source:	fortios_firewall_access_proxy.py
orphan:

fortios_firewall_access_proxy -- Configure IPv4 access proxy in Fortinet's FortiOS and FortiGate.

.. versionadded:: 2.0.0

Synopsis
Requirements
Tips
FortiOS Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9

Tips

Using member operation to add an element to an existing object.

FortiOS Version Compatibility

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

fortios_firewall_access_proxy yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

Parameters

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent

firewall_access_proxy - Configure IPv4 access proxy. type: dict more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

firewall_access_proxy yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

add_vhost_domain_to_dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

add_vhost_domain_to_dnsdb no no no no no no no no no no no yes yes yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes

api_gateway - Set IPv4 API Gateway. type: list member_path: api_gateway:id more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

api_gateway yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

application - SaaS application controlled by this Access Proxy. type: list member_path: api_gateway:id/application:name more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

application no no no no no no no no no no no yes yes yes yes

name - SaaS application name. type: str required: true more...

v7.2.1 v7.2.2 v7.2.4 v7.4.0

name yes yes yes yes

http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_domain_from_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_path yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_share yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[same-ip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

https_cookie_secure yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

id - API Gateway ID. see Notes. type: int required: true more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host, least-session, least-rtt more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ldb_method yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[round-robin] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[weighted] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[first-alive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[least-session] yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a

[least-rtt] yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a

persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

persistence yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http-cookie] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway:id/realservers:id more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

realservers yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

addr_type - Type of address. type: str choices: ip, fqdn more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

addr_type no no yes yes yes yes yes yes yes yes yes yes yes yes yes

[ip] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

[fqdn] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

address - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
domain - Wildcard domain name of the real server. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

domain no no no no yes yes yes yes yes yes yes yes yes yes yes

external_auth - Enable/disable use of external browser as user-agent for SAML user authentication. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

external_auth no no no no no no no no no no no no no no yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

health_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

health_check_proto yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[ping] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tcp-connect] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

holddown_interval no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_host - HTTP server domain name in HTTP header. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
id - Real server ID. see Notes. type: int required: true more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
ip - IP address of the real server. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
mappedport - Port for communicating with the real server. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

mappedport yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
port - Port for communicating with the real server. type: int more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssh_client_cert no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssh_host_key - One or more server host key. type: list member_path: api_gateway:id/realservers:id/ssh_host_key:name more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssh_host_key no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

name yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssh_host_key_validation no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes

status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[active] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[standby] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

translate_host no no no no no no no no no no no no no yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

tunnel_encryption - Tunnel encryption. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tunnel_encryption no no no no no no no no no no no no no no yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

type no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tcp-forwarding] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[ssh] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes

weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

weight yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

saml_redirect no no yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

saml_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

service yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[https] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tcp-forwarding] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[samlsp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[web-portal] no no no no yes yes yes yes yes yes yes yes yes yes yes

[saas] no no no no no no no no no no no yes yes yes yes

ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[custom] yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a

ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway:id/ssl_cipher_suites:priority more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-RC4-128-MD5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

priority - SSL/TLS cipher suites priority. see Notes. type: int required: true more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_dh_bits yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[768] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[1024] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[1536] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[2048] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[3072] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[4096] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_max_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_min_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_renegotiation no no no no no no no no no no no no no yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_vpn_web_portal no no no no yes yes yes yes yes yes yes yes yes yes yes

url_map - URL pattern to match. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

url_map yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

url_map_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[sub-string] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[wildcard] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[regex] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

virtual_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

api_gateway6 - Set IPv6 API Gateway. type: list member_path: api_gateway6:id more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

api_gateway6 no yes yes yes yes yes yes yes yes yes yes yes yes yes yes

application - SaaS application controlled by this Access Proxy. type: list member_path: api_gateway6:id/application:name more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

application no no no no no no no no no no yes yes yes yes

name - SaaS application name. type: str required: true more...

