fmgr_firewall_vip6 – Configure virtual IP for IPv6.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

• Argument name before 3.0.0: var-name, var name, var.name

• New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values need to be adjusted to data sources before usage.

• Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

• access_token -The token to access FortiManager without using username and password. type: str required: false
• bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
• proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
• state - The directive to create, update or delete an object type: str required: true choices: present, absent
• workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
• workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
• adom - The parameter in requested url type: str required: true
• firewall_vip6 - Configure virtual IP for IPv6. type: dict
• arp_reply (Alias name: arp-reply) Enable to respond to arp requests for this virtual ip address. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• color Color of icon on the gui. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• comment Comment. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• dynamic_mapping Dynamic_mapping. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • _scope _scope. type: list more...

    Supported Version Ranges: v6.0.0 -> latest

    • name Name. type: str more...

      Supported Version Ranges: v6.0.0 -> latest

    • vdom Vdom. type: str more...

      Supported Version Ranges: v6.0.0 -> latest

  • arp_reply (Alias name: arp-reply) Enable to respond to arp requests for this virtual ip address. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • color Color of icon on the gui. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • comment Comment. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • extip Ip address or address range on the external interface that you want to map to an address or address range on the destination network. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • extport Incoming port number range that you want to map to a port number range on the destination network. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_cookie_age (Alias name: http-cookie-age) Time in minutes that client web browsers should keep a cookie. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_cookie_domain (Alias name: http-cookie-domain) Domain that http cookie persistence should apply to. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_cookie_domain_from_host (Alias name: http-cookie-domain-from-host) Enable/disable use of http cookie domain from host field in http. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_cookie_generation (Alias name: http-cookie-generation) Generation of http cookie to be accepted. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_cookie_path (Alias name: http-cookie-path) Limit http cookie persistence to the specified path. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_cookie_share (Alias name: http-cookie-share) Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip] more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_ip_header (Alias name: http-ip-header) For http multiplexing, enable to add the original client ip address in the xforwarded-for http header. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_ip_header_name (Alias name: http-ip-header-name) For http multiplexing, enter a custom https header name. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_multiplex (Alias name: http-multiplex) Enable/disable http multiplexing. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • https_cookie_secure (Alias name: https-cookie-secure) Enable/disable verification that inserted https cookies are secure. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • id Custom defined id. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ldb_method (Alias name: ldb-method) Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host] more...

    Supported Version Ranges: v6.0.0 -> latest

  • mappedip Mapped ip address range in the format startip-endip. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • mappedport Port number range on the destination network to which the external port number range is mapped. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • max_embryonic_connections (Alias name: max-embryonic-connections) Maximum number of incomplete connections. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list or str more...

    Supported Version Ranges: v6.0.0 -> latest

  • outlook_web_access (Alias name: outlook-web-access) Enable to add the front-end-https header for microsoft outlook web access. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • persistence Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id] more...

    Supported Version Ranges: v6.0.0 -> latest

  • portforward Enable port forwarding. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • protocol Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp] more...

    Supported Version Ranges: v6.0.0 -> latest

  • server_type (Alias name: server-type) Protocol to be load balanced by the virtual server (also called the server load balance virtual ip). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps] more...

