fortinet.fortimanager.fmgr_vpnsslweb_portal module – Portal.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_vpnsslweb_portal.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

vpnsslweb_portal

dictionary

The top level parameters set.

allow_user_access

aliases: allow-user-access

list / elements=string

Allow user access to SSL-VPN applications.

Choices:

  • "web"

  • "ftp"

  • "telnet"

  • "smb"

  • "vnc"

  • "rdp"

  • "ssh"

  • "ping"

  • "citrix"

  • "portforward"

  • "sftp"

auto_connect

aliases: auto-connect

string

Enable/disable automatic connect by client when system is up.

Choices:

  • "disable"

  • "enable"

bookmark_group

aliases: bookmark-group

list / elements=dictionary

Bookmark group.

bookmarks

list / elements=dictionary

Bookmarks.

additional_params

aliases: additional-params

string

Additional parameters.

apptype

string

Application type.

Choices:

  • "web"

  • "telnet"

  • "ssh"

  • "ftp"

  • "smb"

  • "vnc"

  • "rdp"

  • "citrix"

  • "rdpnative"

  • "portforward"

  • "sftp"

color_depth

aliases: color-depth

string

Color depth per pixel.

Choices:

  • "8"

  • "16"

  • "32"

description

string

Description.

domain

string

Login domain.

folder

string

Network shared file folder parameter.

form_data

aliases: form-data

list / elements=dictionary

Form data.

name

string

Name.

value

string

Value.

height

integer

Screen height

host

string

Host name/IP parameter.

keyboard_layout

aliases: keyboard-layout

string

Keyboard layout.

Choices:

  • "ar"

  • "da"

  • "de"

  • "de-ch"

  • "en-gb"

  • "en-uk"

  • "en-us"

  • "es"

  • "fi"

  • "fr"

  • "fr-be"

  • "fr-ca"

  • "fr-ch"

  • "hr"

  • "hu"

  • "it"

  • "ja"

  • "lt"

  • "lv"

  • "mk"

  • "no"

  • "pl"

  • "pt"

  • "pt-br"

  • "ru"

  • "sl"

  • "sv"

  • "tk"

  • "tr"

  • "fr-ca-m"

  • "wg"

  • "ar-101"

  • "ar-102"

  • "ar-102-azerty"

  • "can-mul"

  • "cz"

  • "cz-qwerty"

  • "cz-pr"

  • "nl"

  • "de-ibm"

  • "en-uk-ext"

  • "en-us-dvorak"

  • "es-var"

  • "fi-sami"

  • "hu-101"

  • "it-142"

  • "ko"

  • "lt-ibm"

  • "lt-std"

  • "lav-std"

  • "lav-leg"

  • "mk-std"

  • "no-sami"

  • "pol-214"

  • "pol-pr"

  • "pt-br-abnt2"

  • "ru-mne"

  • "ru-t"

  • "sv-sami"

  • "tuk"

  • "tur-f"

  • "tur-q"

  • "zh-sym-sg-us"

  • "zh-sym-us"

  • "zh-tr-hk"

  • "zh-tr-mo"

  • "zh-tr-us"

  • "fr-apple"

  • "la-am"

  • "ja-106"

listening_port

aliases: listening-port

integer

Listening port

load_balancing_info

aliases: load-balancing-info

string

The load balancing information or cookie which should be provided to the connection broker.

logon_password

aliases: logon-password

any

(list) Logon password.

logon_user

aliases: logon-user

string

Logon user.

name

string

Bookmark name.

port

integer

Remote port.

preconnection_blob

aliases: preconnection-blob

string

An arbitrary string which identifies the RDP source.

preconnection_id

aliases: preconnection-id

integer

The numeric ID of the RDP source

remote_port

aliases: remote-port

integer

Remote port

restricted_admin

aliases: restricted-admin

string

Enable/disable restricted admin mode for RDP.

Choices:

  • "disable"

  • "enable"

security

string

Security mode for RDP connection.

Choices:

  • "rdp"

  • "nla"

  • "tls"

  • "any"

send_preconnection_id

aliases: send-preconnection-id

string

Enable/disable sending of preconnection ID.

Choices:

  • "disable"

  • "enable"

server_layout

aliases: server-layout

string

Server side keyboard layout.

