W3cubDocs

/Ansible 2.11

fortinet.fortimanager.fmgr_firewall_vip6 – Configure virtual IP for IPv6.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.0.1).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_vip6.

New in version 2.10: of fortinet.fortimanager

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter				Choices/Defaults	Comments
adom string / required					the parameter (adom) in requested url
bypass_validation boolean				Choices: no ← yes	only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
firewall_vip6 dictionary					the top level parameters set
	arp-reply string			Choices: disable enable	Enable to respond to ARP requests for this virtual IP address. Enabled by default.
	color integer				Color of icon on the GUI.
	comment string				Comment.
	dynamic_mapping list / elements=string				no description
		_scope list / elements=string			no description
			name string		no description
			vdom string		no description
		arp-reply string		Choices: disable enable	no description
		color integer			no description
		comment string			no description
		extip string			no description
		extport string			no description
		http-cookie-age integer			no description
		http-cookie-domain string			no description
		http-cookie-domain-from-host string		Choices: disable enable	no description
		http-cookie-generation integer			no description
		http-cookie-path string			no description
		http-cookie-share string		Choices: disable same-ip	no description
		http-ip-header string		Choices: disable enable	no description
		http-ip-header-name string			no description
		http-multiplex string		Choices: disable enable	no description
		https-cookie-secure string		Choices: disable enable	no description
		id integer			no description
		ldb-method string		Choices: static round-robin weighted least-session least-rtt first-alive http-host	no description
		mappedip string			no description
		mappedport string			no description
		max-embryonic-connections integer			no description
		monitor string			no description
		outlook-web-access string		Choices: disable enable	no description
		persistence string		Choices: none http-cookie ssl-session-id	no description
		portforward string		Choices: disable enable	no description
		protocol string		Choices: tcp udp sctp	no description
		server-type string		Choices: http https ssl tcp udp ip imaps pop3s smtps	no description
		src-filter string			no description
		ssl-algorithm string		Choices: high low medium custom	no description
		ssl-certificate string			no description
		ssl-client-fallback string		Choices: disable enable	no description
		ssl-client-renegotiation string		Choices: deny allow secure	no description
		ssl-client-session-state-max integer			no description
		ssl-client-session-state-timeout integer			no description
		ssl-client-session-state-type string		Choices: disable time count both	no description
		ssl-dh-bits string		Choices: 768 1024 1536 2048 3072 4096	no description
		ssl-hpkp string		Choices: disable enable report-only	no description
		ssl-hpkp-age integer			no description
		ssl-hpkp-backup string			no description
		ssl-hpkp-include-subdomains string		Choices: disable enable	no description
		ssl-hpkp-primary string			no description
		ssl-hpkp-report-uri string			no description
		ssl-hsts string		Choices: disable enable	no description
		ssl-hsts-age integer			no description
		ssl-hsts-include-subdomains string		Choices: disable enable	no description
		ssl-http-location-conversion string		Choices: disable enable	no description
		ssl-http-match-host string		Choices: disable enable	no description
		ssl-max-version string		Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	no description
		ssl-min-version string		Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	no description
		ssl-mode string		Choices: half full	no description
		ssl-pfs string		Choices: require deny allow	no description
		ssl-send-empty-frags string		Choices: disable enable	no description
		ssl-server-algorithm string		Choices: high low medium custom client	no description
		ssl-server-max-version string		Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	no description
		ssl-server-min-version string		Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	no description
		ssl-server-session-state-max integer			no description
		ssl-server-session-state-timeout integer			no description
		ssl-server-session-state-type string		Choices: disable time count both	no description
		type string		Choices: static-nat server-load-balance	no description
		uuid string			no description
		weblogic-server string		Choices: disable enable	no description
		websphere-server string		Choices: disable enable	no description
	extip string				IP address or address range on the external interface that you want to map to an address or address range on the destination n...
	extport string				Incoming port number range that you want to map to a port number range on the destination network.
	http-cookie-age integer				Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
	http-cookie-domain string				Domain that HTTP cookie persistence should apply to.
	http-cookie-domain-from-host string			Choices: disable enable	Enable/disable use of HTTP cookie domain from host field in HTTP.
	http-cookie-generation integer				Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
	http-cookie-path string				Limit HTTP cookie persistence to the specified path.
	http-cookie-share string			Choices: disable same-ip	Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disa...
