| source: | fortios_firewall_vip.py |
|---|---|
| orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.9
Using member operation to add an element to an existing object.
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.0.12 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
| fortios_firewall_vip | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_vip - Configure virtual IP for IPv4. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0firewall_vip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - add_nat46_route - Enable/disable adding NAT46 route. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0add_nat46_route no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - arp_reply - Enable to respond to ARP requests for this virtual IP address. Enabled by default. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0arp_reply yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - color - Color of icon on the GUI. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0color yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - comment - Comment. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0comment yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dns_mapping_ttl - DNS mapping TTL (Set to zero to use TTL in DNS response). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dns_mapping_ttl yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - extaddr - External FQDN address name. type: list member_path: extaddr:name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0extaddr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. Source system .interface.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0extintf yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0extip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0extport yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gratuitous_arp_interval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gratuitous_arp_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_cookie_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_cookie_domain_from_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_cookie_path yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_share - Control sharing of cookies across virtual servers. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_cookie_share yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [same-ip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_ip_header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_ip_header yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_ip_header_name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_ip_header_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_multiplex - Enable/disable HTTP multiplexing. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_multiplex yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_multiplex_max_request - Maximum number of requests that a multiplex server can handle before disconnecting sessions . type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_multiplex_max_request no no no no no no no no no no no no no no no no no no no no no no no yes yes - http_multiplex_ttl - Time-to-live for idle connections to servers. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_multiplex_ttl no no no no no no no no no no no no no no no no no no no no no no no yes yes - http_redirect - Enable/disable redirection of HTTP to HTTPS. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_redirect no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_supported_max_version - Maximum supported HTTP versions. default = HTTP2 type: str choices: http1, http2
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_supported_max_version no no no no no no no no no no no no no no no no no no no no no no no yes yes [http1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [http2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0https_cookie_secure yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - Custom defined ID. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_mappedip - Range of mapped IPv6 addresses. Specify the start IPv6 address followed by a space and the end IPv6 address. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_mappedip no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_mappedport - IPv6 port number range on the destination network to which the external port number range is mapped. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_mappedport no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ldb_method yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [round-robin] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [weighted] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [least-session] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [least-rtt] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [first-alive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mapped_addr - Mapped FQDN address name. Source firewall.address.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mapped_addr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mappedip - IP address or address range on the destination network to which the external IP address is mapped. type: list member_path: mappedip:range
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mappedip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - range - Mapped IP range. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mappedport yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - max_embryonic_connections - Maximum number of incomplete connections. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0max_embryonic_connections yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. type: list member_path: monitor:name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Virtual IP name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - nat_source_vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0nat_source_vip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - nat44 - Enable/disable NAT44. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0nat44 no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - nat46 - Enable/disable NAT46. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0nat46 no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - outlook_web_access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0outlook_web_access yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie, ssl-session-id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0persistence yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http-cookie] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-session-id] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - portforward - Enable/disable port forwarding. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0portforward yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - portmapping_type - Port mapping type. type: str choices: 1-to-1, m-to-n
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0portmapping_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1-to-1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [m-to-n] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - protocol - Protocol to use when forwarding packets. type: str choices: tcp, udp, sctp, icmp
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0protocol yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [udp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sctp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [icmp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - realservers - Select the real servers that this server load balancing VIP will distribute traffic to. type: list member_path: realservers:id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0realservers yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - address - Dynamic address of the real server. Source firewall.address.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0address no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_ip - Only clients in this IP range can connect to this real server. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable, vip
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0healthcheck yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [vip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - holddown_interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0holddown_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_host - HTTP server domain name in HTTP header. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0http_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - Real server ID. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip - IP address of the real server. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - max_connections - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0max_connections yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall .ldb-monitor.name. type: list member_path: realservers:id/monitor:name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - port - Port for communicating with the real server. Required if port forwarding is enabled. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [active] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [standby] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0translate_host no no no no no no no no no no no no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - type - Type of address. type: str choices: ip, address
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0type no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ip] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [address] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0weight yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - server_type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip, ssh
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0server_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [https] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [imaps] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pop3s] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [smtps] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [udp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssh] no no no no no no no no no no yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a - service - Service name. type: list member_path: service:name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0service yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - src_filter - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. type: list member_path: src_filter:range
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0src_filter yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - range - Source-filter range. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - srcintf_filter - Interfaces to which the VIP applies. Separate the names with spaces. type: list member_path: srcintf_filter:interface_name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0srcintf_filter yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - interface_name - Interface name. Source system.interface.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0interface_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_accept_ffdhe_groups - Enable/disable FFDHE cipher suite for SSL key exchange. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_accept_ffdhe_groups no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - ssl_algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: high, medium, low, custom
