W3cubDocs

/Ansible 2.10

fortinet.fortimanager.fmgr_firewall_sslsshprofile – Configure SSL/SSH protocol options.

Note

This plugin is part of the fortinet.fortimanager collection.

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_sslsshprofile.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device by allowing the user to [ add get set update ] the following apis.
  • /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile
  • /pm/config/global/obj/firewall/ssl-ssh-profile
  • Examples include all parameters and values need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
loose_validation
boolean
    Choices:
  • no
  • yes
Do parameter validation in a loose way
method
string / required
    Choices:
  • add
  • get
  • set
  • update
The method in request
params
list / elements=string
The parameters for each method
See full parameters list in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
url_params
dictionary
The parameters for each API request URL
Also see full URL parameters in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
workspace_locking_adom
string
the adom name to lock in case FortiManager running in workspace mode
it can be global or any other custom adom names
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • There are only three top-level parameters where ‘method’ is always required while other two ‘params’ and ‘url_params’ can be optional
  • Due to the complexity of fortimanager api schema, the validation is done out of Ansible native parameter validation procedure.
  • The syntax of OPTIONS doen not comply with the standard Ansible argument specification, but with the structure of fortimanager API schema, we need a trivial transformation when we are filling the ansible playbook

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE
     fmgr_firewall_sslsshprofile:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [add, set, update]>
        url_params:
           adom: <value in [none, global, custom dom]>
        params:
           -
              data:
                -
                    caname: <value of string>
                    comment: <value of string>
                    mapi-over-https: <value in [disable, enable]>
                    name: <value of string>
                    rpc-over-https: <value in [disable, enable]>
                    server-cert: <value of string>
                    server-cert-mode: <value in [re-sign, replace]>
                    ssl-anomalies-log: <value in [disable, enable]>
                    ssl-exempt:
                      -
                          address: <value of string>
                          address6: <value of string>
                          fortiguard-category: <value of string>
                          id: <value of integer>
                          regex: <value of string>
                          type: <value in [fortiguard-category, address, address6, ...]>
                          wildcard-fqdn: <value of string>
                    ssl-exemptions-log: <value in [disable, enable]>
                    ssl-server:
                      -
                          ftps-client-cert-request: <value in [bypass, inspect, block]>
                          https-client-cert-request: <value in [bypass, inspect, block]>
                          id: <value of integer>
                          imaps-client-cert-request: <value in [bypass, inspect, block]>
                          ip: <value of string>
                          pop3s-client-cert-request: <value in [bypass, inspect, block]>
                          smtps-client-cert-request: <value in [bypass, inspect, block]>
                          ssl-other-client-cert-request: <value in [bypass, inspect, block]>
                    untrusted-caname: <value of string>
                    use-ssl-server: <value in [disable, enable]>
                    whitelist: <value in [disable, enable]>

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE
     fmgr_firewall_sslsshprofile:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [get]>
        url_params:
           adom: <value in [none, global, custom dom]>
        params:
           -
              attr: <value of string>
              fields:
                -
                   - <value in [caname, comment, mapi-over-https, ...]>
              filter:
                - <value of string>
              get used: <value of integer>
              loadsub: <value of integer>
              option: <value in [count, object member, datasrc, ...]>
              range:
                - <value of integer>
              sortings:
                -
                    varidic.attr_name: <value in [1, -1]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
data
dictionary
always
The payload returned in the request
status
dictionary
always
The status of api request
url
string
always
The full url requested

Sample:
/sys/login/user


Authors

  • Frank Shen (@fshen01)
  • Link Zheng (@zhengl)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortimanager/fmgr_firewall_sslsshprofile_module.html