source: | fortios_firewall_vip6.py |
---|---|
orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.14
Using member operation to add an element to an existing object.
Supported Version Ranges | |
fortios_firewall_vip6 | v6.0.0 -> latest |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_vip6 - Configure virtual IP for IPv6. type: dict
more...
Supported Version Ranges firewall_vip6 v6.0.0 -> latest
- add_nat64_route - Enable/disable adding NAT64 route. type: str choices: disable, enable
more...
Supported Version Ranges add_nat64_route v7.0.1 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- arp_reply - Enable to respond to ARP requests for this virtual IP address. Enabled by default. type: str choices: disable, enable
more...
Supported Version Ranges arp_reply v6.0.0 -> v7.0.7
v7.2.0 -> v7.2.2
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- color - Color of icon on the GUI. type: int
more...
Supported Version Ranges color v6.0.0 -> latest
- comment - Comment. type: str
more...
Supported Version Ranges comment v6.0.0 -> latest
- embedded_ipv4_address - Enable/disable use of the lower 32 bits of the external IPv6 address as mapped IPv4 address. type: str choices: disable, enable
more...
Supported Version Ranges embedded_ipv4_address v7.0.1 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- extip - IPv6 address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
more...
Supported Version Ranges extip v6.0.0 -> latest
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
more...
Supported Version Ranges extport v6.0.0 -> latest
- http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. type: int
more...
Supported Version Ranges http_cookie_age v6.0.0 -> latest
- http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str
more...
Supported Version Ranges http_cookie_domain v6.0.0 -> latest
- http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable
more...
Supported Version Ranges http_cookie_domain_from_host v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int
more...
Supported Version Ranges http_cookie_generation v6.0.0 -> latest
- http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str
more...
Supported Version Ranges http_cookie_path v6.0.0 -> latest
- http_cookie_share - Control sharing of cookies across virtual servers. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip
more...
Supported Version Ranges http_cookie_share v6.0.0 -> latest
[disable] v6.0.0 -> latest
[same-ip] v6.0.0 -> latest
- http_ip_header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: enable, disable
more...
Supported Version Ranges http_ip_header v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- http_ip_header_name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. type: str
more...
Supported Version Ranges http_ip_header_name v6.0.0 -> latest
- http_multiplex - Enable/disable HTTP multiplexing. type: str choices: enable, disable
more...
Supported Version Ranges http_multiplex v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- http_redirect - Enable/disable redirection of HTTP to HTTPS. type: str choices: enable, disable
more...
Supported Version Ranges http_redirect v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable
more...
Supported Version Ranges https_cookie_secure v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- id - Custom defined ID. type: int
more...
Supported Version Ranges id v6.0.0 -> latest
- ipv4_mappedip - Range of mapped IP addresses. Specify the start IP address followed by a space and the end IP address. type: str
more...
Supported Version Ranges ipv4_mappedip v7.0.1 -> latest
- ipv4_mappedport - IPv4 port number range on the destination network to which the external port number range is mapped. type: str
more...
Supported Version Ranges ipv4_mappedport v7.0.1 -> latest
- ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host
more...
Supported Version Ranges ldb_method v6.0.0 -> latest
[static] v6.0.0 -> latest
[round-robin] v6.0.0 -> latest
[weighted] v6.0.0 -> latest
[least-session] v6.0.0 -> latest
[least-rtt] v6.0.0 -> latest
[first-alive] v6.0.0 -> latest
[http-host] v6.0.0 -> latest
- mappedip - Mapped IPv6 address range in the format startIP-endIP. type: str
more...
Supported Version Ranges mappedip v6.0.0 -> latest
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
more...
Supported Version Ranges mappedport v6.0.0 -> latest
- max_embryonic_connections - Maximum number of incomplete connections. type: int
more...
Supported Version Ranges max_embryonic_connections v6.0.0 -> latest
- monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. type: list member_path: monitor:name
more...
Supported Version Ranges monitor v6.0.0 -> latest
- name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- name - Virtual ip6 name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- nat_source_vip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. type: str choices: disable, enable
more...
Supported Version Ranges nat_source_vip v6.4.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- nat64 - Enable/disable DNAT64. type: str choices: disable, enable
more...
Supported Version Ranges nat64 v7.0.1 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- nat66 - Enable/disable DNAT66. type: str choices: disable, enable
more...
