fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate¶
New in version 2.8.
Synopsis¶
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
Requirements¶
The below requirements are needed on the host that executes this module.
fortiosapi>=0.9.8
Parameters¶
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||||
|
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||||
|
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||||
|
username
-
/ required
|
FortiOS or FortiGate username.
|
|||||
|
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||||
|
vpn_ssl_web_portal
-
|
Default: null
|
Portal.
|
||||
|
allow-user-access
-
|
|
Allow user access to SSL-VPN applications.
|
||||
|
auto-connect
-
|
|
Enable/disable automatic connect by client when system is up.
|
||||
|
bookmark-group
-
|
Portal bookmark group.
|
|||||
|
bookmarks
-
|
Bookmark table.
|
|||||
|
additional-params
-
|
Additional parameters.
|
|||||
|
apptype
-
|
|
Application type.
|
||||
|
description
-
|
Description.
|
|||||
|
folder
-
|
Network shared file folder parameter.
|
|||||
|
form-data
-
|
Form data.
|
|||||
|
name
-
/ required
|
Name.
|
|||||
|
value
-
|
Value.
|
|||||
|
host
-
|
Host name/IP parameter.
|
|||||
|
listening-port
-
|
Listening port (0 - 65535).
|
|||||
|
load-balancing-info
-
|
The load balancing information or cookie which should be provided to the connection broker.
|
|||||
|
logon-password
-
|
Logon password.
|
|||||
|
logon-user
-
|
Logon user.
|
|||||
|
name
-
/ required
|
Bookmark name.
|
|||||
|
port
-
|
Remote port.
|
|||||
|
preconnection-blob
-
|
An arbitrary string which identifies the RDP source.
|
|||||
|
preconnection-id
-
|
The numeric ID of the RDP source (0-2147483648).
|
|||||
|
remote-port
-
|
Remote port (0 - 65535).
|
|||||
|
security
-
|
|
Security mode for RDP connection.
|
||||
|
server-layout
-
|
|
Server side keyboard layout.
|
||||
|
show-status-window
-
|
|
Enable/disable showing of status window.
|
||||
|
sso
-
|
|
Single Sign-On.
|
||||
|
sso-credential
-
|
|
Single sign-on credentials.
|
||||
|
sso-credential-sent-once
-
|
|
Single sign-on credentials are only sent once to remote server.
|
||||
|
sso-password
-
|
SSO password.
|
|||||
|
sso-username
-
|
SSO user name.
|
|||||
|
url
-
|
URL parameter.
|
|||||
|
name
-
/ required
|
Bookmark group name.
|
|||||
|
custom-lang
-
|
Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name.
|
|||||
|
customize-forticlient-download-url
-
|
|
Enable support of customized download URL for FortiClient.
|
||||
|
display-bookmark
-
|
|
Enable to display the web portal bookmark widget.
|
||||
|
display-connection-tools
-
|
|
Enable to display the web portal connection tools widget.
|
||||
|
display-history
-
|
|
Enable to display the web portal user login history widget.
|
||||
|
display-status
-
|
|
Enable to display the web portal status widget.
|
||||
|
dns-server1
-
|
IPv4 DNS server 1.
|
|||||
|
dns-server2
-
|
IPv4 DNS server 2.
|
|||||
|
dns-suffix
-
|
DNS suffix.
|
|||||
|
exclusive-routing
-
|
|
Enable/disable all traffic go through tunnel only.
|
||||
|
forticlient-download
-
|
|
Enable/disable download option for FortiClient.
|
||||
|
forticlient-download-method
-
|
|
FortiClient download method.
|
||||
|
heading
-
|
Web portal heading message.
|
|||||
|
hide-sso-credential
-
|
|
Enable to prevent SSO credential being sent to client.
|
||||
|
host-check
-
|
|
Type of host checking performed on endpoints.
|
||||
|
host-check-interval
-
|
Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
|
|||||
|
host-check-policy
-
|
One or more policies to require the endpoint to have specific security software.
|
|||||
|
name
-
/ required
|
Host check software list name. Source vpn.ssl.web.host-check-software.name.
|
|||||
|
ip-mode
-
|
|
Method by which users of this SSL-VPN tunnel obtain IP addresses.
