fortinet.fortimanager.fmgr_vpnsslweb_portal – Portal.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_vpnsslweb_portal.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
vpnsslweb_portal
dictionary
the top level parameters set
allow-user-access
list / elements=string
    Choices:
  • web
  • ftp
  • telnet
  • smb
  • vnc
  • rdp
  • ssh
  • ping
  • citrix
  • portforward
  • sftp
no description
auto-connect
string
    Choices:
  • disable
  • enable
Enable/disable automatic connect by client when system is up.
bookmark-group
list / elements=string
no description
bookmarks
list / elements=string
no description
additional-params
string
Additional parameters.
apptype
string
    Choices:
  • web
  • telnet
  • ssh
  • ftp
  • smb
  • vnc
  • rdp
  • citrix
  • rdpnative
  • portforward
  • sftp
Application type.
description
string
Description.
domain
string
Login domain.
folder
string
Network shared file folder parameter.
form-data
list / elements=string
no description
name
string
Name.
value
string
Value.
host
string
Host name/IP parameter.
listening-port
integer
Listening port (0 - 65535).
load-balancing-info
string
The load balancing information or cookie which should be provided to the connection broker.
logon-password
string
no description
logon-user
string
Logon user.
name
string
Bookmark name.
port
integer
Remote port.
preconnection-blob
string
An arbitrary string which identifies the RDP source.
preconnection-id
integer
The numeric ID of the RDP source (0-2147483648).
remote-port
integer
Remote port (0 - 65535).
security
string
    Choices:
  • rdp
  • nla
  • tls
  • any
Security mode for RDP connection.
server-layout
string
    Choices:
  • en-us-qwerty
  • de-de-qwertz
  • fr-fr-azerty
  • it-it-qwerty
  • sv-se-qwerty
  • failsafe
  • en-gb-qwerty
  • es-es-qwerty
  • fr-ch-qwertz
  • ja-jp-qwerty
  • pt-br-qwerty
  • tr-tr-qwerty
  • fr-ca-qwerty
Server side keyboard layout.
show-status-window
string
    Choices:
  • disable
  • enable
Enable/disable showing of status window.
sso
string
    Choices:
  • disable
  • static
  • auto
Single Sign-On.
sso-credential
string
    Choices:
  • sslvpn-login
  • alternative
Single sign-on credentials.
sso-credential-sent-once
string
    Choices:
  • disable
  • enable
Single sign-on credentials are only sent once to remote server.
sso-password
string
no description
sso-username
string
SSO user name.
url
string
URL parameter.
name
string
Bookmark group name.
custom-lang
string
Change the web portal display language. Overrides config system global set language. You can use config system custom-language...
customize-forticlient-download-url
string
    Choices:
  • disable
  • enable
Enable support of customized download URL for FortiClient.
display-bookmark
string
    Choices:
  • disable
  • enable
Enable to display the web portal bookmark widget.
display-connection-tools
string
    Choices:
  • disable
  • enable
Enable to display the web portal connection tools widget.
display-history
string
    Choices:
  • disable
  • enable
Enable to display the web portal user login history widget.
display-status
string
    Choices:
  • disable
  • enable
Enable to display the web portal status widget.
dns-server1
string
IPv4 DNS server 1.
dns-server2
string
IPv4 DNS server 2.
dns-suffix
string
DNS suffix.
exclusive-routing
string
    Choices:
  • disable
  • enable
Enable/disable all traffic go through tunnel only.
forticlient-download
string
    Choices:
  • disable
  • enable
Enable/disable download option for FortiClient.
forticlient-download-method
string
    Choices:
  • direct
  • ssl-vpn
FortiClient download method.
heading
string
Web portal heading message.
hide-sso-credential
string
    Choices:
  • disable
  • enable
Enable to prevent SSO credential being sent to client.
host-check
string
    Choices:
  • none
  • av
  • fw
  • av-fw
  • custom
Type of host checking performed on endpoints.
host-check-interval
integer
Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
host-check-policy
string
One or more policies to require the endpoint to have specific security software.
ip-mode
string
    Choices:
  • range
  • user-group
Method by which users of this SSL-VPN tunnel obtain IP addresses.
ip-pools
string
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
ipv6-dns-server1
string
IPv6 DNS server 1.
ipv6-dns-server2
string
IPv6 DNS server 2.
ipv6-exclusive-routing
string
    Choices:
  • disable
  • enable
Enable/disable all IPv6 traffic go through tunnel only.
ipv6-pools
string
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
ipv6-service-restriction
string
    Choices:
  • disable
  • enable
Enable/disable IPv6 tunnel service restriction.
ipv6-split-tunneling
string
    Choices:
  • disable
  • enable
Enable/disable IPv6 split tunneling.
ipv6-split-tunneling-routing-address
string
IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneli...
ipv6-split-tunneling-routing-negate
string
    Choices:
  • disable
  • enable
Enable to negate IPv6 split tunneling routing address.