v7.2.1 v7.2.2 v7.2.4 v7.4.0

name yes yes yes yes

http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes
http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_domain_from_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes yes yes yes
http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_path yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_cookie_share yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[same-ip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

https_cookie_secure yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

id - API Gateway ID. see Notes. type: int required: true more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

id yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ldb_method yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[round-robin] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[weighted] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[first-alive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

persistence yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http-cookie] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway6:id/realservers:id more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

realservers yes yes yes yes yes yes yes yes yes yes yes yes yes yes

addr_type - Type of address. type: str choices: ip, fqdn more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

addr_type no yes yes yes yes yes yes yes yes yes yes yes yes yes

[ip] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

[fqdn] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

address - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

address yes yes yes yes yes yes yes yes yes yes yes yes yes yes
domain - Wildcard domain name of the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

domain no no no yes yes yes yes yes yes yes yes yes yes yes

external_auth - Enable/disable use of external browser as user-agent for SAML user authentication. type: str choices: enable, disable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

external_auth no no no no no no no no no no no no no yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

health_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

health_check_proto yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[ping] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tcp-connect] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

holddown_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

http_host - HTTP server domain name in HTTP header. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes
id - Real server ID. see Notes. type: int required: true more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

id yes yes yes yes yes yes yes yes yes yes yes yes yes yes
ip - IPv6 address of the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes
mappedport - Port for communicating with the real server. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

mappedport yes yes yes yes yes yes yes yes yes yes yes yes yes yes
port - Port for communicating with the real server. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

port yes yes yes yes yes yes yes yes yes yes yes yes yes yes
ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssh_client_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes
ssh_host_key - One or more server host key. type: list member_path: api_gateway6:id/realservers:id/ssh_host_key:name more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssh_host_key yes yes yes yes yes yes yes yes yes yes yes yes yes yes

name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

name yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssh_host_key_validation yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

status yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[active] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[standby] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

translate_host no no no no no no no no no no no no yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

tunnel_encryption - Tunnel encryption. type: str choices: enable, disable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tunnel_encryption no no no no no no no no no no no no no yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes

type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

type yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tcp-forwarding] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[ssh] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

weight yes yes yes yes yes yes yes yes yes yes yes yes yes yes

saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

saml_redirect no yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

saml_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes

service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

service yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[https] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tcp-forwarding] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[samlsp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[web-portal] no no no yes yes yes yes yes yes yes yes yes yes yes

[saas] no no no no no no no no no no yes yes yes yes

ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway6:id/ssl_cipher_suites:priority more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes yes yes yes

cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-RC4-128-MD5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-DHE-DSS-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[TLS-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

priority - SSL/TLS cipher suites priority. see Notes. type: int required: true more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes

versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096 more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_dh_bits yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[768] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[1024] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[1536] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[2048] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[3072] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[4096] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_max_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_min_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ssl_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_renegotiation no no no no no no no no no no no no yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ssl_vpn_web_portal no no no yes yes yes yes yes yes yes yes yes yes yes
url_map - URL pattern to match. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

url_map yes yes yes yes yes yes yes yes yes yes yes yes yes yes

url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

url_map_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[sub-string] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[wildcard] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[regex] yes yes yes yes yes yes yes yes yes yes yes yes yes yes

virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str more...

v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

virtual_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes

auth_portal - Enable/disable authentication portal. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

auth_portal no no no no yes yes yes yes yes yes yes yes yes yes yes

[disable] n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes

[enable] n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes

auth_virtual_host - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

auth_virtual_host no no no no yes yes yes yes yes yes yes yes yes yes yes

client_cert - Enable/disable to request client certificate. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

client_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

decrypted_traffic_mirror no no yes yes yes yes yes yes yes yes yes yes yes yes yes

empty_cert_action - Action of an empty client certificate. type: str choices: accept, block, accept-unmanageable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

empty_cert_action yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[accept] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[accept-unmanageable] no no no no no no no no no no no yes yes yes yes

http_supported_max_version - Maximum supported HTTP versions. default = HTTP2 type: str choices: http1, http2 more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

http_supported_max_version no no no no no no no no no no no no no yes yes

[http1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

[http2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

ldb_method - Method used to distribute sessions to SSL real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive more...

v7.0.0

ldb_method yes

[static] yes

[round-robin] yes

[weighted] yes

[least-session] yes

[least-rtt] yes

[first-alive] yes

log_blocked_traffic - Enable/disable logging of blocked traffic. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

log_blocked_traffic no no yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes

name - Access Proxy name. type: str required: true more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
realservers - Select the SSL real servers that this Access Proxy will distribute traffic to. type: list member_path: realservers:id more...

v7.0.0

realservers yes

id - Real server ID. see Notes. type: int required: true more...

