fmgd_firewall_vip – Configure virtual IP for IPv4.

Added in version 1.1.0.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible-core>=2.16.0

FortiManager Version Compatibility

Supported Version Ranges: v7.4.8 -> v7.4.10, v7.6.4 -> latest

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • state - The directive to create, update or delete an object type: str required: true choices: present, absent
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • device - The parameter in requested url type: str required: true
  • vdom - The parameter in requested url type: str required: true
  • firewall_vip - Configure virtual IP for IPv4. type: dict
    • arp_reply (Alias name: arp-reply) Enable to respond to arp requests for this virtual ip address. type: str choices: [disable, enable] more...
    • color Color of icon on the gui. type: int more...
    • comment Comment. type: str more...
    • dynamic_mapping Dynamic mapping. type: list more...
      • _scope Scope. type: list more...
        • name Name. type: str more...
        • vdom Vdom. type: str more...
      • add_nat46_route (Alias name: add-nat46-route) Enable/disable adding nat46 route. type: str choices: [disable, enable] more...
      • arp_reply (Alias name: arp-reply) Enable to respond to arp requests for this virtual ip address. type: str choices: [disable, enable] more...
      • color Color of icon on the gui. type: int more...
      • comment Comment. type: str more...
      • dns_mapping_ttl (Alias name: dns-mapping-ttl) Dns mapping ttl (set to zero to use ttl in dns response, default = 0). type: int more...
      • extaddr External fqdn address name. type: list more...
      • extintf Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str more...
      • extip Support meta variable type: list more...
      • extport Support meta variable type: str more...
      • gratuitous_arp_interval (Alias name: gratuitous-arp-interval) Enable to have the vip send gratuitous arps. type: int more...
      • gslb_domain_name (Alias name: gslb-domain-name) Domain to use when integrating with fortigslb. type: str more...
      • gslb_hostname (Alias name: gslb-hostname) Hostname to use within the configured fortigslb domain. type: str more...
      • h2_support (Alias name: h2-support) Enable/disable http2 support (default = enable). type: str choices: [disable, enable] more...
      • h3_support (Alias name: h3-support) Enable/disable http3/quic support (default = disable). type: str choices: [disable, enable] more...
      • http_cookie_age (Alias name: http-cookie-age) Time in minutes that client web browsers should keep a cookie. type: int more...
      • http_cookie_domain (Alias name: http-cookie-domain) Domain that http cookie persistence should apply to. type: str more...
      • http_cookie_domain_from_host (Alias name: http-cookie-domain-from-host) Enable/disable use of http cookie domain from host field in http. type: str choices: [disable, enable] more...
      • http_cookie_generation (Alias name: http-cookie-generation) Generation of http cookie to be accepted. type: int more...
      • http_cookie_path (Alias name: http-cookie-path) Limit http cookie persistence to the specified path. type: str more...
      • http_cookie_share (Alias name: http-cookie-share) Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip] more...
      • http_ip_header (Alias name: http-ip-header) For http multiplexing, enable to add the original client ip address in the xforwarded-for http header. type: str choices: [disable, enable] more...
      • http_ip_header_name (Alias name: http-ip-header-name) Support meta variable type: str more...
      • http_multiplex (Alias name: http-multiplex) Enable/disable http multiplexing. type: str choices: [disable, enable] more...
      • http_multiplex_max_concurrent_request (Alias name: http-multiplex-max-concurrent-request) Maximum number of concurrent requests that a multiplex server can handle (default = unlimited). type: int more...
      • http_multiplex_max_request (Alias name: http-multiplex-max-request) Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited). type: int more...
      • http_multiplex_ttl (Alias name: http-multiplex-ttl) Time-to-live for idle connections to servers. type: int more...
      • http_redirect (Alias name: http-redirect) Enable/disable redirection of http to https. type: str choices: [disable, enable] more...
      • http_supported_max_version (Alias name: http-supported-max-version) Maximum supported http versions. type: str choices: [http1, http2] more...
      • https_cookie_secure (Alias name: https-cookie-secure) Enable/disable verification that inserted https cookies are secure. type: str choices: [disable, enable] more...
      • id Custom defined id. type: int more...
      • ipv6_mappedip (Alias name: ipv6-mappedip) Support meta variable type: str more...
      • ipv6_mappedport (Alias name: ipv6-mappedport) Support meta variable type: str more...
      • ldb_method (Alias name: ldb-method) Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, first-alive, http-host, least-session, least-rtt] more...
      • mapped_addr (Alias name: mapped-addr) Mapped fqdn address name. type: list more...
      • mappedip Support meta variable type: list more...
      • mappedport Support meta variable type: str more...
      • max_embryonic_connections (Alias name: max-embryonic-connections) Maximum number of incomplete connections. type: int more...
      • monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list more...
      • nat_source_vip (Alias name: nat-source-vip) Enable/disable forcing the source nat mapped ip to the external ip for all traffic. type: str choices: [disable, enable] more...
      • nat44 Enable/disable nat44. type: str choices: [disable, enable] more...
      • nat46 Enable/disable nat46. type: str choices: [disable, enable] more...
