fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.

New in version 2.0.0.

Synopsis

• This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15

Tips

Using member operation to add an element to an existing object.

FortiOS Version Compatibility

Supported Version Ranges: v6.0.0 -> 7.4.3

Parameters

• access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
• member_path - Member attribute path to operate on. type: str
• member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
• state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
• vpn_ssl_web_portal - Portal. type: dict more...

  	Supported Version Ranges
  vpn_ssl_web_portal	v6.0.0 -> 7.4.3

• allow_user_access - Allow user access to SSL-VPN applications. type: list choices: web, ftp, smb, sftp, telnet, ssh, vnc, rdp, ping, citrix, portforward more...

  	Supported Version Ranges
  allow_user_access	v6.0.0 -> 7.4.3
  [web]	v6.0.0 -> 7.4.3
  [ftp]	v6.0.0 -> 7.4.3
  [smb]	v6.0.0 -> 7.4.3
  [sftp]	v6.2.0 -> 7.4.3
  [telnet]	v6.0.0 -> 7.4.3
  [ssh]	v6.0.0 -> 7.4.3
  [vnc]	v6.0.0 -> 7.4.3
  [rdp]	v6.0.0 -> 7.4.3
  [ping]	v6.0.0 -> 7.4.3
  [citrix]	v6.0.0 -> v7.0.0
  [portforward]	v6.0.0 -> v7.0.0

• auto_connect - Enable/disable automatic connect by client when system is up. type: str choices: enable, disable more...

  	Supported Version Ranges
  auto_connect	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• bookmark_group - Portal bookmark group. type: list member_path: bookmark_group:name more...

  	Supported Version Ranges
  bookmark_group	v6.0.0 -> 7.4.3

• bookmarks - Bookmark table. type: list member_path: bookmark_group:name/bookmarks:name more...

  	Supported Version Ranges
  bookmarks	v6.0.0 -> 7.4.3

• additional_params - Additional parameters. type: str more...

  	Supported Version Ranges
  additional_params	v6.0.0 -> 7.4.3

• apptype - Application type. type: str choices: ftp, rdp, sftp, smb, ssh, telnet, vnc, web, citrix, portforward more...

  	Supported Version Ranges
  apptype	v6.0.0 -> 7.4.3
  [ftp]	v6.0.0 -> 7.4.3
  [rdp]	v6.0.0 -> 7.4.3
  [sftp]	v6.2.0 -> 7.4.3
  [smb]	v6.0.0 -> 7.4.3
  [ssh]	v6.0.0 -> 7.4.3
  [telnet]	v6.0.0 -> 7.4.3
  [vnc]	v6.0.0 -> 7.4.3
  [web]	v6.0.0 -> 7.4.3
  [citrix]	v6.0.0 -> v6.0.11
  [portforward]	v6.0.0 -> v6.0.11

• color_depth - Color depth per pixel. type: str choices: 32, 16, 8 more...

  	Supported Version Ranges
  color_depth	v7.0.1 -> 7.4.3
  [32]	v7.0.1 -> 7.4.3
  [16]	v7.0.1 -> 7.4.3
  [8]	v7.0.1 -> 7.4.3

• description - Description. type: str more...

  	Supported Version Ranges
  description	v6.0.0 -> 7.4.3

• domain - Login domain. type: str more...

  	Supported Version Ranges
  domain	v6.4.0 -> v6.4.0	v6.4.4 -> 7.4.3

• folder - Network shared file folder parameter. type: str more...

  	Supported Version Ranges
  folder	v6.0.0 -> 7.4.3

• form_data - Form data. type: list member_path: bookmark_group:name/bookmarks:name/form_data:name more...

  	Supported Version Ranges
  form_data	v6.0.0 -> 7.4.3

• name - Name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• value - Value. type: str more...

  	Supported Version Ranges
  value	v6.0.0 -> 7.4.3

• height - Screen height (range from 0 - 65535). type: int more...

  	Supported Version Ranges
  height	v7.0.4 -> 7.4.3

• host - Host name/IP parameter. type: str more...

  	Supported Version Ranges
  host	v6.0.0 -> 7.4.3

• keyboard_layout - Keyboard layout. type: str choices: ar-101, ar-102, ar-102-azerty, can-mul, cz, cz-qwerty, cz-pr, da, nl, de, de-ch, de-ibm, en-uk, en-uk-ext, en-us, en-us-dvorak, es, es-var, fi, fi-sami, fr, fr-apple, fr-ca, fr-ch, fr-be, hr, hu, hu-101, it, it-142, ja, ja-106, ko, la-am, lt, lt-ibm, lt-std, lav-std, lav-leg, mk, mk-std, no, no-sami, pol-214, pol-pr, pt, pt-br, pt-br-abnt2, ru, ru-mne, ru-t, sl, sv, sv-sami, tuk, tur-f, tur-q, zh-sym-sg-us, zh-sym-us, zh-tr-hk, zh-tr-mo, zh-tr-us more...

