source: | fortios_vpn_ssl_web_portal.py |
---|---|
orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.14
Using member operation to add an element to an existing object.
Supported Version Ranges | |
fortios_vpn_ssl_web_portal | v6.0.0 -> latest |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- vpn_ssl_web_portal - Portal. type: dict
more...
Supported Version Ranges vpn_ssl_web_portal v6.0.0 -> latest
- allow_user_access - Allow user access to SSL-VPN applications. type: list choices: web, ftp, smb, sftp, telnet, ssh, vnc, rdp, ping, citrix, portforward
more...
Supported Version Ranges allow_user_access v6.0.0 -> latest
[web] v6.0.0 -> latest
[ftp] v6.0.0 -> latest
[smb] v6.0.0 -> latest
[sftp] v6.2.0 -> latest
[telnet] v6.0.0 -> latest
[ssh] v6.0.0 -> latest
[vnc] v6.0.0 -> latest
[rdp] v6.0.0 -> latest
[ping] v6.0.0 -> latest
[citrix] v6.0.0 -> v7.0.0
[portforward] v6.0.0 -> v7.0.0
- auto_connect - Enable/disable automatic connect by client when system is up. type: str choices: enable, disable
more...
Supported Version Ranges auto_connect v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- bookmark_group - Portal bookmark group. type: list member_path: bookmark_group:name
more...
Supported Version Ranges bookmark_group v6.0.0 -> latest
- bookmarks - Bookmark table. type: list member_path: bookmark_group:name/bookmarks:name
more...
Supported Version Ranges bookmarks v6.0.0 -> latest
- additional_params - Additional parameters. type: str
more...
Supported Version Ranges additional_params v6.0.0 -> latest
- apptype - Application type. type: str choices: ftp, rdp, sftp, smb, ssh, telnet, vnc, web, citrix, portforward
more...
Supported Version Ranges apptype v6.0.0 -> latest
[ftp] v6.0.0 -> latest
[rdp] v6.0.0 -> latest
[sftp] v6.2.0 -> latest
[smb] v6.0.0 -> latest
[ssh] v6.0.0 -> latest
[telnet] v6.0.0 -> latest
[vnc] v6.0.0 -> latest
[web] v6.0.0 -> latest
[citrix] v6.0.0 -> v6.0.11
[portforward] v6.0.0 -> v6.0.11
- color_depth - Color depth per pixel. type: str choices: 32, 16, 8
more...
Supported Version Ranges color_depth v7.0.1 -> latest
[32] v6.0.0 -> latest
[16] v6.0.0 -> latest
[8] v6.0.0 -> latest
- description - Description. type: str
more...
Supported Version Ranges description v6.0.0 -> latest
- domain - Login domain. type: str
more...
Supported Version Ranges domain v6.4.0 -> v6.4.0
v6.4.4 -> latest
- folder - Network shared file folder parameter. type: str
more...
Supported Version Ranges folder v6.0.0 -> latest
- form_data - Form data. type: list member_path: bookmark_group:name/bookmarks:name/form_data:name
more...
Supported Version Ranges form_data v6.0.0 -> latest
- name - Name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- value - Value. type: str
more...
Supported Version Ranges value v6.0.0 -> latest
- height - Screen height (range from 0 - 65535). type: int
more...
Supported Version Ranges height v7.0.4 -> latest
- host - Host name/IP parameter. type: str
more...
Supported Version Ranges host v6.0.0 -> latest
- keyboard_layout - Keyboard layout. type: str choices: ar-101, ar-102, ar-102-azerty, can-mul, cz, cz-qwerty, cz-pr, da, nl, de, de-ch, de-ibm, en-uk, en-uk-ext, en-us, en-us-dvorak, es, es-var, fi, fi-sami, fr, fr-apple, fr-ca, fr-ch, fr-be, hr, hu, hu-101, it, it-142, ja, ko, la-am, lt, lt-ibm, lt-std, lav-std, lav-leg, mk, mk-std, no, no-sami, pol-214, pol-pr, pt, pt-br, pt-br-abnt2, ru, ru-mne, ru-t, sl, sv, sv-sami, tuk, tur-f, tur-q, zh-sym-sg-us, zh-sym-us, zh-tr-hk, zh-tr-mo, zh-tr-us
more...