Supported Version Ranges nat66 v7.0.1 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- ndp_reply - Enable/disable this FortiGate unit"s ability to respond to NDP requests for this virtual IP address . type: str choices: disable, enable
more...
Supported Version Ranges ndp_reply v7.0.8 -> v7.0.12
v7.2.4 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- outlook_web_access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: disable, enable
more...
Supported Version Ranges outlook_web_access v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie, ssl-session-id
more...
Supported Version Ranges persistence v6.0.0 -> latest
[none] v6.0.0 -> latest
[http-cookie] v6.0.0 -> latest
[ssl-session-id] v6.0.0 -> latest
- portforward - Enable port forwarding. type: str choices: disable, enable
more...
Supported Version Ranges portforward v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- protocol - Protocol to use when forwarding packets. type: str choices: tcp, udp, sctp
more...
Supported Version Ranges protocol v6.0.0 -> latest
[tcp] v6.0.0 -> latest
[udp] v6.0.0 -> latest
[sctp] v6.0.0 -> latest
- realservers - Select the real servers that this server load balancing VIP will distribute traffic to. type: list member_path: realservers:id
more...
Supported Version Ranges realservers v6.0.0 -> latest
- client_ip - Only clients in this IP range can connect to this real server. type: str
more...
Supported Version Ranges client_ip v6.0.0 -> latest
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable, vip
more...
Supported Version Ranges healthcheck v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
[vip] v6.0.0 -> latest
- holddown_interval - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int
more...
Supported Version Ranges holddown_interval v6.0.0 -> latest
- http_host - HTTP server domain name in HTTP header. type: str
more...
Supported Version Ranges http_host v6.0.0 -> latest
- id - Real server ID. see Notes. type: int required: true
more...
Supported Version Ranges id v6.0.0 -> latest
- ip - IP address of the real server. type: str
more...
Supported Version Ranges ip v6.0.0 -> latest
- max_connections - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers. type: int
more...
Supported Version Ranges max_connections v6.0.0 -> latest
- monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall .ldb-monitor.name. type: list member_path: realservers:id/monitor:name
more...
Supported Version Ranges monitor v6.0.0 -> latest
- name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: true
more...
Supported Version Ranges name v6.4.0 -> latest
- port - Port for communicating with the real server. Required if port forwarding is enabled. type: int
more...
Supported Version Ranges port v6.0.0 -> latest
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
more...
Supported Version Ranges status v6.0.0 -> latest
[active] v6.0.0 -> latest
[standby] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- translate_host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: enable, disable
more...
Supported Version Ranges translate_host v7.2.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
more...
Supported Version Ranges weight v6.0.0 -> latest
- server_type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip
more...
Supported Version Ranges server_type v6.0.0 -> latest
[http] v6.0.0 -> latest
[https] v6.0.0 -> latest
[imaps] v6.0.0 -> latest
[pop3s] v6.0.0 -> latest
[smtps] v6.0.0 -> latest
[ssl] v6.0.0 -> latest
[tcp] v6.0.0 -> latest
[udp] v6.0.0 -> latest
[ip] v6.0.0 -> latest
- src_filter - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. type: list member_path: src_filter:range
more...
Supported Version Ranges src_filter v6.0.0 -> latest
- range - Source-filter range. type: str required: true
more...
Supported Version Ranges range v6.0.0 -> latest
- ssl_accept_ffdhe_groups - Enable/disable FFDHE cipher suite for SSL key exchange. type: str choices: enable, disable
more...
Supported Version Ranges ssl_accept_ffdhe_groups v7.0.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssl_algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: high, medium, low, custom
more...
Supported Version Ranges ssl_algorithm v6.0.0 -> latest
[high] v6.0.0 -> latest
[medium] v6.0.0 -> latest
[low] v6.0.0 -> latest
[custom] v6.0.0 -> latest
- ssl_certificate - The name of the certificate to use for SSL handshake. Source vpn.certificate.local.name. type: str
more...
Supported Version Ranges ssl_certificate v6.0.0 -> latest
- ssl_cipher_suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. type: list member_path: ssl_cipher_suites:priority
more...
Supported Version Ranges ssl_cipher_suites v6.0.0 -> latest
- cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
more...