v7.0.0

id yes
ip - IP address of the real server. type: str more...

v7.0.0

ip yes
port - Port for communicating with the real server. type: int more...

v7.0.0

port yes
status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable more...

v7.0.0

status yes

[active] yes

[standby] yes

[disable] yes
weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int more...

v7.0.0

weight yes

server_pubkey_auth - Enable/disable SSH real server public key authentication. type: str choices: disable, enable more...

v7.0.0

server_pubkey_auth yes

[disable] yes

[enable] yes
server_pubkey_auth_settings - Server SSH public key authentication settings. type: dict more...

v7.0.0

server_pubkey_auth_settings yes

auth_ca - Name of the SSH server public key authentication CA. Source firewall.ssh.local-ca.name. type: str more...

v7.0.0

auth_ca yes
cert_extension - Configure certificate extension for user certificate. type: list member_path: server_pubkey_auth_settings/cert_extension:name more...

v7.0.0

cert_extension yes

critical - Critical option. type: str choices: no, yes more...

v7.0.0

critical yes

[no] yes

[yes] yes
data - Name of certificate extension. type: str more...

v7.0.0

data yes
name - Name of certificate extension. type: str required: true more...

v7.0.0

name yes
type - Type of certificate extension. type: str choices: fixed, user more...

v7.0.0

type yes

[fixed] yes

[user] yes

permit_agent_forwarding - Enable/disable appending permit-agent-forwarding certificate extension. type: str choices: enable, disable more...

v7.0.0

permit_agent_forwarding yes

[enable] yes

[disable] yes
permit_port_forwarding - Enable/disable appending permit-port-forwarding certificate extension. type: str choices: enable, disable more...

v7.0.0

permit_port_forwarding yes

[enable] yes

[disable] yes
permit_pty - Enable/disable appending permit-pty certificate extension. type: str choices: enable, disable more...

v7.0.0

permit_pty yes

[enable] yes

[disable] yes
permit_user_rc - Enable/disable appending permit-user-rc certificate extension. type: str choices: enable, disable more...

v7.0.0

permit_user_rc yes

[enable] yes

[disable] yes
permit_x11_forwarding - Enable/disable appending permit-x11-forwarding certificate extension. type: str choices: enable, disable more...

v7.0.0

permit_x11_forwarding yes

[enable] yes

[disable] yes
source_address - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. type: str choices: enable, disable more...

v7.0.0

source_address yes

[enable] yes

[disable] yes

svr_pool_multiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. type: str choices: enable, disable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

svr_pool_multiplex no no no no no no no no no no no no no yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes

svr_pool_server_max_request - Maximum number of requests that servers in server pool handle before disconnecting . type: int more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

svr_pool_server_max_request no no no no no no no no no no no no no yes yes

svr_pool_ttl - Time-to-live in the server pool for idle connections to servers. type: int more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

svr_pool_ttl no no no no no no no no no no no no no yes yes

user_agent_detect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str choices: disable, enable more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

user_agent_detect no no no no no no no no no no no yes yes yes yes

[disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes

[enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes

vip - Virtual IP name. Source firewall.vip.name. type: str more...

