W3cubDocs

/Ansible 2.10

fortinet.fortios.fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection.

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_vpn_ssl_web_portal.

New in version 2.8: of fortinet.fortios

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters

Parameter					Choices/Defaults	Comments
host string						FortiOS or FortiGate IP address.
https boolean					Choices: no yes ←	Indicates if the requests towards FortiGate must use HTTPS protocol.
password string					Default: ""	FortiOS or FortiGate password.
ssl_verify boolean added in 2.9 of fortinet.fortios					Choices: no yes ←	Ensures FortiGate certificate must be verified by a proper CA.
state string added in 2.9 of fortinet.fortios					Choices: present absent	Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
username string						FortiOS or FortiGate username.
vdom string					Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
vpn_ssl_web_portal dictionary						Portal.
	allow_user_access string				Choices: web ftp smb telnet ssh vnc rdp ping citrix portforward	Allow user access to SSL-VPN applications.
	auto_connect string				Choices: enable disable	Enable/disable automatic connect by client when system is up.
	bookmark_group list / elements=string					Portal bookmark group.
		bookmarks list / elements=string				Bookmark table.
			additional_params string			Additional parameters.
			apptype string		Choices: citrix ftp portforward rdp smb ssh telnet vnc web	Application type.
			description string			Description.
			folder string			Network shared file folder parameter.
			form_data list / elements=string			Form data.
				name string / required		Name.
				value string		Value.
			host string			Host name/IP parameter.
			listening_port integer			Listening port (0 - 65535).
			logon_password string			Logon password.
			logon_user string			Logon user.
			name string / required			Bookmark name.
			port integer			Remote port.
			remote_port integer			Remote port (0 - 65535).
			security string		Choices: rdp nla tls any	Security mode for RDP connection.
			server_layout string		Choices: en-us-qwerty de-de-qwertz fr-fr-azerty it-it-qwerty sv-se-qwerty failsafe	Server side keyboard layout.
			show_status_window string		Choices: enable disable	Enable/disable showing of status window.
			sso string		Choices: disable static auto	Single Sign-On.
			sso_credential string		Choices: sslvpn-login alternative	Single sign-on credentials.
			sso_credential_sent_once string		Choices: enable disable	Single sign-on credentials are only sent once to remote server.
			sso_password string			SSO password.
			sso_username string			SSO user name.
			url string			URL parameter.
		name string / required				Bookmark group name.
	custom_lang string					Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name.
	customize_forticlient_download_url string				Choices: enable disable	Enable support of customized download URL for FortiClient.
	display_bookmark string				Choices: enable disable	Enable to display the web portal bookmark widget.
	display_connection_tools string				Choices: enable disable	Enable to display the web portal connection tools widget.
	display_history string				Choices: enable disable	Enable to display the web portal user login history widget.
	display_status string				Choices: enable disable	Enable to display the web portal status widget.
	dns_server1 string					IPv4 DNS server 1.
	dns_server2 string					IPv4 DNS server 2.
	dns_suffix string					DNS suffix.
	exclusive_routing string				Choices: enable disable	Enable/disable all traffic go through tunnel only.
	forticlient_download string				Choices: enable disable	Enable/disable download option for FortiClient.
	forticlient_download_method string				Choices: direct ssl-vpn	FortiClient download method.
	heading string					Web portal heading message.
	host_check string				Choices: none av fw av-fw custom	Type of host checking performed on endpoints.
	host_check_interval integer					Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
	host_check_policy list / elements=string					One or more policies to require the endpoint to have specific security software.
		name string / required				Host check software list name. Source vpn.ssl.web.host-check-software.name.
	ip_mode string				Choices: range user-group	Method by which users of this SSL-VPN tunnel obtain IP addresses.