      • one_click_gslb_server (Alias name: one-click-gslb-server) Enable/disable one click gslb server integration with fortigslb. type: str choices: [disable, enable] more...
      • outlook_web_access (Alias name: outlook-web-access) Enable to add the front-end-https header for microsoft outlook web access. type: str choices: [disable, enable] more...
      • persistence Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id] more...
      • portforward Enable/disable port forwarding. type: str choices: [disable, enable] more...
      • portmapping_type (Alias name: portmapping-type) Port mapping type. type: str choices: [1-to-1, m-to-n] more...
      • protocol Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp, icmp] more...
      • realservers Realservers. type: list more...
        • address Dynamic address of the real server. type: list more...
        • client_ip (Alias name: client-ip) Only clients in this ip range can connect to this real server. type: list more...
        • health_check_proto (Alias name: health-check-proto) Health check proto. type: str choices: [ping, http] more...
        • healthcheck Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip] more...
        • holddown_interval (Alias name: holddown-interval) Time in seconds that the system waits before re-activating a previously down active server in the active-standby mode. type: int more...
        • http_host (Alias name: http-host) Http server domain name in http header. type: str more...
        • id Real server id. type: int more...
        • ip Ip address of the real server. type: str more...
        • max_connections (Alias name: max-connections) Max number of active connections that can be directed to the real server. type: int more...
        • monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list more...
        • port Port for communicating with the real server. type: int more...
        • seq Seq. type: int more...
        • status Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable] more...
        • translate_host (Alias name: translate-host) Enable/disable translation of hostname/ip from virtual server to real server. type: str choices: [disable, enable] more...
        • type Type of address. type: str choices: [ip, address] more...
        • verify_cert (Alias name: verify-cert) Enable/disable certificate verification of the real server. type: str choices: [disable, enable] more...
        • weight Weight of the real server. type: int more...
      • server_type (Alias name: server-type) Protocol to be load balanced by the virtual server (also called the server load balance virtual ip). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps, ssh] more...
      • service Service name. type: list more...
      • src_filter (Alias name: src-filter) Support meta variable type: list more...
      • src_vip_filter (Alias name: src-vip-filter) Enable/disable use of src-filter to match destinations for the reverse snat rule. type: str choices: [disable, enable] more...
      • srcintf_filter (Alias name: srcintf-filter) Interfaces to which the vip applies. type: list more...
      • ssl_accept_ffdhe_groups (Alias name: ssl-accept-ffdhe-groups) Enable/disable ffdhe cipher suite for ssl key exchange. type: str choices: [disable, enable] more...
      • ssl_algorithm (Alias name: ssl-algorithm) Permitted encryption algorithms for ssl sessions according to encryption strength. type: str choices: [high, medium, low, custom] more...
      • ssl_certificate (Alias name: ssl-certificate) Name of the certificate to use for ssl handshake. type: list more...
      • ssl_cipher_suites (Alias name: ssl-cipher-suites) Ssl cipher suites. type: list more...
        • cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...
        • id Id. type: int more...
        • priority Ssl/tls cipher suites priority. type: int more...
        • versions Ssl/tls versions that the cipher suite can be used with. type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
      • ssl_client_fallback (Alias name: ssl-client-fallback) Enable/disable support for preventing downgrade attacks on client connections (rfc 7507). type: str choices: [disable, enable] more...
      • ssl_client_rekey_count (Alias name: ssl-client-rekey-count) Maximum length of data in mb before triggering a client rekey (0 = disable). type: int more...
      • ssl_client_renegotiation (Alias name: ssl-client-renegotiation) Allow, deny, or require secure renegotiation of client sessions to comply with rfc 5746. type: str choices: [deny, allow, secure] more...
      • ssl_client_session_state_max (Alias name: ssl-client-session-state-max) Maximum number of client to fortigate ssl session states to keep. type: int more...
      • ssl_client_session_state_timeout (Alias name: ssl-client-session-state-timeout) Number of minutes to keep client to fortigate ssl session state. type: int more...
      • ssl_client_session_state_type (Alias name: ssl-client-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the client and the fortigate. type: str choices: [disable, time, count, both] more...
      • ssl_dh_bits (Alias name: ssl-dh-bits) Number of bits to use in the diffie-hellman exchange for rsa encryption of ssl sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096] more...
      • ssl_hpkp (Alias name: ssl-hpkp) Enable/disable including hpkp header in response. type: str choices: [disable, enable, report-only] more...
      • ssl_hpkp_age (Alias name: ssl-hpkp-age) Number of seconds the client should honor the hpkp setting. type: int more...
      • ssl_hpkp_backup (Alias name: ssl-hpkp-backup) Certificate to generate backup hpkp pin from. type: list more...
      • ssl_hpkp_include_subdomains (Alias name: ssl-hpkp-include-subdomains) Indicate that hpkp header applies to all subdomains. type: str choices: [disable, enable] more...
      • ssl_hpkp_primary (Alias name: ssl-hpkp-primary) Certificate to generate primary hpkp pin from. type: list more...
      • ssl_hpkp_report_uri (Alias name: ssl-hpkp-report-uri) Url to report hpkp violations to. type: str more...
