fortinet.fortimanager.fmgr_firewall_vip – Configure virtual IP for IPv4.

Note

This plugin is part of the fortinet.fortimanager collection (version 1.0.5).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_vip.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device by allowing the user to [ add get set update ] the following apis.

  • /pm/config/adom/{adom}/obj/firewall/vip

  • /pm/config/global/obj/firewall/vip

  • Examples include all parameters and values need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
loose_validation
boolean
    Choices:
  • no
  • yes
Do parameter validation in a loose way
method
string / required
    Choices:
  • add
  • get
  • set
  • update
The method in request
params
list / elements=string
The parameters for each method
See full parameters list in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
url_params
dictionary
The parameters for each API request URL
Also see full URL parameters in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
workspace_locking_adom
string
the adom name to lock in case FortiManager running in workspace mode
it can be global or any other custom adom names
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • There are only three top-level parameters where ‘method’ is always required while other two ‘params’ and ‘url_params’ can be optional

  • Due to the complexity of fortimanager api schema, the validation is done out of Ansible native parameter validation procedure.

  • The syntax of OPTIONS doen not comply with the standard Ansible argument specification, but with the structure of fortimanager API schema, we need a trivial transformation when we are filling the ansible playbook

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP
     fmgr_firewall_vip:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [add, set, update]>
        url_params:
           adom: <value in [none, global, custom dom]>
        params:
           -
              data:
                -
                    arp-reply: <value in [disable, enable]>
                    color: <value of integer>
                    comment: <value of string>
                    dns-mapping-ttl: <value of integer>
                    dynamic_mapping:
                      -
                          _scope:
                            -
                                name: <value of string>
                                vdom: <value of string>
                          arp-reply: <value in [disable, enable]>
                          color: <value of integer>
                          comment: <value of string>
                          dns-mapping-ttl: <value of integer>
                          extaddr: <value of string>
                          extintf: <value of string>
                          extip: <value of string>
                          extport: <value of string>
                          gratuitous-arp-interval: <value of integer>
                          http-cookie-age: <value of integer>
                          http-cookie-domain: <value of string>
                          http-cookie-domain-from-host: <value in [disable, enable]>
                          http-cookie-generation: <value of integer>
                          http-cookie-path: <value of string>
                          http-cookie-share: <value in [disable, same-ip]>
                          http-ip-header: <value in [disable, enable]>
                          http-ip-header-name: <value of string>
                          http-multiplex: <value in [disable, enable]>
                          https-cookie-secure: <value in [disable, enable]>
                          id: <value of integer>
                          ldb-method: <value in [static, round-robin, weighted, ...]>
                          mapped-addr: <value of string>
                          mappedip:
                            - <value of string>
                          mappedport: <value of string>
                          max-embryonic-connections: <value of integer>
                          monitor:
                            - <value of string>
                          nat-source-vip: <value in [disable, enable]>
                          outlook-web-access: <value in [disable, enable]>
                          persistence: <value in [none, http-cookie, ssl-session-id]>
                          portforward: <value in [disable, enable]>
                          portmapping-type: <value in [1-to-1, m-to-n]>
                          protocol: <value in [tcp, udp, sctp, ...]>
                          realservers:
                            -
                                client-ip:
                                  - <value of string>
                                healthcheck: <value in [disable, enable, vip]>
                                holddown-interval: <value of integer>
                                http-host: <value of string>
                                ip: <value of string>
                                max-connections: <value of integer>
                                monitor: <value of string>
                                port: <value of integer>
                                seq: <value of integer>
                                status: <value in [active, standby, disable]>
                                weight: <value of integer>
                          server-type: <value in [http, https, ssl, ...]>
                          service: <value of string>
                          src-filter:
                            - <value of string>
                          srcintf-filter:
                            - <value of string>
                          ssl-algorithm: <value in [high, medium, low, ...]>
                          ssl-certificate: <value of string>
                          ssl-cipher-suites:
                            -
                                cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                                id: <value of integer>
                                versions:
                                  - <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                          ssl-client-fallback: <value in [disable, enable]>
                          ssl-client-renegotiation: <value in [deny, allow, secure]>
                          ssl-client-session-state-max: <value of integer>
                          ssl-client-session-state-timeout: <value of integer>
                          ssl-client-session-state-type: <value in [disable, time, count, ...]>
                          ssl-dh-bits: <value in [768, 1024, 1536, ...]>
                          ssl-hpkp: <value in [disable, enable, report-only]>
                          ssl-hpkp-age: <value of integer>
                          ssl-hpkp-backup: <value of string>
                          ssl-hpkp-include-subdomains: <value in [disable, enable]>
                          ssl-hpkp-primary: <value of string>
                          ssl-hpkp-report-uri: <value of string>
                          ssl-hsts: <value in [disable, enable]>
                          ssl-hsts-age: <value of integer>
                          ssl-hsts-include-subdomains: <value in [disable, enable]>
                          ssl-http-location-conversion: <value in [disable, enable]>
                          ssl-http-match-host: <value in [disable, enable]>
                          ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                          ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                          ssl-mode: <value in [half, full]>
