:source: fortios_web_proxy_global.py
:orphan:
.. fortios_web_proxy_global:
fortios_web_proxy_global -- Configure Web proxy global settings in Fortinet's FortiOS and FortiGate.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 2.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.16
Tips
----
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
-----------------------------
Supported Version Ranges: v6.0.0 -> v7.6.6
Parameters
----------
.. raw:: html
access_token - Token-based authentication. Generated from GUI of Fortigate. type: strrequired: false
enable_log - Enable/Disable logging for task. type: boolrequired: falsedefault: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: strdefault: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: strchoices: present, absent
web_proxy_global - Configure Web proxy global settings. type: dict more...
Supported Version Ranges
web_proxy_global
v6.0.0 -> 7.6.6
always_learn_client_ip - Enable/disable learning the client"s IP address from headers for every request. type: strchoices: enable, disable more...
Supported Version Ranges
always_learn_client_ip
v7.4.4 -> 7.6.6
[enable]
v7.4.4 -> 7.6.6
[disable]
v7.4.4 -> 7.6.6
auth_sign_timeout - Proxy auth query sign timeout in seconds (30 - 3600). type: int more...
Supported Version Ranges
auth_sign_timeout
v7.6.5 -> 7.6.6
fast_policy_match - Enable/disable fast matching algorithm for explicit and transparent proxy policy. type: strchoices: enable, disable more...
forward_server_affinity_timeout - Period of time before the source IP"s traffic is no longer assigned to the forwarding server (6 - 60 min). type: int more...
Supported Version Ranges
forward_server_affinity_timeout
v6.0.0 -> 7.6.6
http2_client_window_size - HTTP/2 client initial window size in bytes (65535 - 2147483647). type: int more...
Supported Version Ranges
http2_client_window_size
v7.6.3 -> 7.6.6
http2_server_window_size - HTTP/2 server initial window size in bytes (65535 - 2147483647). type: int more...
Supported Version Ranges
http2_server_window_size
v7.6.3 -> 7.6.6
ldap_user_cache - Enable/disable LDAP user cache for explicit and transparent proxy user. type: strchoices: enable, disable more...
Supported Version Ranges
ldap_user_cache
v7.0.2 -> 7.6.6
[enable]
v7.0.2 -> 7.6.6
[disable]
v7.0.2 -> 7.6.6
learn_client_ip - Enable/disable learning the client"s IP address from headers. type: strchoices: enable, disable more...
Supported Version Ranges
learn_client_ip
v6.0.0 -> 7.6.6
[enable]
v6.0.0 -> 7.6.6
[disable]
v6.0.0 -> 7.6.6
learn_client_ip_from_header - Learn client IP address from the specified headers. type: listchoices: true-client-ip, x-real-ip, x-forwarded-for more...
Supported Version Ranges
learn_client_ip_from_header
v6.0.0 -> 7.6.6
[true-client-ip]
v6.0.0 -> 7.6.6
[x-real-ip]
v6.0.0 -> 7.6.6
[x-forwarded-for]
v6.0.0 -> 7.6.6
learn_client_ip_srcaddr - Source address name (srcaddr or srcaddr6 must be set). type: listmember_path: learn_client_ip_srcaddr:name more...
strict_web_check - Enable/disable strict web checking to block web sites that send incorrect headers that don"t conform to HTTP. type: strchoices: enable, disable more...
unknown_http_version - Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort. type: strchoices: reject, tunnel, best-effort more...
Supported Version Ranges
unknown_http_version
v6.0.0 -> v6.2.7
[reject]
v6.0.0 -> v6.2.7
[tunnel]
v6.0.0 -> v6.2.7
[best-effort]
v6.0.0 -> v6.2.7
webproxy_profile - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name. type: str more...
Supported Version Ranges
webproxy_profile
v6.0.0 -> 7.6.6
Notes
-----
.. note::
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- The module supports check_mode.
Examples
--------
.. code-block:: yaml+jinja
- name: Configure Web proxy global settings.
fortinet.fortios.fortios_web_proxy_global:
vdom: "{{ vdom }}"
web_proxy_global:
always_learn_client_ip: "enable"
auth_sign_timeout: "120"
fast_policy_match: "enable"
forward_proxy_auth: "enable"
forward_server_affinity_timeout: "30"
http2_client_window_size: "1048576"
http2_server_window_size: "1048576"
ldap_user_cache: "enable"
learn_client_ip: "enable"
learn_client_ip_from_header: "true-client-ip"
learn_client_ip_srcaddr:
-
name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)"
learn_client_ip_srcaddr6:
-
name: "default_name_16 (source firewall.address6.name firewall.addrgrp6.name)"
log_app_id: "enable"
log_forward_server: "enable"
log_policy_pending: "enable"
max_message_length: "32"
max_request_length: "8"
max_waf_body_cache_length: "1"
policy_category_deep_inspect: "enable"
policy_partial_match: "enable"
proxy_fqdn: ""
proxy_transparent_cert_inspection: "enable"
request_obs_fold: "replace-with-sp"
src_affinity_exempt_addr: ""
src_affinity_exempt_addr6: ""
ssl_ca_cert: " (source vpn.certificate.local.name vpn.certificate.hsm-local.name)"
ssl_cert: " (source vpn.certificate.local.name)"
strict_web_check: "enable"
tunnel_non_http: "enable"
unknown_http_version: "reject"
webproxy_profile: " (source web-proxy.profile.name)"
Return Values
-------------
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
.. raw:: html
build - Build number of the fortigate image returned: alwaystype: strsample: 1547
http_method - Last method used to provision the content into FortiGate returned: alwaystype: strsample: PUT
http_status - Last result given by FortiGate on last operation applied returned: alwaystype: strsample: 200
mkey - Master key (id) used in the last call to FortiGate returned: successtype: strsample: id
name - Name of the table used to fulfill the request returned: alwaystype: strsample: urlfilter
path - Path of the table used to fulfill the request returned: alwaystype: strsample: webfilter
revision - Internal revision number returned: alwaystype: strsample: 17.0.2.10658
serial - Serial number of the unit returned: alwaystype: strsample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: alwaystype: strsample: success
vdom - Virtual domain used returned: alwaystype: strsample: root
version - Version of the FortiGate returned: alwaystype: strsample: v5.6.3
Status
------
- This module is not guaranteed to have a backwards compatible interface.
Authors
-------
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
.. hint::
If you notice any issues in this documentation, you can create a pull request to improve it.