- source
fmgr_firewall_sslsshprofile_smtps.py
- orphan
2.0.0
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
- Argument name before 3.0.0:
var-name
,var name
,var.name
- New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
- This module is able to configure a FortiManager device.
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.x and v7.x.
The below requirements are needed on the host that executes this module.
- ansible>=2.15.0
Supported Version Ranges: v6.0.0 -> latest
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- ssl-ssh-profile - The parameter in requested url type: str required: true
- firewall_sslsshprofile_smtps - Configure SMTPS options. type: dict
- allow_invalid_server_cert (Alias name: allow-invalid-server-cert) When enabled, allows ssl sessions whose server certificate validation failed. type: str choices: [disable, enable]
more...
Supported Version Ranges:
v6.0.0 -> v7.2.1
- client_cert_request (Alias name: client-cert-request) Action based on client certificate request. type: str choices: [bypass, inspect, block]
more...
Supported Version Ranges:
v6.0.0 -> latest
- ports type: list
more...
Supported Version Ranges:
v6.0.0 -> latest
- status Configure protocol inspection status. type: str choices: [disable, deep-inspection]
more...
Supported Version Ranges:
v6.0.0 -> latest
- unsupported_ssl (Alias name: unsupported-ssl) Action based on the ssl encryption used being unsupported. type: str choices: [bypass, inspect, block]
more...
Supported Version Ranges:
v6.0.0 -> latest
- untrusted_cert (Alias name: untrusted-cert) Allow, ignore, or block the untrusted ssl session server certificate. type: str choices: [allow, block, ignore]
more...
Supported Version Ranges:
v6.0.0 -> v7.2.1
- invalid_server_cert (Alias name: invalid-server-cert) Allow or block the invalid ssl session server certificate. type: str choices: [allow, block]
more...
Supported Version Ranges:
v6.2.0 -> latest
- sni_server_cert_check (Alias name: sni-server-cert-check) Check the sni in the client hello message with the cn or san fields in the returned server certificate. type: str choices: [disable, enable, strict]
more...
Supported Version Ranges:
v6.2.0 -> latest
- untrusted_server_cert (Alias name: untrusted-server-cert) Allow, ignore, or block the untrusted ssl session server certificate. type: str choices: [allow, block, ignore]
more...
Supported Version Ranges:
v6.2.0 -> latest
- cert_validation_failure (Alias name: cert-validation-failure) Action based on certificate validation failure. type: str choices: [allow, block, ignore]
more...
Supported Version Ranges:
v6.4.0 -> latest
- cert_validation_timeout (Alias name: cert-validation-timeout) Action based on certificate validation timeout. type: str choices: [allow, block, ignore]
more...
Supported Version Ranges:
v6.4.0 -> latest
- client_certificate (Alias name: client-certificate) Action based on received client certificate. type: str choices: [bypass, inspect, block]
more...
Supported Version Ranges:
v6.4.0 -> latest
- expired_server_cert (Alias name: expired-server-cert) Action based on server certificate is expired. type: str choices: [allow, block, ignore]
more...
Supported Version Ranges:
v6.4.0 -> latest
- proxy_after_tcp_handshake (Alias name: proxy-after-tcp-handshake) Proxy traffic after the tcp 3-way handshake has been established (not before). type: str choices: [disable, enable]
more...
Supported Version Ranges:
v6.4.0 -> latest
- revoked_server_cert (Alias name: revoked-server-cert) Action based on server certificate is revoked. type: str choices: [allow, block, ignore]
more...
Supported Version Ranges:
v6.4.0 -> latest
- unsupported_ssl_cipher (Alias name: unsupported-ssl-cipher) Action based on the ssl cipher used being unsupported. type: str choices: [allow, block]
more...
Supported Version Ranges:
v6.4.0 -> latest
- unsupported_ssl_negotiation (Alias name: unsupported-ssl-negotiation) Action based on the ssl negotiation used being unsupported. type: str choices: [allow, block]
more...
Supported Version Ranges:
v6.4.0 -> latest
- unsupported_ssl_version (Alias name: unsupported-ssl-version) Action based on the ssl version used being unsupported. type: str choices: [block, allow, inspect]
more...
Supported Version Ranges:
v7.0.1 -> latest
- min_allowed_ssl_version (Alias name: min-allowed-ssl-version) type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3]
more...
Supported Version Ranges:
v7.0.3 -> latest
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work. - To create or update an object, use state: present directive. - To delete an object, use state: absent directive - Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure SMTPS options.
fortinet.fortimanager.fmgr_firewall_sslsshprofile_smtps:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
ssl_ssh_profile: <your own value>
firewall_sslsshprofile_smtps:
allow_invalid_server_cert: <value in [disable, enable]>
client_cert_request: <value in [bypass, inspect, block]>
ports: <list or integer>
status: <value in [disable, deep-inspection]>
unsupported_ssl: <value in [bypass, inspect, block]>
untrusted_cert: <value in [allow, block, ignore]>
invalid_server_cert: <value in [allow, block]>
sni_server_cert_check: <value in [disable, enable, strict]>
untrusted_server_cert: <value in [allow, block, ignore]>
cert_validation_failure: <value in [allow, block, ignore]>
cert_validation_timeout: <value in [allow, block, ignore]>
client_certificate: <value in [bypass, inspect, block]>
expired_server_cert: <value in [allow, block, ignore]>
proxy_after_tcp_handshake: <value in [disable, enable]>
revoked_server_cert: <value in [allow, block, ignore]>
unsupported_ssl_cipher: <value in [allow, block]>
unsupported_ssl_negotiation: <value in [allow, block]>
unsupported_ssl_version: <value in [block, allow, inspect]>
min_allowed_ssl_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
- This module is not guaranteed to have a backwards compatible interface.
- Xinwei Du (@dux-fortinet)
- Xing Li (@lix-fortinet)
- Jie Xue (@JieX19)
- Link Zheng (@chillancezen)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)