  	Supported Version Ranges
  keyboard_layout	v7.0.1 -> 7.4.3
  [ar-101]	v7.0.1 -> 7.4.3
  [ar-102]	v7.0.1 -> 7.4.3
  [ar-102-azerty]	v7.0.1 -> 7.4.3
  [can-mul]	v7.0.1 -> 7.4.3
  [cz]	v7.0.1 -> 7.4.3
  [cz-qwerty]	v7.0.1 -> 7.4.3
  [cz-pr]	v7.0.1 -> 7.4.3
  [da]	v7.0.1 -> 7.4.3
  [nl]	v7.0.1 -> 7.4.3
  [de]	v7.0.1 -> 7.4.3
  [de-ch]	v7.0.1 -> 7.4.3
  [de-ibm]	v7.0.1 -> 7.4.3
  [en-uk]	v7.0.1 -> 7.4.3
  [en-uk-ext]	v7.0.1 -> 7.4.3
  [en-us]	v7.0.1 -> 7.4.3
  [en-us-dvorak]	v7.0.1 -> 7.4.3
  [es]	v7.0.1 -> 7.4.3
  [es-var]	v7.0.1 -> 7.4.3
  [fi]	v7.0.1 -> 7.4.3
  [fi-sami]	v7.0.1 -> 7.4.3
  [fr]	v7.0.1 -> 7.4.3
  [fr-apple]	v7.0.6 -> 7.4.3
  [fr-ca]	v7.0.1 -> 7.4.3
  [fr-ch]	v7.0.1 -> 7.4.3
  [fr-be]	v7.0.1 -> 7.4.3
  [hr]	v7.0.1 -> 7.4.3
  [hu]	v7.0.1 -> 7.4.3
  [hu-101]	v7.0.1 -> 7.4.3
  [it]	v7.0.1 -> 7.4.3
  [it-142]	v7.0.1 -> 7.4.3
  [ja]	v7.0.1 -> 7.4.3
  [ja-106]	v7.4.2 -> 7.4.3
  [ko]	v7.0.1 -> 7.4.3
  [la-am]	v7.4.1 -> 7.4.3
  [lt]	v7.0.1 -> 7.4.3
  [lt-ibm]	v7.0.1 -> 7.4.3
  [lt-std]	v7.0.1 -> 7.4.3
  [lav-std]	v7.0.1 -> 7.4.3
  [lav-leg]	v7.0.1 -> 7.4.3
  [mk]	v7.0.1 -> 7.4.3
  [mk-std]	v7.0.1 -> 7.4.3
  [no]	v7.0.1 -> 7.4.3
  [no-sami]	v7.0.1 -> 7.4.3
  [pol-214]	v7.0.1 -> 7.4.3
  [pol-pr]	v7.0.1 -> 7.4.3
  [pt]	v7.0.1 -> 7.4.3
  [pt-br]	v7.0.1 -> 7.4.3
  [pt-br-abnt2]	v7.0.1 -> 7.4.3
  [ru]	v7.0.1 -> 7.4.3
  [ru-mne]	v7.0.1 -> 7.4.3
  [ru-t]	v7.0.1 -> 7.4.3
  [sl]	v7.0.1 -> 7.4.3
  [sv]	v7.0.1 -> 7.4.3
  [sv-sami]	v7.0.1 -> 7.4.3
  [tuk]	v7.0.1 -> 7.4.3
  [tur-f]	v7.0.1 -> 7.4.3
  [tur-q]	v7.0.1 -> 7.4.3
  [zh-sym-sg-us]	v7.0.1 -> 7.4.3
  [zh-sym-us]	v7.0.1 -> 7.4.3
  [zh-tr-hk]	v7.0.1 -> 7.4.3
  [zh-tr-mo]	v7.0.1 -> 7.4.3
  [zh-tr-us]	v7.0.1 -> 7.4.3

• listening_port - Listening port (0 - 65535). type: int more...

  	Supported Version Ranges
  listening_port	v6.0.0 -> v7.0.0

• load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str more...

  	Supported Version Ranges
  load_balancing_info	v6.0.0 -> 7.4.3

• logon_password - Logon password. type: str more...

  	Supported Version Ranges
  logon_password	v6.0.0 -> 7.4.3

• logon_user - Logon user. type: str more...

  	Supported Version Ranges
  logon_user	v6.0.0 -> 7.4.3

• name - Bookmark name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• port - Remote port. type: int more...

  	Supported Version Ranges
  port	v6.0.0 -> 7.4.3

• preconnection_blob - An arbitrary string which identifies the RDP source. type: str more...

  	Supported Version Ranges
  preconnection_blob	v6.0.0 -> 7.4.3

• preconnection_id - The numeric ID of the RDP source (0-4294967295). type: int more...

  	Supported Version Ranges
  preconnection_id	v6.0.0 -> 7.4.3

• remote_port - Remote port (0 - 65535). type: int more...

  	Supported Version Ranges
  remote_port	v6.0.0 -> v7.0.0

• restricted_admin - Enable/disable restricted admin mode for RDP. type: str choices: enable, disable more...

  	Supported Version Ranges
  restricted_admin	v7.0.1 -> 7.4.3
  [enable]	v7.0.1 -> 7.4.3
  [disable]	v7.0.1 -> 7.4.3

• security - Security mode for RDP connection . type: str choices: any, rdp, nla, tls more...