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [custom] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_certificate - The name of the certificate to use for SSL handshake. Source vpn.certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_certificate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_cipher_suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. type: list member_path: ssl_cipher_suites:priority
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-GCM-SHA256] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-256-GCM-SHA384] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-CHACHA20-POLY1305-SHA256] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-MD5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - priority - SSL/TLS cipher suites priority. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_client_fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_client_fallback yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_client_rekey_count - Maximum length of data in MB before triggering a client rekey (0 = disable). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_client_rekey_count no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_client_renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: allow, deny, secure
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_client_renegotiation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deny] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [secure] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_client_session_state_max - Maximum number of client to FortiGate SSL session states to keep. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_client_session_state_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_client_session_state_timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_client_session_state_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_client_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: disable, time, count, both
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_client_session_state_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [time] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [count] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [both] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_dh_bits yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [768] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1024] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1536] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2048] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3072] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [4096] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hpkp - Enable/disable including HPKP header in response. type: str choices: disable, enable, report-only
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hpkp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [report-only] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hpkp_age - Number of seconds the client should honor the HPKP setting. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hpkp_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hpkp_backup - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hpkp_backup yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hpkp_include_subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hpkp_include_subdomains yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hpkp_primary - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hpkp_primary yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hpkp_report_uri - URL to report HPKP violations to. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hpkp_report_uri yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hsts - Enable/disable including HSTS header in response. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hsts yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hsts_age - Number of seconds the client should honor the HSTS setting. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hsts_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_hsts_include_subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_hsts_include_subdomains yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_http_location_conversion - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_http_location_conversion yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_http_match_host - Enable/disable HTTP host matching for location conversion. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_http_match_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_max_version - Highest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_max_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_min_version - Lowest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_min_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: half, full
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [half] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [full] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. type: str choices: require, deny, allow
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_pfs yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [require] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deny] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_send_empty_frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_send_empty_frags yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom, client
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [custom] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [client] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: ssl_server_cipher_suites:priority
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_cipher_suites yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-GCM-SHA256] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-256-GCM-SHA384] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-CHACHA20-POLY1305-SHA256] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-MD5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - priority - SSL/TLS cipher suites priority. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_max_version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_max_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [client] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_min_version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_min_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [client] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_renegotiation no no no no no no no no no no no no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - ssl_server_session_state_max - Maximum number of FortiGate to Server SSL session states to keep. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_session_state_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_session_state_timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_session_state_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: disable, time, count, both
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_session_state_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [time] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [count] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [both] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Enable/disable VIP. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - type - Configure a static NAT, load balance, server load balance, access proxy, DNS translation, or FQDN VIP. type: str choices: static-nat, load-balance, server-load-balance, dns-translation, fqdn, access-proxy
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static-nat] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [load-balance] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [server-load-balance] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dns-translation] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [fqdn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [access-proxy] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0uuid yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - weblogic_server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0weblogic_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - websphere_server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0websphere_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual IP for IPv4.
fortios_firewall_vip:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_vip:
add_nat46_route: "disable"
arp_reply: "disable"
color: "0"
comment: "Comment."
dns_mapping_ttl: "0"
extaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
extintf: "<your_own_value> (source system.interface.name)"
extip: "<your_own_value>"
extport: "<your_own_value>"
gratuitous_arp_interval: "0"
http_cookie_age: "60"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "0"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
http_ip_header: "enable"
http_ip_header_name: "<your_own_value>"
http_multiplex: "enable"
http_multiplex_max_request: "0"
http_multiplex_ttl: "15"
http_redirect: "enable"
http_supported_max_version: "http1"
https_cookie_secure: "disable"
id: "28"
ipv6_mappedip: "<your_own_value>"
ipv6_mappedport: "<your_own_value>"
ldb_method: "static"
mapped_addr: "<your_own_value> (source firewall.address.name)"
mappedip:
-
range: "<your_own_value>"
mappedport: "<your_own_value>"
max_embryonic_connections: "1000"
monitor:
-
name: "default_name_38 (source firewall.ldb-monitor.name)"
name: "default_name_39"
nat_source_vip: "disable"
nat44: "disable"
nat46: "disable"
outlook_web_access: "disable"
persistence: "none"
portforward: "disable"
portmapping_type: "1-to-1"
protocol: "tcp"
realservers:
-
address: "<your_own_value> (source firewall.address.name)"
client_ip: "<your_own_value>"
healthcheck: "disable"
holddown_interval: "300"
http_host: "myhostname"
id: "54"
ip: "<your_own_value>"
max_connections: "0"
monitor:
-
name: "default_name_58 (source firewall.ldb-monitor.name)"
port: "0"
status: "active"
translate_host: "enable"
type: "ip"
weight: "1"
server_type: "http"
service:
-
name: "default_name_66 (source firewall.service.custom.name firewall.service.group.name)"
src_filter:
-
range: "<your_own_value>"
srcintf_filter:
-
interface_name: "<your_own_value> (source system.interface.name)"
ssl_accept_ffdhe_groups: "enable"
ssl_algorithm: "high"
ssl_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "0"
versions: "ssl-3.0"
ssl_client_fallback: "disable"
ssl_client_rekey_count: "0"
ssl_client_renegotiation: "allow"
ssl_client_session_state_max: "1000"
ssl_client_session_state_timeout: "30"
ssl_client_session_state_type: "disable"
ssl_dh_bits: "768"
ssl_hpkp: "disable"
ssl_hpkp_age: "5184000"
ssl_hpkp_backup: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_include_subdomains: "disable"
ssl_hpkp_primary: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_report_uri: "<your_own_value>"
ssl_hsts: "disable"
ssl_hsts_age: "5184000"
ssl_hsts_include_subdomains: "disable"
ssl_http_location_conversion: "enable"
ssl_http_match_host: "enable"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "half"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_algorithm: "high"
ssl_server_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "0"
versions: "ssl-3.0"
ssl_server_max_version: "ssl-3.0"
ssl_server_min_version: "ssl-3.0"
ssl_server_renegotiation: "enable"
ssl_server_session_state_max: "100"
ssl_server_session_state_timeout: "60"
ssl_server_session_state_type: "disable"
status: "disable"
type: "static-nat"
uuid: "<your_own_value>"
weblogic_server: "disable"
websphere_server: "disable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.