W3cubDocs

/Ansible

fortinet.fortios.fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_vpn_ssl_web_portal.

New in version 2.10: of fortinet.fortios

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters

Parameter					Choices/Defaults	Comments
access_token string						Token-based authentication. Generated from GUI of Fortigate.
enable_log boolean					Choices: no ← yes	Enable/Disable logging for task.
state string / required					Choices: present absent	Indicates whether to create or remove the object.
vdom string					Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
vpn_ssl_web_portal dictionary						Portal.
	allow_user_access list / elements=string				Choices: web ftp smb telnet ssh vnc rdp ping citrix portforward sftp	Allow user access to SSL-VPN applications.
	auto_connect string				Choices: enable disable	Enable/disable automatic connect by client when system is up.
	bookmark_group list / elements=string					Portal bookmark group.
		bookmarks list / elements=string				Bookmark table.
			additional_params string			Additional parameters.
			apptype string		Choices: citrix ftp portforward rdp smb ssh telnet vnc web sftp	Application type.
			description string			Description.
			domain string			Login domain.
			folder string			Network shared file folder parameter.
			form_data list / elements=string			Form data.
				name string / required		Name.
				value string		Value.
			host string			Host name/IP parameter.
			listening_port integer			Listening port (0 - 65535).
			load_balancing_info string			The load balancing information or cookie which should be provided to the connection broker.
			logon_password string			Logon password.
			logon_user string			Logon user.
			name string / required			Bookmark name.
			port integer			Remote port.
			preconnection_blob string			An arbitrary string which identifies the RDP source.
			preconnection_id integer			The numeric ID of the RDP source (0-2147483648).
			remote_port integer			Remote port (0 - 65535).
			security string		Choices: rdp nla tls any	Security mode for RDP connection.
			server_layout string		Choices: de-de-qwertz en-gb-qwerty en-us-qwerty es-es-qwerty fr-fr-azerty fr-ch-qwertz it-it-qwerty ja-jp-qwerty pt-br-qwerty sv-se-qwerty tr-tr-qwerty failsafe fr-ca-qwerty	Server side keyboard layout.
			show_status_window string		Choices: enable disable	Enable/disable showing of status window.
			sso string		Choices: disable static auto	Single Sign-On.
			sso_credential string		Choices: sslvpn-login alternative	Single sign-on credentials.
			sso_credential_sent_once string		Choices: enable disable	Single sign-on credentials are only sent once to remote server.
			sso_password string			SSO password.
			sso_username string			SSO user name.
			url string			URL parameter.
		name string / required				Bookmark group name.
	custom_lang string					Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name.
	customize_forticlient_download_url string				Choices: enable disable	Enable support of customized download URL for FortiClient.
	display_bookmark string				Choices: enable disable	Enable to display the web portal bookmark widget.
	display_connection_tools string				Choices: enable disable	Enable to display the web portal connection tools widget.
	display_history string				Choices: enable disable	Enable to display the web portal user login history widget.
	display_status string				Choices: enable disable	Enable to display the web portal status widget.
	dns_server1 string					IPv4 DNS server 1.
	dns_server2 string					IPv4 DNS server 2.
	dns_suffix string					DNS suffix.
	exclusive_routing string				Choices: enable disable	Enable/disable all traffic go through tunnel only.
	forticlient_download string				Choices: enable disable	Enable/disable download option for FortiClient.
	forticlient_download_method string				Choices: direct ssl-vpn	FortiClient download method.
	heading string					Web portal heading message.
	hide_sso_credential string				Choices: enable disable	Enable to prevent SSO credential being sent to client.
	host_check string				Choices: none av fw av-fw custom	Type of host checking performed on endpoints.
	host_check_interval integer					Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
	host_check_policy list / elements=string					One or more policies to require the endpoint to have specific security software.
		name string / required				Host check software list name. Source vpn.ssl.web.host-check-software.name.
	ip_mode string				Choices: range user-group	Method by which users of this SSL-VPN tunnel obtain IP addresses.
	ip_pools list / elements=string					IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
		name string / required				Address name. Source firewall.address.name firewall.addrgrp.name.
	ipv6_dns_server1 string					IPv6 DNS server 1.
	ipv6_dns_server2 string					IPv6 DNS server 2.
	ipv6_exclusive_routing string				Choices: enable disable	Enable/disable all IPv6 traffic go through tunnel only.