Supported Version Ranges keyboard_layout v7.0.1 -> latest
[ar-101] v6.0.0 -> latest
[ar-102] v6.0.0 -> latest
[ar-102-azerty] v6.0.0 -> latest
[can-mul] v6.0.0 -> latest
[cz] v6.0.0 -> latest
[cz-qwerty] v6.0.0 -> latest
[cz-pr] v6.0.0 -> latest
[da] v6.0.0 -> latest
[nl] v6.0.0 -> latest
[de] v6.0.0 -> latest
[de-ch] v6.0.0 -> latest
[de-ibm] v6.0.0 -> latest
[en-uk] v6.0.0 -> latest
[en-uk-ext] v6.0.0 -> latest
[en-us] v6.0.0 -> latest
[en-us-dvorak] v6.0.0 -> latest
[es] v6.0.0 -> latest
[es-var] v6.0.0 -> latest
[fi] v6.0.0 -> latest
[fi-sami] v6.0.0 -> latest
[fr] v6.0.0 -> latest
[fr-apple] v7.0.6 -> latest
[fr-ca] v6.0.0 -> latest
[fr-ch] v6.0.0 -> latest
[fr-be] v6.0.0 -> latest
[hr] v6.0.0 -> latest
[hu] v6.0.0 -> latest
[hu-101] v6.0.0 -> latest
[it] v6.0.0 -> latest
[it-142] v6.0.0 -> latest
[ja] v6.0.0 -> latest
[ko] v6.0.0 -> latest
[la-am] v7.4.1 -> latest
[lt] v6.0.0 -> latest
[lt-ibm] v6.0.0 -> latest
[lt-std] v6.0.0 -> latest
[lav-std] v6.0.0 -> latest
[lav-leg] v6.0.0 -> latest
[mk] v6.0.0 -> latest
[mk-std] v6.0.0 -> latest
[no] v6.0.0 -> latest
[no-sami] v6.0.0 -> latest
[pol-214] v6.0.0 -> latest
[pol-pr] v6.0.0 -> latest
[pt] v6.0.0 -> latest
[pt-br] v6.0.0 -> latest
[pt-br-abnt2] v6.0.0 -> latest
[ru] v6.0.0 -> latest
[ru-mne] v6.0.0 -> latest
[ru-t] v6.0.0 -> latest
[sl] v6.0.0 -> latest
[sv] v6.0.0 -> latest
[sv-sami] v6.0.0 -> latest
[tuk] v6.0.0 -> latest
[tur-f] v6.0.0 -> latest
[tur-q] v6.0.0 -> latest
[zh-sym-sg-us] v6.0.0 -> latest
[zh-sym-us] v6.0.0 -> latest
[zh-tr-hk] v6.0.0 -> latest
[zh-tr-mo] v6.0.0 -> latest
[zh-tr-us] v6.0.0 -> latest
- listening_port - Listening port (0 - 65535). type: int
more...
Supported Version Ranges listening_port v6.0.0 -> v7.0.0
- load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str
more...
Supported Version Ranges load_balancing_info v6.0.0 -> latest
- logon_password - Logon password. type: str
more...
Supported Version Ranges logon_password v6.0.0 -> latest
- logon_user - Logon user. type: str
more...
Supported Version Ranges logon_user v6.0.0 -> latest
- name - Bookmark name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- port - Remote port. type: int
more...
Supported Version Ranges port v6.0.0 -> latest
- preconnection_blob - An arbitrary string which identifies the RDP source. type: str
more...
Supported Version Ranges preconnection_blob v6.0.0 -> latest
- preconnection_id - The numeric ID of the RDP source (0-4294967295). type: int
more...
Supported Version Ranges preconnection_id v6.0.0 -> latest
- remote_port - Remote port (0 - 65535). type: int
more...