	http-ip-header string			Choices: disable enable	For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
	http-ip-header-name string				For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-F...
	http-multiplex string			Choices: disable enable	Enable/disable HTTP multiplexing.
	https-cookie-secure string			Choices: disable enable	Enable/disable verification that inserted HTTPS cookies are secure.
	id integer				Custom defined ID.
	ldb-method string			Choices: static round-robin weighted least-session least-rtt first-alive http-host	Method used to distribute sessions to real servers.
	mappedip string				Mapped IP address range in the format startIP-endIP.
	mappedport string				Port number range on the destination network to which the external port number range is mapped.
	max-embryonic-connections integer				Maximum number of incomplete connections.
	monitor string				Name of the health check monitor to use when polling to determine a virtual servers connectivity status.
	name string				Virtual ip6 name.
	outlook-web-access string			Choices: disable enable	Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
	persistence string			Choices: none http-cookie ssl-session-id	Configure how to make sure that clients connect to the same server every time they make a request that is part of the same ses...
	portforward string			Choices: disable enable	Enable port forwarding.
	protocol string			Choices: tcp udp sctp	Protocol to use when forwarding packets.
	realservers list / elements=string				no description
		client-ip string			Only clients in this IP range can connect to this real server.
		healthcheck string		Choices: disable enable vip	Enable to check the responsiveness of the real server before forwarding traffic.
		holddown-interval integer			Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
		http-host string			HTTP server domain name in HTTP header.
		id integer			Real server ID.
		ip string			IPv6 address of the real server.
		max-connections integer			Max number of active connections that can directed to the real server. When reached, sessions are sent to other real s...
		monitor string			Name of the health check monitor to use when polling to determine a virtual servers connectivity status.
		port integer			Port for communicating with the real server. Required if port forwarding is enabled.
		status string		Choices: active standby disable	Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is ...
		weight integer			Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connect...
	server-type string			Choices: http https ssl tcp udp ip imaps pop3s smtps	Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
	src-filter string				no description
	ssl-algorithm string			Choices: high low medium custom	Permitted encryption algorithms for SSL sessions according to encryption strength.
	ssl-certificate string				The name of the SSL certificate to use for SSL acceleration.
	ssl-cipher-suites list / elements=string				no description
		cipher string		Choices: TLS-RSA-WITH-RC4-128-MD5 TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-DES-CBC-SHA TLS-RSA-WITH-3DES-EDE-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-ARIA-128-CBC-SHA256 TLS-RSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-RSA-WITH-DES-CBC-SHA TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-DES-CBC-SHA	Cipher suite name.
		priority integer			SSL/TLS cipher suites priority.
		versions list / elements=string		Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	no description
	ssl-client-fallback string			Choices: disable enable	Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507).
	ssl-client-renegotiation string			Choices: deny allow secure	Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746.
	ssl-client-session-state-max integer				Maximum number of client to FortiGate SSL session states to keep.
	ssl-client-session-state-timeout integer				Number of minutes to keep client to FortiGate SSL session state.
	ssl-client-session-state-type string			Choices: disable time count both	How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate.
	ssl-dh-bits string			Choices: 768 1024 1536 2048 3072 4096	Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions.
	ssl-hpkp string			Choices: disable enable report-only	Enable/disable including HPKP header in response.
	ssl-hpkp-age integer				Number of minutes the web browser should keep HPKP.
	ssl-hpkp-backup string				Certificate to generate backup HPKP pin from.
	ssl-hpkp-include-subdomains string			Choices: disable enable	Indicate that HPKP header applies to all subdomains.
	ssl-hpkp-primary string				Certificate to generate primary HPKP pin from.
	ssl-hpkp-report-uri string				URL to report HPKP violations to.
	ssl-hsts string			Choices: disable enable	Enable/disable including HSTS header in response.
	ssl-hsts-age integer				Number of seconds the client should honour the HSTS setting.
	ssl-hsts-include-subdomains string			Choices: disable enable	Indicate that HSTS header applies to all subdomains.
	ssl-http-location-conversion string			Choices: disable enable	Enable to replace HTTP with HTTPS in the replys Location HTTP header field.
	ssl-http-match-host string			Choices: disable enable	Enable/disable HTTP host matching for location conversion.
	ssl-max-version string			Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Highest SSL/TLS version acceptable from a client.
	ssl-min-version string			Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Lowest SSL/TLS version acceptable from a client.