Choices:

  • "en-us-qwerty"

  • "de-de-qwertz"

  • "fr-fr-azerty"

  • "it-it-qwerty"

  • "sv-se-qwerty"

  • "failsafe"

  • "en-gb-qwerty"

  • "es-es-qwerty"

  • "fr-ch-qwertz"

  • "ja-jp-qwerty"

  • "pt-br-qwerty"

  • "tr-tr-qwerty"

  • "fr-ca-qwerty"

show_status_window

aliases: show-status-window

string

Enable/disable showing of status window.

Choices:

  • "disable"

  • "enable"

sso

string

Single Sign-On.

Choices:

  • "disable"

  • "static"

  • "auto"

sso_credential

aliases: sso-credential

string

Single sign-on credentials.

Choices:

  • "sslvpn-login"

  • "alternative"

sso_credential_sent_once

aliases: sso-credential-sent-once

string

Single sign-on credentials are only sent once to remote server.

Choices:

  • "disable"

  • "enable"

sso_password

aliases: sso-password

any

(list) SSO password.

sso_username

aliases: sso-username

string

SSO user name.

url

string

URL parameter.

vnc_keyboard_layout

aliases: vnc-keyboard-layout

string

Keyboard layout.

Choices:

  • "da"

  • "de"

  • "de-ch"

  • "en-uk"

  • "es"

  • "fi"

  • "fr"

  • "fr-be"

  • "it"

  • "no"

  • "pt"

  • "sv"

  • "nl"

  • "en-uk-ext"

  • "it-142"

  • "pt-br-abnt2"

  • "default"

  • "fr-ca-mul"

  • "gd"

  • "us-intl"

width

integer

Screen width

name

string

Bookmark group name.

client_src_range

aliases: client-src-range

string

Allow client to add source range for the tunnel traffic.

Choices:

  • "disable"

  • "enable"

clipboard

string

Enable to support RDP/VPC clipboard functionality.

Choices:

  • "disable"

  • "enable"

custom_lang

aliases: custom-lang

string

Change the web portal display language.

customize_forticlient_download_url

aliases: customize-forticlient-download-url

string

Enable support of customized download URL for FortiClient.

Choices:

  • "disable"

  • "enable"

default_protocol

aliases: default-protocol

string

Application type that is set by default.

Choices:

  • "web"

  • "ftp"

  • "telnet"

  • "smb"

  • "vnc"

  • "rdp"

  • "ssh"

  • "sftp"

default_window_height

aliases: default-window-height

integer

Screen height

default_window_width

aliases: default-window-width

integer

Screen width

dhcp6_ra_linkaddr

aliases: dhcp6-ra-linkaddr

string

Relay agent IPv6 link address to use in DHCP6 requests.

dhcp_ip_overlap

aliases: dhcp-ip-overlap

string

Configure overlapping DHCP IP allocation assignment.

Choices:

  • "use-old"

  • "use-new"

dhcp_ra_giaddr

aliases: dhcp-ra-giaddr

string

Relay agent gateway IP address to use in the giaddr field of DHCP requests.

dhcp_reservation

aliases: dhcp-reservation

string

Enable/disable dhcp reservation.

Choices:

  • "disable"

  • "enable"

display_bookmark

aliases: display-bookmark

string

Enable to display the web portal bookmark widget.

Choices:

  • "disable"

  • "enable"

display_connection_tools

aliases: display-connection-tools

string

Enable to display the web portal connection tools widget.

Choices:

  • "disable"

  • "enable"

display_history

aliases: display-history

string

Enable to display the web portal user login history widget.

Choices:

  • "disable"

  • "enable"

display_status

aliases: display-status

string

Enable to display the web portal status widget.

Choices:

  • "disable"

  • "enable"

dns_server1

aliases: dns-server1

string

IPv4 DNS server 1.

dns_server2

aliases: dns-server2

string

IPv4 DNS server 2.

dns_suffix

aliases: dns-suffix

string

DNS suffix.

exclusive_routing

aliases: exclusive-routing

string

Enable/disable all traffic go through tunnel only.

Choices:

  • "disable"

  • "enable"

focus_bookmark

aliases: focus-bookmark

string

Enable to prioritize the placement of the bookmark section over the quick-connection section in the SSL-VPN application.

Choices:

  • "disable"

  • "enable"

forticlient_download

aliases: forticlient-download

string

Enable/disable download option for FortiClient.