|
||||
|
ip-pools
-
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
|
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||||
|
ipv6-dns-server1
-
|
IPv6 DNS server 1.
|
|||||
|
ipv6-dns-server2
-
|
IPv6 DNS server 2.
|
|||||
|
ipv6-exclusive-routing
-
|
|
Enable/disable all IPv6 traffic go through tunnel only.
|
||||
|
ipv6-pools
-
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
|
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||||
|
ipv6-service-restriction
-
|
|
Enable/disable IPv6 tunnel service restriction.
|
||||
|
ipv6-split-tunneling
-
|
|
Enable/disable IPv6 split tunneling.
|
||||
|
ipv6-split-tunneling-routing-address
-
|
IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
|
|||||
|
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||||
|
ipv6-tunnel-mode
-
|
|
Enable/disable IPv6 SSL-VPN tunnel mode.
|
||||
|
ipv6-wins-server1
-
|
IPv6 WINS server 1.
|
|||||
|
ipv6-wins-server2
-
|
IPv6 WINS server 2.
|
|||||
|
keep-alive
-
|
|
Enable/disable automatic reconnect for FortiClient connections.
|
||||
|
limit-user-logins
-
|
|
Enable to limit each user to one SSL-VPN session at a time.
|
||||
|
mac-addr-action
-
|
|
Client MAC address action.
|
||||
|
mac-addr-check
-
|
|
Enable/disable MAC address host checking.
|
||||
|
mac-addr-check-rule
-
|
Client MAC address check rule.
|
|||||
|
mac-addr-list
-
|
Client MAC address list.
|
|||||
|
addr
-
/ required
|
Client MAC address.
|
|||||
|
mac-addr-mask
-
|
Client MAC address mask.
|
|||||
|
name
-
/ required
|
Client MAC address check rule name.
|
|||||
|
macos-forticlient-download-url
-
|
Download URL for Mac FortiClient.
|
|||||
|
name
-
/ required
|
Portal name.
|
|||||
|
os-check
-
|
|
Enable to let the FortiGate decide action based on client OS.
|
||||
|
os-check-list
-
|
SSL VPN OS checks.
|
|||||
|
action
-
|
|
OS check options.
|
||||
|
latest-patch-level
-
|
Latest OS patch level.
|
|||||
|
name
-
/ required
|
Name.
|
|||||
|
tolerance
-
|
OS patch level tolerance.
|
|||||
|
redir-url
-
|
Client login redirect URL.
|
|||||
|
save-password
-
|
|
Enable/disable FortiClient saving the user's password.
|
||||
|
service-restriction
-
|
|
Enable/disable tunnel service restriction.
|
||||
|
skip-check-for-unsupported-browser
-
|
|
Enable to skip host check if browser does not support it.
|
||||
|
skip-check-for-unsupported-os
-
|
|
Enable to skip host check if client OS does not support it.
|
||||
|
smb-ntlmv1-auth
-
|
|
Enable support of NTLMv1 for Samba authentication.
|
||||
|
smbv1
-
|
|
Enable/disable support of SMBv1 for Samba.
|
||||
|
split-dns
-
|
Split DNS for SSL VPN.
|
|||||
|
dns-server1
-
|
DNS server 1.
|
|||||
|
dns-server2
-
|
DNS server 2.
|
|||||
|
domains
-
|
Split DNS domains used for SSL-VPN clients separated by comma(,).
|
|||||
|
id
-
/ required
|
ID.
|
|||||
|
ipv6-dns-server1
-
|
IPv6 DNS server 1.
|
|||||
|
ipv6-dns-server2
-
|
IPv6 DNS server 2.
|
|||||
|
split-tunneling
-
|
|
Enable/disable IPv4 split tunneling.
|
||||
|
split-tunneling-routing-address
-
|
IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
|
|||||
|
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||||
|
state
-
|
|
Indicates whether to create or remove the object
|
||||
|
theme
-
|
|
Web portal color scheme.
|
||||
|
tunnel-mode
-
|
|
Enable/disable IPv4 SSL-VPN tunnel mode.
|
||||
|
user-bookmark
-
|
|
Enable to allow web portal users to create their own bookmarks.
