fmgr_firewall_sslsshprofile_sslserver – SSL servers.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

  • Argument name before 3.0.0: var-name, var name, var.name

  • New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • state - The directive to create, update or delete an object type: str required: true choices: present, absent
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • adom - The parameter in requested url type: str required: true
  • ssl-ssh-profile - The parameter in requested url type: str required: true
  • firewall_sslsshprofile_sslserver - SSL servers. type: dict
    • ftps_client_cert_request (Alias name: ftps-client-cert-request) Action based on client certificate request during the ftps handshake. type: str choices: [bypass, inspect, block] more...
    • https_client_cert_request (Alias name: https-client-cert-request) Action based on client certificate request during the https handshake. type: str choices: [bypass, inspect, block] more...
    • id Ssl server id. type: int more...
    • imaps_client_cert_request (Alias name: imaps-client-cert-request) Action based on client certificate request during the imaps handshake. type: str choices: [bypass, inspect, block] more...
    • ip Ipv4 address of the ssl server. type: str more...
    • pop3s_client_cert_request (Alias name: pop3s-client-cert-request) Action based on client certificate request during the pop3s handshake. type: str choices: [bypass, inspect, block] more...
    • smtps_client_cert_request (Alias name: smtps-client-cert-request) Action based on client certificate request during the smtps handshake. type: str choices: [bypass, inspect, block] more...
    • ssl_other_client_cert_request (Alias name: ssl-other-client-cert-request) Action based on client certificate request during an ssl protocol handshake. type: str choices: [bypass, inspect, block] more...
    • ftps_client_certificate (Alias name: ftps-client-certificate) Action based on received client certificate during the ftps handshake. type: str choices: [bypass, inspect, block] more...
    • https_client_certificate (Alias name: https-client-certificate) Action based on received client certificate during the https handshake. type: str choices: [bypass, inspect, block] more...
    • imaps_client_certificate (Alias name: imaps-client-certificate) Action based on received client certificate during the imaps handshake. type: str choices: [bypass, inspect, block] more...
    • pop3s_client_certificate (Alias name: pop3s-client-certificate) Action based on received client certificate during the pop3s handshake. type: str choices: [bypass, inspect, block] more...
    • smtps_client_certificate (Alias name: smtps-client-certificate) Action based on received client certificate during the smtps handshake. type: str choices: [bypass, inspect, block] more...
    • ssl_other_client_certificate (Alias name: ssl-other-client-certificate) Action based on received client certificate during an ssl protocol handshake. type: str choices: [bypass, inspect, block] more...

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state: present directive.

  • To delete an object, use state: absent directive

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: SSL servers.
      fortinet.fortimanager.fmgr_firewall_sslsshprofile_sslserver:
        bypass_validation: false
        adom: ansible
        ssl-ssh-profile: "ansible-test" # name
        state: present
        firewall_sslsshprofile_sslserver:
          ftps-client-cert-request: block # <value in [bypass, inspect, block]>
          https-client-cert-request: bypass # <value in [bypass, inspect, block]>
          id: 1
          imaps-client-cert-request: bypass # <value in [bypass, inspect, block]>

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the SSL servers SSL/SSH protocol option
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "firewall_sslsshprofile_sslserver"
          params:
            adom: "ansible"
            ssl-ssh-profile: "ansible-test" # name
            ssl-server: "your_value"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)