Choices:

  • "disable"

  • "enable"

forticlient_download_method

aliases: forticlient-download-method

string

FortiClient download method.

Choices:

  • "direct"

  • "ssl-vpn"

heading

string

Web portal heading message.

hide_sso_credential

aliases: hide-sso-credential

string

Enable to prevent SSO credential being sent to client.

Choices:

  • "disable"

  • "enable"

host_check

aliases: host-check

string

Type of host checking performed on endpoints.

Choices:

  • "none"

  • "av"

  • "fw"

  • "av-fw"

  • "custom"

host_check_interval

aliases: host-check-interval

integer

Periodic host check interval.

host_check_policy

aliases: host-check-policy

any

(list or str) One or more policies to require the endpoint to have specific security software.

ip_mode

aliases: ip-mode

string

Method by which users of this SSL-VPN tunnel obtain IP addresses.

Choices:

  • "range"

  • "user-group"

  • "dhcp"

  • "no-ip"

ip_pools

aliases: ip-pools

any

(list or str) IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

ipv6_dns_server1

aliases: ipv6-dns-server1

string

IPv6 DNS server 1.

ipv6_dns_server2

aliases: ipv6-dns-server2

string

IPv6 DNS server 2.

ipv6_exclusive_routing

aliases: ipv6-exclusive-routing

string

Enable/disable all IPv6 traffic go through tunnel only.

Choices:

  • "disable"

  • "enable"

ipv6_pools

aliases: ipv6-pools

any

(list or str) IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

ipv6_service_restriction

aliases: ipv6-service-restriction

string

Enable/disable IPv6 tunnel service restriction.

Choices:

  • "disable"

  • "enable"

ipv6_split_tunneling

aliases: ipv6-split-tunneling

string

Enable/disable IPv6 split tunneling.

Choices:

  • "disable"

  • "enable"

ipv6_split_tunneling_routing_address

aliases: ipv6-split-tunneling-routing-address

any

(list or str) IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to con…

ipv6_split_tunneling_routing_negate

aliases: ipv6-split-tunneling-routing-negate

string

Enable to negate IPv6 split tunneling routing address.

Choices:

  • "disable"

  • "enable"

ipv6_tunnel_mode

aliases: ipv6-tunnel-mode

string

Enable/disable IPv6 SSL-VPN tunnel mode.

Choices:

  • "disable"

  • "enable"

ipv6_wins_server1

aliases: ipv6-wins-server1

string

IPv6 WINS server 1.

ipv6_wins_server2

aliases: ipv6-wins-server2

string

IPv6 WINS server 2.

keep_alive

aliases: keep-alive

string

Enable/disable automatic reconnect for FortiClient connections.

Choices:

  • "disable"

  • "enable"

landing_page

aliases: landing-page

dictionary

Landing page.

form_data

aliases: form-data

list / elements=dictionary

Form data.

name

string

Name.

value

string

Value.

logout_url

aliases: logout-url

string

Landing page log out URL.

sso

string

Single sign-on.

Choices:

  • "disable"

  • "static"

  • "auto"

sso_credential

aliases: sso-credential

string

Single sign-on credentials.

Choices:

  • "sslvpn-login"

  • "alternative"

sso_password

aliases: sso-password

any

(list) SSO password.

sso_username

aliases: sso-username

string

SSO user name.

url

string

Landing page URL.

landing_page_mode

aliases: landing-page-mode

string

Enable/disable SSL-VPN landing page mode.

Choices:

  • "disable"

  • "enable"

limit_user_logins

aliases: limit-user-logins

string

Enable to limit each user to one SSL-VPN session at a time.

Choices:

  • "disable"

  • "enable"

mac_addr_action

aliases: mac-addr-action

string

Client MAC address action.

Choices:

  • "deny"

  • "allow"

mac_addr_check

aliases: mac-addr-check

string

Enable/disable MAC address host checking.

Choices:

  • "disable"

  • "enable"

mac_addr_check_rule

aliases: mac-addr-check-rule

list / elements=dictionary

Mac addr check rule.

mac_addr_list

aliases: mac-addr-list

any

(list) Client MAC address list.

mac_addr_mask

aliases: mac-addr-mask

integer

Client MAC address mask.

name

string

Client MAC address check rule name.

macos_forticlient_download_url

aliases: macos-forticlient-download-url

string

Download URL for Mac FortiClient.

name

string / required

Portal name.

os_check

aliases: os-check

string

Enable to let the FortiGate decide action based on client OS.