Supported Version Ranges cipher v6.0.0 -> latest
[TLS-AES-128-GCM-SHA256] v6.2.0 -> latest
[TLS-AES-256-GCM-SHA384] v6.2.0 -> latest
[TLS-CHACHA20-POLY1305-SHA256] v6.2.0 -> latest
[TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] v7.0.1 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-RSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-AES-256-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-SEED-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-SEED-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-RSA-WITH-SEED-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-RC4-128-SHA] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-RC4-128-MD5] v6.0.0 -> latest
[TLS-RSA-WITH-RC4-128-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-DES-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-DES-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-DES-CBC-SHA] v6.0.0 -> latest
- priority - SSL/TLS cipher suites priority. see Notes. type: int required: true
more...
Supported Version Ranges priority v6.0.0 -> latest
- versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
Supported Version Ranges versions v6.0.0 -> latest
[ssl-3.0] v6.0.0 -> latest
[tls-1.0] v6.0.0 -> latest
[tls-1.1] v6.0.0 -> latest
[tls-1.2] v6.0.0 -> latest
[tls-1.3] v6.2.0 -> latest
- ssl_client_fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: disable, enable
more...
Supported Version Ranges ssl_client_fallback v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- ssl_client_rekey_count - Maximum length of data in MB before triggering a client rekey (0 = disable). type: int
more...
Supported Version Ranges ssl_client_rekey_count v6.2.0 -> latest
- ssl_client_renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: allow, deny, secure
more...
Supported Version Ranges ssl_client_renegotiation v6.0.0 -> latest
[allow] v6.0.0 -> latest
[deny] v6.0.0 -> latest
[secure] v6.0.0 -> latest
- ssl_client_session_state_max - Maximum number of client to FortiGate SSL session states to keep. type: int
more...
Supported Version Ranges ssl_client_session_state_max v6.0.0 -> latest
- ssl_client_session_state_timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
more...
Supported Version Ranges ssl_client_session_state_timeout v6.0.0 -> latest
- ssl_client_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: disable, time, count, both
more...
Supported Version Ranges ssl_client_session_state_type v6.0.0 -> latest
[disable] v6.0.0 -> latest
[time] v6.0.0 -> latest
[count] v6.0.0 -> latest
[both] v6.0.0 -> latest
- ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096
more...
Supported Version Ranges ssl_dh_bits v6.0.0 -> latest
[768] v6.0.0 -> latest
[1024] v6.0.0 -> latest
[1536] v6.0.0 -> latest
[2048] v6.0.0 -> latest
[3072] v6.0.0 -> latest
[4096] v6.0.0 -> latest
- ssl_hpkp - Enable/disable including HPKP header in response. type: str choices: disable, enable, report-only
more...
Supported Version Ranges ssl_hpkp v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
[report-only] v6.0.0 -> latest
- ssl_hpkp_age - Number of minutes the web browser should keep HPKP. type: int
more...
Supported Version Ranges ssl_hpkp_age v6.0.0 -> latest
- ssl_hpkp_backup - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
more...
Supported Version Ranges ssl_hpkp_backup v6.0.0 -> latest
- ssl_hpkp_include_subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: disable, enable
more...
Supported Version Ranges ssl_hpkp_include_subdomains v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- ssl_hpkp_primary - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
more...
Supported Version Ranges ssl_hpkp_primary v6.0.0 -> latest
- ssl_hpkp_report_uri - URL to report HPKP violations to. type: str
more...
Supported Version Ranges ssl_hpkp_report_uri v6.0.0 -> latest
- ssl_hsts - Enable/disable including HSTS header in response. type: str choices: disable, enable
more...
Supported Version Ranges ssl_hsts v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- ssl_hsts_age - Number of seconds the client should honor the HSTS setting. type: int
more...
Supported Version Ranges ssl_hsts_age v6.0.0 -> latest
- ssl_hsts_include_subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: disable, enable
more...
Supported Version Ranges ssl_hsts_include_subdomains v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- ssl_http_location_conversion - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. type: str choices: enable, disable
more...
Supported Version Ranges ssl_http_location_conversion v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssl_http_match_host - Enable/disable HTTP host matching for location conversion. type: str choices: enable, disable
more...