Supported Version Ranges remote_port v6.0.0 -> v7.0.0
- restricted_admin - Enable/disable restricted admin mode for RDP. type: str choices: enable, disable
more...
Supported Version Ranges restricted_admin v7.0.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- security - Security mode for RDP connection . type: str choices: any, rdp, nla, tls
more...
Supported Version Ranges security v6.0.0 -> latest
[any] v6.0.0 -> latest
[rdp] v6.0.0 -> latest
[nla] v6.0.0 -> latest
[tls] v6.0.0 -> latest
- send_preconnection_id - Enable/disable sending of preconnection ID. type: str choices: enable, disable
more...
Supported Version Ranges send_preconnection_id v7.0.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-ca-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe
more...
Supported Version Ranges server_layout v6.0.0 -> v7.0.0
[de-de-qwertz] v6.0.0 -> latest
[en-gb-qwerty] v6.0.0 -> latest
[en-us-qwerty] v6.0.0 -> latest
[es-es-qwerty] v6.0.0 -> latest
[fr-ca-qwerty] v6.2.0 -> v7.0.0
[fr-fr-azerty] v6.0.0 -> latest
[fr-ch-qwertz] v6.0.0 -> latest
[it-it-qwerty] v6.0.0 -> latest
[ja-jp-qwerty] v6.0.0 -> latest
[pt-br-qwerty] v6.0.0 -> latest
[sv-se-qwerty] v6.0.0 -> latest
[tr-tr-qwerty] v6.0.0 -> latest
[failsafe] v6.0.0 -> latest
- show_status_window - Enable/disable showing of status window. type: str choices: enable, disable
more...
Supported Version Ranges show_status_window v6.0.0 -> v7.0.0
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sso - Single sign-on. type: str choices: disable, static, auto
more...
Supported Version Ranges sso v6.0.0 -> latest
[disable] v6.0.0 -> latest
[static] v6.0.0 -> latest
[auto] v6.0.0 -> latest
- sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative
more...
Supported Version Ranges sso_credential v6.0.0 -> latest
[sslvpn-login] v6.0.0 -> latest
[alternative] v6.0.0 -> latest
- sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable
more...
Supported Version Ranges sso_credential_sent_once v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sso_password - SSO password. type: str
more...
Supported Version Ranges sso_password v6.0.0 -> latest
- sso_username - SSO user name. type: str
more...
Supported Version Ranges sso_username v6.0.0 -> latest
- url - URL parameter. type: str
more...
Supported Version Ranges url v6.0.0 -> latest
- vnc_keyboard_layout - Keyboard layout. type: str choices: default, da, nl, en-uk, en-uk-ext, fi, fr, fr-be, fr-ca-mul, de, de-ch, it, it-142, pt, pt-br-abnt2, no, gd, es, sv, us-intl
more...
Supported Version Ranges vnc_keyboard_layout v7.2.4 -> latest
[default] v6.0.0 -> latest
[da] v6.0.0 -> latest
[nl] v6.0.0 -> latest
[en-uk] v6.0.0 -> latest
[en-uk-ext] v6.0.0 -> latest
[fi] v6.0.0 -> latest
[fr] v6.0.0 -> latest
[fr-be] v6.0.0 -> latest
[fr-ca-mul] v6.0.0 -> latest
[de] v6.0.0 -> latest
[de-ch] v6.0.0 -> latest
[it] v6.0.0 -> latest
[it-142] v6.0.0 -> latest
[pt] v6.0.0 -> latest
[pt-br-abnt2] v6.0.0 -> latest
[no] v6.0.0 -> latest
[gd] v6.0.0 -> latest
[es] v6.0.0 -> latest
[sv] v6.0.0 -> latest
[us-intl] v6.0.0 -> latest
- width - Screen width (range from 0 - 65535). type: int
more...
Supported Version Ranges width v7.0.4 -> latest
- name - Bookmark group name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- client_src_range - Allow client to add source range for the tunnel traffic. type: str choices: enable, disable
more...
