:source: fmgd_vpn_ssl_settings.py :orphan: .. _fmgd_vpn_ssl_settings: fmgd_vpn_ssl_settings -- Configure SSL VPN. +++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiManager device. - Examples include all parameters and values need to be adjusted to data sources before usage. - Tested with FortiManager v7.x. Requirements ------------ The below requirements are needed on the host that executes this module. - ansible-core>=2.16.0 FortiManager Version Compatibility ---------------------------------- .. raw:: html

Supported Version Ranges: v6.2.6 -> v6.2.13, v6.4.2 -> latest

Parameters ---------- .. raw:: html Notes ----- .. note:: - Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work. - To create or update an object, use state: present directive. - To delete an object, use state: absent directive - Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded Examples -------- .. code-block:: yaml+jinja - name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi gather_facts: false vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure SSL VPN. fortinet.fmgdevice.fmgd_vpn_ssl_settings: # bypass_validation: false # workspace_locking_adom: # workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] device: vdom: vpn_ssl_settings: # algorithm: # auth_session_check_source_ip: # auth_timeout: # authentication_rule: # - auth: # cipher: # client_cert: # groups: # id: # portal: # realm: # source_address: # source_address_negate: # source_address6: # source_address6_negate: # source_interface: # user_peer: # users: # auto_tunnel_static_route: # banned_cipher: # - "RSA" # - "DH" # - "DHE" # - "ECDH" # - "ECDHE" # - "DSS" # - "ECDSA" # - "AES" # - "AESGCM" # - "CAMELLIA" # - "3DES" # - "SHA1" # - "SHA256" # - "SHA384" # - "STATIC" # - "CHACHA20" # - "ARIA" # - "AESCCM" # check_referer: # default_portal: # deflate_compression_level: # deflate_min_data_size: # dns_server1: # dns_server2: # dns_suffix: # dtls_hello_timeout: # dtls_max_proto_ver: # dtls_min_proto_ver: # dtls_tunnel: # encode_2f_sequence: # encrypt_and_store_password: # force_two_factor_auth: # header_x_forwarded_for: # hsts_include_subdomains: # http_compression: # http_only_cookie: # http_request_body_timeout: # http_request_header_timeout: # https_redirect: # idle_timeout: # ipv6_dns_server1: # ipv6_dns_server2: # ipv6_wins_server1: # ipv6_wins_server2: # login_attempt_limit: # login_block_time: # login_timeout: # port: # port_precedence: # reqclientcert: # route_source_interface: # servercert: # source_address: # source_address_negate: # source_address6: # source_address6_negate: # source_interface: # ssl_client_renegotiation: # ssl_insert_empty_fragment: # ssl_max_proto_ver: # ssl_min_proto_ver: # tlsv1_0: # tlsv1_1: # tlsv1_2: # tlsv1_3: # transform_backward_slashes: # tunnel_connect_without_reauth: # tunnel_ip_pools: # tunnel_ipv6_pools: # tunnel_user_session_timeout: # unsafe_legacy_renegotiation: # url_obscuration: # user_peer: # wins_server1: # wins_server2: # x_content_type_options: # sslv3: # ssl_big_buffer: # client_sigalgs: # ciphersuite: # - "TLS-AES-128-GCM-SHA256" # - "TLS-AES-256-GCM-SHA384" # - "TLS-CHACHA20-POLY1305-SHA256" # - "TLS-AES-128-CCM-SHA256" # - "TLS-AES-128-CCM-8-SHA256" # dual_stack_mode: # tunnel_addr_assigned_method: # browser_language_detection: # saml_redirect_port: # status: # web_mode_snat: # ztna_trusted_client: # dtls_heartbeat_fail_count: # dtls_heartbeat_idle_timeout: # dtls_heartbeat_interval: # server_hostname: # remote_https_cert_check: # tls_groups: # - "P-521" # - "P-384" # - "P-256" # - "ML-KEM512" # - "ML-KEM768" # - "ML-KEM1024" # - "P-384-MLKEM1024" # - "P-256-MLKEM768" # - "X25519-MLKEM768" # - "X448" # - "X25519" # - "FFDHE2048" # - "FFDHE3072" # - "FFDHE4096" # - "FFDHE6144" # - "FFDHE8192" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Xinwei Du (@dux-fortinet) - Xing Li (@lix-fortinet) - Jie Xue (@JieX19) - Link Zheng (@chillancezen) - Frank Shen (@fshen01) - Hongbin Lu (@fgtdev-hblu)