community.network.fmgr_fwobj_vip – Manages Virtual IPs objects in FortiManager

Note

This plugin is part of the community.network collection.

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.fmgr_fwobj_vip.

Synopsis

  • Manages Virtual IP objects in FortiManager for IPv4

Parameters

Parameter Choices/Defaults Comments
adom
string
Default:
"root"
The ADOM the configuration should belong to.
arp_reply
string
    Choices:
  • disable
  • enable
Enable to respond to ARP requests for this virtual IP address. Enabled by default.
choice | disable | Disable ARP reply.
choice | enable | Enable ARP reply.
color
string
Color of icon on the GUI.
comment
string
Comment.
dns_mapping_ttl
string
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamic_mapping
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
dynamic_mapping_arp_reply
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_color
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_comment
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_dns_mapping_ttl
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extaddr
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extintf
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extip
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extport
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_gratuitous_arp_interval
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_age
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_domain
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_domain_from_host
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_http_cookie_generation
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_path
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_share
string
    Choices:
  • disable
  • same-ip
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | same-ip |
dynamic_mapping_http_ip_header
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_http_ip_header_name
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_multiplex
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_https_cookie_secure
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ldb_method
string
    Choices:
  • static
  • round-robin
  • weighted
  • least-session
  • least-rtt
  • first-alive
  • http-host
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | static |
choice | round-robin |
choice | weighted |
choice | least-session |
choice | least-rtt |
choice | first-alive |
choice | http-host |
dynamic_mapping_mapped_addr
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_mappedip
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_mappedport
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_max_embryonic_connections
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_monitor
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_nat_source_vip
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_outlook_web_access
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_persistence
string
    Choices:
  • none
  • http-cookie
  • ssl-session-id
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | none |
choice | http-cookie |
choice | ssl-session-id |
dynamic_mapping_portforward
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_portmapping_type
string
    Choices:
  • 1-to-1
  • m-to-n
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | 1-to-1 |
choice | m-to-n |
dynamic_mapping_protocol
string
    Choices:
  • tcp
  • udp
  • sctp
  • icmp
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | tcp |
choice | udp |
choice | sctp |
choice | icmp |
dynamic_mapping_realservers_client_ip
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_healthcheck
string
    Choices:
  • disable
  • enable
  • vip
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
choice | vip |
dynamic_mapping_realservers_holddown_interval
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_http_host
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_ip
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_max_connections
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_monitor
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_port
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_seq
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_status
string
    Choices:
  • active
  • standby
  • disable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | active |
choice | standby |
choice | disable |
dynamic_mapping_realservers_weight
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_server_type
string
    Choices:
  • http
  • https
  • ssl
  • tcp
  • udp
  • ip
  • imaps
  • pop3s
  • smtps
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | http |
choice | https |
choice | ssl |
choice | tcp |
choice | udp |
choice | ip |
choice | imaps |
choice | pop3s |
choice | smtps |
dynamic_mapping_service
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_src_filter
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_srcintf_filter
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_algorithm
string
    Choices:
  • high
  • medium
  • low
  • custom
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | high |
choice | medium |
choice | low |
choice | custom |
dynamic_mapping_ssl_certificate
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_cipher_suites_cipher
string
    Choices:
  • TLS-RSA-WITH-RC4-128-MD5
  • TLS-RSA-WITH-RC4-128-SHA
  • TLS-RSA-WITH-DES-CBC-SHA
  • TLS-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA
  • TLS-RSA-WITH-AES-256-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA256