	ipv6_pools list / elements=string					IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
		name string / required				Address name. Source firewall.address6.name firewall.addrgrp6.name.
	ipv6_service_restriction string				Choices: enable disable	Enable/disable IPv6 tunnel service restriction.
	ipv6_split_tunneling string				Choices: enable disable	Enable/disable IPv6 split tunneling.
	ipv6_split_tunneling_routing_address list / elements=string					IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
		name string / required				Address name. Source firewall.address6.name firewall.addrgrp6.name.
	ipv6_split_tunneling_routing_negate string				Choices: enable disable	Enable to negate IPv6 split tunneling routing address.
	ipv6_tunnel_mode string				Choices: enable disable	Enable/disable IPv6 SSL-VPN tunnel mode.
	ipv6_wins_server1 string					IPv6 WINS server 1.
	ipv6_wins_server2 string					IPv6 WINS server 2.
	keep_alive string				Choices: enable disable	Enable/disable automatic reconnect for FortiClient connections.
	limit_user_logins string				Choices: enable disable	Enable to limit each user to one SSL-VPN session at a time.
	mac_addr_action string				Choices: allow deny	Client MAC address action.
	mac_addr_check string				Choices: enable disable	Enable/disable MAC address host checking.
	mac_addr_check_rule list / elements=string					Client MAC address check rule.
		mac_addr_list list / elements=string				Client MAC address list.
			addr string / required			Client MAC address.
		mac_addr_mask integer				Client MAC address mask.
		name string / required				Client MAC address check rule name.
	macos_forticlient_download_url string					Download URL for Mac FortiClient.
	name string / required					Portal name.
	os_check string				Choices: enable disable	Enable to let the FortiGate decide action based on client OS.
	os_check_list list / elements=string					SSL VPN OS checks.
		action string			Choices: deny allow check-up-to-date	OS check options.
		latest_patch_level string				Latest OS patch level.
		name string / required				Name.
		tolerance integer				OS patch level tolerance.
	prefer_ipv6_dns string				Choices: enable disable	prefer to query IPv6 dns first if enabled.
	redir_url string					Client login redirect URL.
	rewrite_ip_uri_ui string				Choices: enable disable	Rewrite contents for URI contains IP and "/ui/".
	save_password string				Choices: enable disable	Enable/disable FortiClient saving the user"s password.
	service_restriction string				Choices: enable disable	Enable/disable tunnel service restriction.
	skip_check_for_browser string				Choices: enable disable	Enable to skip host check for browser support.
	skip_check_for_unsupported_browser string				Choices: enable disable	Enable to skip host check if browser does not support it.
	skip_check_for_unsupported_os string				Choices: enable disable	Enable to skip host check if client OS does not support it.
	smb_max_version string				Choices: smbv1 smbv2 smbv3	SMB maximum client protocol version.
	smb_min_version string				Choices: smbv1 smbv2 smbv3	SMB minimum client protocol version.
	smb_ntlmv1_auth string				Choices: enable disable	Enable support of NTLMv1 for Samba authentication.
	smbv1 string				Choices: enable disable	Enable/disable support of SMBv1 for Samba.
	split_dns list / elements=string					Split DNS for SSL VPN.
		dns_server1 string				DNS server 1.
		dns_server2 string				DNS server 2.
		domains string				Split DNS domains used for SSL-VPN clients separated by comma(,).
		id integer / required				ID.
		ipv6_dns_server1 string				IPv6 DNS server 1.
		ipv6_dns_server2 string				IPv6 DNS server 2.
	split_tunneling string				Choices: enable disable	Enable/disable IPv4 split tunneling.
	split_tunneling_routing_address list / elements=string					IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
		name string / required				Address name. Source firewall.address.name firewall.addrgrp.name.
	split_tunneling_routing_negate string				Choices: enable disable	Enable to negate split tunneling routing address.
	theme string				Choices: blue green red melongene mariner neutrino jade graphite dark-matter onyx eclipse	Web portal color scheme.
	transform_backward_slashes string				Choices: enable disable	Transform backward slashes to forward slashes in URLs.
	tunnel_mode string				Choices: enable disable	Enable/disable IPv4 SSL-VPN tunnel mode.
	use_sdwan string				Choices: enable disable	Use SD-WAN rules to get output interface.
	user_bookmark string				Choices: enable disable	Enable to allow web portal users to create their own bookmarks.
	user_group_bookmark string				Choices: enable disable	Enable to allow web portal users to create bookmarks for all users in the same user group.
	web_mode string				Choices: enable disable	Enable/disable SSL VPN web mode.
	windows_forticlient_download_url string					Download URL for Windows FortiClient.
	wins_server1 string					IPv4 WINS server 1.
	wins_server2 string					IPv4 WINS server 1.