|
||||
|
user-group-bookmark
-
|
|
Enable to allow web portal users to create bookmarks for all users in the same user group.
|
||||
|
web-mode
-
|
|
Enable/disable SSL VPN web mode.
|
||||
|
windows-forticlient-download-url
-
|
Download URL for Windows FortiClient.
|
|||||
|
wins-server1
-
|
IPv4 WINS server 1.
|
|||||
|
wins-server2
-
|
IPv4 WINS server 1.
|
|||||
Notes¶
Note
Requires fortiosapi library developed by Fortinet
Run as a local_action in your playbook
Examples¶
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Portal.
fortios_vpn_ssl_web_portal:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
vpn_ssl_web_portal:
state: "present"
allow-user-access: "web"
auto-connect: "enable"
bookmark-group:
-
bookmarks:
-
additional-params: "<your_own_value>"
apptype: "citrix"
description: "<your_own_value>"
folder: "<your_own_value>"
form-data:
-
name: "default_name_12"
value: "<your_own_value>"
host: "<your_own_value>"
listening-port: "15"
load-balancing-info: "<your_own_value>"
logon-password: "<your_own_value>"
logon-user: "<your_own_value>"
name: "default_name_19"
port: "20"
preconnection-blob: "<your_own_value>"
preconnection-id: "22"
remote-port: "23"
security: "rdp"
server-layout: "de-de-qwertz"
show-status-window: "enable"
sso: "disable"
sso-credential: "sslvpn-login"
sso-credential-sent-once: "enable"
sso-password: "<your_own_value>"
sso-username: "<your_own_value>"
url: "myurl.com"
name: "default_name_33"
custom-lang: "<your_own_value> (source system.custom-language.name)"
customize-forticlient-download-url: "enable"
display-bookmark: "enable"
display-connection-tools: "enable"
display-history: "enable"
display-status: "enable"
dns-server1: "<your_own_value>"
dns-server2: "<your_own_value>"
dns-suffix: "<your_own_value>"
exclusive-routing: "enable"
forticlient-download: "enable"
forticlient-download-method: "direct"
heading: "<your_own_value>"
hide-sso-credential: "enable"
host-check: "none"
host-check-interval: "49"
host-check-policy:
-
name: "default_name_51 (source vpn.ssl.web.host-check-software.name)"
ip-mode: "range"
ip-pools:
-
name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)"
ipv6-dns-server1: "<your_own_value>"
ipv6-dns-server2: "<your_own_value>"
ipv6-exclusive-routing: "enable"
ipv6-pools:
-
name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6-service-restriction: "enable"
ipv6-split-tunneling: "enable"
ipv6-split-tunneling-routing-address:
-
name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6-tunnel-mode: "enable"
ipv6-wins-server1: "<your_own_value>"
ipv6-wins-server2: "<your_own_value>"
keep-alive: "enable"
limit-user-logins: "enable"
mac-addr-action: "allow"
mac-addr-check: "enable"
mac-addr-check-rule:
-
mac-addr-list:
-
addr: "<your_own_value>"
mac-addr-mask: "74"
name: "default_name_75"
macos-forticlient-download-url: "<your_own_value>"
name: "default_name_77"
os-check: "enable"
os-check-list:
-
action: "deny"
latest-patch-level: "<your_own_value>"
name: "default_name_82"
tolerance: "83"
redir-url: "<your_own_value>"
save-password: "enable"
service-restriction: "enable"
skip-check-for-unsupported-browser: "enable"
skip-check-for-unsupported-os: "enable"
smb-ntlmv1-auth: "enable"
smbv1: "enable"
split-dns:
-
dns-server1: "<your_own_value>"
dns-server2: "<your_own_value>"
domains: "<your_own_value>"
id: "95"
ipv6-dns-server1: "<your_own_value>"
ipv6-dns-server2: "<your_own_value>"
split-tunneling: "enable"
split-tunneling-routing-address:
-
name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)"
theme: "blue"
tunnel-mode: "enable"
user-bookmark: "enable"
user-group-bookmark: "enable"
web-mode: "enable"
windows-forticlient-download-url: "<your_own_value>"
wins-server1: "<your_own_value>"
wins-server2: "<your_own_value>"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]