  • TLS-RSA-WITH-AES-256-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-RSA-WITH-SEED-CBC-SHA
  • TLS-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-RSA-WITH-DES-CBC-SHA
  • TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-SEED-CBC-SHA
  • TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-RC4-128-SHA
  • TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
  • TLS-RSA-WITH-AES-128-GCM-SHA256
  • TLS-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-SEED-CBC-SHA
  • TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-DSS-WITH-DES-CBC-SHA
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | TLS-RSA-WITH-RC4-128-MD5 |
choice | TLS-RSA-WITH-RC4-128-SHA |
choice | TLS-RSA-WITH-DES-CBC-SHA |
choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
choice | TLS-RSA-WITH-AES-128-CBC-SHA |
choice | TLS-RSA-WITH-AES-256-CBC-SHA |
choice | TLS-RSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-RSA-WITH-AES-256-CBC-SHA256 |
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
choice | TLS-RSA-WITH-SEED-CBC-SHA |
choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-DHE-RSA-WITH-DES-CBC-SHA |
choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 |
choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-RSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-RSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
choice | TLS-DHE-DSS-WITH-DES-CBC-SHA |
dynamic_mapping_ssl_cipher_suites_versions
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
FLAG Based Options. Specify multiple in list form.
flag | ssl-3.0 |
flag | tls-1.0 |
flag | tls-1.1 |
flag | tls-1.2 |
dynamic_mapping_ssl_client_fallback
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_client_renegotiation
string
    Choices:
  • deny
  • allow
  • secure
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | deny |
choice | allow |
choice | secure |
dynamic_mapping_ssl_client_session_state_max
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_client_session_state_timeout
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_client_session_state_type
string
    Choices:
  • disable
  • time
  • count
  • both
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | time |
choice | count |
choice | both |
dynamic_mapping_ssl_dh_bits
string
    Choices:
  • 768
  • 1024
  • 1536
  • 2048
  • 3072
  • 4096
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | 768 |
choice | 1024 |
choice | 1536 |
choice | 2048 |
choice | 3072 |
choice | 4096 |
dynamic_mapping_ssl_hpkp
string
    Choices:
  • disable
  • enable
  • report-only
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
choice | report-only |
dynamic_mapping_ssl_hpkp_age
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hpkp_backup
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hpkp_include_subdomains
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_hpkp_primary
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hpkp_report_uri
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hsts
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_hsts_age
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hsts_include_subdomains
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_http_location_conversion
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_http_match_host
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_max_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
dynamic_mapping_ssl_min_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
dynamic_mapping_ssl_mode
string
    Choices:
  • half
  • full
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | half |
choice | full |
dynamic_mapping_ssl_pfs
string
    Choices:
  • require
  • deny
  • allow
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | require |
choice | deny |
choice | allow |
dynamic_mapping_ssl_send_empty_frags
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_ssl_server_algorithm
string
    Choices:
  • high
  • low
  • medium
  • custom
  • client
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | high |
choice | low |
choice | medium |
choice | custom |
choice | client |
dynamic_mapping_ssl_server_max_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • client
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
choice | client |
dynamic_mapping_ssl_server_min_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • client
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
choice | client |
dynamic_mapping_ssl_server_session_state_max
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_server_session_state_timeout
string
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_server_session_state_type
string
    Choices:
  • disable
  • time
  • count
  • both
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | time |
choice | count |
choice | both |
dynamic_mapping_type
string
    Choices:
  • static-nat
  • load-balance
  • server-load-balance
  • dns-translation
  • fqdn
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | static-nat |
choice | load-balance |
choice | server-load-balance |
choice | dns-translation |
choice | fqdn |
dynamic_mapping_weblogic_server
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
dynamic_mapping_websphere_server
string
    Choices:
  • disable
  • enable
Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
extaddr
string
External FQDN address name.
extintf
string
Interface connected to the source network that receives the packets that will be forwarded to the destination
network.
extip
string