  	Supported Version Ranges
  security	v6.0.0 -> 7.4.3
  [any]	v6.0.0 -> 7.4.3
  [rdp]	v6.0.0 -> 7.4.3
  [nla]	v6.0.0 -> 7.4.3
  [tls]	v6.0.0 -> 7.4.3

• send_preconnection_id - Enable/disable sending of preconnection ID. type: str choices: enable, disable more...

  	Supported Version Ranges
  send_preconnection_id	v7.0.1 -> 7.4.3
  [enable]	v7.0.1 -> 7.4.3
  [disable]	v7.0.1 -> 7.4.3

• server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-ca-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe more...

  	Supported Version Ranges
  server_layout	v6.0.0 -> v7.0.0
  [de-de-qwertz]	v6.0.0 -> v7.0.0
  [en-gb-qwerty]	v6.0.0 -> v7.0.0
  [en-us-qwerty]	v6.0.0 -> v7.0.0
  [es-es-qwerty]	v6.0.0 -> v7.0.0
  [fr-ca-qwerty]	v6.2.0 -> v7.0.0
  [fr-fr-azerty]	v6.0.0 -> v7.0.0
  [fr-ch-qwertz]	v6.0.0 -> v7.0.0
  [it-it-qwerty]	v6.0.0 -> v7.0.0
  [ja-jp-qwerty]	v6.0.0 -> v7.0.0
  [pt-br-qwerty]	v6.0.0 -> v7.0.0
  [sv-se-qwerty]	v6.0.0 -> v7.0.0
  [tr-tr-qwerty]	v6.0.0 -> v7.0.0
  [failsafe]	v6.0.0 -> v7.0.0

• show_status_window - Enable/disable showing of status window. type: str choices: enable, disable more...

  	Supported Version Ranges
  show_status_window	v6.0.0 -> v7.0.0
  [enable]	v6.0.0 -> v7.0.0
  [disable]	v6.0.0 -> v7.0.0

• sso - Single sign-on. type: str choices: disable, static, auto more...

  	Supported Version Ranges
  sso	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3
  [static]	v6.0.0 -> 7.4.3
  [auto]	v6.0.0 -> 7.4.3

• sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative more...

  	Supported Version Ranges
  sso_credential	v6.0.0 -> 7.4.3
  [sslvpn-login]	v6.0.0 -> 7.4.3
  [alternative]	v6.0.0 -> 7.4.3

• sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable more...

  	Supported Version Ranges
  sso_credential_sent_once	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• sso_password - SSO password. type: str more...

  	Supported Version Ranges
  sso_password	v6.0.0 -> 7.4.3

• sso_username - SSO user name. type: str more...

  	Supported Version Ranges
  sso_username	v6.0.0 -> 7.4.3

• url - URL parameter. type: str more...

  	Supported Version Ranges
  url	v6.0.0 -> 7.4.3

• vnc_keyboard_layout - Keyboard layout. type: str choices: default, da, nl, en-uk, en-uk-ext, fi, fr, fr-be, fr-ca-mul, de, de-ch, it, it-142, pt, pt-br-abnt2, no, gd, es, sv, us-intl more...

  	Supported Version Ranges
  vnc_keyboard_layout	v7.2.4 -> 7.4.3
  [default]	v7.2.4 -> 7.4.3
  [da]	v7.2.4 -> 7.4.3
  [nl]	v7.2.4 -> 7.4.3
  [en-uk]	v7.2.4 -> 7.4.3
  [en-uk-ext]	v7.2.4 -> 7.4.3
  [fi]	v7.2.4 -> 7.4.3
  [fr]	v7.2.4 -> 7.4.3
  [fr-be]	v7.2.4 -> 7.4.3
  [fr-ca-mul]	v7.2.4 -> 7.4.3
  [de]	v7.2.4 -> 7.4.3
  [de-ch]	v7.2.4 -> 7.4.3
  [it]	v7.2.4 -> 7.4.3
  [it-142]	v7.2.4 -> 7.4.3
  [pt]	v7.2.4 -> 7.4.3
  [pt-br-abnt2]	v7.2.4 -> 7.4.3
  [no]	v7.2.4 -> 7.4.3
  [gd]	v7.2.4 -> 7.4.3
  [es]	v7.2.4 -> 7.4.3
  [sv]	v7.2.4 -> 7.4.3
  [us-intl]	v7.2.4 -> 7.4.3

• width - Screen width (range from 0 - 65535). type: int more...

  	Supported Version Ranges
  width	v7.0.4 -> 7.4.3

• name - Bookmark group name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• client_src_range - Allow client to add source range for the tunnel traffic. type: str choices: enable, disable more...

  	Supported Version Ranges
  client_src_range	v7.2.4 -> 7.4.3
  [enable]	v7.2.4 -> 7.4.3
  [disable]	v7.2.4 -> 7.4.3

• clipboard - Enable to support RDP/VPC clipboard functionality. type: str choices: enable, disable more...

  	Supported Version Ranges
  clipboard	v7.0.1 -> 7.4.3
  [enable]	v7.0.1 -> 7.4.3
  [disable]	v7.0.1 -> 7.4.3

• custom_lang - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str more...

  	Supported Version Ranges
  custom_lang	v6.0.0 -> 7.4.3

• customize_forticlient_download_url - Enable support of customized download URL for FortiClient. type: str choices: enable, disable more...

