New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
firewall_ssl_server
-
|
Default: null
|
Configure SSL servers.
|
|
add-header-x-forwarded-proto
-
|
|
Enable/disable adding an X-Forwarded-Proto header to forwarded requests.
|
|
ip
-
|
IPv4 address of the SSL server.
|
||
mapped-port
-
|
Mapped server service port (1 - 65535, default = 80).
|
||
name
-
/ required
|
Server name.
|
||
port
-
|
Server service port (1 - 65535, default = 443).
|
||
ssl-algorithm
-
|
|
Relative strength of encryption algorithms accepted in negotiation.
|
|
ssl-cert
-
|
Name of certificate for SSL connections to this server (default = "Fortinet_CA_SSL"). Source vpn.certificate.local.name.
|
||
ssl-client-renegotiation
-
|
|
Allow or block client renegotiation by server.
|
|
ssl-dh-bits
-
|
|
Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).
|
|
ssl-max-version
-
|
|
Highest SSL/TLS version to negotiate.
|
|
ssl-min-version
-
|
|
Lowest SSL/TLS version to negotiate.
|
|
ssl-mode
-
|
|
SSL/TLS mode for encryption and decryption of traffic.
|
|
ssl-send-empty-frags
-
|
|
Enable/disable sending empty fragments to avoid attack on CBC IV.
|
|
state
-
|
|
Indicates whether to create or remove the object
|
|
url-rewrite
-
|
|
Enable/disable rewriting the URL.
|
|
host
-
/ required
|
FortiOS or FortiGate ip adress.
|
||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|
username
-
/ required
|
FortiOS or FortiGate username.
|
||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure SSL servers.
fortios_firewall_ssl_server:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
firewall_ssl_server:
state: "present"
add-header-x-forwarded-proto: "enable"
ip: "<your_own_value>"
mapped-port: "5"
name: "default_name_6"
port: "7"
ssl-algorithm: "high"
ssl-cert: "<your_own_value> (source vpn.certificate.local.name)"
ssl-client-renegotiation: "allow"
ssl-dh-bits: "768"
ssl-max-version: "tls-1.0"
ssl-min-version: "tls-1.0"
ssl-mode: "half"
ssl-send-empty-frags: "enable"
url-rewrite: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.