Supported Version Ranges ssl_http_match_host v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssl_max_version - Highest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
Supported Version Ranges ssl_max_version v6.0.0 -> latest
[ssl-3.0] v6.0.0 -> latest
[tls-1.0] v6.0.0 -> latest
[tls-1.1] v6.0.0 -> latest
[tls-1.2] v6.0.0 -> latest
[tls-1.3] v6.2.0 -> latest
- ssl_min_version - Lowest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
Supported Version Ranges ssl_min_version v6.0.0 -> latest
[ssl-3.0] v6.0.0 -> latest
[tls-1.0] v6.0.0 -> latest
[tls-1.1] v6.0.0 -> latest
[tls-1.2] v6.0.0 -> latest
[tls-1.3] v6.2.0 -> latest
- ssl_mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: half, full
more...
Supported Version Ranges ssl_mode v6.0.0 -> latest
[half] v6.0.0 -> latest
[full] v6.0.0 -> latest
- ssl_pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. type: str choices: require, deny, allow
more...
Supported Version Ranges ssl_pfs v6.0.0 -> latest
[require] v6.0.0 -> latest
[deny] v6.0.0 -> latest
[allow] v6.0.0 -> latest
- ssl_send_empty_frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. type: str choices: enable, disable
more...
Supported Version Ranges ssl_send_empty_frags v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssl_server_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom, client
more...
Supported Version Ranges ssl_server_algorithm v6.0.0 -> latest
[high] v6.0.0 -> latest
[medium] v6.0.0 -> latest
[low] v6.0.0 -> latest
[custom] v6.0.0 -> latest
[client] v6.0.0 -> latest
- ssl_server_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list member_path: ssl_server_cipher_suites:priority
more...
Supported Version Ranges ssl_server_cipher_suites v6.0.0 -> latest
- cipher - Cipher suite name. type: str choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
more...
Supported Version Ranges cipher v6.0.0 -> latest
[TLS-AES-128-GCM-SHA256] v6.2.0 -> latest
[TLS-AES-256-GCM-SHA384] v6.2.0 -> latest
[TLS-CHACHA20-POLY1305-SHA256] v6.2.0 -> latest
[TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] v7.0.1 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-RSA-WITH-AES-128-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-AES-256-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-AES-128-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-AES-256-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-SEED-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-SEED-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-RSA-WITH-SEED-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-RSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256] v6.0.0 -> latest
[TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-RC4-128-SHA] v6.0.0 -> latest
[TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-3DES-EDE-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-RC4-128-MD5] v6.0.0 -> latest
[TLS-RSA-WITH-RC4-128-SHA] v6.0.0 -> latest
[TLS-DHE-RSA-WITH-DES-CBC-SHA] v6.0.0 -> latest
[TLS-DHE-DSS-WITH-DES-CBC-SHA] v6.0.0 -> latest
[TLS-RSA-WITH-DES-CBC-SHA] v6.0.0 -> latest
- priority - SSL/TLS cipher suites priority. see Notes. type: int required: true
more...
Supported Version Ranges priority v6.0.0 -> latest
- versions - SSL/TLS versions that the cipher suite can be used with. type: list choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
Supported Version Ranges versions v6.0.0 -> latest
[ssl-3.0] v6.0.0 -> latest
[tls-1.0] v6.0.0 -> latest
[tls-1.1] v6.0.0 -> latest
[tls-1.2] v6.0.0 -> latest
[tls-1.3] v6.2.0 -> latest
- ssl_server_max_version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client
more...
Supported Version Ranges ssl_server_max_version v6.0.0 -> latest
[ssl-3.0] v6.0.0 -> latest
[tls-1.0] v6.0.0 -> latest
[tls-1.1] v6.0.0 -> latest
[tls-1.2] v6.0.0 -> latest
[tls-1.3] v6.2.0 -> latest
[client] v6.0.0 -> latest
- ssl_server_min_version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3, client
more...
Supported Version Ranges ssl_server_min_version v6.0.0 -> latest
[ssl-3.0] v6.0.0 -> latest
[tls-1.0] v6.0.0 -> latest
[tls-1.1] v6.0.0 -> latest
[tls-1.2] v6.0.0 -> latest
[tls-1.3] v6.2.0 -> latest
[client] v6.0.0 -> latest
- ssl_server_renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: enable, disable
more...
