:source: fmgd_firewall_sslsshprofile.py :orphan: .. _fmgd_firewall_sslsshprofile: fmgd_firewall_sslsshprofile -- Configure SSL/SSH protocol options. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.1.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiManager device. - Examples include all parameters and values need to be adjusted to data sources before usage. - Tested with FortiManager v7.x. Requirements ------------ The below requirements are needed on the host that executes this module. - ansible-core>=2.16.0 FortiManager Version Compatibility ---------------------------------- .. raw:: html

Supported Version Ranges: v7.4.8 -> v7.4.10, v7.6.4 -> latest

Parameters ---------- .. raw:: html Notes ----- .. note:: - Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work. - To create or update an object, use state: present directive. - To delete an object, use state: absent directive - Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded Examples -------- .. code-block:: yaml+jinja - name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi gather_facts: false vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure SSL/SSH protocol options. fortinet.fmgdevice.fmgd_firewall_sslsshprofile: # bypass_validation: false # workspace_locking_adom: # workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] device: vdom: state: present # firewall_sslsshprofile: name: "your value" # Required variable, string # allowlist: # block_blocklisted_certificates: # caname: # comment: # dot: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # expired_server_cert: # proxy_after_tcp_handshake: # quic: # revoked_server_cert: # sni_server_cert_check: # status: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # min_allowed_ssl_version: # udp_not_quic: # ech_outer_sni: # - name: # sni: # ftps: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # expired_server_cert: # min_allowed_ssl_version: # ports: # revoked_server_cert: # sni_server_cert_check: # status: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # client_cert_request: # invalid_server_cert: # unsupported_ssl: # untrusted_cert: # allow_invalid_server_cert: # https: # cert_probe_failure: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # encrypted_client_hello: # expired_server_cert: # min_allowed_ssl_version: # ports: # proxy_after_tcp_handshake: # quic: # revoked_server_cert: # sni_server_cert_check: # status: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # client_cert_request: # invalid_server_cert: # unsupported_ssl: # untrusted_cert: # allow_invalid_server_cert: # udp_not_quic: # imaps: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # expired_server_cert: # ports: # proxy_after_tcp_handshake: # revoked_server_cert: # sni_server_cert_check: # status: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # min_allowed_ssl_version: # client_cert_request: # invalid_server_cert: # unsupported_ssl: # untrusted_cert: # allow_invalid_server_cert: # mapi_over_https: # pop3s: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # expired_server_cert: # ports: # proxy_after_tcp_handshake: # revoked_server_cert: # sni_server_cert_check: # status: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # min_allowed_ssl_version: # client_cert_request: # invalid_server_cert: # unsupported_ssl: # untrusted_cert: # allow_invalid_server_cert: # rpc_over_https: # server_cert: # server_cert_mode: # smtps: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # expired_server_cert: # ports: # proxy_after_tcp_handshake: # revoked_server_cert: # sni_server_cert_check: # status: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # min_allowed_ssl_version: # client_cert_request: # invalid_server_cert: # unsupported_ssl: # untrusted_cert: # allow_invalid_server_cert: # ssh: # ports: # proxy_after_tcp_handshake: # ssh_algorithm: # ssh_tun_policy_check: # status: # unsupported_version: # inspect_all: # ssl: # cert_probe_failure: # cert_validation_failure: # cert_validation_timeout: # client_certificate: # encrypted_client_hello: # expired_server_cert: # inspect_all: # min_allowed_ssl_version: # revoked_server_cert: # sni_server_cert_check: # unsupported_ssl_cipher: # unsupported_ssl_negotiation: # unsupported_ssl_version: # untrusted_server_cert: # client_cert_request: # invalid_server_cert: # unsupported_ssl: # untrusted_cert: # allow_invalid_server_cert: # ssl_anomaly_log: # ssl_client_certificate: # caname: # cert: # keyring_list: # status: # ssl_exempt: # - address: # address6: # finger_print_category: # fortiguard_category: # id: # regex: # type: # wildcard_fqdn: # ssl_exemption_ip_rating: # ssl_exemption_log: # ssl_handshake_log: # ssl_negotiation_log: # ssl_server: # - ftps_client_certificate: # https_client_certificate: # id: # imaps_client_certificate: # ip: # pop3s_client_certificate: # smtps_client_certificate: # ssl_other_client_certificate: # smtps_client_cert_request: # imaps_client_cert_request: # ssl_other_client_cert_request: # ftps_client_cert_request: # https_client_cert_request: # pop3s_client_cert_request: # ssl_server_cert_log: # supported_alpn: # untrusted_caname: # use_ssl_server: # ssl_exemptions_log: # ssl_anomalies_log: # whitelist: # block_blacklisted_certificates: Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Xinwei Du (@dux-fortinet) - Xing Li (@lix-fortinet) - Jie Xue (@JieX19) - Link Zheng (@chillancezen) - Frank Shen (@fshen01) - Hongbin Lu (@fgtdev-hblu)