	ip_pools list / elements=string					IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
		name string / required				Address name. Source firewall.address.name firewall.addrgrp.name.
	ipv6_dns_server1 string					IPv6 DNS server 1.
	ipv6_dns_server2 string					IPv6 DNS server 2.
	ipv6_exclusive_routing string				Choices: enable disable	Enable/disable all IPv6 traffic go through tunnel only.
	ipv6_pools list / elements=string					IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
		name string / required				Address name. Source firewall.address6.name firewall.addrgrp6.name.
	ipv6_service_restriction string				Choices: enable disable	Enable/disable IPv6 tunnel service restriction.
	ipv6_split_tunneling string				Choices: enable disable	Enable/disable IPv6 split tunneling.
	ipv6_split_tunneling_routing_address list / elements=string					IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
		name string / required				Address name. Source firewall.address6.name firewall.addrgrp6.name.
	ipv6_tunnel_mode string				Choices: enable disable	Enable/disable IPv6 SSL-VPN tunnel mode.
	ipv6_wins_server1 string					IPv6 WINS server 1.
	ipv6_wins_server2 string					IPv6 WINS server 2.
	keep_alive string				Choices: enable disable	Enable/disable automatic reconnect for FortiClient connections.
	limit_user_logins string				Choices: enable disable	Enable to limit each user to one SSL-VPN session at a time.
	mac_addr_action string				Choices: allow deny	Client MAC address action.
	mac_addr_check string				Choices: enable disable	Enable/disable MAC address host checking.
	mac_addr_check_rule list / elements=string					Client MAC address check rule.
		mac_addr_list list / elements=string				Client MAC address list.
			addr string / required			Client MAC address.
		mac_addr_mask integer				Client MAC address mask.
		name string / required				Client MAC address check rule name.
	macos_forticlient_download_url string					Download URL for Mac FortiClient.
	name string / required					Portal name.
	os_check string				Choices: enable disable	Enable to let the FortiGate decide action based on client OS.
	os_check_list list / elements=string					SSL VPN OS checks.
		action string			Choices: deny allow check-up-to-date	OS check options.
		latest_patch_level string				Latest OS patch level.
		name string / required				Name.
		tolerance integer				OS patch level tolerance.
	redir_url string					Client login redirect URL.
	save_password string				Choices: enable disable	Enable/disable FortiClient saving the user"s password.
	service_restriction string				Choices: enable disable	Enable/disable tunnel service restriction.
	skip_check_for_unsupported_browser string				Choices: enable disable	Enable to skip host check if browser does not support it.
	skip_check_for_unsupported_os string				Choices: enable disable	Enable to skip host check if client OS does not support it.
	smb_ntlmv1_auth string				Choices: enable disable	Enable support of NTLMv1 for Samba authentication.
	split_dns list / elements=string					Split DNS for SSL VPN.
		dns_server1 string				DNS server 1.
		dns_server2 string				DNS server 2.
		domains string				Split DNS domains used for SSL-VPN clients separated by comma(,).
		id integer / required				ID.
		ipv6_dns_server1 string				IPv6 DNS server 1.
		ipv6_dns_server2 string				IPv6 DNS server 2.
	split_tunneling string				Choices: enable disable	Enable/disable IPv4 split tunneling.
	split_tunneling_routing_address list / elements=string					IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
		name string / required				Address name. Source firewall.address.name firewall.addrgrp.name.
	state string				Choices: present absent	Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object.
	theme string				Choices: blue green red melongene mariner	Web portal color scheme.
	tunnel_mode string				Choices: enable disable	Enable/disable IPv4 SSL-VPN tunnel mode.
	user_bookmark string				Choices: enable disable	Enable to allow web portal users to create their own bookmarks.
	user_group_bookmark string				Choices: enable disable	Enable to allow web portal users to create bookmarks for all users in the same user group.
	web_mode string				Choices: enable disable	Enable/disable SSL VPN web mode.
	windows_forticlient_download_url string					Download URL for Windows FortiClient.
	wins_server1 string					IPv4 WINS server 1.
	wins_server2 string					IPv4 WINS server 1.