Supported Version Ranges ssl_server_renegotiation v7.2.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssl_server_session_state_max - Maximum number of FortiGate to Server SSL session states to keep. type: int
more...
Supported Version Ranges ssl_server_session_state_max v6.0.0 -> latest
- ssl_server_session_state_timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
more...
Supported Version Ranges ssl_server_session_state_timeout v6.0.0 -> latest
- ssl_server_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: disable, time, count, both
more...
Supported Version Ranges ssl_server_session_state_type v6.0.0 -> latest
[disable] v6.0.0 -> latest
[time] v6.0.0 -> latest
[count] v6.0.0 -> latest
[both] v6.0.0 -> latest
- type - Configure a static NAT server load balance VIP or access proxy. type: str choices: static-nat, server-load-balance, access-proxy
more...
Supported Version Ranges type v6.0.0 -> latest
[static-nat] v6.0.0 -> latest
[server-load-balance] v6.0.0 -> latest
[access-proxy] v7.0.1 -> latest
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
more...
Supported Version Ranges uuid v6.0.0 -> latest
- weblogic_server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: disable, enable
more...
Supported Version Ranges weblogic_server v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- websphere_server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: disable, enable
more...
Supported Version Ranges websphere_server v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- name: Configure virtual IP for IPv6.
fortinet.fortios.fortios_firewall_vip6:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_vip6:
add_nat64_route: "disable"
arp_reply: "disable"
color: "0"
comment: "Comment."
embedded_ipv4_address: "disable"
extip: "<your_own_value>"
extport: "<your_own_value>"
http_cookie_age: "60"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "0"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
http_ip_header: "enable"
http_ip_header_name: "<your_own_value>"
http_multiplex: "enable"
http_redirect: "enable"
https_cookie_secure: "disable"
id: "21"
ipv4_mappedip: "<your_own_value>"
ipv4_mappedport: "<your_own_value>"
ldb_method: "static"
mappedip: "<your_own_value>"
mappedport: "<your_own_value>"
max_embryonic_connections: "1000"
monitor:
-
name: "default_name_29 (source firewall.ldb-monitor.name)"
name: "default_name_30"
nat_source_vip: "disable"
nat64: "disable"
nat66: "disable"
ndp_reply: "disable"
outlook_web_access: "disable"
persistence: "none"
portforward: "disable"
protocol: "tcp"
realservers:
-
client_ip: "<your_own_value>"
healthcheck: "disable"
holddown_interval: "300"
http_host: "myhostname"
id: "44"
ip: "<your_own_value>"
max_connections: "0"
monitor:
-
name: "default_name_48 (source firewall.ldb-monitor.name)"
port: "0"
status: "active"
translate_host: "enable"
weight: "1"
server_type: "http"
src_filter:
-
range: "<your_own_value>"
ssl_accept_ffdhe_groups: "enable"
ssl_algorithm: "high"
ssl_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "<you_own_value>"
versions: "ssl-3.0"
ssl_client_fallback: "disable"
ssl_client_rekey_count: "0"
ssl_client_renegotiation: "allow"
ssl_client_session_state_max: "1000"
ssl_client_session_state_timeout: "30"
ssl_client_session_state_type: "disable"
ssl_dh_bits: "768"
ssl_hpkp: "disable"
ssl_hpkp_age: "5184000"
ssl_hpkp_backup: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_include_subdomains: "disable"
ssl_hpkp_primary: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_report_uri: "<your_own_value>"
ssl_hsts: "disable"
ssl_hsts_age: "5184000"
ssl_hsts_include_subdomains: "disable"
ssl_http_location_conversion: "enable"
ssl_http_match_host: "enable"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "half"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_algorithm: "high"
ssl_server_cipher_suites:
-
cipher: "TLS-AES-128-GCM-SHA256"
priority: "<you_own_value>"
versions: "ssl-3.0"
ssl_server_max_version: "ssl-3.0"
ssl_server_min_version: "ssl-3.0"
ssl_server_renegotiation: "enable"
ssl_server_session_state_max: "100"
ssl_server_session_state_timeout: "60"
ssl_server_session_state_type: "disable"
type: "static-nat"
uuid: "<your_own_value>"
weblogic_server: "disable"
websphere_server: "disable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.