New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
web_proxy_global
-
|
Default: null
|
Configure Web proxy global settings.
|
||
fast-policy-match
-
|
|
Enable/disable fast matching algorithm for explicit and transparent proxy policy.
|
||
forward-proxy-auth
-
|
|
Enable/disable forwarding proxy authentication headers.
|
||
forward-server-affinity-timeout
-
|
Period of time before the source IP's traffic is no longer assigned to the forwarding server (6 - 60 min, default = 30).
|
|||
learn-client-ip
-
|
|
Enable/disable learning the client's IP address from headers.
|
||
learn-client-ip-from-header
-
|
|
Learn client IP address from the specified headers.
|
||
learn-client-ip-srcaddr
-
|
Source address name (srcaddr or srcaddr6 must be set).
|
|||
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||
learn-client-ip-srcaddr6
-
|
IPv6 Source address name (srcaddr or srcaddr6 must be set).
|
|||
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||
max-message-length
-
|
Maximum length of HTTP message, not including body (16 - 256 Kbytes, default = 32).
|
|||
max-request-length
-
|
Maximum length of HTTP request line (2 - 64 Kbytes, default = 4).
|
|||
max-waf-body-cache-length
-
|
Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes, default = 32).
|
|||
proxy-fqdn
-
|
Fully Qualified Domain Name (FQDN) that clients connect to (default = default.fqdn) to connect to the explicit web proxy.
|
|||
strict-web-check
-
|
|
Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1.
|
||
tunnel-non-http
-
|
|
Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled.
|
||
unknown-http-version
-
|
|
Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort.
|
||
webproxy-profile
-
|
Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure Web proxy global settings.
fortios_web_proxy_global:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
web_proxy_global:
fast-policy-match: "enable"
forward-proxy-auth: "enable"
forward-server-affinity-timeout: "5"
learn-client-ip: "enable"
learn-client-ip-from-header: "true-client-ip"
learn-client-ip-srcaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
learn-client-ip-srcaddr6:
-
name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)"
max-message-length: "12"
max-request-length: "13"
max-waf-body-cache-length: "14"
proxy-fqdn: "<your_own_value>"
strict-web-check: "enable"
tunnel-non-http: "enable"
unknown-http-version: "reject"
webproxy-profile: "<your_own_value> (source web-proxy.profile.name)"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.