source: | fortios_firewall_access_proxy.py |
---|---|
orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and access_proxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.9
Using member operation to add an element to an existing object.
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.0.12 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_firewall_access_proxy | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_access_proxy - Configure IPv4 access proxy. type: dict
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
firewall_access_proxy yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - add_vhost_domain_to_dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
add_vhost_domain_to_dnsdb no no no no no no no no no no no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - api_gateway - Set IPv4 API Gateway. type: list member_path: api_gateway:id
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
api_gateway yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - application - SaaS application controlled by this Access Proxy. type: list member_path: api_gateway:id/application:name
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
application no no no no no no no no no no no yes yes yes yes - name - SaaS application name. type: str required: true
more...
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes - http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_domain_from_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_path yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_share yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [same-ip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
https_cookie_secure yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - API Gateway ID. see Notes. type: int required: true
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host, least-session, least-rtt
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ldb_method yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [round-robin] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [weighted] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [first-alive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [least-session] yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a [least-rtt] yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a - persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
persistence yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http-cookie] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway:id/realservers:id
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
realservers yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - addr_type - Type of address. type: str choices: ip, fqdn
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
addr_type no no yes yes yes yes yes yes yes yes yes yes yes yes yes [ip] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [fqdn] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - address - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - domain - Wildcard domain name of the real server. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
domain no no no no yes yes yes yes yes yes yes yes yes yes yes - external_auth - Enable/disable use of external browser as user-agent for SAML user authentication. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
external_auth no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
health_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
health_check_proto yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ping] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp-connect] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
holddown_interval no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_host - HTTP server domain name in HTTP header. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - Real server ID. see Notes. type: int required: true
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip - IP address of the real server. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mappedport - Port for communicating with the real server. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
mappedport yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - port - Port for communicating with the real server. type: int
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssh_client_cert no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_host_key - One or more server host key. type: list member_path: api_gateway:id/realservers:id/ssh_host_key:name
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssh_host_key no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssh_host_key_validation no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [active] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [standby] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
translate_host no no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - tunnel_encryption - Tunnel encryption. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
tunnel_encryption no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
type no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp-forwarding] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssh] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
weight yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
saml_redirect no no yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
saml_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
service yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [https] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp-forwarding] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [samlsp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [web-portal] no no no no yes yes yes yes yes yes yes yes yes yes yes [saas] no no no no no no no no no no no yes yes yes yes - ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [custom] yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a - ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway:id/ssl_cipher_suites:priority
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-MD5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - priority - SSL/TLS cipher suites priority. see Notes. type: int required: true
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_dh_bits yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [768] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1024] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1536] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2048] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3072] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [4096] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_max_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_min_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_renegotiation no no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_vpn_web_portal no no no no yes yes yes yes yes yes yes yes yes yes yes - url_map - URL pattern to match. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
url_map yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
url_map_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sub-string] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [wildcard] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [regex] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
virtual_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - api_gateway6 - Set IPv6 API Gateway. type: list member_path: api_gateway6:id
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
api_gateway6 no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - application - SaaS application controlled by this Access Proxy. type: list member_path: api_gateway6:id/application:name
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
application no no no no no no no no no no yes yes yes yes - name - SaaS application name. type: str required: true
more...