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Portal.
    fortios_vpn_ssl_web_portal:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      vpn_ssl_web_portal:
        allow_user_access: "web"
        auto_connect: "enable"
        bookmark_group:
         -
            bookmarks:
             -
                additional_params: "<your_own_value>"
                apptype: "citrix"
                description: "<your_own_value>"
                domain: "<your_own_value>"
                folder: "<your_own_value>"
                form_data:
                 -
                    name: "default_name_13"
                    value: "<your_own_value>"
                host: "<your_own_value>"
                listening_port: "16"
                load_balancing_info: "<your_own_value>"
                logon_password: "<your_own_value>"
                logon_user: "<your_own_value>"
                name: "default_name_20"
                port: "21"
                preconnection_blob: "<your_own_value>"
                preconnection_id: "23"
                remote_port: "24"
                security: "rdp"
                server_layout: "de-de-qwertz"
                show_status_window: "enable"
                sso: "disable"
                sso_credential: "sslvpn-login"
                sso_credential_sent_once: "enable"
                sso_password: "<your_own_value>"
                sso_username: "<your_own_value>"
                url: "myurl.com"
            name: "default_name_34"
        custom_lang: "<your_own_value> (source system.custom-language.name)"
        customize_forticlient_download_url: "enable"
        display_bookmark: "enable"
        display_connection_tools: "enable"
        display_history: "enable"
        display_status: "enable"
        dns_server1: "<your_own_value>"
        dns_server2: "<your_own_value>"
        dns_suffix: "<your_own_value>"
        exclusive_routing: "enable"
        forticlient_download: "enable"
        forticlient_download_method: "direct"
        heading: "<your_own_value>"
        hide_sso_credential: "enable"
        host_check: "none"
        host_check_interval: "50"
        host_check_policy:
         -
            name: "default_name_52 (source vpn.ssl.web.host-check-software.name)"
        ip_mode: "range"
        ip_pools:
         -
            name: "default_name_55 (source firewall.address.name firewall.addrgrp.name)"
        ipv6_dns_server1: "<your_own_value>"
        ipv6_dns_server2: "<your_own_value>"
        ipv6_exclusive_routing: "enable"
        ipv6_pools:
         -
            name: "default_name_60 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_service_restriction: "enable"
        ipv6_split_tunneling: "enable"
        ipv6_split_tunneling_routing_address:
         -
            name: "default_name_64 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_split_tunneling_routing_negate: "enable"
        ipv6_tunnel_mode: "enable"
        ipv6_wins_server1: "<your_own_value>"
        ipv6_wins_server2: "<your_own_value>"
        keep_alive: "enable"
        limit_user_logins: "enable"
        mac_addr_action: "allow"
        mac_addr_check: "enable"
        mac_addr_check_rule:
         -
            mac_addr_list:
             -
                addr: "<your_own_value>"
            mac_addr_mask: "76"
            name: "default_name_77"
        macos_forticlient_download_url: "<your_own_value>"
        name: "default_name_79"
        os_check: "enable"
        os_check_list:
         -
            action: "deny"
            latest_patch_level: "<your_own_value>"
            name: "default_name_84"
            tolerance: "85"
        prefer_ipv6_dns: "enable"
        redir_url: "<your_own_value>"
        rewrite_ip_uri_ui: "enable"
        save_password: "enable"
        service_restriction: "enable"
        skip_check_for_browser: "enable"
        skip_check_for_unsupported_browser: "enable"
        skip_check_for_unsupported_os: "enable"
        smb_max_version: "smbv1"
        smb_min_version: "smbv1"
        smb_ntlmv1_auth: "enable"
        smbv1: "enable"
        split_dns:
         -
            dns_server1: "<your_own_value>"
            dns_server2: "<your_own_value>"
            domains: "<your_own_value>"
            id:  "102"
            ipv6_dns_server1: "<your_own_value>"
            ipv6_dns_server2: "<your_own_value>"
        split_tunneling: "enable"
        split_tunneling_routing_address:
         -
            name: "default_name_107 (source firewall.address.name firewall.addrgrp.name)"
        split_tunneling_routing_negate: "enable"
        theme: "blue"
        transform_backward_slashes: "enable"
        tunnel_mode: "enable"
        use_sdwan: "enable"
        user_bookmark: "enable"
        user_group_bookmark: "enable"
        web_mode: "enable"
        windows_forticlient_download_url: "<your_own_value>"
        wins_server1: "<your_own_value>"
        wins_server2: "<your_own_value>"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_vpn_ssl_web_portal_module.html