Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_web_proxy_explicit.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | ||||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |||
| password string | Default: "" | FortiOS or FortiGate password. | |||
| ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | |||
| username string | FortiOS or FortiGate username. | ||||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |||
| web_proxy_explicit dictionary | Configure explicit Web proxy settings. | ||||
| ftp_incoming_port string | Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). | ||||
| ftp_over_http string |
| Enable to proxy FTP-over-HTTP sessions sent from a web browser. | |||
| http_incoming_port string | Accept incoming HTTP requests on one or more ports (0 - 65535). | ||||
| https_incoming_port string | Accept incoming HTTPS requests on one or more ports (0 - 65535). | ||||
| https_replacement_message string |
| Enable/disable sending the client a replacement message for HTTPS requests. | |||
| incoming_ip string | Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. | ||||
| incoming_ip6 string | Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. | ||||
| ipv6_status string |
| Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. | |||
| message_upon_server_error string |
| Enable/disable displaying a replacement message when a server error is detected. | |||
| outgoing_ip string | Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. | ||||
| outgoing_ip6 string | Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. | ||||
| pac_file_data string | PAC file contents enclosed in quotes (maximum of 256K bytes). | ||||
| pac_file_name string | Pac file name. | ||||
| pac_file_server_port string | Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). | ||||
| pac_file_server_status string |
| Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. | |||
| pac_file_url string | PAC file access URL. | ||||
| pac_policy list / elements=string | PAC policies. | ||||
| comments string | Optional comments. | ||||
| dstaddr list / elements=string | Destination address objects. | ||||
| name string / required | Address name. Source firewall.address.name firewall.addrgrp.name. | ||||
| pac_file_data string | PAC file contents enclosed in quotes (maximum of 256K bytes). | ||||
| pac_file_name string | Pac file name. | ||||
| policyid integer / required | Policy ID. | ||||
| srcaddr list / elements=string | Source address objects. | ||||
| name string / required | Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. | ||||
| srcaddr6 list / elements=string | Source address6 objects. | ||||
| name string / required | Address name. Source firewall.address6.name firewall.addrgrp6.name. | ||||
| status string |
| Enable/disable policy. | |||
| pref_dns_result string |
| Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . | |||
| realm string | Authentication realm used to identify the explicit web proxy (maximum of 63 characters). | ||||
| sec_default_action string |
| Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. | |||
| socks string |
| Enable/disable the SOCKS proxy. | |||
| socks_incoming_port string | Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). | ||||
| ssl_algorithm string |
| Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. | |||
| status string |
| Enable/disable the explicit Web proxy for HTTP and HTTPS session. | |||
| strict_guest string |
| Enable/disable strict guest user checking by the explicit web proxy. | |||
| trace_auth_no_rsp string |
| Enable/disable logging timed-out authentication requests. | |||
| unknown_http_version string |
| Either reject unknown HTTP traffic as malformed or handle unknown HTTP traffic as best as the proxy server can. | |||
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure explicit Web proxy settings.
fortios_web_proxy_explicit:
vdom: "{{ vdom }}"
web_proxy_explicit:
ftp_incoming_port: "<your_own_value>"
ftp_over_http: "enable"
http_incoming_port: "<your_own_value>"
https_incoming_port: "<your_own_value>"
https_replacement_message: "enable"
incoming_ip: "<your_own_value>"
incoming_ip6: "<your_own_value>"
ipv6_status: "enable"
message_upon_server_error: "enable"
outgoing_ip: "<your_own_value>"
outgoing_ip6: "<your_own_value>"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
pac_file_server_port: "<your_own_value>"
pac_file_server_status: "enable"
pac_file_url: "<your_own_value>"
pac_policy:
-
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
policyid: "25"
srcaddr:
-
name: "default_name_27 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
srcaddr6:
-
name: "default_name_29 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
pref_dns_result: "ipv4"
realm: "<your_own_value>"
sec_default_action: "accept"
socks: "enable"
socks_incoming_port: "<your_own_value>"
ssl_algorithm: "high"
status: "enable"
strict_guest: "enable"
trace_auth_no_rsp: "enable"
unknown_http_version: "reject"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_web_proxy_explicit_module.html