a	n/a	yes	yes

• user_bookmark - Enable to allow web portal users to create their own bookmarks. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  user_bookmark	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• user_group_bookmark - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  user_group_bookmark	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• web_mode - Enable/disable SSL VPN web mode. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  web_mode	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• windows_forticlient_download_url - Download URL for Windows FortiClient. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  windows_forticlient_download_url	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• wins_server1 - IPv4 WINS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  wins_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• wins_server2 - IPv4 WINS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  wins_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Notes

Note

• Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Portal.
    fortios_vpn_ssl_web_portal:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      vpn_ssl_web_portal:
        allow_user_access: "web"
        auto_connect: "enable"
        bookmark_group:
         -
            bookmarks:
             -
                additional_params: "<your_own_value>"
                apptype: "citrix"
                description: "<your_own_value>"
                domain: "<your_own_value>"
                folder: "<your_own_value>"
                form_data:
                 -
                    name: "default_name_13"
                    value: "<your_own_value>"
                host: "<your_own_value>"
                listening_port: "16"
                load_balancing_info: "<your_own_value>"
                logon_password: "<your_own_value>"
                logon_user: "<your_own_value>"
                name: "default_name_20"
                port: "21"
                preconnection_blob: "<your_own_value>"
                preconnection_id: "23"
                remote_port: "24"
                security: "rdp"
                server_layout: "de-de-qwertz"
                show_status_window: "enable"
                sso: "disable"
                sso_credential: "sslvpn-login"
                sso_credential_sent_once: "enable"
                sso_password: "<your_own_value>"
                sso_username: "<your_own_value>"
                url: "myurl.com"
            name: "default_name_34"
        custom_lang: "<your_own_value> (source system.custom-language.name)"
        customize_forticlient_download_url: "enable"
        display_bookmark: "enable"
        display_connection_tools: "enable"
        display_history: "enable"
        display_status: "enable"
        dns_server1: "<your_own_value>"
        dns_server2: "<your_own_value>"
        dns_suffix: "<your_own_value>"
        exclusive_routing: "enable"
        forticlient_download: "enable"
        forticlient_download_method: "direct"
        heading: "<your_own_value>"
        hide_sso_credential: "enable"
        host_check: "none"
        host_check_interval: "50"
        host_check_policy:
         -
            name: "default_name_52 (source vpn.ssl.web.host-check-software.name)"
        ip_mode: "range"
        ip_pools:
         -
            name: "default_name_55 (source firewall.address.name firewall.addrgrp.name)"
        ipv6_dns_server1: "<your_own_value>"
        ipv6_dns_server2: "<your_own_value>"
        ipv6_exclusive_routing: "enable"
        ipv6_pools:
         -
            name: "default_name_60 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_service_restriction: "enable"
        ipv6_split_tunneling: "enable"
        ipv6_split_tunneling_routing_address:
         -
            name: "default_name_64 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_split_tunneling_routing_negate: "enable"
        ipv6_tunnel_mode: "enable"
        ipv6_wins_server1: "<your_own_value>"
        ipv6_wins_server2: "<your_own_value>"
        keep_alive: "enable"
        limit_user_logins: "enable"
        mac_addr_action: "allow"
        mac_addr_check: "enable"
        mac_addr_check_rule:
         -
            mac_addr_list:
             -
                addr: "<your_own_value>"
            mac_addr_mask: "76"
            name: "default_name_77"
        macos_forticlient_download_url: "<your_own_value>"
        name: "default_name_79"
        os_check: "enable"
        os_check_list:
         -
            action: "deny"
            latest_patch_level: "<your_own_value>"
            name: "default_name_84"
            tolerance: "85"
        prefer_ipv6_dns: "enable"
        redir_url: "<your_own_value>"
        rewrite_ip_uri_ui: "enable"
        save_password: "enable"
        service_restriction: "enable"
        skip_check_for_browser: "enable"
        skip_check_for_unsupported_browser: "enable"
        skip_check_for_unsupported_os: "enable"
        smb_max_version: "smbv1"
        smb_min_version: "smbv1"
        smb_ntlmv1_auth: "enable"
        smbv1: "enable"
        split_dns:
         -
            dns_server1: "<your_own_value>"
            dns_server2: "<your_own_value>"
            domains: "<your_own_value>"
            id:  "102"
            ipv6_dns_server1: "<your_own_value>"
            ipv6_dns_server2: "<your_own_value>"
        split_tunneling: "enable"
        split_tunneling_routing_address:
         -
            name: "default_name_107 (source firewall.address.name firewall.addrgrp.name)"
        split_tunneling_routing_negate: "enable"
        theme: "blue"
        transform_backward_slashes: "enable"
        tunnel_mode: "enable"
        use_sdwan: "enable"
        user_bookmark: "enable"
        user_group_bookmark: "enable"
        web_mode: "enable"
        windows_forticlient_download_url: "<your_own_value>"
        wins_server1: "<your_own_value>"
        wins_server2: "<your_own_value>"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• build - Build number of the fortigate image returned: always type: str sample: 1547
• http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
• http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
• mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
• name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
• path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
• revision - Internal revision number returned: always type: str sample: 17.0.2.10658
• serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
• status - Indication of the operation's result returned: always type: str sample: success
• vdom - Virtual domain used returned: always type: str sample: root
• version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)
• Jie Xue (@JieX19)
• Hongbin Lu (@fgtdev-hblu)
• Frank Shen (@frankshen01)
• Miguel Angel Munoz (@mamunozgonzalez)
• Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.