      • ssl_hsts (Alias name: ssl-hsts) Enable/disable including hsts header in response. type: str choices: [disable, enable] more...
      • ssl_hsts_age (Alias name: ssl-hsts-age) Number of seconds the client should honor the hsts setting. type: int more...
      • ssl_hsts_include_subdomains (Alias name: ssl-hsts-include-subdomains) Indicate that hsts header applies to all subdomains. type: str choices: [disable, enable] more...
      • ssl_http_location_conversion (Alias name: ssl-http-location-conversion) Enable to replace http with https in the replys location http header field. type: str choices: [disable, enable] more...
      • ssl_http_match_host (Alias name: ssl-http-match-host) Enable/disable http host matching for location conversion. type: str choices: [disable, enable] more...
      • ssl_max_version (Alias name: ssl-max-version) Highest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
      • ssl_min_version (Alias name: ssl-min-version) Lowest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
      • ssl_mode (Alias name: ssl-mode) Apply ssl offloading between the client and the fortigate (half) or from the client to the fortigate and from the fortigate to the server (full). type: str choices: [half, full] more...
      • ssl_pfs (Alias name: ssl-pfs) Select the cipher suites that can be used for ssl perfect forward secrecy (pfs). type: str choices: [require, deny, allow] more...
      • ssl_send_empty_frags (Alias name: ssl-send-empty-frags) Enable/disable sending empty fragments to avoid cbc iv attacks (ssl 3. type: str choices: [disable, enable] more...
      • ssl_server_algorithm (Alias name: ssl-server-algorithm) Permitted encryption algorithms for the server side of ssl full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client] more...
      • ssl_server_max_version (Alias name: ssl-server-max-version) Highest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...
      • ssl_server_min_version (Alias name: ssl-server-min-version) Lowest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...
      • ssl_server_renegotiation (Alias name: ssl-server-renegotiation) Enable/disable secure renegotiation to comply with rfc 5746. type: str choices: [disable, enable] more...
      • ssl_server_session_state_max (Alias name: ssl-server-session-state-max) Maximum number of fortigate to server ssl session states to keep. type: int more...
      • ssl_server_session_state_timeout (Alias name: ssl-server-session-state-timeout) Number of minutes to keep fortigate to server ssl session state. type: int more...
      • ssl_server_session_state_type (Alias name: ssl-server-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the server and the fortigate. type: str choices: [disable, time, count, both] more...
      • status Enable/disable vip. type: str choices: [disable, enable] more...
      • type Configure a static nat, load balance, server load balance, access proxy, dns translation, or fqdn vip. type: str choices: [static-nat, server-load-balance, access-proxy, fqdn, load-balance, dns-translation] more...
      • uuid Universally unique identifier (uuid; automatically assigned but can be manually reset). type: str more...
      • weblogic_server (Alias name: weblogic-server) Enable to add an http header to indicate ssl offloading for a weblogic server. type: str choices: [disable, enable] more...
      • websphere_server (Alias name: websphere-server) Enable to add an http header to indicate ssl offloading for a websphere server. type: str choices: [disable, enable] more...
      • client_cert (Alias name: client-cert) Enable/disable requesting client certificate. type: str choices: [disable, enable] more...
      • empty_cert_action (Alias name: empty-cert-action) Action for an empty client certificate. type: str choices: [accept, block, accept-unmanageable] more...
      • user_agent_detect (Alias name: user-agent-detect) Enable/disable detecting device type by http user-agent if no client certificate is provided. type: str choices: [disable, enable] more...
      • vip_id (Alias name: vip-id) Vip id. type: int more...
    • extintf Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: list more...
    • extip Support meta variable type: list more...
    • extport Support meta variable type: str more...
    • gratuitous_arp_interval (Alias name: gratuitous-arp-interval) Enable to have the vip send gratuitous arps. type: int more...
    • h2_support (Alias name: h2-support) Enable/disable http2 support (default = enable). type: str choices: [disable, enable] more...
    • h3_support (Alias name: h3-support) Enable/disable http3/quic support (default = disable). type: str choices: [disable, enable] more...
    • http_cookie_age (Alias name: http-cookie-age) Time in minutes that client web browsers should keep a cookie. type: int more...
    • http_cookie_domain (Alias name: http-cookie-domain) Domain that http cookie persistence should apply to. type: str more...
    • http_cookie_domain_from_host (Alias name: http-cookie-domain-from-host) Enable/disable use of http cookie domain from host field in http. type: str choices: [disable, enable] more...
    • http_cookie_generation (Alias name: http-cookie-generation) Generation of http cookie to be accepted. type: int more...
    • http_cookie_path (Alias name: http-cookie-path) Limit http cookie persistence to the specified path. type: str more...
    • http_cookie_share (Alias name: http-cookie-share) Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip] more...
    • http_ip_header (Alias name: http-ip-header) For http multiplexing, enable to add the original client ip address in the xforwarded-for http header. type: str choices: [disable, enable] more...
    • http_ip_header_name (Alias name: http-ip-header-name) Support meta variable type: str more...