  	Supported Version Ranges
  customize_forticlient_download_url	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• default_protocol - Application type that is set by default. type: str choices: web, ftp, telnet, smb, vnc, rdp, ssh, sftp more...

  	Supported Version Ranges
  default_protocol	v7.4.1 -> 7.4.3
  [web]	v7.4.1 -> 7.4.3
  [ftp]	v7.4.1 -> 7.4.3
  [telnet]	v7.4.1 -> 7.4.3
  [smb]	v7.4.1 -> 7.4.3
  [vnc]	v7.4.1 -> 7.4.3
  [rdp]	v7.4.1 -> 7.4.3
  [ssh]	v7.4.1 -> 7.4.3
  [sftp]	v7.4.1 -> 7.4.3

• default_window_height - Screen height (range from 0 - 65535). type: int more...

  	Supported Version Ranges
  default_window_height	v7.0.6 -> 7.4.3

• default_window_width - Screen width (range from 0 - 65535). type: int more...

  	Supported Version Ranges
  default_window_width	v7.0.6 -> 7.4.3

• dhcp_ip_overlap - Configure overlapping DHCP IP allocation assignment. type: str choices: use-new, use-old more...

  	Supported Version Ranges
  dhcp_ip_overlap	v7.0.6 -> v7.0.12	v7.2.1 -> 7.4.3
  [use-new]	v7.0.6 -> v7.0.12
  [use-old]	v7.0.6 -> v7.0.12

• dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str more...

  	Supported Version Ranges
  dhcp_ra_giaddr	v7.2.4 -> 7.4.3

• dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str more...

  	Supported Version Ranges
  dhcp6_ra_linkaddr	v7.2.4 -> 7.4.3

• display_bookmark - Enable to display the web portal bookmark widget. type: str choices: enable, disable more...

  	Supported Version Ranges
  display_bookmark	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• display_connection_tools - Enable to display the web portal connection tools widget. type: str choices: enable, disable more...

  	Supported Version Ranges
  display_connection_tools	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• display_history - Enable to display the web portal user login history widget. type: str choices: enable, disable more...

  	Supported Version Ranges
  display_history	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• display_status - Enable to display the web portal status widget. type: str choices: enable, disable more...

  	Supported Version Ranges
  display_status	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• dns_server1 - IPv4 DNS server 1. type: str more...

  	Supported Version Ranges
  dns_server1	v6.0.0 -> 7.4.3

• dns_server2 - IPv4 DNS server 2. type: str more...

  	Supported Version Ranges
  dns_server2	v6.0.0 -> 7.4.3

• dns_suffix - DNS suffix. type: str more...

  	Supported Version Ranges
  dns_suffix	v6.0.0 -> 7.4.3

• exclusive_routing - Enable/disable all traffic go through tunnel only. type: str choices: enable, disable more...

  	Supported Version Ranges
  exclusive_routing	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• focus_bookmark - Enable to prioritize the placement of the bookmark section over the quick-connection section in the SSL-VPN application. type: str choices: enable, disable more...

  	Supported Version Ranges
  focus_bookmark	v7.4.1 -> 7.4.3
  [enable]	v7.4.1 -> 7.4.3
  [disable]	v7.4.1 -> 7.4.3

• forticlient_download - Enable/disable download option for FortiClient. type: str choices: enable, disable more...

  	Supported Version Ranges
  forticlient_download	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• forticlient_download_method - FortiClient download method. type: str choices: direct, ssl-vpn more...

  	Supported Version Ranges
  forticlient_download_method	v6.0.0 -> 7.4.3
  [direct]	v6.0.0 -> 7.4.3
  [ssl-vpn]	v6.0.0 -> 7.4.3

• heading - Web portal heading message. type: str more...

  	Supported Version Ranges
  heading	v6.0.0 -> 7.4.3

• hide_sso_credential - Enable to prevent SSO credential being sent to client. type: str choices: enable, disable more...

  	Supported Version Ranges
  hide_sso_credential	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• host_check - Type of host checking performed on endpoints. type: str choices: none, av, fw, av-fw, custom more...

  	Supported Version Ranges
  host_check	v6.0.0 -> 7.4.3
  [none]	v6.0.0 -> 7.4.3
  [av]	v6.0.0 -> 7.4.3
  [fw]	v6.0.0 -> 7.4.3
  [av-fw]	v6.0.0 -> 7.4.3
  [custom]	v6.0.0 -> 7.4.3

• host_check_interval - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int more...

  	Supported Version Ranges
  host_check_interval	v6.0.0 -> 7.4.3

• host_check_policy - One or more policies to require the endpoint to have specific security software. type: list member_path: host_check_policy:name more...

  	Supported Version Ranges
  host_check_policy	v6.0.0 -> 7.4.3

• name - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• ip_mode - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str choices: range, user-group, dhcp, no-ip more...

  	Supported Version Ranges
  ip_mode	v6.0.0 -> 7.4.3
  [range]	v6.0.0 -> 7.4.3
  [user-group]	v6.0.0 -> 7.4.3
  [dhcp]	v7.0.6 -> v7.0.12	v7.2.1 -> 7.4.3
  [no-ip]	v7.2.4 -> 7.4.3

• ip_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list member_path: ip_pools:name more...

