Note
This plugin is part of the fortinet.fortios collection (version 1.1.8).
To install it use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_vpn_ssl_web_portal
.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
access_token string | Token-based authentication. Generated from GUI of Fortigate. | |||||
state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||||
vpn_ssl_web_portal dictionary | Portal. | |||||
allow_user_access string |
| Allow user access to SSL-VPN applications. | ||||
auto_connect string |
| Enable/disable automatic connect by client when system is up. | ||||
bookmark_group list / elements=string | Portal bookmark group. | |||||
bookmarks list / elements=string | Bookmark table. | |||||
additional_params string | Additional parameters. | |||||
apptype string |
| Application type. | ||||
description string | Description. | |||||
folder string | Network shared file folder parameter. | |||||
form_data list / elements=string | Form data. | |||||
name string / required | Name. | |||||
value string | Value. | |||||
host string | Host name/IP parameter. | |||||
listening_port integer | Listening port (0 - 65535). | |||||
logon_password string | Logon password. | |||||
logon_user string | Logon user. | |||||
name string / required | Bookmark name. | |||||
port integer | Remote port. | |||||
remote_port integer | Remote port (0 - 65535). | |||||
security string |
| Security mode for RDP connection. | ||||
server_layout string |
| Server side keyboard layout. | ||||
show_status_window string |
| Enable/disable showing of status window. | ||||
sso string |
| Single Sign-On. | ||||
sso_credential string |
| Single sign-on credentials. | ||||
sso_credential_sent_once string |
| Single sign-on credentials are only sent once to remote server. | ||||
sso_password string | SSO password. | |||||
sso_username string | SSO user name. | |||||
url string | URL parameter. | |||||
name string / required | Bookmark group name. | |||||
custom_lang string | Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. | |||||
customize_forticlient_download_url string |
| Enable support of customized download URL for FortiClient. | ||||
display_bookmark string |
| Enable to display the web portal bookmark widget. | ||||
display_connection_tools string |
| Enable to display the web portal connection tools widget. | ||||
display_history string |
| Enable to display the web portal user login history widget. | ||||
display_status string |
| Enable to display the web portal status widget. | ||||
dns_server1 string | IPv4 DNS server 1. | |||||
dns_server2 string | IPv4 DNS server 2. | |||||
dns_suffix string | DNS suffix. | |||||
exclusive_routing string |
| Enable/disable all traffic go through tunnel only. | ||||
forticlient_download string |
| Enable/disable download option for FortiClient. | ||||
forticlient_download_method string |
| FortiClient download method. | ||||
heading string | Web portal heading message. | |||||
host_check string |
| Type of host checking performed on endpoints. | ||||
host_check_interval integer | Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. | |||||
host_check_policy list / elements=string | One or more policies to require the endpoint to have specific security software. | |||||
name string / required | Host check software list name. Source vpn.ssl.web.host-check-software.name. | |||||
ip_mode string |
| Method by which users of this SSL-VPN tunnel obtain IP addresses. | ||||
ip_pools list / elements=string | IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. | |||||
name string / required | Address name. Source firewall.address.name firewall.addrgrp.name. | |||||
ipv6_dns_server1 string | IPv6 DNS server 1. | |||||
ipv6_dns_server2 string | IPv6 DNS server 2. | |||||
ipv6_exclusive_routing string |
| Enable/disable all IPv6 traffic go through tunnel only. | ||||
ipv6_pools list / elements=string | IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. | |||||
name string / required | Address name. Source firewall.address6.name firewall.addrgrp6.name. | |||||
ipv6_service_restriction string |
| Enable/disable IPv6 tunnel service restriction. | ||||
ipv6_split_tunneling string |
| Enable/disable IPv6 split tunneling. | ||||
ipv6_split_tunneling_routing_address list / elements=string | IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. | |||||
name string / required | Address name. Source firewall.address6.name firewall.addrgrp6.name. | |||||
ipv6_tunnel_mode string |
| Enable/disable IPv6 SSL-VPN tunnel mode. | ||||
ipv6_wins_server1 string | IPv6 WINS server 1. | |||||
ipv6_wins_server2 string | IPv6 WINS server 2. | |||||
keep_alive string |
| Enable/disable automatic reconnect for FortiClient connections. | ||||
limit_user_logins string |
| Enable to limit each user to one SSL-VPN session at a time. | ||||
mac_addr_action string |
| Client MAC address action. | ||||
mac_addr_check string |
| Enable/disable MAC address host checking. | ||||
mac_addr_check_rule list / elements=string | Client MAC address check rule. | |||||
mac_addr_list list / elements=string | Client MAC address list. | |||||
addr string / required | Client MAC address. | |||||
mac_addr_mask integer | Client MAC address mask. | |||||
name string / required | Client MAC address check rule name. | |||||
macos_forticlient_download_url string | Download URL for Mac FortiClient. | |||||
name string / required | Portal name. | |||||