Supported Version Ranges client_src_range v7.2.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- clipboard - Enable to support RDP/VPC clipboard functionality. type: str choices: enable, disable
more...
Supported Version Ranges clipboard v7.0.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- custom_lang - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str
more...
Supported Version Ranges custom_lang v6.0.0 -> latest
- customize_forticlient_download_url - Enable support of customized download URL for FortiClient. type: str choices: enable, disable
more...
Supported Version Ranges customize_forticlient_download_url v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- default_protocol - Application type that is set by default. type: str choices: web, ftp, telnet, smb, vnc, rdp, ssh, sftp
more...
Supported Version Ranges default_protocol v7.4.1 -> latest
[web] v6.0.0 -> latest
[ftp] v6.0.0 -> latest
[telnet] v6.0.0 -> latest
[smb] v6.0.0 -> latest
[vnc] v6.0.0 -> latest
[rdp] v6.0.0 -> latest
[ssh] v6.0.0 -> latest
[sftp] v6.0.0 -> latest
- default_window_height - Screen height (range from 0 - 65535). type: int
more...
Supported Version Ranges default_window_height v7.0.6 -> latest
- default_window_width - Screen width (range from 0 - 65535). type: int
more...
Supported Version Ranges default_window_width v7.0.6 -> latest
- dhcp_ip_overlap - Configure overlapping DHCP IP allocation assignment. type: str choices: use-new, use-old
more...
Supported Version Ranges dhcp_ip_overlap v7.0.6 -> v7.0.12
v7.2.1 -> latest
[use-new] v6.0.0 -> latest
[use-old] v6.0.0 -> latest
- dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str
more...
Supported Version Ranges dhcp_ra_giaddr v7.2.4 -> latest
- dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str
more...
Supported Version Ranges dhcp6_ra_linkaddr v7.2.4 -> latest
- display_bookmark - Enable to display the web portal bookmark widget. type: str choices: enable, disable
more...
Supported Version Ranges display_bookmark v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- display_connection_tools - Enable to display the web portal connection tools widget. type: str choices: enable, disable
more...
Supported Version Ranges display_connection_tools v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- display_history - Enable to display the web portal user login history widget. type: str choices: enable, disable
more...
Supported Version Ranges display_history v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- display_status - Enable to display the web portal status widget. type: str choices: enable, disable
more...
Supported Version Ranges display_status v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- dns_server1 - IPv4 DNS server 1. type: str
more...
Supported Version Ranges dns_server1 v6.0.0 -> latest
- dns_server2 - IPv4 DNS server 2. type: str
more...
Supported Version Ranges dns_server2 v6.0.0 -> latest
- dns_suffix - DNS suffix. type: str
more...
Supported Version Ranges dns_suffix v6.0.0 -> latest
- exclusive_routing - Enable/disable all traffic go through tunnel only. type: str choices: enable, disable
more...
Supported Version Ranges exclusive_routing v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- focus_bookmark - Enable to prioritize the placement of the bookmark section over the quick-connection section in the SSL-VPN application. type: str choices: enable, disable
more...
Supported Version Ranges focus_bookmark v7.4.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- forticlient_download - Enable/disable download option for FortiClient. type: str choices: enable, disable
more...
Supported Version Ranges forticlient_download v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- forticlient_download_method - FortiClient download method. type: str choices: direct, ssl-vpn
more...
Supported Version Ranges forticlient_download_method v6.0.0 -> latest
[direct] v6.0.0 -> latest
[ssl-vpn] v6.0.0 -> latest
- heading - Web portal heading message. type: str
more...
Supported Version Ranges heading v6.0.0 -> latest
- hide_sso_credential - Enable to prevent SSO credential being sent to client. type: str choices: enable, disable
more...
Supported Version Ranges hide_sso_credential v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- host_check - Type of host checking performed on endpoints. type: str choices: none, av, fw, av-fw, custom
more...