IP address or address range on the external interface that you want to map to an address or address range on t
he destination network.
extport
string
Incoming port number range that you want to map to a port number range on the destination network.
gratuitous_arp_interval
string
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
http_cookie_age
string
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
http_cookie_domain
string
Domain that HTTP cookie persistence should apply to.
http_cookie_domain_from_host
string
    Choices:
  • disable
  • enable
Enable/disable use of HTTP cookie domain from host field in HTTP.
choice | disable | Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting).
choice | enable | Enable use of HTTP cookie domain from host field in HTTP.
http_cookie_generation
string
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
http_cookie_path
string
Limit HTTP cookie persistence to the specified path.
http_cookie_share
string
    Choices:
  • disable
  • same-ip
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used
by another. Disable stops cookie sharing.
choice | disable | Only allow HTTP cookie to match this virtual server.
choice | same-ip | Allow HTTP cookie to match any virtual server with same IP.
http_ip_header
string
    Choices:
  • disable
  • enable
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
choice | disable | Disable adding HTTP header.
choice | enable | Enable adding HTTP header.
http_ip_header_name
string
For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header.
If empty, X-Forwarded-For is used.
http_multiplex
string
    Choices:
  • disable
  • enable
Enable/disable HTTP multiplexing.
choice | disable | Disable HTTP session multiplexing.
choice | enable | Enable HTTP session multiplexing.
https_cookie_secure
string
    Choices:
  • disable
  • enable
Enable/disable verification that inserted HTTPS cookies are secure.
choice | disable | Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection.
choice | enable | Mark inserted cookie as secure, cookie can only be used for HTTPS a connection.
ldb_method
string
    Choices:
  • static
  • round-robin
  • weighted
  • least-session
  • least-rtt
  • first-alive
  • http-host
Method used to distribute sessions to real servers.
choice | static | Distribute to server based on source IP.
choice | round-robin | Distribute to server based round robin order.
choice | weighted | Distribute to server based on weight.
choice | least-session | Distribute to server with lowest session count.
choice | least-rtt | Distribute to server with lowest Round-Trip-Time.
choice | first-alive | Distribute to the first server that is alive.
choice | http-host | Distribute to server based on host field in HTTP header.
mapped_addr
string
Mapped FQDN address name.
mappedip
string
IP address or address range on the destination network to which the external IP address is mapped.
mappedport
string
Port number range on the destination network to which the external port number range is mapped.
max_embryonic_connections
string
Maximum number of incomplete connections.
mode
string
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
monitor
string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name
string
Virtual IP name.
nat_source_vip
string
    Choices:
  • disable
  • enable
Enable to prevent unintended servers from using a virtual IP.
Disable to use the actual IP address of the server as the source address.
choice | disable | Do not force to NAT as VIP.
choice | enable | Force to NAT as VIP.
outlook_web_access
string
    Choices:
  • disable
  • enable
Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
choice | disable | Disable Outlook Web Access support.
choice | enable | Enable Outlook Web Access support.
persistence
string
    Choices:
  • none
  • http-cookie
  • ssl-session-id
Configure how to make sure that clients connect to the same server every time they make a request that is part
of the same session.
choice | none | None.
choice | http-cookie | HTTP cookie.
choice | ssl-session-id | SSL session ID.
portforward
string
    Choices:
  • disable
  • enable
Enable/disable port forwarding.
choice | disable | Disable port forward.
choice | enable | Enable port forward.
portmapping_type
string
    Choices:
  • 1-to-1
  • m-to-n
Port mapping type.
choice | 1-to-1 | One to one.
choice | m-to-n | Many to many.
protocol
string
    Choices:
  • tcp
  • udp
  • sctp
  • icmp
Protocol to use when forwarding packets.
choice | tcp | TCP.
choice | udp | UDP.
choice | sctp | SCTP.
choice | icmp | ICMP.
realservers
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
realservers_client_ip
string
Only clients in this IP range can connect to this real server.
realservers_healthcheck
string
    Choices:
  • disable
  • enable
  • vip
Enable to check the responsiveness of the real server before forwarding traffic.
choice | disable | Disable per server health check.
choice | enable | Enable per server health check.
choice | vip | Use health check defined in VIP.
realservers_holddown_interval
string
Time in seconds that the health check monitor monitors an unresponsive server that should be active.
realservers_http_host
string
HTTP server domain name in HTTP header.
realservers_ip
string
IP address of the real server.
realservers_max_connections
string
Max number of active connections that can be directed to the real server. When reached, sessions are sent to
their real servers.
realservers_monitor
string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
realservers_port