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes - http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_domain_from_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_generation yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_path yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_cookie_share - Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_cookie_share yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [same-ip] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
https_cookie_secure yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - API Gateway ID. see Notes. type: int required: true
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
id yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, first-alive, http-host
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ldb_method yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [round-robin] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [weighted] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [first-alive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
persistence yes yes yes yes yes yes yes yes yes yes yes yes yes yes [none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http-cookie] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - realservers - Select the real servers that this Access Proxy will distribute traffic to. type: list member_path: api_gateway6:id/realservers:id
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
realservers yes yes yes yes yes yes yes yes yes yes yes yes yes yes - addr_type - Type of address. type: str choices: ip, fqdn
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
addr_type no yes yes yes yes yes yes yes yes yes yes yes yes yes [ip] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [fqdn] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - address - Address or address group of the real server. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
address yes yes yes yes yes yes yes yes yes yes yes yes yes yes - domain - Wildcard domain name of the real server. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
domain no no no yes yes yes yes yes yes yes yes yes yes yes - external_auth - Enable/disable use of external browser as user-agent for SAML user authentication. type: str choices: enable, disable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
external_auth no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - health_check - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
health_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - health_check_proto - Protocol of the health check monitor to use when polling to determine server"s connectivity status. type: str choices: ping, http, tcp-connect
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
health_check_proto yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ping] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp-connect] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - holddown_interval - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). type: str choices: enable, disable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
holddown_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - http_host - HTTP server domain name in HTTP header. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - Real server ID. see Notes. type: int required: true
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
id yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip - IPv6 address of the real server. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mappedport - Port for communicating with the real server. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
mappedport yes yes yes yes yes yes yes yes yes yes yes yes yes yes - port - Port for communicating with the real server. type: int
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
port yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_client_cert - Set access-proxy SSH client certificate profile. Source firewall.access-proxy-ssh-client-cert.name. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssh_client_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_host_key - One or more server host key. type: list member_path: api_gateway6:id/realservers:id/ssh_host_key:name
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssh_host_key yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Server host key name. Source firewall.ssh.host-key.name. type: str required: true
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_host_key_validation - Enable/disable SSH real server host key validation. type: str choices: disable, enable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssh_host_key_validation yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
status yes yes yes yes yes yes yes yes yes yes yes yes yes yes [active] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [standby] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
translate_host no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - tunnel_encryption - Tunnel encryption. type: str choices: enable, disable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
tunnel_encryption no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - type - TCP forwarding server type. type: str choices: tcp-forwarding, ssh
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
type yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp-forwarding] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ssh] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
weight yes yes yes yes yes yes yes yes yes yes yes yes yes yes - saml_redirect - Enable/disable SAML redirection after successful authentication. type: str choices: disable, enable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
saml_redirect no yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - saml_server - SAML service provider configuration for VIP authentication. Source user.saml.name. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
saml_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes - service - Service. type: str choices: http, https, tcp-forwarding, samlsp, web-portal, saas
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
service yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [https] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tcp-forwarding] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [samlsp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [web-portal] no no no yes yes yes yes yes yes yes yes yes yes yes [saas] no no no no no no no no no no yes yes yes yes - ssl_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes [high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: api_gateway6:id/ssl_cipher_suites:priority
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_cipher_suites yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-128-GCM-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-AES-256-GCM-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-SEED-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-3DES-EDE-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-MD5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-RC4-128-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-DHE-DSS-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-RSA-WITH-DES-CBC-SHA] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - priority - SSL/TLS cipher suites priority. see Notes. type: int required: true
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes - versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_dh_bits yes yes yes yes yes yes yes yes yes yes yes yes yes yes [768] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1024] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1536] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2048] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3072] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [4096] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_max_version - Highest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_max_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_min_version - Lowest SSL/TLS version acceptable from a server. type: str choices: tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_min_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_renegotiation no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - ssl_vpn_web_portal - SSL-VPN web portal. Source vpn.ssl.web.portal.name. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ssl_vpn_web_portal no no no yes yes yes yes yes yes yes yes yes yes yes - url_map - URL pattern to match. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
url_map yes yes yes yes yes yes yes yes yes yes yes yes yes yes - url_map_type - Type of url-map. type: str choices: sub-string, wildcard, regex
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
url_map_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sub-string] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [wildcard] yes yes yes yes yes yes yes yes yes yes yes yes yes yes [regex] yes yes yes yes yes yes yes yes yes yes yes yes yes yes - virtual_host - Virtual host. Source firewall.access-proxy-virtual-host.name. type: str
more...