Choices:

  • "disable"

  • "enable"

os_check_list

aliases: os-check-list

dictionary

Os check list.

action

string

OS check options.

Choices:

  • "allow"

  • "check-up-to-date"

  • "deny"

latest_patch_level

aliases: latest-patch-level

string

Latest OS patch level.

minor_version

aliases: minor-version

integer

Minor version number.

name

string

Name.

tolerance

integer

OS patch level tolerance.

prefer_ipv6_dns

aliases: prefer-ipv6-dns

string

Prefer to query IPv6 dns first if enabled.

Choices:

  • "disable"

  • "enable"

redir_url

aliases: redir-url

string

Client login redirect URL.

rewrite_ip_uri_ui

aliases: rewrite-ip-uri-ui

string

Rewrite contents for URI contains IP and /ui/.

Choices:

  • "disable"

  • "enable"

save_password

aliases: save-password

string

Enable/disable FortiClient saving the users password.

Choices:

  • "disable"

  • "enable"

service_restriction

aliases: service-restriction

string

Enable/disable tunnel service restriction.

Choices:

  • "disable"

  • "enable"

skip_check_for_browser

aliases: skip-check-for-browser

string

Enable to skip host check for browser support.

Choices:

  • "disable"

  • "enable"

skip_check_for_unsupported_browser

aliases: skip-check-for-unsupported-browser

string

Enable to skip host check if browser does not support it.

Choices:

  • "disable"

  • "enable"

skip_check_for_unsupported_os

aliases: skip-check-for-unsupported-os

string

Enable to skip host check if client OS does not support it.

Choices:

  • "disable"

  • "enable"

smb_max_version

aliases: smb-max-version

string

SMB maximum client protocol version.

Choices:

  • "smbv1"

  • "smbv2"

  • "smbv3"

smb_min_version

aliases: smb-min-version

string

SMB minimum client protocol version.

Choices:

  • "smbv1"

  • "smbv2"

  • "smbv3"

smb_ntlmv1_auth

aliases: smb-ntlmv1-auth

string

Enable support of NTLMv1 for Samba authentication.

Choices:

  • "disable"

  • "enable"

smbv1

string

Enable/disable support of SMBv1 for Samba.

Choices:

  • "disable"

  • "enable"

split_dns

aliases: split-dns

list / elements=dictionary

Split dns.

dns_server1

aliases: dns-server1

string

DNS server 1.

dns_server2

aliases: dns-server2

string

DNS server 2.

domains

string

Split DNS domains used for SSL-VPN clients separated by comma

id

integer

ID.

ipv6_dns_server1

aliases: ipv6-dns-server1

string

IPv6 DNS server 1.

ipv6_dns_server2

aliases: ipv6-dns-server2

string

IPv6 DNS server 2.

split_tunneling

aliases: split-tunneling

string

Enable/disable IPv4 split tunneling.

Choices:

  • "disable"

  • "enable"

split_tunneling_routing_address

aliases: split-tunneling-routing-address

any

(list or str) IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to con…

split_tunneling_routing_negate

aliases: split-tunneling-routing-negate

string

Enable to negate split tunneling routing address.

Choices:

  • "disable"

  • "enable"

theme

string

Web portal color scheme.

Choices:

  • "gray"

  • "blue"

  • "orange"

  • "crimson"

  • "steelblue"

  • "darkgrey"

  • "green"

  • "melongene"

  • "red"

  • "mariner"

  • "neutrino"

  • "jade"

  • "graphite"

  • "dark-matter"

  • "onyx"

  • "eclipse"

  • "jet-stream"

  • "security-fabric"

transform_backward_slashes

aliases: transform-backward-slashes

string

Transform backward slashes to forward slashes in URLs.

Choices:

  • "disable"

  • "enable"

tunnel_mode

aliases: tunnel-mode

string

Enable/disable IPv4 SSL-VPN tunnel mode.

Choices:

  • "disable"

  • "enable"

use_sdwan

aliases: use-sdwan

string

Use SD-WAN rules to get output interface.

Choices:

  • "disable"

  • "enable"

user_bookmark

aliases: user-bookmark

string

Enable to allow web portal users to create their own bookmarks.