    Supported Version Ranges: v6.0.0 -> latest

  • src_filter (Alias name: src-filter) Source ip6 filter (x:x:x:x:x:x:x:x/x). type: list more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_algorithm (Alias name: ssl-algorithm) Permitted encryption algorithms for ssl sessions according to encryption strength. type: str choices: [high, low, medium, custom] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_certificate (Alias name: ssl-certificate) The name of the ssl certificate to use for ssl acceleration. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_client_fallback (Alias name: ssl-client-fallback) Enable/disable support for preventing downgrade attacks on client connections (rfc 7507). type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_client_renegotiation (Alias name: ssl-client-renegotiation) Allow, deny, or require secure renegotiation of client sessions to comply with rfc 5746. type: str choices: [deny, allow, secure] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_client_session_state_max (Alias name: ssl-client-session-state-max) Maximum number of client to fortigate ssl session states to keep. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_client_session_state_timeout (Alias name: ssl-client-session-state-timeout) Number of minutes to keep client to fortigate ssl session state. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_client_session_state_type (Alias name: ssl-client-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the client and the fortigate. type: str choices: [disable, time, count, both] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_dh_bits (Alias name: ssl-dh-bits) Number of bits to use in the diffie-hellman exchange for rsa encryption of ssl sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hpkp (Alias name: ssl-hpkp) Enable/disable including hpkp header in response. type: str choices: [disable, enable, report-only] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hpkp_age (Alias name: ssl-hpkp-age) Number of minutes the web browser should keep hpkp. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hpkp_backup (Alias name: ssl-hpkp-backup) Certificate to generate backup hpkp pin from. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hpkp_include_subdomains (Alias name: ssl-hpkp-include-subdomains) Indicate that hpkp header applies to all subdomains. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hpkp_primary (Alias name: ssl-hpkp-primary) Certificate to generate primary hpkp pin from. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hpkp_report_uri (Alias name: ssl-hpkp-report-uri) Url to report hpkp violations to. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hsts (Alias name: ssl-hsts) Enable/disable including hsts header in response. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hsts_age (Alias name: ssl-hsts-age) Number of seconds the client should honour the hsts setting. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_hsts_include_subdomains (Alias name: ssl-hsts-include-subdomains) Indicate that hsts header applies to all subdomains. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_http_location_conversion (Alias name: ssl-http-location-conversion) Enable to replace http with https in the replys location http header field. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_http_match_host (Alias name: ssl-http-match-host) Enable/disable http host matching for location conversion. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_max_version (Alias name: ssl-max-version) Highest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_min_version (Alias name: ssl-min-version) Lowest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_mode (Alias name: ssl-mode) Apply ssl offloading between the client and the fortigate (half) or from the client to the fortigate and from the fortigate to the server (full). type: str choices: [half, full] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_pfs (Alias name: ssl-pfs) Select the cipher suites that can be used for ssl perfect forward secrecy (pfs). type: str choices: [require, deny, allow] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_send_empty_frags (Alias name: ssl-send-empty-frags) Enable/disable sending empty fragments to avoid cbc iv attacks (ssl 3. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_server_algorithm (Alias name: ssl-server-algorithm) Permitted encryption algorithms for the server side of ssl full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_server_max_version (Alias name: ssl-server-max-version) Highest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_server_min_version (Alias name: ssl-server-min-version) Lowest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_server_session_state_max (Alias name: ssl-server-session-state-max) Maximum number of fortigate to server ssl session states to keep. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_server_session_state_timeout (Alias name: ssl-server-session-state-timeout) Number of minutes to keep fortigate to server ssl session state. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ssl_server_session_state_type (Alias name: ssl-server-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the server and the fortigate. type: str choices: [disable, time, count, both] more...

    Supported Version Ranges: v6.0.0 -> latest

  • type Configure a static nat or server load balance vip. type: str choices: [static-nat, server-load-balance, access-proxy] more...

    Supported Version Ranges: v6.0.0 -> latest

  • uuid Universally unique identifier (uuid; automatically assigned but can be manually reset). type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • weblogic_server (Alias name: weblogic-server) Enable to add an http header to indicate ssl offloading for a weblogic server. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • websphere_server (Alias name: websphere-server) Enable to add an http header to indicate ssl offloading for a websphere server. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_redirect (Alias name: http-redirect) Enable/disable redirection of http to https type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.2.1 -> latest

  • ssl_client_rekey_count (Alias name: ssl-client-rekey-count) Maximum length of data in mb before triggering a client rekey (0 = disable). type: int more...