    • http_multiplex (Alias name: http-multiplex) Enable/disable http multiplexing. type: str choices: [disable, enable] more...
    • http_multiplex_max_concurrent_request (Alias name: http-multiplex-max-concurrent-request) Maximum number of concurrent requests that a multiplex server can handle (default = unlimited). type: int more...
    • http_multiplex_max_request (Alias name: http-multiplex-max-request) Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited). type: int more...
    • http_multiplex_ttl (Alias name: http-multiplex-ttl) Time-to-live for idle connections to servers. type: int more...
    • http_redirect (Alias name: http-redirect) Enable/disable redirection of http to https. type: str choices: [disable, enable] more...
    • http_supported_max_version (Alias name: http-supported-max-version) Maximum supported http versions. type: str choices: [http1, http2] more...
    • https_cookie_secure (Alias name: https-cookie-secure) Enable/disable verification that inserted https cookies are secure. type: str choices: [disable, enable] more...
    • id Custom defined id. type: int more...
    • ldb_method (Alias name: ldb-method) Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, first-alive, http-host, least-session, least-rtt] more...
    • mappedip Support meta variable type: list more...
    • mappedport Support meta variable type: str more...
    • max_embryonic_connections (Alias name: max-embryonic-connections) Maximum number of incomplete connections. type: int more...
    • name Virtual ip name. type: str more...
    • outlook_web_access (Alias name: outlook-web-access) Enable to add the front-end-https header for microsoft outlook web access. type: str choices: [disable, enable] more...
    • persistence Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id] more...
    • portforward Enable/disable port forwarding. type: str choices: [disable, enable] more...
    • portmapping_type (Alias name: portmapping-type) Port mapping type. type: str choices: [1-to-1, m-to-n] more...
    • protocol Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp, icmp] more...
    • quic Quic. type: dict more...
      • ack_delay_exponent (Alias name: ack-delay-exponent) Ack delay exponent (1 - 20, default = 3). type: int more...
      • active_connection_id_limit (Alias name: active-connection-id-limit) Active connection id limit (1 - 8, default = 2). type: int more...
      • active_migration (Alias name: active-migration) Enable/disable active migration (default = disable). type: str choices: [disable, enable] more...
      • grease_quic_bit (Alias name: grease-quic-bit) Enable/disable grease quic bit (default = enable). type: str choices: [disable, enable] more...
      • max_ack_delay (Alias name: max-ack-delay) Maximum ack delay in milliseconds (1 - 16383, default = 25). type: int more...
      • max_datagram_frame_size (Alias name: max-datagram-frame-size) Maximum datagram frame size in bytes (1 - 1500, default = 1500). type: int more...
      • max_idle_timeout (Alias name: max-idle-timeout) Maximum idle timeout milliseconds (1 - 60000, default = 30000). type: int more...
      • max_udp_payload_size (Alias name: max-udp-payload-size) Maximum udp payload size in bytes (1200 - 1500, default = 1500). type: int more...
    • realservers Realservers. type: list more...
      • address Dynamic address of the real server. type: list more...
      • client_ip (Alias name: client-ip) Only clients in this ip range can connect to this real server. type: list more...
      • health_check_proto (Alias name: health-check-proto) Health check proto. type: str choices: [ping, http] more...
      • healthcheck Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip] more...
      • holddown_interval (Alias name: holddown-interval) Time in seconds that the system waits before re-activating a previously down active server in the active-standby mode. type: int more...
      • http_host (Alias name: http-host) Http server domain name in http header. type: str more...
      • ip Ip address of the real server. type: str more...
      • max_connections (Alias name: max-connections) Max number of active connections that can be directed to the real server. type: int more...
      • port Port for communicating with the real server. type: int more...
      • seq Seq. type: int more...
      • status Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable] more...
      • translate_host (Alias name: translate-host) Enable/disable translation of hostname/ip from virtual server to real server. type: str choices: [disable, enable] more...
      • type Type of address. type: str choices: [ip, address] more...
      • verify_cert (Alias name: verify-cert) Enable/disable certificate verification of the real server. type: str choices: [disable, enable] more...
      • weight Weight of the real server. type: int more...
      • monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list more...
      • id Real server id. type: int more...
    • server_type (Alias name: server-type) Protocol to be load balanced by the virtual server (also called the server load balance virtual ip). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps, ssh] more...
    • ssl_accept_ffdhe_groups (Alias name: ssl-accept-ffdhe-groups) Enable/disable ffdhe cipher suite for ssl key exchange. type: str choices: [disable, enable] more...
    • ssl_algorithm (Alias name: ssl-algorithm) Permitted encryption algorithms for ssl sessions according to encryption strength. type: str choices: [high, medium, low, custom] more...
    • ssl_certificate (Alias name: ssl-certificate) Name of the certificate to use for ssl handshake. type: list more...
    • ssl_cipher_suites (Alias name: ssl-cipher-suites) Ssl cipher suites. type: list more...
      • cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...
      • id Id. type: int more...
      • versions Ssl/tls versions that the cipher suite can be used with. type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
      • priority Ssl/tls cipher suites priority. type: int more...