	ssl-mode string			Choices: half full	Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to...
	ssl-pfs string			Choices: require deny allow	Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions.
	ssl-send-empty-frags string			Choices: disable enable	Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibi...
	ssl-server-algorithm string			Choices: high low medium custom client	Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength.
	ssl-server-cipher-suites list / elements=string				no description
		cipher string		Choices: TLS-RSA-WITH-RC4-128-MD5 TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-DES-CBC-SHA TLS-RSA-WITH-3DES-EDE-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-ARIA-128-CBC-SHA256 TLS-RSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-RSA-WITH-DES-CBC-SHA TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-DES-CBC-SHA	Cipher suite name.
		priority integer			SSL/TLS cipher suites priority.
		versions list / elements=string		Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	no description
	ssl-server-max-version string			Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	Highest SSL/TLS version acceptable from a server. Use the client setting by default.
	ssl-server-min-version string			Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
	ssl-server-session-state-max integer				Maximum number of FortiGate to Server SSL session states to keep.
	ssl-server-session-state-timeout integer				Number of minutes to keep FortiGate to Server SSL session state.
	ssl-server-session-state-type string			Choices: disable time count both	How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate.
	type string			Choices: static-nat server-load-balance	Configure a static NAT VIP.
	uuid string				Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
	weblogic-server string			Choices: disable enable	Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
	websphere-server string			Choices: disable enable	Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
rc_failed list / elements=string					the rc codes list with which the conditions to fail will be overriden
rc_succeeded list / elements=string					the rc codes list with which the conditions to succeed will be overriden
state string / required				Choices: present absent	the directive to create, update or delete an object
workspace_locking_adom string					the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout integer				Default: 300	the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure virtual IP for IPv6.
     fmgr_firewall_vip6:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        firewall_vip6:
           arp-reply: <value in [disable, enable]>
           color: <value of integer>
           comment: <value of string>
           dynamic_mapping:
             -
                 _scope:
                   -
                       name: <value of string>
                       vdom: <value of string>
                 arp-reply: <value in [disable, enable]>
                 color: <value of integer>
                 comment: <value of string>
                 extip: <value of string>
                 extport: <value of string>
                 http-cookie-age: <value of integer>
                 http-cookie-domain: <value of string>
                 http-cookie-domain-from-host: <value in [disable, enable]>
                 http-cookie-generation: <value of integer>
                 http-cookie-path: <value of string>
                 http-cookie-share: <value in [disable, same-ip]>
                 http-ip-header: <value in [disable, enable]>
                 http-ip-header-name: <value of string>
                 http-multiplex: <value in [disable, enable]>
                 https-cookie-secure: <value in [disable, enable]>
                 id: <value of integer>
                 ldb-method: <value in [static, round-robin, weighted, ...]>
                 mappedip: <value of string>
                 mappedport: <value of string>
                 max-embryonic-connections: <value of integer>
                 monitor: <value of string>
                 outlook-web-access: <value in [disable, enable]>
                 persistence: <value in [none, http-cookie, ssl-session-id]>
                 portforward: <value in [disable, enable]>
                 protocol: <value in [tcp, udp, sctp]>
                 server-type: <value in [http, https, ssl, ...]>
                 src-filter: <value of string>
                 ssl-algorithm: <value in [high, low, medium, ...]>
                 ssl-certificate: <value of string>
                 ssl-client-fallback: <value in [disable, enable]>
                 ssl-client-renegotiation: <value in [deny, allow, secure]>
                 ssl-client-session-state-max: <value of integer>
                 ssl-client-session-state-timeout: <value of integer>
                 ssl-client-session-state-type: <value in [disable, time, count, ...]>
                 ssl-dh-bits: <value in [768, 1024, 1536, ...]>
                 ssl-hpkp: <value in [disable, enable, report-only]>
                 ssl-hpkp-age: <value of integer>
                 ssl-hpkp-backup: <value of string>
                 ssl-hpkp-include-subdomains: <value in [disable, enable]>
                 ssl-hpkp-primary: <value of string>
                 ssl-hpkp-report-uri: <value of string>
                 ssl-hsts: <value in [disable, enable]>
                 ssl-hsts-age: <value of integer>
                 ssl-hsts-include-subdomains: <value in [disable, enable]>