Supported Version Ranges host_check v6.0.0 -> latest
[none] v6.0.0 -> latest
[av] v6.0.0 -> latest
[fw] v6.0.0 -> latest
[av-fw] v6.0.0 -> latest
[custom] v6.0.0 -> latest
- host_check_interval - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int
more...
Supported Version Ranges host_check_interval v6.0.0 -> latest
- host_check_policy - One or more policies to require the endpoint to have specific security software. type: list member_path: host_check_policy:name
more...
Supported Version Ranges host_check_policy v6.0.0 -> latest
- name - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- ip_mode - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str choices: range, user-group, dhcp, no-ip
more...
Supported Version Ranges ip_mode v6.0.0 -> latest
[range] v6.0.0 -> latest
[user-group] v6.0.0 -> latest
[dhcp] v7.0.6 -> v7.0.12
v7.2.1 -> latest
[no-ip] v7.2.4 -> latest
- ip_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list member_path: ip_pools:name
more...
Supported Version Ranges ip_pools v6.0.0 -> latest
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
more...
Supported Version Ranges ipv6_dns_server1 v6.0.0 -> latest
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
more...
Supported Version Ranges ipv6_dns_server2 v6.0.0 -> latest
- ipv6_exclusive_routing - Enable/disable all IPv6 traffic go through tunnel only. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_exclusive_routing v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_pools - IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list member_path: ipv6_pools:name
more...
Supported Version Ranges ipv6_pools v6.0.0 -> latest
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- ipv6_service_restriction - Enable/disable IPv6 tunnel service restriction. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_service_restriction v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_split_tunneling - Enable/disable IPv6 split tunneling. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_split_tunneling v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_split_tunneling_routing_address - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list member_path: ipv6_split_tunneling_routing_address:name
more...
Supported Version Ranges ipv6_split_tunneling_routing_address v6.0.0 -> latest
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- ipv6_split_tunneling_routing_negate - Enable to negate IPv6 split tunneling routing address. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_split_tunneling_routing_negate v6.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_tunnel_mode - Enable/disable IPv6 SSL-VPN tunnel mode. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_tunnel_mode v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_wins_server1 - IPv6 WINS server 1. type: str
more...
Supported Version Ranges ipv6_wins_server1 v6.0.0 -> latest
- ipv6_wins_server2 - IPv6 WINS server 2. type: str
more...
Supported Version Ranges ipv6_wins_server2 v6.0.0 -> latest
- keep_alive - Enable/disable automatic reconnect for FortiClient connections. type: str choices: enable, disable
more...
Supported Version Ranges keep_alive v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- landing_page - Landing page options. type: dict
more...
Supported Version Ranges landing_page v7.4.0 -> latest
- form_data - Form data. type: list member_path: landing_page/form_data:name
more...
Supported Version Ranges form_data v7.4.0 -> latest
- name - Name. type: str required: true
more...
Supported Version Ranges name v7.4.0 -> latest
- value - Value. type: str
more...
Supported Version Ranges value v7.4.0 -> latest
- logout_url - Landing page log out URL. type: str
more...
Supported Version Ranges logout_url v7.4.0 -> v7.4.0
- sso - Single sign-on. type: str choices: disable, static, auto
more...
Supported Version Ranges sso v7.4.0 -> latest
[disable] v6.0.0 -> latest
[static] v6.0.0 -> latest
[auto] v6.0.0 -> latest
- sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative
more...
Supported Version Ranges sso_credential v7.4.0 -> latest
[sslvpn-login] v6.0.0 -> latest
[alternative] v6.0.0 -> latest
- sso_password - SSO password. type: str
more...
Supported Version Ranges sso_password v7.4.0 -> latest
- sso_username - SSO user name. type: str
more...
Supported Version Ranges sso_username v7.4.0 -> latest
- url - Landing page URL. type: str
more...
Supported Version Ranges url v7.4.0 -> latest
- landing_page_mode - Enable/disable SSL-VPN landing page mode. type: str choices: enable, disable
more...
Supported Version Ranges landing_page_mode v7.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- limit_user_logins - Enable to limit each user to one SSL-VPN session at a time. type: str choices: enable, disable
more...