string
Port for communicating with the real server. Required if port forwarding is enabled.
realservers_seq
string
Real Server Sequence Number
realservers_status
string
    Choices:
  • active
  • standby
  • disable
Set the status of the real server to active so that it can accept traffic.
Or on standby or disabled so no traffic is sent.
choice | active | Server status active.
choice | standby | Server status standby.
choice | disable | Server status disable.
realservers_weight
string
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more
connections.
server_type
string
    Choices:
  • http
  • https
  • ssl
  • tcp
  • udp
  • ip
  • imaps
  • pop3s
  • smtps
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
choice | http | HTTP
choice | https | HTTPS
choice | ssl | SSL
choice | tcp | TCP
choice | udp | UDP
choice | ip | IP
choice | imaps | IMAPS
choice | pop3s | POP3S
choice | smtps | SMTPS
service
string
Service name.
src_filter
string
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y).
Separate addresses with spaces.
srcintf_filter
string
Interfaces to which the VIP applies. Separate the names with spaces.
ssl_algorithm
string
    Choices:
  • high
  • medium
  • low
  • custom
Permitted encryption algorithms for SSL sessions according to encryption strength.
choice | high | High encryption. Allow only AES and ChaCha.
choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
ssl_certificate
string
The name of the SSL certificate to use for SSL acceleration.
ssl_cipher_suites
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
ssl_cipher_suites_cipher
string
    Choices:
  • TLS-RSA-WITH-RC4-128-MD5
  • TLS-RSA-WITH-RC4-128-SHA
  • TLS-RSA-WITH-DES-CBC-SHA
  • TLS-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA
  • TLS-RSA-WITH-AES-256-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA256
  • TLS-RSA-WITH-AES-256-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-RSA-WITH-SEED-CBC-SHA
  • TLS-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-RSA-WITH-DES-CBC-SHA
  • TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-SEED-CBC-SHA
  • TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-RC4-128-SHA
  • TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
  • TLS-RSA-WITH-AES-128-GCM-SHA256
  • TLS-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-SEED-CBC-SHA
  • TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-DSS-WITH-DES-CBC-SHA
Cipher suite name.
choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
ssl_cipher_suites_versions
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
SSL/TLS versions that the cipher suite can be used with.
FLAG Based Options. Specify multiple in list form.
flag | ssl-3.0 | SSL 3.0.
flag | tls-1.0 | TLS 1.0.
flag | tls-1.1 | TLS 1.1.
flag | tls-1.2 | TLS 1.2.
ssl_client_fallback
string
    Choices:
  • disable
  • enable
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507).
choice | disable | Disable.
choice | enable | Enable.
ssl_client_renegotiation
string
    Choices:
  • deny
  • allow
  • secure
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746.
choice | deny | Abort any client initiated SSL re-negotiation attempt.
choice | allow | Allow a SSL client to renegotiate.
choice | secure | Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746.
ssl_client_session_state_max
string
Maximum number of client to FortiGate SSL session states to keep.
ssl_client_session_state_timeout
string
Number of minutes to keep client to FortiGate SSL session state.
ssl_client_session_state_type
string
    Choices:
  • disable
  • time
  • count
  • both
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate.
choice | disable | Do not keep session states.
choice | time | Expire session states after this many minutes.
choice | count | Expire session states when this maximum is reached.
choice | both | Expire session states based on time or count, whichever occurs first.
ssl_dh_bits
string
    Choices:
  • 768
  • 1024
  • 1536
  • 2048
  • 3072
  • 4096
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions.
choice | 768 | 768-bit Diffie-Hellman prime.
choice | 1024 | 1024-bit Diffie-Hellman prime.
choice | 1536 | 1536-bit Diffie-Hellman prime.
choice | 2048 | 2048-bit Diffie-Hellman prime.
choice | 3072 | 3072-bit Diffie-Hellman prime.
choice | 4096 | 4096-bit Diffie-Hellman prime.
ssl_hpkp
string
    Choices:
  • disable
  • enable
  • report-only
Enable/disable including HPKP header in response.
choice | disable | Do not add a HPKP header to each HTTP response.
choice | enable | Add a HPKP header to each a HTTP response.
choice | report-only | Add a HPKP Report-Only header to each HTTP response.
ssl_hpkp_age
string
Number of seconds the client should honour the HPKP setting.
ssl_hpkp_backup
string
Certificate to generate backup HPKP pin from.
ssl_hpkp_include_subdomains
string
    Choices:
  • disable
  • enable
Indicate that HPKP header applies to all subdomains.
choice | disable | HPKP header does not apply to subdomains.
choice | enable | HPKP header applies to subdomains.
ssl_hpkp_primary
string
Certificate to generate primary HPKP pin from.
ssl_hpkp_report_uri
string
URL to report HPKP violations to.
ssl_hsts
string
    Choices:
  • disable
  • enable
Enable/disable including HSTS header in response.
choice | disable | Do not add a HSTS header to each a HTTP response.
choice | enable | Add a HSTS header to each HTTP response.
ssl_hsts_age
string
Number of seconds the client should honour the HSTS setting.
ssl_hsts_include_subdomains
string
    Choices:
