Note
This plugin is part of the fortinet.fortios collection (version 2.1.2).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_user_setting
.
New in version 2.10: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
access_token string | Token-based authentication. Generated from GUI of Fortigate. | |||
enable_log boolean |
| Enable/Disable logging for task. | ||
user_setting dictionary | Configure user authentication setting. | |||
auth_blackout_time integer | Time in seconds an IP address is denied access after failing to authenticate five times within one minute. | |||
auth_ca_cert string | HTTPS CA certificate for policy authentication. Source vpn.certificate.local.name. | |||
auth_cert string | HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. | |||
auth_http_basic string |
| Enable/disable use of HTTP basic authentication for identity-based firewall policies. | ||
auth_invalid_max integer | Maximum number of failed authentication attempts before the user is blocked. | |||
auth_lockout_duration integer | Lockout period in seconds after too many login failures. | |||
auth_lockout_threshold integer | Maximum number of failed login attempts before login lockout is triggered. | |||
auth_on_demand string |
| Always/implicitly trigger firewall authentication on demand. | ||
auth_portal_timeout integer | Time in minutes before captive portal user have to re-authenticate (1 - 30 min). | |||
auth_ports list / elements=string | Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. | |||
id integer / required | ID. | |||
port integer | Non-standard port for firewall user authentication. | |||
type string |
| Service type. | ||
auth_secure_http string |
| Enable/disable redirecting HTTP user authentication to more secure HTTPS. | ||
auth_src_mac string |
| Enable/disable source MAC for user identity. | ||
auth_ssl_allow_renegotiation string |
| Allow/forbid SSL re-negotiation for HTTPS authentication. | ||
auth_ssl_min_proto_version string |
| Minimum supported protocol version for SSL/TLS connections . | ||
auth_timeout integer | Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. | |||
auth_timeout_type string |
| Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. | ||
auth_type list / elements=string |
| Supported firewall policy authentication protocols/methods. | ||
per_policy_disclaimer string |
| Enable/disable per policy disclaimer. | ||
radius_ses_timeout_act string |
| Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. | ||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure user authentication setting. fortios_user_setting: vdom: "{{ vdom }}" user_setting: auth_blackout_time: "3" auth_ca_cert: "<your_own_value> (source vpn.certificate.local.name)" auth_cert: "<your_own_value> (source vpn.certificate.local.name)" auth_http_basic: "enable" auth_invalid_max: "7" auth_lockout_duration: "8" auth_lockout_threshold: "9" auth_on_demand: "always" auth_portal_timeout: "11" auth_ports: - id: "13" port: "14" type: "http" auth_secure_http: "enable" auth_src_mac: "enable" auth_ssl_allow_renegotiation: "enable" auth_ssl_min_proto_version: "default" auth_timeout: "20" auth_timeout_type: "idle-timeout" auth_type: "http" per_policy_disclaimer: "enable" radius_ses_timeout_act: "hard-timeout"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_user_setting_module.html