    Supported Version Ranges: v6.2.1 -> latest

  • nat_source_vip (Alias name: nat-source-vip) Nat-source-vip. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.4.0 -> latest

  • add_nat64_route (Alias name: add-nat64-route) Enable/disable adding nat64 route. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.0.1 -> latest

  • embedded_ipv4_address (Alias name: embedded-ipv4-address) Enable/disable use of the lower 32 bits of the external ipv6 address as mapped ipv4 address. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.0.1 -> latest

  • ipv4_mappedip (Alias name: ipv4-mappedip) Range of mapped ip addresses. type: str more...

    Supported Version Ranges: v7.0.1 -> latest

  • ipv4_mappedport (Alias name: ipv4-mappedport) Ipv4 port number range on the destination network to which the external port number range is mapped. type: str more...

    Supported Version Ranges: v7.0.1 -> latest

  • nat64 Enable/disable dnat64. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.0.1 -> latest

  • nat66 Enable/disable dnat66. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.0.1 -> latest

  • realservers type: list more...

    Supported Version Ranges: v7.0.2 -> latest

    • client_ip (Alias name: client-ip) Only clients in this ip range can connect to this real server. type: str more...

      Supported Version Ranges: v7.0.2 -> latest

    • healthcheck Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip] more...

      Supported Version Ranges: v7.0.2 -> latest

    • holddown_interval (Alias name: holddown-interval) Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int more...

      Supported Version Ranges: v7.0.2 -> latest

    • http_host (Alias name: http-host) Http server domain name in http header. type: str more...

      Supported Version Ranges: v7.0.2 -> latest

    • id Real server id. type: int more...

      Supported Version Ranges: v7.0.2 -> latest

    • ip Ip address of the real server. type: str more...

      Supported Version Ranges: v7.0.2 -> latest

    • max_connections (Alias name: max-connections) Max number of active connections that can directed to the real server. type: int more...

      Supported Version Ranges: v7.0.2 -> latest

    • monitor type: list or str more...

      Supported Version Ranges: v7.0.2 -> latest

    • port Port for communicating with the real server. type: int more...

      Supported Version Ranges: v7.0.2 -> latest

    • status Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable] more...

      Supported Version Ranges: v7.0.2 -> latest

    • weight Weight of the real server. type: int more...

      Supported Version Ranges: v7.0.2 -> latest

    • translate_host (Alias name: translate-host) Enable/disable translation of hostname/ip from virtual server to real server. type: str choices: [disable, enable] more...

      Supported Version Ranges: v7.2.2 -> latest

  • ssl_accept_ffdhe_groups (Alias name: ssl-accept-ffdhe-groups) Enable/disable ffdhe cipher suite for ssl key exchange. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.0.3 -> latest

  • ssl_cipher_suites (Alias name: ssl-cipher-suites) type: list more...

    Supported Version Ranges: v7.0.2 -> latest

    • cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...

      Supported Version Ranges: v7.0.2 -> latest

    • priority Ssl/tls cipher suites priority. type: int more...

      Supported Version Ranges: v7.0.2 -> latest

    • versions type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

      Supported Version Ranges: v7.0.2 -> latest

  • ndp_reply (Alias name: ndp-reply) Enable/disable this fortigate units ability to respond to ndp requests for this virtual ip address (default = enable). type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.0.5 -> v7.0.12, v7.2.2 -> latest

  • ssl_server_renegotiation (Alias name: ssl-server-renegotiation) Enable/disable secure renegotiation to comply with rfc 5746. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.2.2 -> latest

  • h2_support (Alias name: h2-support) Enable/disable http2 support (default = enable). type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.4.2 -> latest

  • h3_support (Alias name: h3-support) Enable/disable http3/quic support (default = disable). type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.4.2 -> latest

• extip Ip address or address range on the external interface that you want to map to an address or address range on the destination network. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• extport Incoming port number range that you want to map to a port number range on the destination network. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• http_cookie_age (Alias name: http-cookie-age) Time in minutes that client web browsers should keep a cookie. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• http_cookie_domain (Alias name: http-cookie-domain) Domain that http cookie persistence should apply to. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• http_cookie_domain_from_host (Alias name: http-cookie-domain-from-host) Enable/disable use of http cookie domain from host field in http. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• http_cookie_generation (Alias name: http-cookie-generation) Generation of http cookie to be accepted. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• http_cookie_path (Alias name: http-cookie-path) Limit http cookie persistence to the specified path. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• http_cookie_share (Alias name: http-cookie-share) Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip] more...

