fmgr_firewall_vip6 – Configure virtual IP for IPv6.¶

New in version 2.0.0.

Synopsis
Requirements
FortiManager Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v6.x and v7.x.

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

FortiManager Version Compatibility ¶

6.0.0

True

6.2.0 6.2.1 6.2.2 6.2.3 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.2.10 6.2.11

True True True True True True True True True True True

6.4.0 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.4.7 6.4.8 6.4.9 6.4.10 6.4.11 6.4.12

True True True True True True True True True True True True True

7.0.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.0.6 7.0.7 7.0.8

True True True True True True True True True

7.2.0 7.2.1 7.2.2 7.2.3

True True True True

7.4.0

True

Parameters ¶

access_token -The token to access FortiManager without using username and password. type: str required: false
bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
enable_log - Enable/Disable logging for task. type: bool required: false default: False
forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
adom - The parameter in requested url type: str required: true
firewall_vip6 - Configure virtual IP for IPv6. type: dict

arp-reply - Enable to respond to ARP requests for this virtual IP address. type: str choices: [disable, enable] more...

color - Color of icon on the GUI. type: int more...

comment - Comment. type: str more...

dynamic_mapping - Dynamic_Mapping. type: array more...

_scope - _Scope. type: array more...

name - Name. type: str more...

vdom - Vdom. type: str more...

arp-reply - Enable to respond to ARP requests for this virtual IP address. type: str choices: [disable, enable] more...

color - Color of icon on the GUI. type: int more...

comment - Comment. type: str more...

extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str more...

extport - Incoming port number range that you want to map to a port number range on the destination network. type: str more...

http-cookie-age - Time in minutes that client web browsers should keep a cookie. type: int more...

http-cookie-domain - Domain that HTTP cookie persistence should apply to. type: str more...

http-cookie-domain-from-host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: [disable, enable] more...

http-cookie-generation - Generation of HTTP cookie to be accepted. type: int more...

http-cookie-path - Limit HTTP cookie persistence to the specified path. type: str more...

http-cookie-share - Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip] more...

http-ip-header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: [disable, enable] more...

http-ip-header-name - For HTTP multiplexing, enter a custom HTTPS header name. type: str more...

http-multiplex - Enable/disable HTTP multiplexing. type: str choices: [disable, enable] more...

https-cookie-secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: [disable, enable] more...

id - Custom defined ID. type: int more...

ldb-method - Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host] more...

mappedip - Mapped IP address range in the format startIP-endIP. type: str more...

mappedport - Port number range on the destination network to which the external port number range is mapped. type: str more...

max-embryonic-connections - Maximum number of incomplete connections. type: int more...

monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str more...

outlook-web-access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: [disable, enable] more...

persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id] more...

portforward - Enable port forwarding. type: str choices: [disable, enable] more...

protocol - Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp] more...

server-type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps] more...

src-filter - Source IP6 filter (x:x:x:x:x:x:x:x/x). type: str more...

ssl-algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: [high, low, medium, custom] more...

ssl-certificate - The name of the SSL certificate to use for SSL acceleration. type: str more...

ssl-client-fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: [disable, enable] more...

ssl-client-renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: [deny, allow, secure] more...

ssl-client-session-state-max - Maximum number of client to FortiGate SSL session states to keep. type: int more...

ssl-client-session-state-timeout - Number of minutes to keep client to FortiGate SSL session state. type: int more...

ssl-client-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: [disable, time, count, both] more...

ssl-dh-bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096] more...

ssl-hpkp - Enable/disable including HPKP header in response. type: str choices: [disable, enable, report-only] more...

ssl-hpkp-age - Number of minutes the web browser should keep HPKP. type: int more...

ssl-hpkp-backup - Certificate to generate backup HPKP pin from. type: str more...

ssl-hpkp-include-subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: [disable, enable] more...

ssl-hpkp-primary - Certificate to generate primary HPKP pin from. type: str more...

ssl-hpkp-report-uri - URL to report HPKP violations to. type: str more...

ssl-hsts - Enable/disable including HSTS header in response. type: str choices: [disable, enable] more...

ssl-hsts-age - Number of seconds the client should honour the HSTS setting. type: int more...

ssl-hsts-include-subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: [disable, enable] more...

ssl-http-location-conversion - Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str choices: [disable, enable] more...

ssl-http-match-host - Enable/disable HTTP host matching for location conversion. type: str choices: [disable, enable] more...

ssl-max-version - Highest SSL/TLS version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

ssl-min-version - Lowest SSL/TLS version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

ssl-mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: [half, full] more...

ssl-pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). type: str choices: [require, deny, allow] more...

ssl-send-empty-frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3. type: str choices: [disable, enable] more...

ssl-server-algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client] more...

ssl-server-max-version - Highest SSL/TLS version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...

ssl-server-min-version - Lowest SSL/TLS version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...

ssl-server-session-state-max - Maximum number of FortiGate to Server SSL session states to keep. type: int more...

ssl-server-session-state-timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int more...

ssl-server-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: [disable, time, count, both] more...

type - Configure a static NAT or server load balance VIP. type: str choices: [static-nat, server-load-balance, access-proxy] more...

uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str more...

weblogic-server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: [disable, enable] more...

websphere-server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: [disable, enable] more...

http-redirect - Enable/disable redirection of HTTP to HTTPS type: str choices: [disable, enable] more...

ssl-client-rekey-count - Maximum length of data in MB before triggering a client rekey (0 = disable). type: int more...

nat-source-vip - Nat-Source-Vip. type: str choices: [disable, enable] more...

add-nat64-route - Enable/disable adding NAT64 route. type: str choices: [disable, enable] more...

embedded-ipv4-address - Enable/disable use of the lower 32 bits of the external IPv6 address as mapped IPv4 address. type: str choices: [disable, enable] more...

ipv4-mappedip - Range of mapped IP addresses. type: str more...

ipv4-mappedport - IPv4 port number range on the destination network to which the external port number range is mapped. type: str more...

nat64 - Enable/disable DNAT64. type: str choices: [disable, enable] more...

nat66 - Enable/disable DNAT66. type: str choices: [disable, enable] more...

realservers - No description for the parameter type: array more...

client-ip - Only clients in this IP range can connect to this real server. type: str more...

healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip] more...

holddown-interval - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int more...

http-host - HTTP server domain name in HTTP header. type: str more...

id - Real server ID. type: int more...

ip - IP address of the real server. type: str more...

max-connections - Max number of active connections that can directed to the real server. type: int more...

monitor - No description for the parameter type: str more...

port - Port for communicating with the real server. type: int more...

status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable] more...

weight - Weight of the real server. type: int more...

translate-host - Enable/disable translation of hostname/IP from virtual server to real server. type: str choices: [disable, enable] more...

ssl-accept-ffdhe-groups - Enable/disable FFDHE cipher suite for SSL key exchange. type: str choices: [disable, enable] more...

ssl-cipher-suites - No description for the parameter type: array more...

cipher - Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...

priority - SSL/TLS cipher suites priority. type: int more...

versions - No description for the parameter type: array choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

ndp-reply - Enable/disable this FortiGate units ability to respond to NDP requests for this virtual IP address (default = enable). type: str choices: [disable, enable] more...

ssl-server-renegotiation - Enable/disable secure renegotiation to comply with RFC 5746. type: str choices: [disable, enable] more...