fmgr_firewall_sslsshprofile – Configure SSL/SSH protocol options.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile
- /pm/config/global/obj/firewall/ssl-ssh-profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure SSL/SSH protocol options.
- data - No description for the parameter type: array
- caname - CA certificate used by SSL Inspection. type: str
- comment - Optional comments. type: str
- mapi-over-https - Enable/disable inspection of MAPI over HTTPS. type: str choices: [disable, enable]
- name - Name. type: str
- rpc-over-https - Enable/disable inspection of RPC over HTTPS. type: str choices: [disable, enable]
- server-cert - Certificate used by SSL Inspection to replace server certificate. type: str
- server-cert-mode - Re-sign or replace the servers certificate. type: str choices: [re-sign, replace]
- ssl-anomalies-log - Enable/disable logging SSL anomalies. type: str choices: [disable, enable]
- ssl-exempt - No description for the parameter type: array
- address - IPv4 address object. type: str
- address6 - IPv6 address object. type: str
- fortiguard-category - FortiGuard category ID. type: str
- id - ID number. type: int
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str choices: [fortiguard-category, address, address6, wildcard-fqdn, regex]
- wildcard-fqdn - Exempt servers by wildcard FQDN. type: str
- ssl-exemptions-log - Enable/disable logging SSL exemptions. type: str choices: [disable, enable]
- ssl-server - No description for the parameter type: array
- ftps-client-cert-request - Action based on client certificate request during the FTPS handshake. type: str choices: [bypass, inspect, block]
- https-client-cert-request - Action based on client certificate request during the HTTPS handshake. type: str choices: [bypass, inspect, block]
- id - SSL server ID. type: int
- imaps-client-cert-request - Action based on client certificate request during the IMAPS handshake. type: str choices: [bypass, inspect, block]
- ip - IPv4 address of the SSL server. type: str
- pop3s-client-cert-request - Action based on client certificate request during the POP3S handshake. type: str choices: [bypass, inspect, block]
- smtps-client-cert-request - Action based on client certificate request during the SMTPS handshake. type: str choices: [bypass, inspect, block]
- ssl-other-client-cert-request - Action based on client certificate request during an SSL protocol handshake. type: str choices: [bypass, inspect, block]
- untrusted-caname - Untrusted CA certificate used by SSL Inspection. type: str
- use-ssl-server - Enable/disable the use of SSL server table for SSL offloading. type: str choices: [disable, enable]
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str choices: [disable, enable]
- parameters for method: [get] - Configure SSL/SSH protocol options.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [caname, comment, mapi-over-https, name, rpc-over-https, server-cert, server-cert-mode, ssl-anomalies-log, ssl-exemptions-log, untrusted-caname, use-ssl-server, whitelist]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE
fmgr_firewall_sslsshprofile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
caname: <value of string>
comment: <value of string>
mapi-over-https: <value in [disable, enable]>
name: <value of string>
rpc-over-https: <value in [disable, enable]>
server-cert: <value of string>
server-cert-mode: <value in [re-sign, replace]>
ssl-anomalies-log: <value in [disable, enable]>
ssl-exempt:
-
address: <value of string>
address6: <value of string>
fortiguard-category: <value of string>
id: <value of integer>
regex: <value of string>
type: <value in [fortiguard-category, address, address6, ...]>
wildcard-fqdn: <value of string>
ssl-exemptions-log: <value in [disable, enable]>
ssl-server:
-
ftps-client-cert-request: <value in [bypass, inspect, block]>
https-client-cert-request: <value in [bypass, inspect, block]>
id: <value of integer>
imaps-client-cert-request: <value in [bypass, inspect, block]>
ip: <value of string>
pop3s-client-cert-request: <value in [bypass, inspect, block]>
smtps-client-cert-request: <value in [bypass, inspect, block]>
ssl-other-client-cert-request: <value in [bypass, inspect, block]>
untrusted-caname: <value of string>
use-ssl-server: <value in [disable, enable]>
whitelist: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE
fmgr_firewall_sslsshprofile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [caname, comment, mapi-over-https, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile
- return values for method: [get]
- data
- No description for the parameter type: array
- caname - CA certificate used by SSL Inspection. type: str
- comment - Optional comments. type: str
- mapi-over-https - Enable/disable inspection of MAPI over HTTPS. type: str
- name - Name. type: str
- rpc-over-https - Enable/disable inspection of RPC over HTTPS. type: str
- server-cert - Certificate used by SSL Inspection to replace server certificate. type: str
- server-cert-mode - Re-sign or replace the servers certificate. type: str
- ssl-anomalies-log - Enable/disable logging SSL anomalies. type: str
- ssl-exempt - No description for the parameter type: array
- address - IPv4 address object. type: str
- address6 - IPv6 address object. type: str
- fortiguard-category - FortiGuard category ID. type: str
- id - ID number. type: int
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str
- wildcard-fqdn - Exempt servers by wildcard FQDN. type: str
- ssl-exemptions-log - Enable/disable logging SSL exemptions. type: str
- ssl-server - No description for the parameter type: array
- ftps-client-cert-request - Action based on client certificate request during the FTPS handshake. type: str
- https-client-cert-request - Action based on client certificate request during the HTTPS handshake. type: str
- id - SSL server ID. type: int
- imaps-client-cert-request - Action based on client certificate request during the IMAPS handshake. type: str
- ip - IPv4 address of the SSL server. type: str
- pop3s-client-cert-request - Action based on client certificate request during the POP3S handshake. type: str
- smtps-client-cert-request - Action based on client certificate request during the SMTPS handshake. type: str
- ssl-other-client-cert-request - Action based on client certificate request during an SSL protocol handshake. type: str
- untrusted-caname - Untrusted CA certificate used by SSL Inspection. type: str
- use-ssl-server - Enable/disable the use of SSL server table for SSL offloading. type: str
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile