You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

fortinet.fortimanager.fmgr_vpnsslweb_portal module – Portal.

Note

This module is part of the fortinet.fortimanager collection (version 2.1.5).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_vpnsslweb_portal.

New in version 2.10: of fortinet.fortimanager

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
adom string / required	the parameter (adom) in requested url
bypass_validation boolean	only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters Choices: no ← (default) yes
enable_log boolean	Enable/Disable logging for task Choices: no ← (default) yes
proposed_method string	The overridden method for the underlying Json RPC request Choices: update set add
rc_failed list / elements=string	the rc codes list with which the conditions to fail will be overriden
rc_succeeded list / elements=string	the rc codes list with which the conditions to succeed will be overriden
state string / required	the directive to create, update or delete an object Choices: present absent
vpnsslweb_portal dictionary	the top level parameters set
allow-user-access list / elements=string	Allow user access to SSL-VPN applications. Choices: web ftp telnet smb vnc rdp ssh ping citrix portforward sftp
auto-connect string	Enable/disable automatic connect by client when system is up. Choices: disable enable
bookmark-group list / elements=string	Bookmark-Group.
bookmarks list / elements=string	Bookmarks.
additional-params string	Additional parameters.
apptype string	Application type. Choices: web telnet ssh ftp smb vnc rdp citrix rdpnative portforward sftp
description string	Description.
domain string	Login domain.
folder string	Network shared file folder parameter.
form-data list / elements=string	Form-Data.
name string	Name.
value string	Value.
host string	Host name/IP parameter.
listening-port integer	Listening port (0 - 65535).
load-balancing-info string	The load balancing information or cookie which should be provided to the connection broker.
logon-password string	Logon password.
logon-user string	Logon user.
name string	Bookmark name.
port integer	Remote port.
preconnection-blob string	An arbitrary string which identifies the RDP source.
preconnection-id integer	The numeric ID of the RDP source (0-2147483648).
remote-port integer	Remote port (0 - 65535).
security string	Security mode for RDP connection. Choices: rdp nla tls any
server-layout string	Server side keyboard layout. Choices: en-us-qwerty de-de-qwertz fr-fr-azerty it-it-qwerty sv-se-qwerty failsafe en-gb-qwerty es-es-qwerty fr-ch-qwertz ja-jp-qwerty pt-br-qwerty tr-tr-qwerty fr-ca-qwerty
show-status-window string	Enable/disable showing of status window. Choices: disable enable
sso string	Single Sign-On. Choices: disable static auto
sso-credential string	Single sign-on credentials. Choices: sslvpn-login alternative
sso-credential-sent-once string	Single sign-on credentials are only sent once to remote server. Choices: disable enable
sso-password string	SSO password.
sso-username string	SSO user name.
url string	URL parameter.
name string	Bookmark group name.
custom-lang string	Change the web portal display language. Overrides config system global set language. You can use config system custom-language…
customize-forticlient-download-url string	Enable support of customized download URL for FortiClient. Choices: disable enable
display-bookmark string	Enable to display the web portal bookmark widget. Choices: disable enable
display-connection-tools string	Enable to display the web portal connection tools widget. Choices: disable enable
display-history string	Enable to display the web portal user login history widget. Choices: disable enable
display-status string	Enable to display the web portal status widget. Choices: disable enable
dns-server1 string	IPv4 DNS server 1.
dns-server2 string	IPv4 DNS server 2.
dns-suffix string	DNS suffix.
exclusive-routing string	Enable/disable all traffic go through tunnel only. Choices: disable enable
forticlient-download string	Enable/disable download option for FortiClient. Choices: disable enable
forticlient-download-method string	FortiClient download method. Choices: direct ssl-vpn
heading string	Web portal heading message.
hide-sso-credential string	Enable to prevent SSO credential being sent to client. Choices: disable enable
host-check string	Type of host checking performed on endpoints. Choices: none av fw av-fw custom
host-check-interval integer	Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
host-check-policy string	One or more policies to require the endpoint to have specific security software.
ip-mode string	Method by which users of this SSL-VPN tunnel obtain IP addresses. Choices: range user-group
ip-pools string	IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
ipv6-dns-server1 string	IPv6 DNS server 1.
ipv6-dns-server2 string	IPv6 DNS server 2.
ipv6-exclusive-routing string	Enable/disable all IPv6 traffic go through tunnel only. Choices: disable enable
ipv6-pools string	IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
ipv6-service-restriction string	Enable/disable IPv6 tunnel service restriction. Choices: disable enable
ipv6-split-tunneling string	Enable/disable IPv6 split tunneling. Choices: disable enable
ipv6-split-tunneling-routing-address string	IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneli…
ipv6-split-tunneling-routing-negate string	Enable to negate IPv6 split tunneling routing address. Choices: disable enable
ipv6-tunnel-mode string	Enable/disable IPv6 SSL-VPN tunnel mode. Choices: disable enable
ipv6-wins-server1 string	IPv6 WINS server 1.
ipv6-wins-server2 string	IPv6 WINS server 2.
keep-alive string	Enable/disable automatic reconnect for FortiClient connections. Choices: disable enable
limit-user-logins string	Enable to limit each user to one SSL-VPN session at a time. Choices: disable enable
mac-addr-action string	Client MAC address action. Choices: deny allow
mac-addr-check string	Enable/disable MAC address host checking. Choices: disable enable
mac-addr-check-rule list / elements=string	Mac-Addr-Check-Rule.
mac-addr-list string	Client MAC address list.
mac-addr-mask integer	Client MAC address mask.
name string	Client MAC address check rule name.
macos-forticlient-download-url string	Download URL for Mac FortiClient.
name string	Portal name.
os-check string	Enable to let the FortiGate decide action based on client OS. Choices: disable enable
os-check-list dictionary	no description
action string	OS check options. Choices: allow check-up-to-date deny
latest-patch-level string	Latest OS patch level.
name string	Name.
tolerance integer	OS patch level tolerance.
prefer-ipv6-dns string	prefer to query IPv6 dns first if enabled. Choices: disable enable
redir-url string	Client login redirect URL.
rewrite-ip-uri-ui string	Rewrite contents for URI contains IP and “/ui/”. (default = disable) Choices: disable enable
save-password string	Enable/disable FortiClient saving the users password. Choices: disable enable
service-restriction string	Enable/disable tunnel service restriction. Choices: disable enable
skip-check-for-browser string	Enable to skip host check for browser support. Choices: disable enable
skip-check-for-unsupported-browser string	Enable to skip host check if browser does not support it. Choices: disable enable
skip-check-for-unsupported-os string	Enable to skip host check if client OS does not support it. Choices: disable enable
smb-max-version string	SMB maximum client protocol version. Choices: smbv1 smbv2 smbv3
smb-min-version string	SMB minimum client protocol version. Choices: smbv1 smbv2 smbv3
smb-ntlmv1-auth string	Enable support of NTLMv1 for Samba authentication. Choices: disable enable
smbv1 string	Enable/disable support of SMBv1 for Samba. Choices: disable enable
split-dns list / elements=string	Split-Dns.
dns-server1 string	DNS server 1.
dns-server2 string	DNS server 2.
domains string	Split DNS domains used for SSL-VPN clients separated by comma(,).
id integer	ID.
ipv6-dns-server1 string	IPv6 DNS server 1.
ipv6-dns-server2 string	IPv6 DNS server 2.
split-tunneling string	Enable/disable IPv4 split tunneling. Choices: disable enable
split-tunneling-routing-address string	IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneli…
split-tunneling-routing-negate string	Enable to negate split tunneling routing address. Choices: disable enable
theme string	Web portal color scheme. Choices: gray blue orange crimson steelblue darkgrey green melongene red mariner neutrino jade graphite dark-matter onyx eclipse
transform-backward-slashes string	Transform backward slashes to forward slashes in URLs. Choices: disable enable
tunnel-mode string	Enable/disable IPv4 SSL-VPN tunnel mode. Choices: disable enable
use-sdwan string	Use SD-WAN rules to get output interface. Choices: disable enable
user-bookmark string	Enable to allow web portal users to create their own bookmarks. Choices: disable enable
user-group-bookmark string	Enable to allow web portal users to create bookmarks for all users in the same user group. Choices: disable enable
web-mode string	Enable/disable SSL VPN web mode. Choices: disable enable
windows-forticlient-download-url string	Download URL for Windows FortiClient.
wins-server1 string	IPv4 WINS server 1.
wins-server2 string	IPv4 WINS server 1.
workspace_locking_adom string	the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout integer	the maximum time in seconds to wait for other user to release the workspace lock Default: 300

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Portal.
     fmgr_vpnsslweb_portal:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        vpnsslweb_portal:
           allow-user-access:
             - web
             - ftp
             - telnet
             - smb
             - vnc
             - rdp
             - ssh
             - ping
             - citrix
             - portforward
             - sftp
           auto-connect: <value in [disable, enable]>
           bookmark-group:
             -
                 bookmarks:
                   -
                       additional-params: <value of string>
                       apptype: <value in [web, telnet, ssh, ...]>
                       description: <value of string>
                       folder: <value of string>
                       form-data:
                         -
                             name: <value of string>
                             value: <value of string>
                       host: <value of string>
                       listening-port: <value of integer>
                       load-balancing-info: <value of string>
                       logon-password: <value of string>
                       logon-user: <value of string>
                       name: <value of string>
                       port: <value of integer>
                       preconnection-blob: <value of string>
                       preconnection-id: <value of integer>
                       remote-port: <value of integer>
                       security: <value in [rdp, nla, tls, ...]>
                       server-layout: <value in [en-us-qwerty, de-de-qwertz, fr-fr-azerty, ...]>
                       show-status-window: <value in [disable, enable]>
                       sso: <value in [disable, static, auto]>
                       sso-credential: <value in [sslvpn-login, alternative]>
                       sso-credential-sent-once: <value in [disable, enable]>
                       sso-password: <value of string>
                       sso-username: <value of string>
                       url: <value of string>
                       domain: <value of string>
                 name: <value of string>
           custom-lang: <value of string>
           customize-forticlient-download-url: <value in [disable, enable]>
           display-bookmark: <value in [disable, enable]>
           display-connection-tools: <value in [disable, enable]>
           display-history: <value in [disable, enable]>
           display-status: <value in [disable, enable]>
           dns-server1: <value of string>
           dns-server2: <value of string>
           dns-suffix: <value of string>
           exclusive-routing: <value in [disable, enable]>
           forticlient-download: <value in [disable, enable]>
           forticlient-download-method: <value in [direct, ssl-vpn]>
           heading: <value of string>
           hide-sso-credential: <value in [disable, enable]>
           host-check: <value in [none, av, fw, ...]>
           host-check-interval: <value of integer>
           host-check-policy: <value of string>
           ip-mode: <value in [range, user-group]>
           ip-pools: <value of string>
           ipv6-dns-server1: <value of string>
           ipv6-dns-server2: <value of string>
           ipv6-exclusive-routing: <value in [disable, enable]>
           ipv6-pools: <value of string>
           ipv6-service-restriction: <value in [disable, enable]>
           ipv6-split-tunneling: <value in [disable, enable]>
           ipv6-split-tunneling-routing-address: <value of string>
           ipv6-tunnel-mode: <value in [disable, enable]>
           ipv6-wins-server1: <value of string>
           ipv6-wins-server2: <value of string>
           keep-alive: <value in [disable, enable]>
           limit-user-logins: <value in [disable, enable]>
           mac-addr-action: <value in [deny, allow]>
           mac-addr-check: <value in [disable, enable]>
           mac-addr-check-rule:
             -
                 mac-addr-list: <value of string>
                 mac-addr-mask: <value of integer>
                 name: <value of string>
           macos-forticlient-download-url: <value of string>
           name: <value of string>
           os-check: <value in [disable, enable]>
           redir-url: <value of string>
           save-password: <value in [disable, enable]>
           service-restriction: <value in [disable, enable]>
           skip-check-for-unsupported-browser: <value in [disable, enable]>
           skip-check-for-unsupported-os: <value in [disable, enable]>
           smb-ntlmv1-auth: <value in [disable, enable]>
           smbv1: <value in [disable, enable]>
           split-dns:
             -
                 dns-server1: <value of string>
                 dns-server2: <value of string>
                 domains: <value of string>
                 id: <value of integer>
                 ipv6-dns-server1: <value of string>
                 ipv6-dns-server2: <value of string>
           split-tunneling: <value in [disable, enable]>
           split-tunneling-routing-address: <value of string>
           theme: <value in [gray, blue, orange, ...]>
           tunnel-mode: <value in [disable, enable]>
           user-bookmark: <value in [disable, enable]>
           user-group-bookmark: <value in [disable, enable]>
           web-mode: <value in [disable, enable]>
           windows-forticlient-download-url: <value of string>
           wins-server1: <value of string>
           wins-server2: <value of string>
           skip-check-for-browser: <value in [disable, enable]>
           smb-max-version: <value in [smbv1, smbv2, smbv3]>
           smb-min-version: <value in [smbv1, smbv2, smbv3]>
           transform-backward-slashes: <value in [disable, enable]>
           ipv6-split-tunneling-routing-negate: <value in [disable, enable]>
           split-tunneling-routing-negate: <value in [disable, enable]>
           os-check-list:
              action: <value in [allow, check-up-to-date, deny]>
              latest-patch-level: <value of string>
              name: <value of string>
              tolerance: <value of integer>
           use-sdwan: <value in [disable, enable]>
           prefer-ipv6-dns: <value in [disable, enable]>
           rewrite-ip-uri-ui: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
request_url string	The full url requested Returned: always Sample: “/sys/login/user”
response_code integer	The status of api request Returned: always Sample: 0
response_message string	The descriptive message of the api response Returned: always Sample: “OK.”

Authors

• Link Zheng (@chillancezen)

• Jie Xue (@JieX19)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

Issue Tracker Homepage Repository (Sources)