os_check string |
| Enable to let the FortiGate decide action based on client OS. | ||||
os_check_list list / elements=string | SSL VPN OS checks. | |||||
action string |
| OS check options. | ||||
latest_patch_level string | Latest OS patch level. | |||||
name string / required | Name. | |||||
tolerance integer | OS patch level tolerance. | |||||
redir_url string | Client login redirect URL. | |||||
save_password string |
| Enable/disable FortiClient saving the user"s password. | ||||
service_restriction string |
| Enable/disable tunnel service restriction. | ||||
skip_check_for_unsupported_browser string |
| Enable to skip host check if browser does not support it. | ||||
skip_check_for_unsupported_os string |
| Enable to skip host check if client OS does not support it. | ||||
smb_ntlmv1_auth string |
| Enable support of NTLMv1 for Samba authentication. | ||||
split_dns list / elements=string | Split DNS for SSL VPN. | |||||
dns_server1 string | DNS server 1. | |||||
dns_server2 string | DNS server 2. | |||||
domains string | Split DNS domains used for SSL-VPN clients separated by comma(,). | |||||
id integer / required | ID. | |||||
ipv6_dns_server1 string | IPv6 DNS server 1. | |||||
ipv6_dns_server2 string | IPv6 DNS server 2. | |||||
split_tunneling string |
| Enable/disable IPv4 split tunneling. | ||||
split_tunneling_routing_address list / elements=string | IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. | |||||
name string / required | Address name. Source firewall.address.name firewall.addrgrp.name. | |||||
state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||||
theme string |
| Web portal color scheme. | ||||
tunnel_mode string |
| Enable/disable IPv4 SSL-VPN tunnel mode. | ||||
user_bookmark string |
| Enable to allow web portal users to create their own bookmarks. | ||||
user_group_bookmark string |
| Enable to allow web portal users to create bookmarks for all users in the same user group. | ||||
web_mode string |
| Enable/disable SSL VPN web mode. | ||||
windows_forticlient_download_url string | Download URL for Windows FortiClient. | |||||
wins_server1 string | IPv4 WINS server 1. | |||||
wins_server2 string | IPv4 WINS server 1. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Portal. fortios_vpn_ssl_web_portal: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" vpn_ssl_web_portal: allow_user_access: "web" auto_connect: "enable" bookmark_group: - bookmarks: - additional_params: "<your_own_value>" apptype: "citrix" description: "<your_own_value>" folder: "<your_own_value>" form_data: - name: "default_name_12" value: "<your_own_value>" host: "<your_own_value>" listening_port: "15" logon_password: "<your_own_value>" logon_user: "<your_own_value>" name: "default_name_18" port: "19" remote_port: "20" security: "rdp" server_layout: "en-us-qwerty" show_status_window: "enable" sso: "disable" sso_credential: "sslvpn-login" sso_credential_sent_once: "enable" sso_password: "<your_own_value>" sso_username: "<your_own_value>" url: "myurl.com" name: "default_name_30" custom_lang: "<your_own_value> (source system.custom-language.name)" customize_forticlient_download_url: "enable" display_bookmark: "enable" display_connection_tools: "enable" display_history: "enable" display_status: "enable" dns_server1: "<your_own_value>" dns_server2: "<your_own_value>" dns_suffix: "<your_own_value>" exclusive_routing: "enable" forticlient_download: "enable" forticlient_download_method: "direct" heading: "<your_own_value>" host_check: "none" host_check_interval: "45" host_check_policy: - name: "default_name_47 (source vpn.ssl.web.host-check-software.name)" ip_mode: "range" ip_pools: - name: "default_name_50 (source firewall.address.name firewall.addrgrp.name)" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" ipv6_exclusive_routing: "enable" ipv6_pools: - name: "default_name_55 (source firewall.address6.name firewall.addrgrp6.name)" ipv6_service_restriction: "enable" ipv6_split_tunneling: "enable" ipv6_split_tunneling_routing_address: - name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)" ipv6_tunnel_mode: "enable" ipv6_wins_server1: "<your_own_value>" ipv6_wins_server2: "<your_own_value>" keep_alive: "enable" limit_user_logins: "enable" mac_addr_action: "allow" mac_addr_check: "enable" mac_addr_check_rule: - mac_addr_list: - addr: "<your_own_value>" mac_addr_mask: "70" name: "default_name_71" macos_forticlient_download_url: "<your_own_value>" name: "default_name_73" os_check: "enable" os_check_list: - action: "deny" latest_patch_level: "<your_own_value>" name: "default_name_78" tolerance: "79" redir_url: "<your_own_value>" save_password: "enable" service_restriction: "enable" skip_check_for_unsupported_browser: "enable" skip_check_for_unsupported_os: "enable" smb_ntlmv1_auth: "enable" split_dns: - dns_server1: "<your_own_value>" dns_server2: "<your_own_value>" domains: "<your_own_value>" id: "90" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" split_tunneling: "enable" split_tunneling_routing_address: - name: "default_name_95 (source firewall.address.name firewall.addrgrp.name)" theme: "blue" tunnel_mode: "enable" user_bookmark: "enable" user_group_bookmark: "enable" web_mode: "enable" windows_forticlient_download_url: "<your_own_value>" wins_server1: "<your_own_value>" wins_server2: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortios/fortios_vpn_ssl_web_portal_module.html