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
virtual_host yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auth_portal - Enable/disable authentication portal. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auth_portal no no no no yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - auth_virtual_host - Virtual host for authentication portal. Source firewall.access-proxy-virtual-host.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auth_virtual_host no no no no yes yes yes yes yes yes yes yes yes yes yes - client_cert - Enable/disable to request client certificate. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
client_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - decrypted_traffic_mirror - Decrypted traffic mirror. Source firewall.decrypted-traffic-mirror.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
decrypted_traffic_mirror no no yes yes yes yes yes yes yes yes yes yes yes yes yes - empty_cert_action - Action of an empty client certificate. type: str choices: accept, block, accept-unmanageable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
empty_cert_action yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [accept] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [accept-unmanageable] no no no no no no no no no no no yes yes yes yes - http_supported_max_version - Maximum supported HTTP versions. default = HTTP2 type: str choices: http1, http2
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
http_supported_max_version no no no no no no no no no no no no no yes yes [http1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [http2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - ldb_method - Method used to distribute sessions to SSL real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive
more...
v7.0.0
ldb_method yes [static] yes [round-robin] yes [weighted] yes [least-session] yes [least-rtt] yes [first-alive] yes - log_blocked_traffic - Enable/disable logging of blocked traffic. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
log_blocked_traffic no no yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Access Proxy name. type: str required: true
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - realservers - Select the SSL real servers that this Access Proxy will distribute traffic to. type: list member_path: realservers:id
more...
v7.0.0
realservers yes - id - Real server ID. see Notes. type: int required: true
more...
v7.0.0
id yes - ip - IP address of the real server. type: str
more...
v7.0.0
ip yes - port - Port for communicating with the real server. type: int
more...
v7.0.0
port yes - status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
more...
v7.0.0
status yes [active] yes [standby] yes [disable] yes - weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
more...
v7.0.0
weight yes - server_pubkey_auth - Enable/disable SSH real server public key authentication. type: str choices: disable, enable
more...
v7.0.0
server_pubkey_auth yes [disable] yes [enable] yes - server_pubkey_auth_settings - Server SSH public key authentication settings. type: dict
more...
v7.0.0
server_pubkey_auth_settings yes - auth_ca - Name of the SSH server public key authentication CA. Source firewall.ssh.local-ca.name. type: str
more...
v7.0.0
auth_ca yes - cert_extension - Configure certificate extension for user certificate. type: list member_path: server_pubkey_auth_settings/cert_extension:name
more...
v7.0.0
cert_extension yes - critical - Critical option. type: str choices: no, yes
more...
v7.0.0
critical yes [no] yes [yes] yes - data - Name of certificate extension. type: str
more...
v7.0.0
data yes - name - Name of certificate extension. type: str required: true
more...
v7.0.0
name yes - type - Type of certificate extension. type: str choices: fixed, user
more...
v7.0.0
type yes [fixed] yes [user] yes - permit_agent_forwarding - Enable/disable appending permit-agent-forwarding certificate extension. type: str choices: enable, disable
more...
v7.0.0
permit_agent_forwarding yes [enable] yes [disable] yes - permit_port_forwarding - Enable/disable appending permit-port-forwarding certificate extension. type: str choices: enable, disable
more...
v7.0.0
permit_port_forwarding yes [enable] yes [disable] yes - permit_pty - Enable/disable appending permit-pty certificate extension. type: str choices: enable, disable
more...
v7.0.0
permit_pty yes [enable] yes [disable] yes - permit_user_rc - Enable/disable appending permit-user-rc certificate extension. type: str choices: enable, disable
more...
v7.0.0
permit_user_rc yes [enable] yes [disable] yes - permit_x11_forwarding - Enable/disable appending permit-x11-forwarding certificate extension. type: str choices: enable, disable
more...
v7.0.0
permit_x11_forwarding yes [enable] yes [disable] yes - source_address - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. type: str choices: enable, disable
more...
v7.0.0
source_address yes [enable] yes [disable] yes - svr_pool_multiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. type: str choices: enable, disable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
svr_pool_multiplex no no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - svr_pool_server_max_request - Maximum number of requests that servers in server pool handle before disconnecting . type: int
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
svr_pool_server_max_request no no no no no no no no no no no no no yes yes - svr_pool_ttl - Time-to-live in the server pool for idle connections to servers. type: int
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
svr_pool_ttl no no no no no no no no no no no no no yes yes - user_agent_detect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. type: str choices: disable, enable
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
user_agent_detect no no no no no no no no no no no yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - vip - Virtual IP name. Source firewall.vip.name. type: str
more...
