fortinet.fortimanager.fmgr_firewall_vip_obj – Configure virtual IP for IPv4.

Note

This plugin is part of the fortinet.fortimanager collection (version 1.0.5).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_vip_obj.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device by allowing the user to [ clone delete get move set update ] the following apis.

  • /pm/config/adom/{adom}/obj/firewall/vip/{vip}

  • /pm/config/global/obj/firewall/vip/{vip}

  • Examples include all parameters and values need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
loose_validation
boolean
    Choices:
  • no
  • yes
Do parameter validation in a loose way
method
string / required
    Choices:
  • clone
  • delete
  • get
  • move
  • set
  • update
The method in request
params
list / elements=string
The parameters for each method
See full parameters list in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
url_params
dictionary
The parameters for each API request URL
Also see full URL parameters in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
workspace_locking_adom
string
the adom name to lock in case FortiManager running in workspace mode
it can be global or any other custom adom names
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • There are only three top-level parameters where ‘method’ is always required while other two ‘params’ and ‘url_params’ can be optional

  • Due to the complexity of fortimanager api schema, the validation is done out of Ansible native parameter validation procedure.

  • The syntax of OPTIONS doen not comply with the standard Ansible argument specification, but with the structure of fortimanager API schema, we need a trivial transformation when we are filling the ansible playbook