  	Supported Version Ranges
  ip_pools	v6.0.0 -> 7.4.3

• name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• ipv6_dns_server1 - IPv6 DNS server 1. type: str more...

  	Supported Version Ranges
  ipv6_dns_server1	v6.0.0 -> 7.4.3

• ipv6_dns_server2 - IPv6 DNS server 2. type: str more...

  	Supported Version Ranges
  ipv6_dns_server2	v6.0.0 -> 7.4.3

• ipv6_exclusive_routing - Enable/disable all IPv6 traffic go through tunnel only. type: str choices: enable, disable more...

  	Supported Version Ranges
  ipv6_exclusive_routing	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ipv6_pools - IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list member_path: ipv6_pools:name more...

  	Supported Version Ranges
  ipv6_pools	v6.0.0 -> 7.4.3

• name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• ipv6_service_restriction - Enable/disable IPv6 tunnel service restriction. type: str choices: enable, disable more...

  	Supported Version Ranges
  ipv6_service_restriction	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ipv6_split_tunneling - Enable/disable IPv6 split tunneling. type: str choices: enable, disable more...

  	Supported Version Ranges
  ipv6_split_tunneling	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ipv6_split_tunneling_routing_address - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list member_path: ipv6_split_tunneling_routing_address:name more...

  	Supported Version Ranges
  ipv6_split_tunneling_routing_address	v6.0.0 -> 7.4.3

• name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• ipv6_split_tunneling_routing_negate - Enable to negate IPv6 split tunneling routing address. type: str choices: enable, disable more...

  	Supported Version Ranges
  ipv6_split_tunneling_routing_negate	v6.4.0 -> 7.4.3
  [enable]	v6.4.0 -> 7.4.3
  [disable]	v6.4.0 -> 7.4.3

• ipv6_tunnel_mode - Enable/disable IPv6 SSL-VPN tunnel mode. type: str choices: enable, disable more...

  	Supported Version Ranges
  ipv6_tunnel_mode	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ipv6_wins_server1 - IPv6 WINS server 1. type: str more...

  	Supported Version Ranges
  ipv6_wins_server1	v6.0.0 -> 7.4.3

• ipv6_wins_server2 - IPv6 WINS server 2. type: str more...

  	Supported Version Ranges
  ipv6_wins_server2	v6.0.0 -> 7.4.3

• keep_alive - Enable/disable automatic reconnect for FortiClient connections. type: str choices: enable, disable more...

  	Supported Version Ranges
  keep_alive	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• landing_page - Landing page options. type: dict more...

  	Supported Version Ranges
  landing_page	v7.4.0 -> 7.4.3

• form_data - Form data. type: list member_path: landing_page/form_data:name more...

  	Supported Version Ranges
  form_data	v7.4.0 -> 7.4.3

• name - Name. type: str required: true more...

  	Supported Version Ranges
  name	v7.4.0 -> 7.4.3

• value - Value. type: str more...

  	Supported Version Ranges
  value	v7.4.0 -> 7.4.3

• logout_url - Landing page log out URL. type: str more...

  	Supported Version Ranges
  logout_url	v7.4.0 -> v7.4.0

• sso - Single sign-on. type: str choices: disable, static, auto more...

  	Supported Version Ranges
  sso	v7.4.0 -> 7.4.3
  [disable]	v7.4.0 -> 7.4.3
  [static]	v7.4.0 -> 7.4.3
  [auto]	v7.4.0 -> 7.4.3

• sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative more...

  	Supported Version Ranges
  sso_credential	v7.4.0 -> 7.4.3
  [sslvpn-login]	v7.4.0 -> 7.4.3
  [alternative]	v7.4.0 -> 7.4.3

• sso_password - SSO password. type: str more...

  	Supported Version Ranges
  sso_password	v7.4.0 -> 7.4.3

• sso_username - SSO user name. type: str more...

  	Supported Version Ranges
  sso_username	v7.4.0 -> 7.4.3

• url - Landing page URL. type: str more...

  	Supported Version Ranges
  url	v7.4.0 -> 7.4.3

• landing_page_mode - Enable/disable SSL-VPN landing page mode. type: str choices: enable, disable more...

  	Supported Version Ranges
  landing_page_mode	v7.4.0 -> 7.4.3
  [enable]	v7.4.0 -> 7.4.3
  [disable]	v7.4.0 -> 7.4.3

• limit_user_logins - Enable to limit each user to one SSL-VPN session at a time. type: str choices: enable, disable more...

  	Supported Version Ranges
  limit_user_logins	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• mac_addr_action - Client MAC address action. type: str choices: allow, deny more...

  	Supported Version Ranges
  mac_addr_action	v6.0.0 -> 7.4.3
  [allow]	v6.0.0 -> 7.4.3
  [deny]	v6.0.0 -> 7.4.3

• mac_addr_check - Enable/disable MAC address host checking. type: str choices: enable, disable more...

  	Supported Version Ranges
  mac_addr_check	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• mac_addr_check_rule - Client MAC address check rule. type: list member_path: mac_addr_check_rule:name more...

  	Supported Version Ranges
  mac_addr_check_rule	v6.0.0 -> 7.4.3

• mac_addr_list - Client MAC address list. type: list member_path: mac_addr_check_rule:name/mac_addr_list:addr more...