    • ssl_client_fallback (Alias name: ssl-client-fallback) Enable/disable support for preventing downgrade attacks on client connections (rfc 7507). type: str choices: [disable, enable] more...
    • ssl_client_rekey_count (Alias name: ssl-client-rekey-count) Maximum length of data in mb before triggering a client rekey (0 = disable). type: int more...
    • ssl_client_renegotiation (Alias name: ssl-client-renegotiation) Allow, deny, or require secure renegotiation of client sessions to comply with rfc 5746. type: str choices: [deny, allow, secure] more...
    • ssl_client_session_state_max (Alias name: ssl-client-session-state-max) Maximum number of client to fortigate ssl session states to keep. type: int more...
    • ssl_client_session_state_timeout (Alias name: ssl-client-session-state-timeout) Number of minutes to keep client to fortigate ssl session state. type: int more...
    • ssl_client_session_state_type (Alias name: ssl-client-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the client and the fortigate. type: str choices: [disable, time, count, both] more...
    • ssl_dh_bits (Alias name: ssl-dh-bits) Number of bits to use in the diffie-hellman exchange for rsa encryption of ssl sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096] more...
    • ssl_hpkp (Alias name: ssl-hpkp) Enable/disable including hpkp header in response. type: str choices: [disable, enable, report-only] more...
    • ssl_hpkp_age (Alias name: ssl-hpkp-age) Number of seconds the client should honor the hpkp setting. type: int more...
    • ssl_hpkp_backup (Alias name: ssl-hpkp-backup) Certificate to generate backup hpkp pin from. type: list more...
    • ssl_hpkp_include_subdomains (Alias name: ssl-hpkp-include-subdomains) Indicate that hpkp header applies to all subdomains. type: str choices: [disable, enable] more...
    • ssl_hpkp_primary (Alias name: ssl-hpkp-primary) Certificate to generate primary hpkp pin from. type: list more...
    • ssl_hpkp_report_uri (Alias name: ssl-hpkp-report-uri) Url to report hpkp violations to. type: str more...
    • ssl_hsts (Alias name: ssl-hsts) Enable/disable including hsts header in response. type: str choices: [disable, enable] more...
    • ssl_hsts_age (Alias name: ssl-hsts-age) Number of seconds the client should honor the hsts setting. type: int more...
    • ssl_hsts_include_subdomains (Alias name: ssl-hsts-include-subdomains) Indicate that hsts header applies to all subdomains. type: str choices: [disable, enable] more...
    • ssl_http_location_conversion (Alias name: ssl-http-location-conversion) Enable to replace http with https in the replys location http header field. type: str choices: [disable, enable] more...
    • ssl_http_match_host (Alias name: ssl-http-match-host) Enable/disable http host matching for location conversion. type: str choices: [disable, enable] more...
    • ssl_max_version (Alias name: ssl-max-version) Highest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
    • ssl_min_version (Alias name: ssl-min-version) Lowest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
    • ssl_mode (Alias name: ssl-mode) Apply ssl offloading between the client and the fortigate (half) or from the client to the fortigate and from the fortigate to the server (full). type: str choices: [half, full] more...
    • ssl_pfs (Alias name: ssl-pfs) Select the cipher suites that can be used for ssl perfect forward secrecy (pfs). type: str choices: [require, deny, allow] more...
    • ssl_send_empty_frags (Alias name: ssl-send-empty-frags) Enable/disable sending empty fragments to avoid cbc iv attacks (ssl 3. type: str choices: [disable, enable] more...
    • ssl_server_algorithm (Alias name: ssl-server-algorithm) Permitted encryption algorithms for the server side of ssl full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client] more...
    • ssl_server_cipher_suites (Alias name: ssl-server-cipher-suites) Ssl server cipher suites. type: list more...
      • cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...
      • priority Ssl/tls cipher suites priority. type: int more...
      • versions Ssl/tls versions that the cipher suite can be used with. type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...
    • ssl_server_max_version (Alias name: ssl-server-max-version) Highest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...
    • ssl_server_min_version (Alias name: ssl-server-min-version) Lowest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...
    • ssl_server_renegotiation (Alias name: ssl-server-renegotiation) Enable/disable secure renegotiation to comply with rfc 5746. type: str choices: [disable, enable] more...
    • ssl_server_session_state_max (Alias name: ssl-server-session-state-max) Maximum number of fortigate to server ssl session states to keep. type: int more...
    • ssl_server_session_state_timeout (Alias name: ssl-server-session-state-timeout) Number of minutes to keep fortigate to server ssl session state. type: int more...
    • ssl_server_session_state_type (Alias name: ssl-server-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the server and the fortigate. type: str choices: [disable, time, count, both] more...
    • status Enable/disable vip. type: str choices: [disable, enable] more...
    • type Configure a static nat, load balance, server load balance, access proxy, dns translation, or fqdn vip. type: str choices: [static-nat, server-load-balance, access-proxy, fqdn, load-balance, dns-translation] more...
    • uuid Universally unique identifier (uuid; automatically assigned but can be manually reset). type: str more...