Supported Version Ranges limit_user_logins v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- mac_addr_action - Client MAC address action. type: str choices: allow, deny
more...
Supported Version Ranges mac_addr_action v6.0.0 -> latest
[allow] v6.0.0 -> latest
[deny] v6.0.0 -> latest
- mac_addr_check - Enable/disable MAC address host checking. type: str choices: enable, disable
more...
Supported Version Ranges mac_addr_check v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- mac_addr_check_rule - Client MAC address check rule. type: list member_path: mac_addr_check_rule:name
more...
Supported Version Ranges mac_addr_check_rule v6.0.0 -> latest
- mac_addr_list - Client MAC address list. type: list member_path: mac_addr_check_rule:name/mac_addr_list:addr
more...
Supported Version Ranges mac_addr_list v6.0.0 -> latest
- addr - Client MAC address. type: str required: true
more...
Supported Version Ranges addr v6.0.0 -> latest
- mac_addr_mask - Client MAC address mask. type: int
more...
Supported Version Ranges mac_addr_mask v6.0.0 -> latest
- name - Client MAC address check rule name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- macos_forticlient_download_url - Download URL for Mac FortiClient. type: str
more...
Supported Version Ranges macos_forticlient_download_url v6.0.0 -> latest
- name - Portal name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- os_check - Enable to let the FortiGate decide action based on client OS. type: str choices: enable, disable
more...
Supported Version Ranges os_check v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- os_check_list - SSL-VPN OS checks. type: list member_path: os_check_list:name
more...
Supported Version Ranges os_check_list v6.0.0 -> v7.0.5
v7.2.0 -> v7.2.0
- action - OS check options. type: str choices: deny, allow, check-up-to-date
more...
Supported Version Ranges action v6.0.0 -> v7.0.5
v7.2.0 -> v7.2.0
[deny] v6.0.0 -> latest
[allow] v6.0.0 -> latest
[check-up-to-date] v6.0.0 -> latest
- latest_patch_level - Latest OS patch level. type: str
more...
Supported Version Ranges latest_patch_level v6.0.0 -> v7.0.5
v7.2.0 -> v7.2.0
- name - Name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> v7.0.5
v7.2.0 -> v7.2.0
- tolerance - OS patch level tolerance. type: int
more...
Supported Version Ranges tolerance v6.0.0 -> v7.0.5
v7.2.0 -> v7.2.0
- prefer_ipv6_dns - Prefer to query IPv6 DNS server first if enabled. type: str choices: enable, disable
more...
Supported Version Ranges prefer_ipv6_dns v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- redir_url - Client login redirect URL. type: str
more...
Supported Version Ranges redir_url v6.0.0 -> latest
- rewrite_ip_uri_ui - Rewrite contents for URI contains IP and /ui/ . type: str choices: enable, disable
more...
Supported Version Ranges rewrite_ip_uri_ui v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- save_password - Enable/disable FortiClient saving the user"s password. type: str choices: enable, disable
more...
Supported Version Ranges save_password v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- service_restriction - Enable/disable tunnel service restriction. type: str choices: enable, disable
more...
Supported Version Ranges service_restriction v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- skip_check_for_browser - Enable to skip host check for browser support. type: str choices: enable, disable
more...
Supported Version Ranges skip_check_for_browser v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- skip_check_for_unsupported_browser - Enable to skip host check if browser does not support it. type: str choices: enable, disable
more...
Supported Version Ranges skip_check_for_unsupported_browser v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- skip_check_for_unsupported_os - Enable to skip host check if client OS does not support it. type: str choices: enable, disable
more...
Supported Version Ranges skip_check_for_unsupported_os v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- smb_max_version - SMB maximum client protocol version. type: str choices: smbv1, smbv2, smbv3
more...
Supported Version Ranges smb_max_version v6.2.0 -> latest
[smbv1] v6.0.0 -> latest
[smbv2] v6.0.0 -> latest
[smbv3] v6.0.0 -> latest
- smb_min_version - SMB minimum client protocol version. type: str choices: smbv1, smbv2, smbv3
more...