  • disable
  • enable
Indicate that HSTS header applies to all subdomains.
choice | disable | HSTS header does not apply to subdomains.
choice | enable | HSTS header applies to subdomains.
ssl_http_location_conversion
string
    Choices:
  • disable
  • enable
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field.
choice | disable | Disable HTTP location conversion.
choice | enable | Enable HTTP location conversion.
ssl_http_match_host
string
    Choices:
  • disable
  • enable
Enable/disable HTTP host matching for location conversion.
choice | disable | Do not match HTTP host.
choice | enable | Match HTTP host in response header.
ssl_max_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
Highest SSL/TLS version acceptable from a client.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
ssl_min_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
Lowest SSL/TLS version acceptable from a client.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
ssl_mode
string
    Choices:
  • half
  • full
Apply SSL offloading mode
choice | half | Client to FortiGate SSL.
choice | full | Client to FortiGate and FortiGate to Server SSL.
ssl_pfs
string
    Choices:
  • require
  • deny
  • allow
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS).
choice | require | Allow only Diffie-Hellman cipher-suites, so PFS is applied.
choice | deny | Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied.
choice | allow | Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite
ssl_send_empty_frags
string
    Choices:
  • disable
  • enable
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only).
choice | disable | Do not send empty fragments.
choice | enable | Send empty fragments.
ssl_server_algorithm
string
    Choices:
  • high
  • low
  • medium
  • custom
  • client
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength
choice | high | High encryption. Allow only AES and ChaCha.
choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
choice | custom | Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.
choice | client | Use the same encryption algorithms for both client and server sessions.
ssl_server_cipher_suites
string
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
ssl_server_cipher_suites_cipher
string
    Choices:
  • TLS-RSA-WITH-RC4-128-MD5
  • TLS-RSA-WITH-RC4-128-SHA
  • TLS-RSA-WITH-DES-CBC-SHA
  • TLS-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA
  • TLS-RSA-WITH-AES-256-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA256
  • TLS-RSA-WITH-AES-256-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-RSA-WITH-SEED-CBC-SHA
  • TLS-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-RSA-WITH-DES-CBC-SHA
  • TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-SEED-CBC-SHA
  • TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-RC4-128-SHA
  • TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
  • TLS-RSA-WITH-AES-128-GCM-SHA256
  • TLS-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-SEED-CBC-SHA
  • TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-DSS-WITH-DES-CBC-SHA
Cipher suite name.
choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
ssl_server_cipher_suites_priority
string
SSL/TLS cipher suites priority.
ssl_server_cipher_suites_versions
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
SSL/TLS versions that the cipher suite can be used with.
FLAG Based Options. Specify multiple in list form.
flag | ssl-3.0 | SSL 3.0.
flag | tls-1.0 | TLS 1.0.
flag | tls-1.1 | TLS 1.1.
flag | tls-1.2 | TLS 1.2.
ssl_server_max_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • client
Highest SSL/TLS version acceptable from a server. Use the client setting by default.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
choice | client | Use same value as client configuration.
ssl_server_min_version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • client
Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
choice | client | Use same value as client configuration.
ssl_server_session_state_max
string
Maximum number of FortiGate to Server SSL session states to keep.
ssl_server_session_state_timeout
string
Number of minutes to keep FortiGate to Server SSL session state.
ssl_server_session_state_type
string
    Choices:
  • disable
  • time
  • count
  • both
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate.
choice | disable | Do not keep session states.
choice | time | Expire session states after this many minutes.
choice | count | Expire session states when this maximum is reached.
choice | both | Expire session states based on time or count, whichever occurs first.
type
string
    Choices:
  • static-nat
  • load-balance
  • server-load-balance
  • dns-translation
  • fqdn
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
choice | static-nat | Static NAT.
choice | load-balance | Load balance.
choice | server-load-balance | Server load balance.
choice | dns-translation | DNS translation.
choice | fqdn | FQDN Translation
weblogic_server
string
    Choices:
  • disable
  • enable
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
choice | disable | Do not add HTTP header indicating SSL offload for WebLogic server.
choice | enable | Add HTTP header indicating SSL offload for WebLogic server.
websphere_server
string
    Choices:
  • disable
  • enable
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
choice | disable | Do not add HTTP header indicating SSL offload for WebSphere server.
choice | enable | Add HTTP header indicating SSL offload for WebSphere server.