    • weblogic_server (Alias name: weblogic-server) Enable to add an http header to indicate ssl offloading for a weblogic server. type: str choices: [disable, enable] more...
    • websphere_server (Alias name: websphere-server) Enable to add an http header to indicate ssl offloading for a websphere server. type: str choices: [disable, enable] more...
    • src_filter (Alias name: src-filter) Support meta variable type: list more...
    • mapped_addr (Alias name: mapped-addr) Mapped fqdn address name. type: list more...
    • nat_source_vip (Alias name: nat-source-vip) Enable/disable forcing the source nat mapped ip to the external ip for all traffic. type: str choices: [disable, enable] more...
    • dns_mapping_ttl (Alias name: dns-mapping-ttl) Dns mapping ttl (set to zero to use ttl in dns response, default = 0). type: int more...
    • service Service name. type: list more...
    • nat46 Enable/disable nat46. type: str choices: [disable, enable] more...
    • add_nat46_route (Alias name: add-nat46-route) Enable/disable adding nat46 route. type: str choices: [disable, enable] more...
    • gslb_public_ips (Alias name: gslb-public-ips) Gslb public ips. type: list more...
      • index Index of this public ip setting. type: int more...
      • ip The publicly accessible ip address. type: str more...
    • monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list more...
    • nat44 Enable/disable nat44. type: str choices: [disable, enable] more...
    • src_vip_filter (Alias name: src-vip-filter) Enable/disable use of src-filter to match destinations for the reverse snat rule. type: str choices: [disable, enable] more...
    • extaddr External fqdn address name. type: list more...
    • srcintf_filter (Alias name: srcintf-filter) Interfaces to which the vip applies. type: list more...
    • ipv6_mappedip (Alias name: ipv6-mappedip) Support meta variable type: str more...
    • gslb_domain_name (Alias name: gslb-domain-name) Domain to use when integrating with fortigslb. type: str more...
    • one_click_gslb_server (Alias name: one-click-gslb-server) Enable/disable one click gslb server integration with fortigslb. type: str choices: [disable, enable] more...
    • ipv6_mappedport (Alias name: ipv6-mappedport) Support meta variable type: str more...
    • gslb_hostname (Alias name: gslb-hostname) Hostname to use within the configured fortigslb domain. type: str more...
    • client_cert (Alias name: client-cert) Enable/disable requesting client certificate. type: str choices: [disable, enable] more...
    • empty_cert_action (Alias name: empty-cert-action) Action for an empty client certificate. type: str choices: [accept, block, accept-unmanageable] more...
    • user_agent_detect (Alias name: user-agent-detect) Enable/disable detecting device type by http user-agent if no client certificate is provided. type: str choices: [disable, enable] more...
    • vip_id (Alias name: vip-id) Vip id. type: int more...

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state: present directive.

  • To delete an object, use state: absent directive

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  gather_facts: false
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure virtual IP for IPv4.
      fortinet.fmgdevice.fmgd_firewall_vip:
        # bypass_validation: false
        # workspace_locking_adom: <global or your adom name>
        # workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        device: <your own value>
        vdom: <your own value>
        state: present # <value in [present, absent]>
        firewall_vip:
          id: 0 # Required variable, integer
          # arp_reply: <value in [disable, enable]>
          # color: <integer>
          # comment: <string>
          # dynamic_mapping:
          #   - _scope:
          #       - name: <string>
          #         vdom: <string>
          #     add_nat46_route: <value in [disable, enable]>
          #     arp_reply: <value in [disable, enable]>
          #     color: <integer>
          #     comment: <string>
          #     dns_mapping_ttl: <integer>
          #     extaddr: <list or string>
          #     extintf: <string>
          #     extip: <list or string>
          #     extport: <string>
          #     gratuitous_arp_interval: <integer>
          #     gslb_domain_name: <string>
          #     gslb_hostname: <string>
          #     h2_support: <value in [disable, enable]>
          #     h3_support: <value in [disable, enable]>
          #     http_cookie_age: <integer>
          #     http_cookie_domain: <string>
          #     http_cookie_domain_from_host: <value in [disable, enable]>
          #     http_cookie_generation: <integer>
          #     http_cookie_path: <string>
          #     http_cookie_share: <value in [disable, same-ip]>
          #     http_ip_header: <value in [disable, enable]>
          #     http_ip_header_name: <string>
          #     http_multiplex: <value in [disable, enable]>
          #     http_multiplex_max_concurrent_request: <integer>
          #     http_multiplex_max_request: <integer>
          #     http_multiplex_ttl: <integer>
          #     http_redirect: <value in [disable, enable]>
          #     http_supported_max_version: <value in [http1, http2]>
          #     https_cookie_secure: <value in [disable, enable]>
          #     id: <integer>
          #     ipv6_mappedip: <string>
          #     ipv6_mappedport: <string>
          #     ldb_method: <value in [static, round-robin, weighted, ...]>
          #     mapped_addr: <list or string>
          #     mappedip: <list or string>
          #     mappedport: <string>
          #     max_embryonic_connections: <integer>
          #     monitor: <list or string>