Supported Version Ranges smb_min_version v6.2.0 -> latest
[smbv1] v6.0.0 -> latest
[smbv2] v6.0.0 -> latest
[smbv3] v6.0.0 -> latest
- smb_ntlmv1_auth - Enable support of NTLMv1 for Samba authentication. type: str choices: enable, disable
more...
Supported Version Ranges smb_ntlmv1_auth v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- smbv1 - SMB version 1. type: str choices: enable, disable
more...
Supported Version Ranges smbv1 v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- split_dns - Split DNS for SSL-VPN. type: list member_path: split_dns:id
more...
Supported Version Ranges split_dns v6.0.0 -> latest
- dns_server1 - DNS server 1. type: str
more...
Supported Version Ranges dns_server1 v6.0.0 -> latest
- dns_server2 - DNS server 2. type: str
more...
Supported Version Ranges dns_server2 v6.0.0 -> latest
- domains - Split DNS domains used for SSL-VPN clients separated by comma. type: str
more...
Supported Version Ranges domains v6.0.0 -> latest
- id - ID. see Notes. type: int required: true
more...
Supported Version Ranges id v6.0.0 -> latest
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
more...
Supported Version Ranges ipv6_dns_server1 v6.0.0 -> latest
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
more...
Supported Version Ranges ipv6_dns_server2 v6.0.0 -> latest
- split_tunneling - Enable/disable IPv4 split tunneling. type: str choices: enable, disable
more...
Supported Version Ranges split_tunneling v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- split_tunneling_routing_address - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list member_path: split_tunneling_routing_address:name
more...
Supported Version Ranges split_tunneling_routing_address v6.0.0 -> latest
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest
- split_tunneling_routing_negate - Enable to negate split tunneling routing address. type: str choices: enable, disable
more...
Supported Version Ranges split_tunneling_routing_negate v6.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- theme - Web portal color scheme. type: str choices: jade, neutrino, mariner, graphite, melongene, jet-stream, security-fabric, dark-matter, onyx, eclipse, blue, green, red
more...
Supported Version Ranges theme v6.0.0 -> latest
[jade] v7.0.0 -> latest
[neutrino] v6.2.0 -> latest
[mariner] v6.0.0 -> latest
[graphite] v7.0.0 -> latest
[melongene] v6.0.0 -> latest
[jet-stream] v7.4.0 -> latest
[security-fabric] v7.4.0 -> latest
[dark-matter] v7.0.0 -> latest
[onyx] v7.0.0 -> latest
[eclipse] v7.0.0 -> latest
[blue] v6.0.0 -> v6.4.4
[green] v6.0.0 -> v6.4.4
[red] v6.0.0 -> v6.0.11
- transform_backward_slashes - Transform backward slashes to forward slashes in URLs. type: str choices: enable, disable
more...
Supported Version Ranges transform_backward_slashes v6.2.0 -> v6.2.7
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- tunnel_mode - Enable/disable IPv4 SSL-VPN tunnel mode. type: str choices: enable, disable
more...
Supported Version Ranges tunnel_mode v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- use_sdwan - Use SD-WAN rules to get output interface. type: str choices: enable, disable
more...
Supported Version Ranges use_sdwan v6.2.7 -> v6.2.7
v6.4.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- user_bookmark - Enable to allow web portal users to create their own bookmarks. type: str choices: enable, disable
more...
Supported Version Ranges user_bookmark v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- user_group_bookmark - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str choices: enable, disable
more...
Supported Version Ranges user_group_bookmark v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- web_mode - Enable/disable SSL-VPN web mode. type: str choices: enable, disable
more...
Supported Version Ranges web_mode v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- windows_forticlient_download_url - Download URL for Windows FortiClient. type: str
more...
Supported Version Ranges windows_forticlient_download_url v6.0.0 -> latest
- wins_server1 - IPv4 WINS server 1. type: str
more...
Supported Version Ranges wins_server1 v6.0.0 -> latest
- wins_server2 - IPv4 WINS server 1. type: str
more...