ipv6-tunnel-mode
string
    Choices:
  • disable
  • enable
Enable/disable IPv6 SSL-VPN tunnel mode.
ipv6-wins-server1
string
IPv6 WINS server 1.
ipv6-wins-server2
string
IPv6 WINS server 2.
keep-alive
string
    Choices:
  • disable
  • enable
Enable/disable automatic reconnect for FortiClient connections.
limit-user-logins
string
    Choices:
  • disable
  • enable
Enable to limit each user to one SSL-VPN session at a time.
mac-addr-action
string
    Choices:
  • deny
  • allow
Client MAC address action.
mac-addr-check
string
    Choices:
  • disable
  • enable
Enable/disable MAC address host checking.
mac-addr-check-rule
list / elements=string
no description
mac-addr-list
string
no description
mac-addr-mask
integer
Client MAC address mask.
name
string
Client MAC address check rule name.
macos-forticlient-download-url
string
Download URL for Mac FortiClient.
name
string
Portal name.
os-check
string
    Choices:
  • disable
  • enable
Enable to let the FortiGate decide action based on client OS.
os-check-list
dictionary
no description
action
string
    Choices:
  • allow
  • check-up-to-date
  • deny
OS check options.
latest-patch-level
string
Latest OS patch level.
name
string
Name.
tolerance
integer
OS patch level tolerance.
prefer-ipv6-dns
string
    Choices:
  • disable
  • enable
prefer to query IPv6 dns first if enabled.
redir-url
string
Client login redirect URL.
rewrite-ip-uri-ui
string
    Choices:
  • disable
  • enable
Rewrite contents for URI contains IP and "/ui/". (default = disable)
save-password
string
    Choices:
  • disable
  • enable
Enable/disable FortiClient saving the users password.
service-restriction
string
    Choices:
  • disable
  • enable
Enable/disable tunnel service restriction.
skip-check-for-browser
string
    Choices:
  • disable
  • enable
Enable to skip host check for browser support.
skip-check-for-unsupported-browser
string
    Choices:
  • disable
  • enable
Enable to skip host check if browser does not support it.
skip-check-for-unsupported-os
string
    Choices:
  • disable
  • enable
Enable to skip host check if client OS does not support it.
smb-max-version
string
    Choices:
  • smbv1
  • smbv2
  • smbv3
SMB maximum client protocol version.
smb-min-version
string
    Choices:
  • smbv1
  • smbv2
  • smbv3
SMB minimum client protocol version.
smb-ntlmv1-auth
string
    Choices:
  • disable
  • enable
Enable support of NTLMv1 for Samba authentication.
smbv1
string
    Choices:
  • disable
  • enable
Enable/disable support of SMBv1 for Samba.
split-dns
list / elements=string
no description
dns-server1
string
DNS server 1.
dns-server2
string
DNS server 2.
domains
string
Split DNS domains used for SSL-VPN clients separated by comma(,).
id
integer
ID.
ipv6-dns-server1
string
IPv6 DNS server 1.
ipv6-dns-server2
string
IPv6 DNS server 2.
split-tunneling
string
    Choices:
  • disable
  • enable
Enable/disable IPv4 split tunneling.
split-tunneling-routing-address
string
IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneli...
split-tunneling-routing-negate
string
    Choices:
  • disable
  • enable
Enable to negate split tunneling routing address.
theme
string
    Choices:
  • gray
  • blue
  • orange
  • crimson
  • steelblue
  • darkgrey
  • green
  • melongene
  • red
  • mariner
  • neutrino
  • jade
  • graphite
  • dark-matter
  • onyx
  • eclipse
Web portal color scheme.
transform-backward-slashes
string
    Choices:
  • disable
  • enable
Transform backward slashes to forward slashes in URLs.
tunnel-mode
string
    Choices:
  • disable
  • enable
Enable/disable IPv4 SSL-VPN tunnel mode.
use-sdwan
string
    Choices:
  • disable
  • enable
Use SD-WAN rules to get output interface.
user-bookmark
string
    Choices:
  • disable
  • enable
Enable to allow web portal users to create their own bookmarks.
user-group-bookmark
string
    Choices:
  • disable
  • enable
Enable to allow web portal users to create bookmarks for all users in the same user group.
web-mode
string
    Choices:
  • disable
  • enable
Enable/disable SSL VPN web mode.
windows-forticlient-download-url
string
Download URL for Windows FortiClient.
wins-server1
string
IPv4 WINS server 1.
wins-server2
string
IPv4 WINS server 1.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Portal.