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Portal.
    fortios_vpn_ssl_web_portal:
      vdom:  "{{ vdom }}"
      state: "present"
      vpn_ssl_web_portal:
        allow_user_access: "web"
        auto_connect: "enable"
        bookmark_group:
         -
            bookmarks:
             -
                additional_params: "<your_own_value>"
                apptype: "citrix"
                description: "<your_own_value>"
                folder: "<your_own_value>"
                form_data:
                 -
                    name: "default_name_12"
                    value: "<your_own_value>"
                host: "<your_own_value>"
                listening_port: "15"
                logon_password: "<your_own_value>"
                logon_user: "<your_own_value>"
                name: "default_name_18"
                port: "19"
                remote_port: "20"
                security: "rdp"
                server_layout: "en-us-qwerty"
                show_status_window: "enable"
                sso: "disable"
                sso_credential: "sslvpn-login"
                sso_credential_sent_once: "enable"
                sso_password: "<your_own_value>"
                sso_username: "<your_own_value>"
                url: "myurl.com"
            name: "default_name_30"
        custom_lang: "<your_own_value> (source system.custom-language.name)"
        customize_forticlient_download_url: "enable"
        display_bookmark: "enable"
        display_connection_tools: "enable"
        display_history: "enable"
        display_status: "enable"
        dns_server1: "<your_own_value>"
        dns_server2: "<your_own_value>"
        dns_suffix: "<your_own_value>"
        exclusive_routing: "enable"
        forticlient_download: "enable"
        forticlient_download_method: "direct"
        heading: "<your_own_value>"
        host_check: "none"
        host_check_interval: "45"
        host_check_policy:
         -
            name: "default_name_47 (source vpn.ssl.web.host-check-software.name)"
        ip_mode: "range"
        ip_pools:
         -
            name: "default_name_50 (source firewall.address.name firewall.addrgrp.name)"
        ipv6_dns_server1: "<your_own_value>"
        ipv6_dns_server2: "<your_own_value>"
        ipv6_exclusive_routing: "enable"
        ipv6_pools:
         -
            name: "default_name_55 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_service_restriction: "enable"
        ipv6_split_tunneling: "enable"
        ipv6_split_tunneling_routing_address:
         -
            name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_tunnel_mode: "enable"
        ipv6_wins_server1: "<your_own_value>"
        ipv6_wins_server2: "<your_own_value>"
        keep_alive: "enable"
        limit_user_logins: "enable"
        mac_addr_action: "allow"
        mac_addr_check: "enable"
        mac_addr_check_rule:
         -
            mac_addr_list:
             -
                addr: "<your_own_value>"
            mac_addr_mask: "70"
            name: "default_name_71"
        macos_forticlient_download_url: "<your_own_value>"
        name: "default_name_73"
        os_check: "enable"
        os_check_list:
         -
            action: "deny"
            latest_patch_level: "<your_own_value>"
            name: "default_name_78"
            tolerance: "79"
        redir_url: "<your_own_value>"
        save_password: "enable"
        service_restriction: "enable"
        skip_check_for_unsupported_browser: "enable"
        skip_check_for_unsupported_os: "enable"
        smb_ntlmv1_auth: "enable"
        split_dns:
         -
            dns_server1: "<your_own_value>"
            dns_server2: "<your_own_value>"
            domains: "<your_own_value>"
            id:  "90"
            ipv6_dns_server1: "<your_own_value>"
            ipv6_dns_server2: "<your_own_value>"
        split_tunneling: "enable"
        split_tunneling_routing_address:
         -
            name: "default_name_95 (source firewall.address.name firewall.addrgrp.name)"
        theme: "blue"
        tunnel_mode: "enable"
        user_bookmark: "enable"
        user_group_bookmark: "enable"
        web_mode: "enable"
        windows_forticlient_download_url: "<your_own_value>"
        wins_server1: "<your_own_value>"
        wins_server2: "<your_own_value>"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Authors

Link Zheng (@chillancezen)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Jie Xue (@JieX19)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_vpn_ssl_web_portal_module.html