| Parameter |
Choices/Defaults |
Comments |
|
adom
string
|
Default:
"root"
|
The ADOM the configuration should belong to.
|
|
caname
string
|
|
CA certificate used by SSL Inspection.
|
|
comment
string
|
|
Optional comments.
|
|
ftps
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
ftps_allow_invalid_server_cert
string
|
|
When enabled, allows SSL sessions whose server certificate validation failed.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
|
ftps_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ftps_ports
string
|
|
Ports to use for scanning (1 - 65535, default = 443).
|
|
ftps_status
string
|
Choices:
- disable
- deep-inspection
|
Configure protocol inspection status.
choice | disable | Disable.
choice | deep-inspection | Full SSL inspection.
|
|
ftps_unsupported_ssl
string
|
Choices:
- bypass
- inspect
- block
|
Action based on the SSL encryption used being unsupported.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ftps_untrusted_cert
string
|
Choices:
- allow
- block
- ignore
|
Allow, ignore, or block the untrusted SSL session server certificate.
choice | allow | Allow the untrusted server certificate.
choice | block | Block the connection when an untrusted server certificate is detected.
choice | ignore | Always take the server certificate as trusted.
|
|
https
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
https_allow_invalid_server_cert
string
|
|
When enabled, allows SSL sessions whose server certificate validation failed.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
|
https_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
https_ports
string
|
|
Ports to use for scanning (1 - 65535, default = 443).
|
|
https_status
string
|
Choices:
- disable
- certificate-inspection
- deep-inspection
|
Configure protocol inspection status.
choice | disable | Disable.
choice | certificate-inspection | Inspect SSL handshake only.
choice | deep-inspection | Full SSL inspection.
|
|
https_unsupported_ssl
string
|
Choices:
- bypass
- inspect
- block
|
Action based on the SSL encryption used being unsupported.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
https_untrusted_cert
string
|
Choices:
- allow
- block
- ignore
|
Allow, ignore, or block the untrusted SSL session server certificate.
choice | allow | Allow the untrusted server certificate.
choice | block | Block the connection when an untrusted server certificate is detected.
choice | ignore | Always take the server certificate as trusted.
|
|
imaps
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
imaps_allow_invalid_server_cert
string
|
|
When enabled, allows SSL sessions whose server certificate validation failed.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
|
imaps_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
imaps_ports
string
|
|
Ports to use for scanning (1 - 65535, default = 443).
|
|
imaps_status
string
|
Choices:
- disable
- deep-inspection
|
Configure protocol inspection status.
choice | disable | Disable.
choice | deep-inspection | Full SSL inspection.
|
|
imaps_unsupported_ssl
string
|
Choices:
- bypass
- inspect
- block
|
Action based on the SSL encryption used being unsupported.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
imaps_untrusted_cert
string
|
Choices:
- allow
- block
- ignore
|
Allow, ignore, or block the untrusted SSL session server certificate.
choice | allow | Allow the untrusted server certificate.
choice | block | Block the connection when an untrusted server certificate is detected.
choice | ignore | Always take the server certificate as trusted.
|
|
mapi_over_https
string
|
|
Enable/disable inspection of MAPI over HTTPS.
choice | disable | Disable inspection of MAPI over HTTPS.
choice | enable | Enable inspection of MAPI over HTTPS.
|
|
mode
string
|
Choices:
add ← - set
- delete
- update
|
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
|
|
name
string
|
|
Name.
|
|
pop3s
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
pop3s_allow_invalid_server_cert
string
|
|
When enabled, allows SSL sessions whose server certificate validation failed.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
|
pop3s_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
pop3s_ports
string
|
|
Ports to use for scanning (1 - 65535, default = 443).
|
|
pop3s_status
string
|
Choices:
- disable
- deep-inspection
|
Configure protocol inspection status.
choice | disable | Disable.
choice | deep-inspection | Full SSL inspection.
|
|
pop3s_unsupported_ssl
string
|
Choices:
- bypass
- inspect
- block
|
Action based on the SSL encryption used being unsupported.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
pop3s_untrusted_cert
string
|
Choices:
- allow
- block
- ignore
|
Allow, ignore, or block the untrusted SSL session server certificate.
choice | allow | Allow the untrusted server certificate.
choice | block | Block the connection when an untrusted server certificate is detected.
choice | ignore | Always take the server certificate as trusted.
|
|
rpc_over_https
string
|
|
Enable/disable inspection of RPC over HTTPS.
choice | disable | Disable inspection of RPC over HTTPS.
choice | enable | Enable inspection of RPC over HTTPS.
|
|
server_cert
string
|
|
Certificate used by SSL Inspection to replace server certificate.
|
|
server_cert_mode
string
|
|
Re-sign or replace the server's certificate.
choice | re-sign | Multiple clients connecting to multiple servers.
choice | replace | Protect an SSL server.
|
|
smtps
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
smtps_allow_invalid_server_cert
string
|
|
When enabled, allows SSL sessions whose server certificate validation failed.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
|
smtps_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
smtps_ports
string
|
|
Ports to use for scanning (1 - 65535, default = 443).
|
|
smtps_status
string
|
Choices:
- disable
- deep-inspection
|
Configure protocol inspection status.
choice | disable | Disable.