v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

vip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure IPv4 access proxy.
    fortios_firewall_access_proxy:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      firewall_access_proxy:
        add_vhost_domain_to_dnsdb: "enable"
        api_gateway:
         -
            application:
             -
                name: "default_name_6"
            http_cookie_age: "60"
            http_cookie_domain: "<your_own_value>"
            http_cookie_domain_from_host: "disable"
            http_cookie_generation: "0"
            http_cookie_path: "<your_own_value>"
            http_cookie_share: "disable"
            https_cookie_secure: "disable"
            id:  "14"
            ldb_method: "static"
            persistence: "none"
            realservers:
             -
                addr_type: "ip"
                address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
                domain: "<your_own_value>"
                external_auth: "enable"
                health_check: "disable"
                health_check_proto: "ping"
                holddown_interval: "enable"
                http_host: "myhostname"
                id:  "26"
                ip: "<your_own_value>"
                mappedport: "<your_own_value>"
                port: "443"
                ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
                ssh_host_key:
                 -
                    name: "default_name_32 (source firewall.ssh.host-key.name)"
                ssh_host_key_validation: "disable"
                status: "active"
                translate_host: "enable"
                tunnel_encryption: "enable"
                type: "tcp-forwarding"
                weight: "1"
            saml_redirect: "disable"
            saml_server: "<your_own_value> (source user.saml.name)"
            service: "http"
            ssl_algorithm: "high"
            ssl_cipher_suites:
             -
                cipher: "TLS-AES-128-GCM-SHA256"
                priority: "<you_own_value>"
                versions: "tls-1.0"
            ssl_dh_bits: "768"
            ssl_max_version: "tls-1.0"
            ssl_min_version: "tls-1.0"
            ssl_renegotiation: "enable"
            ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
            url_map: "<your_own_value>"
            url_map_type: "sub-string"
            virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
        api_gateway6:
         -
            application:
             -
                name: "default_name_57"
            http_cookie_age: "60"
            http_cookie_domain: "<your_own_value>"
            http_cookie_domain_from_host: "disable"
            http_cookie_generation: "0"
            http_cookie_path: "<your_own_value>"
            http_cookie_share: "disable"
            https_cookie_secure: "disable"
            id:  "65"
            ldb_method: "static"
            persistence: "none"
            realservers:
             -
                addr_type: "ip"
                address: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
                domain: "<your_own_value>"
                external_auth: "enable"
                health_check: "disable"
                health_check_proto: "ping"
                holddown_interval: "enable"
                http_host: "myhostname"
                id:  "77"
                ip: "<your_own_value>"
                mappedport: "<your_own_value>"
                port: "443"
                ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
                ssh_host_key:
                 -
                    name: "default_name_83 (source firewall.ssh.host-key.name)"
                ssh_host_key_validation: "disable"
                status: "active"
                translate_host: "enable"
                tunnel_encryption: "enable"
                type: "tcp-forwarding"
                weight: "1"
            saml_redirect: "disable"
            saml_server: "<your_own_value> (source user.saml.name)"
            service: "http"
            ssl_algorithm: "high"
            ssl_cipher_suites:
             -
                cipher: "TLS-AES-128-GCM-SHA256"
                priority: "<you_own_value>"
                versions: "tls-1.0"
            ssl_dh_bits: "768"
            ssl_max_version: "tls-1.0"
            ssl_min_version: "tls-1.0"
            ssl_renegotiation: "enable"
            ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
            url_map: "<your_own_value>"
            url_map_type: "sub-string"
            virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
        auth_portal: "disable"
        auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
        client_cert: "disable"
        decrypted_traffic_mirror: "<your_own_value> (source firewall.decrypted-traffic-mirror.name)"
        empty_cert_action: "accept"
        http_supported_max_version: "http1"
        ldb_method: "static"
        log_blocked_traffic: "enable"
        name: "default_name_114"
        realservers:
         -
            id:  "116"
            ip: "<your_own_value>"
            port: "0"
            status: "active"
            weight: "1"
        server_pubkey_auth: "disable"
        server_pubkey_auth_settings:
            auth_ca: "<your_own_value> (source firewall.ssh.local-ca.name)"
            cert_extension:
             -
                critical: "no"
                data: "<your_own_value>"
                name: "default_name_127"
                type: "fixed"
            permit_agent_forwarding: "enable"
            permit_port_forwarding: "enable"
            permit_pty: "enable"
            permit_user_rc: "enable"
            permit_x11_forwarding: "enable"
            source_address: "enable"
        svr_pool_multiplex: "enable"
        svr_pool_server_max_request: "0"
        svr_pool_ttl: "15"
        user_agent_detect: "disable"
        vip: "<your_own_value> (source firewall.vip.name)"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

This module is not guaranteed to have a backwards compatible interface.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fortios_firewall_access_proxy.rst

fortios_firewall_access_proxy.rst

fortios_firewall_access_proxy -- Configure IPv4 access proxy in Fortinet's FortiOS and FortiGate.

Synopsis

Requirements

Tips

FortiOS Version Compatibility

Parameters

Notes

Examples

Return Values

Status

Authors

	`v7.0.0`
ldb_method	yes
[static]	yes
[round-robin]	yes
[weighted]	yes
[least-session]	yes
[least-rtt]	yes
[first-alive]	yes

Files

fortios_firewall_access_proxy.rst

Latest commit

History

fortios_firewall_access_proxy.rst

File metadata and controls

fortios_firewall_access_proxy -- Configure IPv4 access proxy in Fortinet's FortiOS and FortiGate.