Choices:

  • "disable"

  • "enable"

user_group_bookmark

aliases: user-group-bookmark

string

Enable to allow web portal users to create bookmarks for all users in the same user group.

Choices:

  • "disable"

  • "enable"

virtual_desktop

aliases: virtual-desktop

string

Enable/disable SSL VPN virtual desktop.

Choices:

  • "disable"

  • "enable"

virtual_desktop_app_list

aliases: virtual-desktop-app-list

string

Virtual desktop application list.

virtual_desktop_clipboard_share

aliases: virtual-desktop-clipboard-share

string

Enable/disable sharing of clipboard in virtual desktop.

Choices:

  • "disable"

  • "enable"

virtual_desktop_desktop_switch

aliases: virtual-desktop-desktop-switch

string

Enable/disable switch to virtual desktop.

Choices:

  • "disable"

  • "enable"

virtual_desktop_logout_when_browser_close

aliases: virtual-desktop-logout-when-browser-close

string

Enable/disable logout when browser is close in virtual desktop.

Choices:

  • "disable"

  • "enable"

virtual_desktop_network_share_access

aliases: virtual-desktop-network-share-access

string

Enable/disable network share access in virtual desktop.

Choices:

  • "disable"

  • "enable"

virtual_desktop_printing

aliases: virtual-desktop-printing

string

Enable/disable printing in virtual desktop.

Choices:

  • "disable"

  • "enable"

virtual_desktop_removable_media_access

aliases: virtual-desktop-removable-media-access

string

Enable/disable access to removable media in virtual desktop.

Choices:

  • "disable"

  • "enable"

web_mode

aliases: web-mode

string

Enable/disable SSL VPN web mode.

Choices:

  • "disable"

  • "enable"

windows_forticlient_download_url

aliases: windows-forticlient-download-url

string

Download URL for Windows FortiClient.

wins_server1

aliases: wins-server1

string

IPv4 WINS server 1.