          #     nat_source_vip: <value in [disable, enable]>
          #     nat44: <value in [disable, enable]>
          #     nat46: <value in [disable, enable]>
          #     one_click_gslb_server: <value in [disable, enable]>
          #     outlook_web_access: <value in [disable, enable]>
          #     persistence: <value in [none, http-cookie, ssl-session-id]>
          #     portforward: <value in [disable, enable]>
          #     portmapping_type: <value in [1-to-1, m-to-n]>
          #     protocol: <value in [tcp, udp, sctp, ...]>
          #     realservers:
          #       - address: <list or string>
          #         client_ip: <list or string>
          #         health_check_proto: <value in [ping, http]>
          #         healthcheck: <value in [disable, enable, vip]>
          #         holddown_interval: <integer>
          #         http_host: <string>
          #         id: <integer>
          #         ip: <string>
          #         max_connections: <integer>
          #         monitor: <list or string>
          #         port: <integer>
          #         seq: <integer>
          #         status: <value in [active, standby, disable]>
          #         translate_host: <value in [disable, enable]>
          #         type: <value in [ip, address]>
          #         verify_cert: <value in [disable, enable]>
          #         weight: <integer>
          #     server_type: <value in [http, https, ssl, ...]>
          #     service: <list or string>
          #     src_filter: <list or string>
          #     src_vip_filter: <value in [disable, enable]>
          #     srcintf_filter: <list or string>
          #     ssl_accept_ffdhe_groups: <value in [disable, enable]>
          #     ssl_algorithm: <value in [high, medium, low, ...]>
          #     ssl_certificate: <list or string>
          #     ssl_cipher_suites:
          #       - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
          #         id: <integer>
          #         priority: <integer>
          #         versions:
          #           - "ssl-3.0"
          #           - "tls-1.0"
          #           - "tls-1.1"
          #           - "tls-1.2"
          #           - "tls-1.3"
          #     ssl_client_fallback: <value in [disable, enable]>
          #     ssl_client_rekey_count: <integer>
          #     ssl_client_renegotiation: <value in [deny, allow, secure]>
          #     ssl_client_session_state_max: <integer>
          #     ssl_client_session_state_timeout: <integer>
          #     ssl_client_session_state_type: <value in [disable, time, count, ...]>
          #     ssl_dh_bits: <value in [768, 1024, 1536, ...]>
          #     ssl_hpkp: <value in [disable, enable, report-only]>
          #     ssl_hpkp_age: <integer>
          #     ssl_hpkp_backup: <list or string>
          #     ssl_hpkp_include_subdomains: <value in [disable, enable]>
          #     ssl_hpkp_primary: <list or string>
          #     ssl_hpkp_report_uri: <string>
          #     ssl_hsts: <value in [disable, enable]>
          #     ssl_hsts_age: <integer>
          #     ssl_hsts_include_subdomains: <value in [disable, enable]>
          #     ssl_http_location_conversion: <value in [disable, enable]>
          #     ssl_http_match_host: <value in [disable, enable]>
          #     ssl_max_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          #     ssl_min_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          #     ssl_mode: <value in [half, full]>
          #     ssl_pfs: <value in [require, deny, allow]>
          #     ssl_send_empty_frags: <value in [disable, enable]>
          #     ssl_server_algorithm: <value in [high, low, medium, ...]>
          #     ssl_server_max_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          #     ssl_server_min_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          #     ssl_server_renegotiation: <value in [disable, enable]>
          #     ssl_server_session_state_max: <integer>
          #     ssl_server_session_state_timeout: <integer>
          #     ssl_server_session_state_type: <value in [disable, time, count, ...]>
          #     status: <value in [disable, enable]>
          #     type: <value in [static-nat, server-load-balance, access-proxy, ...]>
          #     uuid: <string>
          #     weblogic_server: <value in [disable, enable]>
          #     websphere_server: <value in [disable, enable]>
          #     client_cert: <value in [disable, enable]>
          #     empty_cert_action: <value in [accept, block, accept-unmanageable]>
          #     user_agent_detect: <value in [disable, enable]>
          #     vip_id: <integer>
          # extintf: <list or string>
          # extip: <list or string>
          # extport: <string>
          # gratuitous_arp_interval: <integer>
          # h2_support: <value in [disable, enable]>
          # h3_support: <value in [disable, enable]>
          # http_cookie_age: <integer>
          # http_cookie_domain: <string>
          # http_cookie_domain_from_host: <value in [disable, enable]>
          # http_cookie_generation: <integer>
          # http_cookie_path: <string>
          # http_cookie_share: <value in [disable, same-ip]>
          # http_ip_header: <value in [disable, enable]>
          # http_ip_header_name: <string>
          # http_multiplex: <value in [disable, enable]>
          # http_multiplex_max_concurrent_request: <integer>
          # http_multiplex_max_request: <integer>
          # http_multiplex_ttl: <integer>
          # http_redirect: <value in [disable, enable]>
          # http_supported_max_version: <value in [http1, http2]>
          # https_cookie_secure: <value in [disable, enable]>
          # ldb_method: <value in [static, round-robin, weighted, ...]>