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
vip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 access proxy.
fortios_firewall_access_proxy:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_access_proxy:
add_vhost_domain_to_dnsdb: "enable"
api_gateway:
-
application:
-
name: "default_name_6"
http_cookie_age: "60"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "0"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
https_cookie_secure: "disable"
id: "14"
ldb_method: "static"
persistence: "none"
realservers:
-
addr_type: "ip"
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
domain: "<your_own_value>"
external_auth: "enable"
health_check: "disable"
health_check_proto: "ping"
holddown_interval: "enable"
http_host: "myhostname"
id: "26"
ip: "<your_own_value>"
mappedport: "<your_own_value>"
port: "443"
ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
ssh_host_key:
-
name: "default_name_32 (source firewall.ssh.host-key.name)"
ssh_host_key_validation: "disable"
status: "active"
translate_host: "enable"
tunnel_encryption: "enable"
type: "tcp-forwarding"
weight: "1"
saml_redirect: "disable"
saml_server: "<your_own_value> (source user.saml.name)"
service: "http"
ssl_algorithm: "high"
ssl_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "<you_own_value>"
versions: "tls-1.0"
ssl_dh_bits: "768"
ssl_max_version: "tls-1.0"
ssl_min_version: "tls-1.0"
ssl_renegotiation: "enable"
ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
url_map: "<your_own_value>"
url_map_type: "sub-string"
virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
api_gateway6:
-
application:
-
name: "default_name_57"
http_cookie_age: "60"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "0"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
https_cookie_secure: "disable"
id: "65"
ldb_method: "static"
persistence: "none"
realservers:
-
addr_type: "ip"
address: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
domain: "<your_own_value>"
external_auth: "enable"
health_check: "disable"
health_check_proto: "ping"
holddown_interval: "enable"
http_host: "myhostname"
id: "77"
ip: "<your_own_value>"
mappedport: "<your_own_value>"
port: "443"
ssh_client_cert: "<your_own_value> (source firewall.access-proxy-ssh-client-cert.name)"
ssh_host_key:
-
name: "default_name_83 (source firewall.ssh.host-key.name)"
ssh_host_key_validation: "disable"
status: "active"
translate_host: "enable"
tunnel_encryption: "enable"
type: "tcp-forwarding"
weight: "1"
saml_redirect: "disable"
saml_server: "<your_own_value> (source user.saml.name)"
service: "http"
ssl_algorithm: "high"
ssl_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "<you_own_value>"
versions: "tls-1.0"
ssl_dh_bits: "768"
ssl_max_version: "tls-1.0"
ssl_min_version: "tls-1.0"
ssl_renegotiation: "enable"
ssl_vpn_web_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
url_map: "<your_own_value>"
url_map_type: "sub-string"
virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
auth_portal: "disable"
auth_virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)"
client_cert: "disable"
decrypted_traffic_mirror: "<your_own_value> (source firewall.decrypted-traffic-mirror.name)"
empty_cert_action: "accept"
http_supported_max_version: "http1"
ldb_method: "static"
log_blocked_traffic: "enable"
name: "default_name_114"
realservers:
-
id: "116"
ip: "<your_own_value>"
port: "0"
status: "active"
weight: "1"
server_pubkey_auth: "disable"
server_pubkey_auth_settings:
auth_ca: "<your_own_value> (source firewall.ssh.local-ca.name)"
cert_extension:
-
critical: "no"
data: "<your_own_value>"
name: "default_name_127"
type: "fixed"
permit_agent_forwarding: "enable"
permit_port_forwarding: "enable"
permit_pty: "enable"
permit_user_rc: "enable"
permit_x11_forwarding: "enable"
source_address: "enable"
svr_pool_multiplex: "enable"
svr_pool_server_max_request: "0"
svr_pool_ttl: "15"
user_agent_detect: "disable"
vip: "<your_own_value> (source firewall.vip.name)"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.