fmgr_secprof_proxy – Manage proxy security profiles in FortiManager

New in version 2.8.

Synopsis

  • Manage proxy security profiles for FortiGates via FortiManager using the FMG API with playbooks

Parameters

Parameter Choices/Defaults Comments
adom
-
Default:
"root"
The ADOM the configuration should belong to.
header_client_ip
-
    Choices:
  • pass
  • add
  • remove
Actions to take on the HTTP client-IP header in forwarded requests| forwards (pass), adds, or removes the HTTP
header.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
header_front_end_https
-
    Choices:
  • pass
  • add
  • remove
Action to take on the HTTP front-end-HTTPS header in forwarded requests| forwards (pass), adds, or removes the
HTTP header.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
header_via_request
-
    Choices:
  • pass
  • add
  • remove
Action to take on the HTTP via header in forwarded requests| forwards (pass), adds, or removes the HTTP header
.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
header_via_response
-
    Choices:
  • pass
  • add
  • remove
Action to take on the HTTP via header in forwarded responses| forwards (pass), adds, or removes the HTTP heade
r.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
header_x_authenticated_groups
-
    Choices:
  • pass
  • add
  • remove
Action to take on the HTTP x-authenticated-groups header in forwarded requests| forwards (pass), adds, or remo
ves the HTTP header.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
header_x_authenticated_user
-
    Choices:
  • pass
  • add
  • remove
Action to take on the HTTP x-authenticated-user header in forwarded requests| forwards (pass), adds, or remove
s the HTTP header.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
header_x_forwarded_for
-
    Choices:
  • pass
  • add
  • remove
Action to take on the HTTP x-forwarded-for header in forwarded requests| forwards (pass), adds, or removes the
HTTP header.
choice | pass | Forward the same HTTP header.
choice | add | Add the HTTP header.
choice | remove | Remove the HTTP header.
headers
-
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
headers_action
-
    Choices:
  • add-to-request
  • add-to-response
  • remove-from-request
  • remove-from-response
Action when HTTP the header forwarded.
choice | add-to-request | Add the HTTP header to request.
choice | add-to-response | Add the HTTP header to response.
choice | remove-from-request | Remove the HTTP header from request.
choice | remove-from-response | Remove the HTTP header from response.
headers_content
-
HTTP header's content.
headers_name
-
HTTP forwarded header name.
log_header_change
-
    Choices:
  • disable
  • enable
Enable/disable logging HTTP header changes.
choice | disable | Disable Enable/disable logging HTTP header changes.
choice | enable | Enable Enable/disable logging HTTP header changes.
mode
-
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
name
-
Profile name.
strip_encoding
-
    Choices:
  • disable
  • enable
Enable/disable stripping unsupported encoding from the request header.
choice | disable | Disable stripping of unsupported encoding from the request header.
choice | enable | Enable stripping of unsupported encoding from the request header.

Examples

- name: DELETE Profile
  fmgr_secprof_proxy:
    name: "Ansible_Web_Proxy_Profile"
    mode: "delete"

- name: CREATE Profile
  fmgr_secprof_proxy:
    name: "Ansible_Web_Proxy_Profile"
    mode: "set"
    header_client_ip: "pass"
    header_front_end_https: "add"
    header_via_request: "remove"
    header_via_response: "pass"
    header_x_authenticated_groups: "add"
    header_x_authenticated_user: "remove"
    strip_encoding: "enable"
    log_header_change: "enable"
    header_x_forwarded_for: "pass"
    headers_action: "add-to-request"
    headers_content: "test"
    headers_name: "test_header"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.