                          ssl-pfs: <value in [require, deny, allow]>
                          ssl-send-empty-frags: <value in [disable, enable]>
                          ssl-server-algorithm: <value in [high, low, medium, ...]>
                          ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                          ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                          ssl-server-session-state-max: <value of integer>
                          ssl-server-session-state-timeout: <value of integer>
                          ssl-server-session-state-type: <value in [disable, time, count, ...]>
                          type: <value in [static-nat, load-balance, server-load-balance, ...]>
                          uuid: <value of string>
                          weblogic-server: <value in [disable, enable]>
                          websphere-server: <value in [disable, enable]>
                    extaddr: <value of string>
                    extintf: <value of string>
                    extip: <value of string>
                    extport: <value of string>
                    gratuitous-arp-interval: <value of integer>
                    http-cookie-age: <value of integer>
                    http-cookie-domain: <value of string>
                    http-cookie-domain-from-host: <value in [disable, enable]>
                    http-cookie-generation: <value of integer>
                    http-cookie-path: <value of string>
                    http-cookie-share: <value in [disable, same-ip]>
                    http-ip-header: <value in [disable, enable]>
                    http-ip-header-name: <value of string>
                    http-multiplex: <value in [disable, enable]>
                    https-cookie-secure: <value in [disable, enable]>
                    id: <value of integer>
                    ldb-method: <value in [static, round-robin, weighted, ...]>
                    mapped-addr: <value of string>
                    mappedip:
                      - <value of string>
                    mappedport: <value of string>
                    max-embryonic-connections: <value of integer>
                    monitor: <value of string>
                    name: <value of string>
                    nat-source-vip: <value in [disable, enable]>
                    outlook-web-access: <value in [disable, enable]>
                    persistence: <value in [none, http-cookie, ssl-session-id]>
                    portforward: <value in [disable, enable]>
                    portmapping-type: <value in [1-to-1, m-to-n]>
                    protocol: <value in [tcp, udp, sctp, ...]>
                    realservers:
                      -
                          client-ip:
                            - <value of string>
                          healthcheck: <value in [disable, enable, vip]>
                          holddown-interval: <value of integer>
                          http-host: <value of string>
                          ip: <value of string>
                          max-connections: <value of integer>
                          monitor: <value of string>
                          port: <value of integer>
                          seq: <value of integer>
                          status: <value in [active, standby, disable]>
                          weight: <value of integer>
                    server-type: <value in [http, https, ssl, ...]>
                    service: <value of string>
                    src-filter:
                      - <value of string>
                    srcintf-filter: <value of string>
                    ssl-algorithm: <value in [high, medium, low, ...]>
                    ssl-certificate: <value of string>
                    ssl-cipher-suites:
                      -
                          cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                          id: <value of integer>
                          versions:
                            - <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                    ssl-client-fallback: <value in [disable, enable]>
                    ssl-client-renegotiation: <value in [deny, allow, secure]>
                    ssl-client-session-state-max: <value of integer>
                    ssl-client-session-state-timeout: <value of integer>
                    ssl-client-session-state-type: <value in [disable, time, count, ...]>
                    ssl-dh-bits: <value in [768, 1024, 1536, ...]>
                    ssl-hpkp: <value in [disable, enable, report-only]>
                    ssl-hpkp-age: <value of integer>
                    ssl-hpkp-backup: <value of string>
                    ssl-hpkp-include-subdomains: <value in [disable, enable]>
                    ssl-hpkp-primary: <value of string>
                    ssl-hpkp-report-uri: <value of string>
                    ssl-hsts: <value in [disable, enable]>
                    ssl-hsts-age: <value of integer>
                    ssl-hsts-include-subdomains: <value in [disable, enable]>
                    ssl-http-location-conversion: <value in [disable, enable]>
                    ssl-http-match-host: <value in [disable, enable]>
                    ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                    ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                    ssl-mode: <value in [half, full]>
                    ssl-pfs: <value in [require, deny, allow]>
                    ssl-send-empty-frags: <value in [disable, enable]>
                    ssl-server-algorithm: <value in [high, low, medium, ...]>
                    ssl-server-cipher-suites:
                      -
                          cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                          priority: <value of integer>
                          versions:
                            - <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                    ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                    ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                    ssl-server-session-state-max: <value of integer>
                    ssl-server-session-state-timeout: <value of integer>
                    ssl-server-session-state-type: <value in [disable, time, count, ...]>
                    type: <value in [static-nat, load-balance, server-load-balance, ...]>
                    uuid: <value of string>
                    weblogic-server: <value in [disable, enable]>
                    websphere-server: <value in [disable, enable]>

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP
     fmgr_firewall_vip:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [get]>
        url_params:
           adom: <value in [none, global, custom dom]>
        params:
           -
              attr: <value of string>
              fields:
                -
                   - <value in [arp-reply, color, comment, ...]>
              filter:
                - <value of string>
              get used: <value of integer>
              loadsub: <value of integer>
              option: <value in [count, object member, datasrc, ...]>
              range:
                - <value of integer>
              sortings:
                -
                    varidic.attr_name: <value in [1, -1]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
data
dictionary
always
The payload returned in the request

status
dictionary
always
The status of api request

url
string
always
The full url requested

Sample:
/sys/login/user


Authors

  • Frank Shen (@fshen01)

  • Link Zheng (@zhengl)