  Supported Version Ranges: v6.0.0 -> latest

• http_ip_header (Alias name: http-ip-header) For http multiplexing, enable to add the original client ip address in the xforwarded-for http header. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• http_ip_header_name (Alias name: http-ip-header-name) For http multiplexing, enter a custom https header name. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• http_multiplex (Alias name: http-multiplex) Enable/disable http multiplexing. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• https_cookie_secure (Alias name: https-cookie-secure) Enable/disable verification that inserted https cookies are secure. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• id Custom defined id. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ldb_method (Alias name: ldb-method) Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host] more...

  Supported Version Ranges: v6.0.0 -> latest

• mappedip Mapped ip address range in the format startip-endip. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• mappedport Port number range on the destination network to which the external port number range is mapped. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• max_embryonic_connections (Alias name: max-embryonic-connections) Maximum number of incomplete connections. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• name Virtual ip6 name. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• outlook_web_access (Alias name: outlook-web-access) Enable to add the front-end-https header for microsoft outlook web access. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• persistence Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id] more...

  Supported Version Ranges: v6.0.0 -> latest

• portforward Enable port forwarding. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• protocol Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp] more...

  Supported Version Ranges: v6.0.0 -> latest

• realservers Realservers. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • client_ip (Alias name: client-ip) Only clients in this ip range can connect to this real server. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • healthcheck Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip] more...

    Supported Version Ranges: v6.0.0 -> latest

  • holddown_interval (Alias name: holddown-interval) Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • http_host (Alias name: http-host) Http server domain name in http header. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • id Real server id. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • ip Ipv6 address of the real server. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • max_connections (Alias name: max-connections) Max number of active connections that can directed to the real server. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • monitor Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: list or str more...

    Supported Version Ranges: v6.0.0 -> latest

  • port Port for communicating with the real server. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • status Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • weight Weight of the real server. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • translate_host (Alias name: translate-host) Enable/disable translation of hostname/ip from virtual server to real server. type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.2.2 -> latest

• server_type (Alias name: server-type) Protocol to be load balanced by the virtual server (also called the server load balance virtual ip). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps] more...

  Supported Version Ranges: v6.0.0 -> latest

• src_filter (Alias name: src-filter) Source ip6 filter (x:x:x:x:x:x:x:x/x). type: list more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_algorithm (Alias name: ssl-algorithm) Permitted encryption algorithms for ssl sessions according to encryption strength. type: str choices: [high, low, medium, custom] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_certificate (Alias name: ssl-certificate) The name of the ssl certificate to use for ssl acceleration. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_cipher_suites (Alias name: ssl-cipher-suites) Ssl-cipher-suites. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...

    Supported Version Ranges: v6.0.0 -> latest

  • priority Ssl/tls cipher suites priority. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • versions Ssl/tls versions that the cipher suite can be used with. type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