  	Supported Version Ranges
  mac_addr_list	v6.0.0 -> 7.4.3

• addr - Client MAC address. type: str required: true more...

  	Supported Version Ranges
  addr	v6.0.0 -> 7.4.3

• mac_addr_mask - Client MAC address mask. type: int more...

  	Supported Version Ranges
  mac_addr_mask	v6.0.0 -> 7.4.3

• name - Client MAC address check rule name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• macos_forticlient_download_url - Download URL for Mac FortiClient. type: str more...

  	Supported Version Ranges
  macos_forticlient_download_url	v6.0.0 -> 7.4.3

• name - Portal name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• os_check - Enable to let the FortiGate decide action based on client OS. type: str choices: enable, disable more...

  	Supported Version Ranges
  os_check	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• os_check_list - SSL-VPN OS checks. type: list member_path: os_check_list:name more...

  	Supported Version Ranges
  os_check_list	v6.0.0 -> v7.0.5	v7.2.0 -> v7.2.0

• action - OS check options. type: str choices: deny, allow, check-up-to-date more...

  	Supported Version Ranges
  action	v6.0.0 -> v7.0.5	v7.2.0 -> v7.2.0
  [deny]	v6.0.0 -> v7.0.5
  [allow]	v6.0.0 -> v7.0.5
  [check-up-to-date]	v6.0.0 -> v7.0.5

• latest_patch_level - Latest OS patch level. type: str more...

  	Supported Version Ranges
  latest_patch_level	v6.0.0 -> v7.0.5	v7.2.0 -> v7.2.0

• name - Name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> v7.0.5	v7.2.0 -> v7.2.0

• tolerance - OS patch level tolerance. type: int more...

  	Supported Version Ranges
  tolerance	v6.0.0 -> v7.0.5	v7.2.0 -> v7.2.0

• prefer_ipv6_dns - Prefer to query IPv6 DNS server first if enabled. type: str choices: enable, disable more...

  	Supported Version Ranges
  prefer_ipv6_dns	v7.0.0 -> 7.4.3
  [enable]	v7.0.0 -> 7.4.3
  [disable]	v7.0.0 -> 7.4.3

• redir_url - Client login redirect URL. type: str more...

  	Supported Version Ranges
  redir_url	v6.0.0 -> 7.4.3

• rewrite_ip_uri_ui - Rewrite contents for URI contains IP and /ui/ . type: str choices: enable, disable more...

  	Supported Version Ranges
  rewrite_ip_uri_ui	v7.0.0 -> 7.4.3
  [enable]	v7.0.0 -> 7.4.3
  [disable]	v7.0.0 -> 7.4.3

• save_password - Enable/disable FortiClient saving the user"s password. type: str choices: enable, disable more...

  	Supported Version Ranges
  save_password	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• service_restriction - Enable/disable tunnel service restriction. type: str choices: enable, disable more...

  	Supported Version Ranges
  service_restriction	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• skip_check_for_browser - Enable to skip host check for browser support. type: str choices: enable, disable more...

  	Supported Version Ranges
  skip_check_for_browser	v6.2.0 -> 7.4.3
  [enable]	v6.2.0 -> 7.4.3
  [disable]	v6.2.0 -> 7.4.3

• skip_check_for_unsupported_browser - Enable to skip host check if browser does not support it. type: str choices: enable, disable more...

  	Supported Version Ranges
  skip_check_for_unsupported_browser	v6.0.0 -> v6.0.11
  [enable]	v6.0.0 -> v6.0.11
  [disable]	v6.0.0 -> v6.0.11

• skip_check_for_unsupported_os - Enable to skip host check if client OS does not support it. type: str choices: enable, disable more...

  	Supported Version Ranges
  skip_check_for_unsupported_os	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• smb_max_version - SMB maximum client protocol version. type: str choices: smbv1, smbv2, smbv3 more...

  	Supported Version Ranges
  smb_max_version	v6.2.0 -> 7.4.3
  [smbv1]	v6.2.0 -> 7.4.3
  [smbv2]	v6.2.0 -> 7.4.3
  [smbv3]	v6.2.0 -> 7.4.3

• smb_min_version - SMB minimum client protocol version. type: str choices: smbv1, smbv2, smbv3 more...

  	Supported Version Ranges
  smb_min_version	v6.2.0 -> 7.4.3
  [smbv1]	v6.2.0 -> 7.4.3
  [smbv2]	v6.2.0 -> 7.4.3
  [smbv3]	v6.2.0 -> 7.4.3

• smb_ntlmv1_auth - Enable support of NTLMv1 for Samba authentication. type: str choices: enable, disable more...

  	Supported Version Ranges
  smb_ntlmv1_auth	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• smbv1 - SMB version 1. type: str choices: enable, disable more...

  	Supported Version Ranges
  smbv1	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• split_dns - Split DNS for SSL-VPN. type: list member_path: split_dns:id more...

  	Supported Version Ranges
  split_dns	v6.0.0 -> 7.4.3

• dns_server1 - DNS server 1. type: str more...

  	Supported Version Ranges
  dns_server1	v6.0.0 -> 7.4.3

• dns_server2 - DNS server 2. type: str more...