Supported Version Ranges wins_server2 v6.0.0 -> latest
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- name: Portal.
fortinet.fortios.fortios_vpn_ssl_web_portal:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
vpn_ssl_web_portal:
allow_user_access: "web"
auto_connect: "enable"
bookmark_group:
-
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "ftp"
color_depth: "32"
description: "<your_own_value>"
domain: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_14"
value: "<your_own_value>"
height: "768"
host: "myhostname"
keyboard_layout: "ar-101"
listening_port: "0"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_23"
port: "0"
preconnection_blob: "<your_own_value>"
preconnection_id: "2147483648"
remote_port: "0"
restricted_admin: "enable"
security: "any"
send_preconnection_id: "enable"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
vnc_keyboard_layout: "default"
width: "1024"
name: "default_name_41"
client_src_range: "enable"
clipboard: "enable"
custom_lang: "<your_own_value> (source system.custom-language.name)"
customize_forticlient_download_url: "enable"
default_protocol: "web"
default_window_height: "768"
default_window_width: "1024"
dhcp_ip_overlap: "use-new"
dhcp_ra_giaddr: "<your_own_value>"
dhcp6_ra_linkaddr: "<your_own_value>"
display_bookmark: "enable"
display_connection_tools: "enable"
display_history: "enable"
display_status: "enable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_suffix: "<your_own_value>"
exclusive_routing: "enable"
focus_bookmark: "enable"
forticlient_download: "enable"
forticlient_download_method: "direct"
heading: "<your_own_value>"
hide_sso_credential: "enable"
host_check: "none"
host_check_interval: "0"
host_check_policy:
-
name: "default_name_68 (source vpn.ssl.web.host-check-software.name)"
ip_mode: "range"
ip_pools:
-
name: "default_name_71 (source firewall.address.name firewall.addrgrp.name)"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_exclusive_routing: "enable"
ipv6_pools:
-
name: "default_name_76 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_service_restriction: "enable"
ipv6_split_tunneling: "enable"
ipv6_split_tunneling_routing_address:
-
name: "default_name_80 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_tunneling_routing_negate: "enable"
ipv6_tunnel_mode: "enable"
ipv6_wins_server1: "<your_own_value>"
ipv6_wins_server2: "<your_own_value>"
keep_alive: "enable"
landing_page:
form_data:
-
name: "default_name_88"
value: "<your_own_value>"
logout_url: "<your_own_value>"
sso: "disable"
sso_credential: "sslvpn-login"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
landing_page_mode: "enable"
limit_user_logins: "enable"
mac_addr_action: "allow"
mac_addr_check: "enable"
mac_addr_check_rule:
-
mac_addr_list:
-
addr: "<your_own_value>"
mac_addr_mask: "48"
name: "default_name_104"
macos_forticlient_download_url: "<your_own_value>"
name: "default_name_106"
os_check: "enable"
os_check_list:
-
action: "deny"
latest_patch_level: "<your_own_value>"
name: "default_name_111"
tolerance: "0"
prefer_ipv6_dns: "enable"
redir_url: "<your_own_value>"
rewrite_ip_uri_ui: "enable"
save_password: "enable"
service_restriction: "enable"
skip_check_for_browser: "enable"
skip_check_for_unsupported_browser: "enable"
skip_check_for_unsupported_os: "enable"
smb_max_version: "smbv1"
smb_min_version: "smbv1"
smb_ntlmv1_auth: "enable"
smbv1: "enable"
split_dns:
-
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
domains: "<your_own_value>"
id: "129"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
split_tunneling: "enable"
split_tunneling_routing_address:
-
name: "default_name_134 (source firewall.address.name firewall.addrgrp.name)"
split_tunneling_routing_negate: "enable"
theme: "jade"
transform_backward_slashes: "enable"
tunnel_mode: "enable"
use_sdwan: "enable"
user_bookmark: "enable"
user_group_bookmark: "enable"
web_mode: "enable"
windows_forticlient_download_url: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.