          # mappedip: <list or string>
          # mappedport: <string>
          # max_embryonic_connections: <integer>
          # name: <string>
          # outlook_web_access: <value in [disable, enable]>
          # persistence: <value in [none, http-cookie, ssl-session-id]>
          # portforward: <value in [disable, enable]>
          # portmapping_type: <value in [1-to-1, m-to-n]>
          # protocol: <value in [tcp, udp, sctp, ...]>
          # quic:
          #   ack_delay_exponent: <integer>
          #   active_connection_id_limit: <integer>
          #   active_migration: <value in [disable, enable]>
          #   grease_quic_bit: <value in [disable, enable]>
          #   max_ack_delay: <integer>
          #   max_datagram_frame_size: <integer>
          #   max_idle_timeout: <integer>
          #   max_udp_payload_size: <integer>
          # realservers:
          #   - address: <list or string>
          #     client_ip: <list or string>
          #     health_check_proto: <value in [ping, http]>
          #     healthcheck: <value in [disable, enable, vip]>
          #     holddown_interval: <integer>
          #     http_host: <string>
          #     ip: <string>
          #     max_connections: <integer>
          #     port: <integer>
          #     seq: <integer>
          #     status: <value in [active, standby, disable]>
          #     translate_host: <value in [disable, enable]>
          #     type: <value in [ip, address]>
          #     verify_cert: <value in [disable, enable]>
          #     weight: <integer>
          #     monitor: <list or string>
          #     id: <integer>
          # server_type: <value in [http, https, ssl, ...]>
          # ssl_accept_ffdhe_groups: <value in [disable, enable]>
          # ssl_algorithm: <value in [high, medium, low, ...]>
          # ssl_certificate: <list or string>
          # ssl_cipher_suites:
          #   - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
          #     id: <integer>
          #     versions:
          #       - "ssl-3.0"
          #       - "tls-1.0"
          #       - "tls-1.1"
          #       - "tls-1.2"
          #       - "tls-1.3"
          #     priority: <integer>
          # ssl_client_fallback: <value in [disable, enable]>
          # ssl_client_rekey_count: <integer>
          # ssl_client_renegotiation: <value in [deny, allow, secure]>
          # ssl_client_session_state_max: <integer>
          # ssl_client_session_state_timeout: <integer>
          # ssl_client_session_state_type: <value in [disable, time, count, ...]>
          # ssl_dh_bits: <value in [768, 1024, 1536, ...]>
          # ssl_hpkp: <value in [disable, enable, report-only]>
          # ssl_hpkp_age: <integer>
          # ssl_hpkp_backup: <list or string>
          # ssl_hpkp_include_subdomains: <value in [disable, enable]>
          # ssl_hpkp_primary: <list or string>
          # ssl_hpkp_report_uri: <string>
          # ssl_hsts: <value in [disable, enable]>
          # ssl_hsts_age: <integer>
          # ssl_hsts_include_subdomains: <value in [disable, enable]>
          # ssl_http_location_conversion: <value in [disable, enable]>
          # ssl_http_match_host: <value in [disable, enable]>
          # ssl_max_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          # ssl_min_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          # ssl_mode: <value in [half, full]>
          # ssl_pfs: <value in [require, deny, allow]>
          # ssl_send_empty_frags: <value in [disable, enable]>
          # ssl_server_algorithm: <value in [high, low, medium, ...]>
          # ssl_server_cipher_suites:
          #   - cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
          #     priority: <integer>
          #     versions:
          #       - "ssl-3.0"
          #       - "tls-1.0"
          #       - "tls-1.1"
          #       - "tls-1.2"
          #       - "tls-1.3"
          # ssl_server_max_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          # ssl_server_min_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          # ssl_server_renegotiation: <value in [disable, enable]>
          # ssl_server_session_state_max: <integer>
          # ssl_server_session_state_timeout: <integer>
          # ssl_server_session_state_type: <value in [disable, time, count, ...]>
          # status: <value in [disable, enable]>
          # type: <value in [static-nat, server-load-balance, access-proxy, ...]>
          # uuid: <string>
          # weblogic_server: <value in [disable, enable]>
          # websphere_server: <value in [disable, enable]>
          # src_filter: <list or string>
          # mapped_addr: <list or string>
          # nat_source_vip: <value in [disable, enable]>
          # dns_mapping_ttl: <integer>
          # service: <list or string>
          # nat46: <value in [disable, enable]>
          # add_nat46_route: <value in [disable, enable]>
          # gslb_public_ips:
          #   - index: <integer>
          #     ip: <string>
          # monitor: <list or string>
          # nat44: <value in [disable, enable]>
          # src_vip_filter: <value in [disable, enable]>
          # extaddr: <list or string>
          # srcintf_filter: <list or string>
          # ipv6_mappedip: <string>
          # gslb_domain_name: <string>
          # one_click_gslb_server: <value in [disable, enable]>
          # ipv6_mappedport: <string>
          # gslb_hostname: <string>
          # client_cert: <value in [disable, enable]>
          # empty_cert_action: <value in [accept, block, accept-unmanageable]>
          # user_agent_detect: <value in [disable, enable]>
          # vip_id: <integer>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)