wins_server2

aliases: wins-server2

string

IPv4 WINS server 1.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Portal.
      fortinet.fortimanager.fmgr_vpnsslweb_portal:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        vpnsslweb_portal:
          allow_user_access:
            - "web"
            - "ftp"
            - "telnet"
            - "smb"
            - "vnc"
            - "rdp"
            - "ssh"
            - "ping"
            - "citrix"
            - "portforward"
            - "sftp"
          auto_connect: <value in [disable, enable]>
          bookmark_group:
            -
              bookmarks:
                -
                  additional_params: <string>
                  apptype: <value in [web, telnet, ssh, ...]>
                  description: <string>
                  folder: <string>
                  form_data:
                    -
                      name: <string>
                      value: <string>
                  host: <string>
                  listening_port: <integer>
                  load_balancing_info: <string>
                  logon_password: <list or string>
                  logon_user: <string>
                  name: <string>
                  port: <integer>
                  preconnection_blob: <string>
                  preconnection_id: <integer>
                  remote_port: <integer>
                  security: <value in [rdp, nla, tls, ...]>
                  server_layout: <value in [en-us-qwerty, de-de-qwertz, fr-fr-azerty, ...]>
                  show_status_window: <value in [disable, enable]>
                  sso: <value in [disable, static, auto]>
                  sso_credential: <value in [sslvpn-login, alternative]>
                  sso_credential_sent_once: <value in [disable, enable]>
                  sso_password: <list or string>
                  sso_username: <string>
                  url: <string>
                  domain: <string>
                  color_depth: <value in [8, 16, 32]>
                  height: <integer>
                  keyboard_layout: <value in [ar, da, de, ...]>
                  restricted_admin: <value in [disable, enable]>
                  send_preconnection_id: <value in [disable, enable]>
                  width: <integer>
                  vnc_keyboard_layout: <value in [da, de, de-ch, ...]>
              name: <string>
          custom_lang: <string>
          customize_forticlient_download_url: <value in [disable, enable]>
          display_bookmark: <value in [disable, enable]>
          display_connection_tools: <value in [disable, enable]>
          display_history: <value in [disable, enable]>
          display_status: <value in [disable, enable]>
          dns_server1: <string>
          dns_server2: <string>
          dns_suffix: <string>
          exclusive_routing: <value in [disable, enable]>
          forticlient_download: <value in [disable, enable]>
          forticlient_download_method: <value in [direct, ssl-vpn]>
          heading: <string>
          hide_sso_credential: <value in [disable, enable]>
          host_check: <value in [none, av, fw, ...]>
          host_check_interval: <integer>
          host_check_policy: <list or string>
          ip_mode: <value in [range, user-group, dhcp, ...]>
          ip_pools: <list or string>
          ipv6_dns_server1: <string>
          ipv6_dns_server2: <string>
          ipv6_exclusive_routing: <value in [disable, enable]>
          ipv6_pools: <list or string>
          ipv6_service_restriction: <value in [disable, enable]>
          ipv6_split_tunneling: <value in [disable, enable]>
          ipv6_split_tunneling_routing_address: <list or string>
          ipv6_tunnel_mode: <value in [disable, enable]>
          ipv6_wins_server1: <string>
          ipv6_wins_server2: <string>
          keep_alive: <value in [disable, enable]>
          limit_user_logins: <value in [disable, enable]>
          mac_addr_action: <value in [deny, allow]>
          mac_addr_check: <value in [disable, enable]>
          mac_addr_check_rule:
            -
              mac_addr_list: <list or string>
              mac_addr_mask: <integer>
              name: <string>
          macos_forticlient_download_url: <string>
          name: <string>
          os_check: <value in [disable, enable]>
          redir_url: <string>
          save_password: <value in [disable, enable]>
          service_restriction: <value in [disable, enable]>
          skip_check_for_unsupported_browser: <value in [disable, enable]>
          skip_check_for_unsupported_os: <value in [disable, enable]>
          smb_ntlmv1_auth: <value in [disable, enable]>
          smbv1: <value in [disable, enable]>
          split_dns:
            -
              dns_server1: <string>
              dns_server2: <string>
              domains: <string>
              id: <integer>
              ipv6_dns_server1: <string>
              ipv6_dns_server2: <string>
          split_tunneling: <value in [disable, enable]>
          split_tunneling_routing_address: <list or string>
          theme: <value in [gray, blue, orange, ...]>
          tunnel_mode: <value in [disable, enable]>
          user_bookmark: <value in [disable, enable]>
          user_group_bookmark: <value in [disable, enable]>
          web_mode: <value in [disable, enable]>
          windows_forticlient_download_url: <string>
          wins_server1: <string>
          wins_server2: <string>
          skip_check_for_browser: <value in [disable, enable]>
          smb_max_version: <value in [smbv1, smbv2, smbv3]>
          smb_min_version: <value in [smbv1, smbv2, smbv3]>
          virtual_desktop_logout_when_browser_close: <value in [disable, enable]>
          virtual_desktop_clipboard_share: <value in [disable, enable]>
          virtual_desktop_desktop_switch: <value in [disable, enable]>
          virtual_desktop: <value in [disable, enable]>
          virtual_desktop_network_share_access: <value in [disable, enable]>
          virtual_desktop_printing: <value in [disable, enable]>
          virtual_desktop_app_list: <string>
          virtual_desktop_removable_media_access: <value in [disable, enable]>
          transform_backward_slashes: <value in [disable, enable]>
          ipv6_split_tunneling_routing_negate: <value in [disable, enable]>
          split_tunneling_routing_negate: <value in [disable, enable]>
          os_check_list:
            action: <value in [allow, check-up-to-date, deny]>
            latest_patch_level: <string>
            name: <string>
            tolerance: <integer>
            minor_version: <integer>
          use_sdwan: <value in [disable, enable]>
          prefer_ipv6_dns: <value in [disable, enable]>
          rewrite_ip_uri_ui: <value in [disable, enable]>
          clipboard: <value in [disable, enable]>
          default_window_height: <integer>
          default_window_width: <integer>
          dhcp_ip_overlap: <value in [use-old, use-new]>
          client_src_range: <value in [disable, enable]>
          dhcp_ra_giaddr: <string>
          dhcp6_ra_linkaddr: <string>
          landing_page:
            form_data:
              -
                name: <string>
                value: <string>
            logout_url: <string>
            sso: <value in [disable, static, auto]>
            sso_credential: <value in [sslvpn-login, alternative]>
            sso_password: <list or string>
            sso_username: <string>
            url: <string>
          landing_page_mode: <value in [disable, enable]>
          default_protocol: <value in [web, ftp, telnet, ...]>
          focus_bookmark: <value in [disable, enable]>
          dhcp_reservation: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)