  	Supported Version Ranges
  dns_server2	v6.0.0 -> 7.4.3

• domains - Split DNS domains used for SSL-VPN clients separated by comma. type: str more...

  	Supported Version Ranges
  domains	v6.0.0 -> 7.4.3

• id - ID. see Notes. type: int required: true more...

  	Supported Version Ranges
  id	v6.0.0 -> 7.4.3

• ipv6_dns_server1 - IPv6 DNS server 1. type: str more...

  	Supported Version Ranges
  ipv6_dns_server1	v6.0.0 -> 7.4.3

• ipv6_dns_server2 - IPv6 DNS server 2. type: str more...

  	Supported Version Ranges
  ipv6_dns_server2	v6.0.0 -> 7.4.3

• split_tunneling - Enable/disable IPv4 split tunneling. type: str choices: enable, disable more...

  	Supported Version Ranges
  split_tunneling	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• split_tunneling_routing_address - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list member_path: split_tunneling_routing_address:name more...

  	Supported Version Ranges
  split_tunneling_routing_address	v6.0.0 -> 7.4.3

• name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• split_tunneling_routing_negate - Enable to negate split tunneling routing address. type: str choices: enable, disable more...

  	Supported Version Ranges
  split_tunneling_routing_negate	v6.4.0 -> 7.4.3
  [enable]	v6.4.0 -> 7.4.3
  [disable]	v6.4.0 -> 7.4.3

• theme - Web portal color scheme. type: str choices: jade, neutrino, mariner, graphite, melongene, jet-stream, security-fabric, dark-matter, onyx, eclipse, blue, green, red more...

  	Supported Version Ranges
  theme	v6.0.0 -> 7.4.3
  [jade]	v7.0.0 -> 7.4.3
  [neutrino]	v6.2.0 -> 7.4.3
  [mariner]	v6.0.0 -> 7.4.3
  [graphite]	v7.0.0 -> 7.4.3
  [melongene]	v6.0.0 -> 7.4.3
  [jet-stream]	v7.4.0 -> 7.4.3
  [security-fabric]	v7.4.0 -> 7.4.3
  [dark-matter]	v7.0.0 -> 7.4.3
  [onyx]	v7.0.0 -> 7.4.3
  [eclipse]	v7.0.0 -> 7.4.3
  [blue]	v6.0.0 -> v6.4.4
  [green]	v6.0.0 -> v6.4.4
  [red]	v6.0.0 -> v6.0.11

• transform_backward_slashes - Transform backward slashes to forward slashes in URLs. type: str choices: enable, disable more...

  	Supported Version Ranges
  transform_backward_slashes	v6.2.0 -> v6.2.7
  [enable]	v6.2.0 -> v6.2.7
  [disable]	v6.2.0 -> v6.2.7

• tunnel_mode - Enable/disable IPv4 SSL-VPN tunnel mode. type: str choices: enable, disable more...

  	Supported Version Ranges
  tunnel_mode	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• use_sdwan - Use SD-WAN rules to get output interface. type: str choices: enable, disable more...

  	Supported Version Ranges
  use_sdwan	v6.2.7 -> v6.2.7	v6.4.4 -> 7.4.3
  [enable]	v6.2.7 -> v6.2.7
  [disable]	v6.2.7 -> v6.2.7

• user_bookmark - Enable to allow web portal users to create their own bookmarks. type: str choices: enable, disable more...

  	Supported Version Ranges
  user_bookmark	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• user_group_bookmark - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str choices: enable, disable more...

  	Supported Version Ranges
  user_group_bookmark	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• web_mode - Enable/disable SSL-VPN web mode. type: str choices: enable, disable more...

  	Supported Version Ranges
  web_mode	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• windows_forticlient_download_url - Download URL for Windows FortiClient. type: str more...

  	Supported Version Ranges
  windows_forticlient_download_url	v6.0.0 -> 7.4.3

• wins_server1 - IPv4 WINS server 1. type: str more...

  	Supported Version Ranges
  wins_server1	v6.0.0 -> 7.4.3

• wins_server2 - IPv4 WINS server 1. type: str more...