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP/{VIP}
     fmgr_firewall_vip_obj:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [clone, set, update]>
        url_params:
           adom: <value in [none, global, custom dom]>
           vip: <value of string>
        params:
           -
              data:
                 arp-reply: <value in [disable, enable]>
                 color: <value of integer>
                 comment: <value of string>
                 dns-mapping-ttl: <value of integer>
                 dynamic_mapping:
                   -
                       _scope:
                         -
                             name: <value of string>
                             vdom: <value of string>
                       arp-reply: <value in [disable, enable]>
                       color: <value of integer>
                       comment: <value of string>
                       dns-mapping-ttl: <value of integer>
                       extaddr: <value of string>
                       extintf: <value of string>
                       extip: <value of string>
                       extport: <value of string>
                       gratuitous-arp-interval: <value of integer>
                       http-cookie-age: <value of integer>
                       http-cookie-domain: <value of string>
                       http-cookie-domain-from-host: <value in [disable, enable]>
                       http-cookie-generation: <value of integer>
                       http-cookie-path: <value of string>
                       http-cookie-share: <value in [disable, same-ip]>
                       http-ip-header: <value in [disable, enable]>
                       http-ip-header-name: <value of string>
                       http-multiplex: <value in [disable, enable]>
                       https-cookie-secure: <value in [disable, enable]>
                       id: <value of integer>
                       ldb-method: <value in [static, round-robin, weighted, ...]>
                       mapped-addr: <value of string>
                       mappedip:
                         - <value of string>
                       mappedport: <value of string>
                       max-embryonic-connections: <value of integer>
                       monitor:
                         - <value of string>
                       nat-source-vip: <value in [disable, enable]>
                       outlook-web-access: <value in [disable, enable]>
                       persistence: <value in [none, http-cookie, ssl-session-id]>
                       portforward: <value in [disable, enable]>
                       portmapping-type: <value in [1-to-1, m-to-n]>
                       protocol: <value in [tcp, udp, sctp, ...]>
                       realservers:
                         -
                             client-ip:
                               - <value of string>
                             healthcheck: <value in [disable, enable, vip]>
                             holddown-interval: <value of integer>
                             http-host: <value of string>
                             ip: <value of string>
                             max-connections: <value of integer>
                             monitor: <value of string>
                             port: <value of integer>
                             seq: <value of integer>
                             status: <value in [active, standby, disable]>
                             weight: <value of integer>
                       server-type: <value in [http, https, ssl, ...]>
                       service: <value of string>
                       src-filter:
                         - <value of string>
                       srcintf-filter:
                         - <value of string>
                       ssl-algorithm: <value in [high, medium, low, ...]>
                       ssl-certificate: <value of string>
                       ssl-cipher-suites:
                         -
                             cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                             id: <value of integer>
                             versions:
                               - <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                       ssl-client-fallback: <value in [disable, enable]>
                       ssl-client-renegotiation: <value in [deny, allow, secure]>
                       ssl-client-session-state-max: <value of integer>
                       ssl-client-session-state-timeout: <value of integer>
                       ssl-client-session-state-type: <value in [disable, time, count, ...]>
                       ssl-dh-bits: <value in [768, 1024, 1536, ...]>
                       ssl-hpkp: <value in [disable, enable, report-only]>
                       ssl-hpkp-age: <value of integer>
                       ssl-hpkp-backup: <value of string>
                       ssl-hpkp-include-subdomains: <value in [disable, enable]>
                       ssl-hpkp-primary: <value of string>
                       ssl-hpkp-report-uri: <value of string>
                       ssl-hsts: <value in [disable, enable]>
                       ssl-hsts-age: <value of integer>
                       ssl-hsts-include-subdomains: <value in [disable, enable]>
                       ssl-http-location-conversion: <value in [disable, enable]>
                       ssl-http-match-host: <value in [disable, enable]>
                       ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                       ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                       ssl-mode: <value in [half, full]>
                       ssl-pfs: <value in [require, deny, allow]>
                       ssl-send-empty-frags: <value in [disable, enable]>
                       ssl-server-algorithm: <value in [high, low, medium, ...]>
                       ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                       ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                       ssl-server-session-state-max: <value of integer>
                       ssl-server-session-state-timeout: <value of integer>
                       ssl-server-session-state-type: <value in [disable, time, count, ...]>
                       type: <value in [static-nat, load-balance, server-load-balance, ...]>
                       uuid: <value of string>
                       weblogic-server: <value in [disable, enable]>
                       websphere-server: <value in [disable, enable]>
                 extaddr: <value of string>
                 extintf: <value of string>
                 extip: <value of string>
                 extport: <value of string>
                 gratuitous-arp-interval: <value of integer>
                 http-cookie-age: <value of integer>
                 http-cookie-domain: <value of string>
                 http-cookie-domain-from-host: <value in [disable, enable]>
                 http-cookie-generation: <value of integer>
                 http-cookie-path: <value of string>
                 http-cookie-share: <value in [disable, same-ip]>
                 http-ip-header: <value in [disable, enable]>
                 http-ip-header-name: <value of string>
                 http-multiplex: <value in [disable, enable]>
                 https-cookie-secure: <value in [disable, enable]>
                 id: <value of integer>
                 ldb-method: <value in [static, round-robin, weighted, ...]>
                 mapped-addr: <value of string>
                 mappedip:
                   - <value of string>
                 mappedport: <value of string>
                 max-embryonic-connections: <value of integer>
                 monitor: <value of string>
                 name: <value of string>
                 nat-source-vip: <value in [disable, enable]>
                 outlook-web-access: <value in [disable, enable]>
                 persistence: <value in [none, http-cookie, ssl-session-id]>
                 portforward: <value in [disable, enable]>
                 portmapping-type: <value in [1-to-1, m-to-n]>
                 protocol: <value in [tcp, udp, sctp, ...]>
                 realservers:
                   -
                       client-ip:
                         - <value of string>
                       healthcheck: <value in [disable, enable, vip]>
                       holddown-interval: <value of integer>
                       http-host: <value of string>
                       ip: <value of string>
                       max-connections: <value of integer>
                       monitor: <value of string>
                       port: <value of integer>
                       seq: <value of integer>
                       status: <value in [active, standby, disable]>
                       weight: <value of integer>
                 server-type: <value in [http, https, ssl, ...]>
                 service: <value of string>
                 src-filter:
                   - <value of string>
                 srcintf-filter: <value of string>
                 ssl-algorithm: <value in [high, medium, low, ...]>
                 ssl-certificate: <value of string>
                 ssl-cipher-suites:
                   -
                       cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                       id: <value of integer>
                       versions:
                         - <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-client-fallback: <value in [disable, enable]>
                 ssl-client-renegotiation: <value in [deny, allow, secure]>
                 ssl-client-session-state-max: <value of integer>
                 ssl-client-session-state-timeout: <value of integer>
                 ssl-client-session-state-type: <value in [disable, time, count, ...]>
                 ssl-dh-bits: <value in [768, 1024, 1536, ...]>
                 ssl-hpkp: <value in [disable, enable, report-only]>
                 ssl-hpkp-age: <value of integer>
                 ssl-hpkp-backup: <value of string>
                 ssl-hpkp-include-subdomains: <value in [disable, enable]>
                 ssl-hpkp-primary: <value of string>
                 ssl-hpkp-report-uri: <value of string>
                 ssl-hsts: <value in [disable, enable]>
                 ssl-hsts-age: <value of integer>
                 ssl-hsts-include-subdomains: <value in [disable, enable]>
                 ssl-http-location-conversion: <value in [disable, enable]>
                 ssl-http-match-host: <value in [disable, enable]>
                 ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-mode: <value in [half, full]>
                 ssl-pfs: <value in [require, deny, allow]>
                 ssl-send-empty-frags: <value in [disable, enable]>
                 ssl-server-algorithm: <value in [high, low, medium, ...]>
                 ssl-server-cipher-suites:
                   -
                       cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                       priority: <value of integer>
                       versions:
                         - <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-server-session-state-max: <value of integer>
                 ssl-server-session-state-timeout: <value of integer>
                 ssl-server-session-state-type: <value in [disable, time, count, ...]>
                 type: <value in [static-nat, load-balance, server-load-balance, ...]>
                 uuid: <value of string>
                 weblogic-server: <value in [disable, enable]>
                 websphere-server: <value in [disable, enable]>

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP/{VIP}
     fmgr_firewall_vip_obj:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [get]>
        url_params:
           adom: <value in [none, global, custom dom]>
           vip: <value of string>
        params:
           -
              option: <value in [object member, chksum, datasrc]>

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP/{VIP}
     fmgr_firewall_vip_obj:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [move]>
        url_params:
           adom: <value in [none, global, custom dom]>
           vip: <value of string>
        params:
           -
              option: <value in [before, after]>
              target: <value of string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
data
dictionary
always
The payload returned in the request

status
dictionary
always
The status of api request

url
string
always
The full url requested

Sample:
/sys/login/user


Authors

  • Frank Shen (@fshen01)

  • Link Zheng (@zhengl)