                 ssl-http-location-conversion: <value in [disable, enable]>
                 ssl-http-match-host: <value in [disable, enable]>
                 ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-mode: <value in [half, full]>
                 ssl-pfs: <value in [require, deny, allow]>
                 ssl-send-empty-frags: <value in [disable, enable]>
                 ssl-server-algorithm: <value in [high, low, medium, ...]>
                 ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
                 ssl-server-session-state-max: <value of integer>
                 ssl-server-session-state-timeout: <value of integer>
                 ssl-server-session-state-type: <value in [disable, time, count, ...]>
                 type: <value in [static-nat, server-load-balance]>
                 uuid: <value of string>
                 weblogic-server: <value in [disable, enable]>
                 websphere-server: <value in [disable, enable]>
           extip: <value of string>
           extport: <value of string>
           http-cookie-age: <value of integer>
           http-cookie-domain: <value of string>
           http-cookie-domain-from-host: <value in [disable, enable]>
           http-cookie-generation: <value of integer>
           http-cookie-path: <value of string>
           http-cookie-share: <value in [disable, same-ip]>
           http-ip-header: <value in [disable, enable]>
           http-ip-header-name: <value of string>
           http-multiplex: <value in [disable, enable]>
           https-cookie-secure: <value in [disable, enable]>
           id: <value of integer>
           ldb-method: <value in [static, round-robin, weighted, ...]>
           mappedip: <value of string>
           mappedport: <value of string>
           max-embryonic-connections: <value of integer>
           monitor: <value of string>
           name: <value of string>
           outlook-web-access: <value in [disable, enable]>
           persistence: <value in [none, http-cookie, ssl-session-id]>
           portforward: <value in [disable, enable]>
           protocol: <value in [tcp, udp, sctp]>
           realservers:
             -
                 client-ip: <value of string>
                 healthcheck: <value in [disable, enable, vip]>
                 holddown-interval: <value of integer>
                 http-host: <value of string>
                 id: <value of integer>
                 ip: <value of string>
                 max-connections: <value of integer>
                 monitor: <value of string>
                 port: <value of integer>
                 status: <value in [active, standby, disable]>
                 weight: <value of integer>
           server-type: <value in [http, https, ssl, ...]>
           src-filter: <value of string>
           ssl-algorithm: <value in [high, low, medium, ...]>
           ssl-certificate: <value of string>
           ssl-cipher-suites:
             -
                 cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                 priority: <value of integer>
                 versions:
                   - ssl-3.0
                   - tls-1.0
                   - tls-1.1
                   - tls-1.2
           ssl-client-fallback: <value in [disable, enable]>
           ssl-client-renegotiation: <value in [deny, allow, secure]>
           ssl-client-session-state-max: <value of integer>
           ssl-client-session-state-timeout: <value of integer>
           ssl-client-session-state-type: <value in [disable, time, count, ...]>
           ssl-dh-bits: <value in [768, 1024, 1536, ...]>
           ssl-hpkp: <value in [disable, enable, report-only]>
           ssl-hpkp-age: <value of integer>
           ssl-hpkp-backup: <value of string>
           ssl-hpkp-include-subdomains: <value in [disable, enable]>
           ssl-hpkp-primary: <value of string>
           ssl-hpkp-report-uri: <value of string>
           ssl-hsts: <value in [disable, enable]>
           ssl-hsts-age: <value of integer>
           ssl-hsts-include-subdomains: <value in [disable, enable]>
           ssl-http-location-conversion: <value in [disable, enable]>
           ssl-http-match-host: <value in [disable, enable]>
           ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-mode: <value in [half, full]>
           ssl-pfs: <value in [require, deny, allow]>
           ssl-send-empty-frags: <value in [disable, enable]>
           ssl-server-algorithm: <value in [high, low, medium, ...]>
           ssl-server-cipher-suites:
             -
                 cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                 priority: <value of integer>
                 versions:
                   - ssl-3.0
                   - tls-1.0
                   - tls-1.1
                   - tls-1.2
           ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-server-session-state-max: <value of integer>
           ssl-server-session-state-timeout: <value of integer>
           ssl-server-session-state-type: <value in [disable, time, count, ...]>
           type: <value in [static-nat, server-load-balance]>
           uuid: <value of string>
           weblogic-server: <value in [disable, enable]>
           websphere-server: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
request_url string	always	The full url requested Sample: /sys/login/user
response_code integer	always	The status of api request
response_message string	always	The descriptive message of the api response Sample: OK.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_firewall_vip6_module.html