    Supported Version Ranges: v6.0.0 -> latest

• ssl_client_fallback (Alias name: ssl-client-fallback) Enable/disable support for preventing downgrade attacks on client connections (rfc 7507). type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_client_renegotiation (Alias name: ssl-client-renegotiation) Allow, deny, or require secure renegotiation of client sessions to comply with rfc 5746. type: str choices: [deny, allow, secure] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_client_session_state_max (Alias name: ssl-client-session-state-max) Maximum number of client to fortigate ssl session states to keep. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_client_session_state_timeout (Alias name: ssl-client-session-state-timeout) Number of minutes to keep client to fortigate ssl session state. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_client_session_state_type (Alias name: ssl-client-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the client and the fortigate. type: str choices: [disable, time, count, both] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_dh_bits (Alias name: ssl-dh-bits) Number of bits to use in the diffie-hellman exchange for rsa encryption of ssl sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hpkp (Alias name: ssl-hpkp) Enable/disable including hpkp header in response. type: str choices: [disable, enable, report-only] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hpkp_age (Alias name: ssl-hpkp-age) Number of minutes the web browser should keep hpkp. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hpkp_backup (Alias name: ssl-hpkp-backup) Certificate to generate backup hpkp pin from. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hpkp_include_subdomains (Alias name: ssl-hpkp-include-subdomains) Indicate that hpkp header applies to all subdomains. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hpkp_primary (Alias name: ssl-hpkp-primary) Certificate to generate primary hpkp pin from. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hpkp_report_uri (Alias name: ssl-hpkp-report-uri) Url to report hpkp violations to. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hsts (Alias name: ssl-hsts) Enable/disable including hsts header in response. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hsts_age (Alias name: ssl-hsts-age) Number of seconds the client should honour the hsts setting. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_hsts_include_subdomains (Alias name: ssl-hsts-include-subdomains) Indicate that hsts header applies to all subdomains. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_http_location_conversion (Alias name: ssl-http-location-conversion) Enable to replace http with https in the replys location http header field. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_http_match_host (Alias name: ssl-http-match-host) Enable/disable http host matching for location conversion. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_max_version (Alias name: ssl-max-version) Highest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_min_version (Alias name: ssl-min-version) Lowest ssl/tls version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_mode (Alias name: ssl-mode) Apply ssl offloading between the client and the fortigate (half) or from the client to the fortigate and from the fortigate to the server (full). type: str choices: [half, full] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_pfs (Alias name: ssl-pfs) Select the cipher suites that can be used for ssl perfect forward secrecy (pfs). type: str choices: [require, deny, allow] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_send_empty_frags (Alias name: ssl-send-empty-frags) Enable/disable sending empty fragments to avoid cbc iv attacks (ssl 3. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_server_algorithm (Alias name: ssl-server-algorithm) Permitted encryption algorithms for the server side of ssl full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_server_cipher_suites (Alias name: ssl-server-cipher-suites) Ssl-server-cipher-suites. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...

    Supported Version Ranges: v6.0.0 -> latest

  • priority Ssl/tls cipher suites priority. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • versions Ssl/tls versions that the cipher suite can be used with. type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

    Supported Version Ranges: v6.0.0 -> latest

• ssl_server_max_version (Alias name: ssl-server-max-version) Highest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_server_min_version (Alias name: ssl-server-min-version) Lowest ssl/tls version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3] more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_server_session_state_max (Alias name: ssl-server-session-state-max) Maximum number of fortigate to server ssl session states to keep. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_server_session_state_timeout (Alias name: ssl-server-session-state-timeout) Number of minutes to keep fortigate to server ssl session state. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ssl_server_session_state_type (Alias name: ssl-server-session-state-type) How to expire ssl sessions for the segment of the ssl connection between the server and the fortigate. type: str choices: [disable, time, count, both] more...

  Supported Version Ranges: v6.0.0 -> latest

• type Configure a static nat vip. type: str choices: [static-nat, server-load-balance, access-proxy] more...

  Supported Version Ranges: v6.0.0 -> latest

• uuid Universally unique identifier (uuid; automatically assigned but can be manually reset). type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• weblogic_server (Alias name: weblogic-server) Enable to add an http header to indicate ssl offloading for a weblogic server. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• websphere_server (Alias name: websphere-server) Enable to add an http header to indicate ssl offloading for a websphere server. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• http_redirect (Alias name: http-redirect) Enable/disable redirection of http to https type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.2.1 -> latest

• ssl_client_rekey_count (Alias name: ssl-client-rekey-count) Maximum length of data in mb before triggering a client rekey (0 = disable). type: int more...