  	Supported Version Ranges
  wins_server2	v6.0.0 -> 7.4.3

Notes

Note

• Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- name: Portal.
  fortinet.fortios.fortios_vpn_ssl_web_portal:
      vdom: "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      vpn_ssl_web_portal:
          allow_user_access: "web"
          auto_connect: "enable"
          bookmark_group:
              -
                  bookmarks:
                      -
                          additional_params: "<your_own_value>"
                          apptype: "ftp"
                          color_depth: "32"
                          description: "<your_own_value>"
                          domain: "<your_own_value>"
                          folder: "<your_own_value>"
                          form_data:
                              -
                                  name: "default_name_14"
                                  value: "<your_own_value>"
                          height: "768"
                          host: "myhostname"
                          keyboard_layout: "ar-101"
                          listening_port: "0"
                          load_balancing_info: "<your_own_value>"
                          logon_password: "<your_own_value>"
                          logon_user: "<your_own_value>"
                          name: "default_name_23"
                          port: "0"
                          preconnection_blob: "<your_own_value>"
                          preconnection_id: "2147483648"
                          remote_port: "0"
                          restricted_admin: "enable"
                          security: "any"
                          send_preconnection_id: "enable"
                          server_layout: "de-de-qwertz"
                          show_status_window: "enable"
                          sso: "disable"
                          sso_credential: "sslvpn-login"
                          sso_credential_sent_once: "enable"
                          sso_password: "<your_own_value>"
                          sso_username: "<your_own_value>"
                          url: "myurl.com"
                          vnc_keyboard_layout: "default"
                          width: "1024"
                  name: "default_name_41"
          client_src_range: "enable"
          clipboard: "enable"
          custom_lang: "<your_own_value> (source system.custom-language.name)"
          customize_forticlient_download_url: "enable"
          default_protocol: "web"
          default_window_height: "768"
          default_window_width: "1024"
          dhcp_ip_overlap: "use-new"
          dhcp_ra_giaddr: "<your_own_value>"
          dhcp6_ra_linkaddr: "<your_own_value>"
          display_bookmark: "enable"
          display_connection_tools: "enable"
          display_history: "enable"
          display_status: "enable"
          dns_server1: "<your_own_value>"
          dns_server2: "<your_own_value>"
          dns_suffix: "<your_own_value>"
          exclusive_routing: "enable"
          focus_bookmark: "enable"
          forticlient_download: "enable"
          forticlient_download_method: "direct"
          heading: "<your_own_value>"
          hide_sso_credential: "enable"
          host_check: "none"
          host_check_interval: "0"
          host_check_policy:
              -
                  name: "default_name_68 (source vpn.ssl.web.host-check-software.name)"
          ip_mode: "range"
          ip_pools:
              -
                  name: "default_name_71 (source firewall.address.name firewall.addrgrp.name)"
          ipv6_dns_server1: "<your_own_value>"
          ipv6_dns_server2: "<your_own_value>"
          ipv6_exclusive_routing: "enable"
          ipv6_pools:
              -
                  name: "default_name_76 (source firewall.address6.name firewall.addrgrp6.name)"
          ipv6_service_restriction: "enable"
          ipv6_split_tunneling: "enable"
          ipv6_split_tunneling_routing_address:
              -
                  name: "default_name_80 (source firewall.address6.name firewall.addrgrp6.name)"
          ipv6_split_tunneling_routing_negate: "enable"
          ipv6_tunnel_mode: "enable"
          ipv6_wins_server1: "<your_own_value>"
          ipv6_wins_server2: "<your_own_value>"
          keep_alive: "enable"
          landing_page:
              form_data:
                  -
                      name: "default_name_88"
                      value: "<your_own_value>"
              logout_url: "<your_own_value>"
              sso: "disable"
              sso_credential: "sslvpn-login"
              sso_password: "<your_own_value>"
              sso_username: "<your_own_value>"
              url: "myurl.com"
          landing_page_mode: "enable"
          limit_user_logins: "enable"
          mac_addr_action: "allow"
          mac_addr_check: "enable"
          mac_addr_check_rule:
              -
                  mac_addr_list:
                      -
                          addr: "<your_own_value>"
                  mac_addr_mask: "48"
                  name: "default_name_104"
          macos_forticlient_download_url: "<your_own_value>"
          name: "default_name_106"
          os_check: "enable"
          os_check_list:
              -
                  action: "deny"
                  latest_patch_level: "<your_own_value>"
                  name: "default_name_111"
                  tolerance: "0"
          prefer_ipv6_dns: "enable"
          redir_url: "<your_own_value>"
          rewrite_ip_uri_ui: "enable"
          save_password: "enable"
          service_restriction: "enable"
          skip_check_for_browser: "enable"
          skip_check_for_unsupported_browser: "enable"
          skip_check_for_unsupported_os: "enable"
          smb_max_version: "smbv1"
          smb_min_version: "smbv1"
          smb_ntlmv1_auth: "enable"
          smbv1: "enable"
          split_dns:
              -
                  dns_server1: "<your_own_value>"
                  dns_server2: "<your_own_value>"
                  domains: "<your_own_value>"
                  id: "129"
                  ipv6_dns_server1: "<your_own_value>"
                  ipv6_dns_server2: "<your_own_value>"
          split_tunneling: "enable"
          split_tunneling_routing_address:
              -
                  name: "default_name_134 (source firewall.address.name firewall.addrgrp.name)"
          split_tunneling_routing_negate: "enable"
          theme: "jade"
          transform_backward_slashes: "enable"
          tunnel_mode: "enable"
          use_sdwan: "enable"
          user_bookmark: "enable"
          user_group_bookmark: "enable"
          web_mode: "enable"
          windows_forticlient_download_url: "<your_own_value>"
          wins_server1: "<your_own_value>"
          wins_server2: "<your_own_value>"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• build - Build number of the fortigate image returned: always type: str sample: 1547
• http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
• http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
• mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
• name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
• path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
• revision - Internal revision number returned: always type: str sample: 17.0.2.10658
• serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
• status - Indication of the operation's result returned: always type: str sample: success
• vdom - Virtual domain used returned: always type: str sample: root
• version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)

• Jie Xue (@JieX19)

• Hongbin Lu (@fgtdev-hblu)

• Frank Shen (@frankshen01)

• Miguel Angel Munoz (@mamunozgonzalez)

• Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.