Examples

# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
  community.network.fmgr_fwobj_vip:
    name: "Basic StaticNAT Map"
    mode: "set"
    adom: "ansible"
    type: "static-nat"
    extip: "82.72.192.185"
    extintf: "any"
    mappedip: "10.7.220.25"
    comment: "Created by Ansible"
    color: "17"

# BASIC PORT PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
  community.network.fmgr_fwobj_vip:
    name: "Basic PNAT Map Port 10443"
    mode: "set"
    adom: "ansible"
    type: "static-nat"
    extip: "82.72.192.185"
    extport: "10443"
    extintf: "any"
    portforward: "enable"
    protocol: "tcp"
    mappedip: "10.7.220.25"
    mappedport: "443"
    comment: "Created by Ansible"
    color: "17"

# BASIC DNS TRANSLATION NAT
- name: EDIT FMGR_FIREWALL_DNST
  community.network.fmgr_fwobj_vip:
    name: "Basic DNS Translation"
    mode: "set"
    adom: "ansible"
    type: "dns-translation"
    extip: "192.168.0.1-192.168.0.100"
    extintf: "dmz"
    mappedip: "3.3.3.0/24, 4.0.0.0/24"
    comment: "Created by Ansible"
    color: "12"

# BASIC FQDN NAT
- name: EDIT FMGR_FIREWALL_FQDN
  community.network.fmgr_fwobj_vip:
    name: "Basic FQDN Translation"
    mode: "set"
    adom: "ansible"
    type: "fqdn"
    mapped_addr: "google-play"
    comment: "Created by Ansible"
    color: "5"

# DELETE AN ENTRY
- name: DELETE FMGR_FIREWALL_VIP PNAT
  community.network.fmgr_fwobj_vip:
    name: "Basic PNAT Map Port 10443"
    mode: "delete"
    adom: "ansible"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)