  Supported Version Ranges: v6.2.1 -> latest

• nat_source_vip (Alias name: nat-source-vip) Enable to perform snat on traffic from mappedip to the extip for all egress interfaces. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.4.0 -> latest

• add_nat64_route (Alias name: add-nat64-route) Enable/disable adding nat64 route. type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.1 -> latest

• embedded_ipv4_address (Alias name: embedded-ipv4-address) Enable/disable use of the lower 32 bits of the external ipv6 address as mapped ipv4 address. type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.1 -> latest

• ipv4_mappedip (Alias name: ipv4-mappedip) Range of mapped ip addresses. type: str more...

  Supported Version Ranges: v7.0.1 -> latest

• ipv4_mappedport (Alias name: ipv4-mappedport) Ipv4 port number range on the destination network to which the external port number range is mapped. type: str more...

  Supported Version Ranges: v7.0.1 -> latest

• nat64 Enable/disable dnat64. type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.1 -> latest

• nat66 Enable/disable dnat66. type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.1 -> latest

• ssl_accept_ffdhe_groups (Alias name: ssl-accept-ffdhe-groups) Enable/disable ffdhe cipher suite for ssl key exchange. type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.3 -> latest

• ndp_reply (Alias name: ndp-reply) Enable/disable this fortigate units ability to respond to ndp requests for this virtual ip address (default = enable). type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.5 -> v7.0.12, v7.2.2 -> latest

• ssl_server_renegotiation (Alias name: ssl-server-renegotiation) Enable/disable secure renegotiation to comply with rfc 5746. type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.2.2 -> latest

• h2_support (Alias name: h2-support) Enable/disable http2 support (default = enable). type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.4.2 -> latest

• h3_support (Alias name: h3-support) Enable/disable http3/quic support (default = disable). type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.4.2 -> latest

• quic type: dict
  • ack_delay_exponent (Alias name: ack-delay-exponent) Support meta variable type: int more...

    Supported Version Ranges: v7.4.2 -> latest

  • active_connection_id_limit (Alias name: active-connection-id-limit) Support meta variable type: int more...

    Supported Version Ranges: v7.4.2 -> latest

  • active_migration (Alias name: active-migration) Enable/disable active migration (default = disable). type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.4.2 -> latest

  • grease_quic_bit (Alias name: grease-quic-bit) Enable/disable grease quic bit (default = enable). type: str choices: [disable, enable] more...

    Supported Version Ranges: v7.4.2 -> latest

  • max_ack_delay (Alias name: max-ack-delay) Support meta variable type: int more...

    Supported Version Ranges: v7.4.2 -> latest

  • max_datagram_frame_size (Alias name: max-datagram-frame-size) Support meta variable type: int more...

    Supported Version Ranges: v7.4.2 -> latest

  • max_idle_timeout (Alias name: max-idle-timeout) Support meta variable type: int more...

    Supported Version Ranges: v7.4.2 -> latest

  • max_udp_payload_size (Alias name: max-udp-payload-size) Support meta variable type: int more...

    Supported Version Ranges: v7.4.2 -> latest

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state: present directive.

• To delete an object, use state: absent directive

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure virtual IP for IPv6.
      fortinet.fortimanager.fmgr_firewall_vip6:
        bypass_validation: false
        adom: ansible
        state: present
        firewall_vip6:
          arp-reply: disable
          color: 1
          comment: "ansible-comment"
          id: 1
          name: "ansible-test-vip6"

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the scripts
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "firewall_vip6"
          params:
            adom: "ansible"
            vip6: "your_value"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• meta - The result of the request.returned: always type: dict
• request_url - The full url requested. returned: always type: str sample: /sys/login/user
• response_code - The status of api request. returned: always type: int sample: 0
• response_data - The data body of the api response. returned: optional type: list or dict
• response_message - The descriptive message of the api response. returned: always type: str sample: OK
• system_information - The information of the target system. returned: always type: dict
• rc - The status the request. returned: always type: int sample: 0
• version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)