choice | deep-inspection | Full SSL inspection.
|
|
smtps_unsupported_ssl
string
|
Choices:
- bypass
- inspect
- block
|
Action based on the SSL encryption used being unsupported.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
smtps_untrusted_cert
string
|
Choices:
- allow
- block
- ignore
|
Allow, ignore, or block the untrusted SSL session server certificate.
choice | allow | Allow the untrusted server certificate.
choice | block | Block the connection when an untrusted server certificate is detected.
choice | ignore | Always take the server certificate as trusted.
|
|
ssh
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
ssh_inspect_all
string
|
Choices:
- disable
- deep-inspection
|
Level of SSL inspection.
choice | disable | Disable.
choice | deep-inspection | Full SSL inspection.
|
|
ssh_ports
string
|
|
Ports to use for scanning (1 - 65535, default = 443).
|
|
ssh_ssh_algorithm
string
|
Choices:
- compatible
- high-encryption
|
Relative strength of encryption algorithms accepted during negotiation.
choice | compatible | Allow a broader set of encryption algorithms for best compatibility.
choice | high-encryption | Allow only AES-CTR, AES-GCM ciphers and high encryption algorithms.
|
|
ssh_ssh_policy_check
string
|
|
Enable/disable SSH policy check.
choice | disable | Disable SSH policy check.
choice | enable | Enable SSH policy check.
|
|
ssh_ssh_tun_policy_check
string
|
|
Enable/disable SSH tunnel policy check.
choice | disable | Disable SSH tunnel policy check.
choice | enable | Enable SSH tunnel policy check.
|
|
ssh_status
string
|
Choices:
- disable
- deep-inspection
|
Configure protocol inspection status.
choice | disable | Disable.
choice | deep-inspection | Full SSL inspection.
|
|
ssh_unsupported_version
string
|
|
Action based on SSH version being unsupported.
choice | block | Block.
choice | bypass | Bypass.
|
|
ssl
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
ssl_allow_invalid_server_cert
string
|
|
When enabled, allows SSL sessions whose server certificate validation failed.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
|
ssl_anomalies_log
string
|
|
Enable/disable logging SSL anomalies.
choice | disable | Disable logging SSL anomalies.
choice | enable | Enable logging SSL anomalies.
|
|
ssl_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_exempt
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
ssl_exempt_address
string
|
|
IPv4 address object.
|
|
ssl_exempt_address6
string
|
|
IPv6 address object.
|
|
ssl_exempt_fortiguard_category
string
|
|
FortiGuard category ID.
|
|
ssl_exempt_regex
string
|
|
Exempt servers by regular expression.
|
|
ssl_exempt_type
string
|
Choices:
- fortiguard-category
- address
- address6
- wildcard-fqdn
- regex
|
Type of address object (IPv4 or IPv6) or FortiGuard category.
choice | fortiguard-category | FortiGuard category.
choice | address | Firewall IPv4 address.
choice | address6 | Firewall IPv6 address.
choice | wildcard-fqdn | Fully Qualified Domain Name with wildcard characters.
choice | regex | Regular expression FQDN.
|
|
ssl_exempt_wildcard_fqdn
string
|
|
Exempt servers by wildcard FQDN.
|
|
ssl_exemptions_log
string
|
|
Enable/disable logging SSL exemptions.
choice | disable | Disable logging SSL exemptions.
choice | enable | Enable logging SSL exemptions.
|
|
ssl_inspect_all
string
|
Choices:
- disable
- certificate-inspection
- deep-inspection
|
Level of SSL inspection.
choice | disable | Disable.
choice | certificate-inspection | Inspect SSL handshake only.
choice | deep-inspection | Full SSL inspection.
|
|
ssl_server
string
|
|
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
|
|
ssl_server_ftps_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure during the FTPS handshake.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_server_https_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure during the HTTPS handshake.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_server_imaps_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure during the IMAPS handshake.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_server_ip
string
|
|
IPv4 address of the SSL server.
|
|
ssl_server_pop3s_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure during the POP3S handshake.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_server_smtps_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure during the SMTPS handshake.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_server_ssl_other_client_cert_request
string
|
Choices:
- bypass
- inspect
- block
|
Action based on client certificate request failure during an SSL protocol handshake.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_unsupported_ssl
string
|
Choices:
- bypass
- inspect
- block
|
Action based on the SSL encryption used being unsupported.
choice | bypass | Bypass.
choice | inspect | Inspect.
choice | block | Block.
|
|
ssl_untrusted_cert
string
|
Choices:
- allow
- block
- ignore
|
Allow, ignore, or block the untrusted SSL session server certificate.
choice | allow | Allow the untrusted server certificate.
choice | block | Block the connection when an untrusted server certificate is detected.
choice | ignore | Always take the server certificate as trusted.
|
|
untrusted_caname
string
|
|
Untrusted CA certificate used by SSL Inspection.
|
|
use_ssl_server
string
|
|
Enable/disable the use of SSL server table for SSL offloading.
choice | disable | Don't use SSL server configuration.
choice | enable | Use SSL server configuration.
|
|
whitelist
string
|
|
Enable/disable exempting servers by FortiGuard whitelist.
choice | disable | Disable setting.
choice | enable | Enable setting.
|