     fmgr_vpnsslweb_portal:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        vpnsslweb_portal:
           allow-user-access:
             - web
             - ftp
             - telnet
             - smb
             - vnc
             - rdp
             - ssh
             - ping
             - citrix
             - portforward
             - sftp
           auto-connect: <value in [disable, enable]>
           bookmark-group:
             -
                 bookmarks:
                   -
                       additional-params: <value of string>
                       apptype: <value in [web, telnet, ssh, ...]>
                       description: <value of string>
                       folder: <value of string>
                       form-data:
                         -
                             name: <value of string>
                             value: <value of string>
                       host: <value of string>
                       listening-port: <value of integer>
                       load-balancing-info: <value of string>
                       logon-password: <value of string>
                       logon-user: <value of string>
                       name: <value of string>
                       port: <value of integer>
                       preconnection-blob: <value of string>
                       preconnection-id: <value of integer>
                       remote-port: <value of integer>
                       security: <value in [rdp, nla, tls, ...]>
                       server-layout: <value in [en-us-qwerty, de-de-qwertz, fr-fr-azerty, ...]>
                       show-status-window: <value in [disable, enable]>
                       sso: <value in [disable, static, auto]>
                       sso-credential: <value in [sslvpn-login, alternative]>
                       sso-credential-sent-once: <value in [disable, enable]>
                       sso-password: <value of string>
                       sso-username: <value of string>
                       url: <value of string>
                       domain: <value of string>
                 name: <value of string>
           custom-lang: <value of string>
           customize-forticlient-download-url: <value in [disable, enable]>
           display-bookmark: <value in [disable, enable]>
           display-connection-tools: <value in [disable, enable]>
           display-history: <value in [disable, enable]>
           display-status: <value in [disable, enable]>
           dns-server1: <value of string>
           dns-server2: <value of string>
           dns-suffix: <value of string>
           exclusive-routing: <value in [disable, enable]>
           forticlient-download: <value in [disable, enable]>
           forticlient-download-method: <value in [direct, ssl-vpn]>
           heading: <value of string>
           hide-sso-credential: <value in [disable, enable]>
           host-check: <value in [none, av, fw, ...]>
           host-check-interval: <value of integer>
           host-check-policy: <value of string>
           ip-mode: <value in [range, user-group]>
           ip-pools: <value of string>
           ipv6-dns-server1: <value of string>
           ipv6-dns-server2: <value of string>
           ipv6-exclusive-routing: <value in [disable, enable]>
           ipv6-pools: <value of string>
           ipv6-service-restriction: <value in [disable, enable]>
           ipv6-split-tunneling: <value in [disable, enable]>
           ipv6-split-tunneling-routing-address: <value of string>
           ipv6-tunnel-mode: <value in [disable, enable]>
           ipv6-wins-server1: <value of string>
           ipv6-wins-server2: <value of string>
           keep-alive: <value in [disable, enable]>
           limit-user-logins: <value in [disable, enable]>
           mac-addr-action: <value in [deny, allow]>
           mac-addr-check: <value in [disable, enable]>
           mac-addr-check-rule:
             -
                 mac-addr-list: <value of string>
                 mac-addr-mask: <value of integer>
                 name: <value of string>
           macos-forticlient-download-url: <value of string>
           name: <value of string>
           os-check: <value in [disable, enable]>
           redir-url: <value of string>
           save-password: <value in [disable, enable]>
           service-restriction: <value in [disable, enable]>
           skip-check-for-unsupported-browser: <value in [disable, enable]>
           skip-check-for-unsupported-os: <value in [disable, enable]>
           smb-ntlmv1-auth: <value in [disable, enable]>
           smbv1: <value in [disable, enable]>
           split-dns:
             -
                 dns-server1: <value of string>
                 dns-server2: <value of string>
                 domains: <value of string>
                 id: <value of integer>
                 ipv6-dns-server1: <value of string>
                 ipv6-dns-server2: <value of string>
           split-tunneling: <value in [disable, enable]>
           split-tunneling-routing-address: <value of string>
           theme: <value in [gray, blue, orange, ...]>
           tunnel-mode: <value in [disable, enable]>
           user-bookmark: <value in [disable, enable]>
           user-group-bookmark: <value in [disable, enable]>
           web-mode: <value in [disable, enable]>
           windows-forticlient-download-url: <value of string>
           wins-server1: <value of string>
           wins-server2: <value of string>
           skip-check-for-browser: <value in [disable, enable]>
           smb-max-version: <value in [smbv1, smbv2, smbv3]>
           smb-min-version: <value in [smbv1, smbv2, smbv3]>
           transform-backward-slashes: <value in [disable, enable]>
           ipv6-split-tunneling-routing-negate: <value in [disable, enable]>
           split-tunneling-routing-negate: <value in [disable, enable]>
           os-check-list:
              action: <value in [allow, check-up-to-date, deny]>
              latest-patch-level: <value of string>
              name: <value of string>
              tolerance: <value of integer>
           use-sdwan: <value in [disable, enable]>
           prefer-ipv6-dns: <value in [disable, enable]>
           rewrite-ip-uri-ui: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)