fmgr_fwobj_vip¶
Metadata¶
Name: fmgr_fwobj_vip
Description: Manages Virtual IP objects in FortiManager for IPv4
Author(s):
- Luke Weighall (github: @lweighall)
- Andrew Welsh (github: @Ghilli3)
- Jim Huber (github: @p4r4n0y1ng)
Ansible Version Added/Required: 2.8
Dev Status: COMPLETED/MERGED
Owning Developer: Luke Weighall
Module Github Link
Parameters¶
adom¶
- Description: The ADOM the configuration should belong to.
- Required: False
- default: root
arp_reply¶
Description: Enable to respond to ARP requests for this virtual IP address. Enabled by default.
choice | disable | Disable ARP reply.
choice | enable | Enable ARP reply.
Required: False
choices: [‘disable’, ‘enable’]
color¶
- Description: Color of icon on the GUI.
- Required: False
comment¶
- Description: Comment.
- Required: False
dns_mapping_ttl¶
- Description: DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Required: False
dynamic_mapping¶
Description: EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
Required: False
dynamic_mapping_arp_reply¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_color¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_comment¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_dns_mapping_ttl¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_extaddr¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_extintf¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_extip¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_extport¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_gratuitous_arp_interval¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_http_cookie_age¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_http_cookie_domain¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_http_cookie_domain_from_host¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_http_cookie_generation¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_http_cookie_path¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_http_ip_header¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_http_ip_header_name¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_http_multiplex¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_https_cookie_secure¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ldb_method¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | static |
choice | round-robin |
choice | weighted |
choice | least-session |
choice | least-rtt |
choice | first-alive |
choice | http-host |
Required: False
choices: [‘static’, ‘round-robin’, ‘weighted’, ‘least-session’, ‘least-rtt’, ‘first-alive’, ‘http-host’]
dynamic_mapping_mapped_addr¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_mappedip¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_mappedport¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_max_embryonic_connections¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_monitor¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_nat_source_vip¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_outlook_web_access¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_persistence¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | none |
choice | http-cookie |
choice | ssl-session-id |
Required: False
choices: [‘none’, ‘http-cookie’, ‘ssl-session-id’]
dynamic_mapping_portforward¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_portmapping_type¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | 1-to-1 |
choice | m-to-n |
Required: False
choices: [‘1-to-1’, ‘m-to-n’]
dynamic_mapping_protocol¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | tcp |
choice | udp |
choice | sctp |
choice | icmp |
Required: False
choices: [‘tcp’, ‘udp’, ‘sctp’, ‘icmp’]
dynamic_mapping_realservers_client_ip¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_healthcheck¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
choice | vip |
Required: False
choices: [‘disable’, ‘enable’, ‘vip’]
dynamic_mapping_realservers_holddown_interval¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_http_host¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_ip¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_max_connections¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_monitor¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_port¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_seq¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_realservers_status¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | active |
choice | standby |
choice | disable |
Required: False
choices: [‘active’, ‘standby’, ‘disable’]
dynamic_mapping_realservers_weight¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_server_type¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | http |
choice | https |
choice | ssl |
choice | tcp |
choice | udp |
choice | ip |
choice | imaps |
choice | pop3s |
choice | smtps |
Required: False
choices: [‘http’, ‘https’, ‘ssl’, ‘tcp’, ‘udp’, ‘ip’, ‘imaps’, ‘pop3s’, ‘smtps’]
dynamic_mapping_service¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_src_filter¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_srcintf_filter¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_algorithm¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | high |
choice | medium |
choice | low |
choice | custom |
Required: False
choices: [‘high’, ‘medium’, ‘low’, ‘custom’]
dynamic_mapping_ssl_certificate¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_cipher_suites_cipher¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | TLS-RSA-WITH-RC4-128-MD5 |
choice | TLS-RSA-WITH-RC4-128-SHA |
choice | TLS-RSA-WITH-DES-CBC-SHA |
choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
choice | TLS-RSA-WITH-AES-128-CBC-SHA |
choice | TLS-RSA-WITH-AES-256-CBC-SHA |
choice | TLS-RSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-RSA-WITH-AES-256-CBC-SHA256 |
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
choice | TLS-RSA-WITH-SEED-CBC-SHA |
choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-DHE-RSA-WITH-DES-CBC-SHA |
choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 |
choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-RSA-WITH-AES-128-GCM-SHA256 |
choice | TLS-RSA-WITH-AES-256-GCM-SHA384 |
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 |
choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 |
choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
choice | TLS-DHE-DSS-WITH-DES-CBC-SHA |
Required: False
choices: [‘TLS-RSA-WITH-RC4-128-MD5’, ‘TLS-RSA-WITH-RC4-128-SHA’, ‘TLS-RSA-WITH-DES-CBC-SHA’, ‘TLS-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-RSA-WITH-AES-256-CBC-SHA256’, ‘TLS-RSA-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-RSA-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-RSA-WITH-SEED-CBC-SHA’, ‘TLS-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-DHE-RSA-WITH-DES-CBC-SHA’, ‘TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-AES-256-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-SEED-CBC-SHA’, ‘TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-RC4-128-SHA’, ‘TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-DHE-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-DHE-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-DHE-DSS-WITH-AES-128-CBC-SHA’, ‘TLS-DHE-DSS-WITH-AES-256-CBC-SHA’, ‘TLS-DHE-DSS-WITH-AES-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-AES-128-GCM-SHA256’, ‘TLS-DHE-DSS-WITH-AES-256-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-AES-256-GCM-SHA384’, ‘TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384’, ‘TLS-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-SEED-CBC-SHA’, ‘TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA’, ‘TLS-DHE-DSS-WITH-DES-CBC-SHA’]
dynamic_mapping_ssl_cipher_suites_versions¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
FLAG Based Options. Specify multiple in list form.
flag | ssl-3.0 |
flag | tls-1.0 |
flag | tls-1.1 |
flag | tls-1.2 |
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
dynamic_mapping_ssl_client_fallback¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_client_renegotiation¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | deny |
choice | allow |
choice | secure |
Required: False
choices: [‘deny’, ‘allow’, ‘secure’]
dynamic_mapping_ssl_client_session_state_max¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_client_session_state_timeout¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_client_session_state_type¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | time |
choice | count |
choice | both |
Required: False
choices: [‘disable’, ‘time’, ‘count’, ‘both’]
dynamic_mapping_ssl_dh_bits¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | 768 |
choice | 1024 |
choice | 1536 |
choice | 2048 |
choice | 3072 |
choice | 4096 |
Required: False
choices: [‘768’, ‘1024’, ‘1536’, ‘2048’, ‘3072’, ‘4096’]
dynamic_mapping_ssl_hpkp¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
choice | report-only |
Required: False
choices: [‘disable’, ‘enable’, ‘report-only’]
dynamic_mapping_ssl_hpkp_age¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_hpkp_backup¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_hpkp_include_subdomains¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_hpkp_primary¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_hpkp_report_uri¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_hsts¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_hsts_age¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_hsts_include_subdomains¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_http_location_conversion¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_http_match_host¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_max_version¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
dynamic_mapping_ssl_min_version¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
dynamic_mapping_ssl_mode¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | half |
choice | full |
Required: False
choices: [‘half’, ‘full’]
dynamic_mapping_ssl_pfs¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | require |
choice | deny |
choice | allow |
Required: False
choices: [‘require’, ‘deny’, ‘allow’]
dynamic_mapping_ssl_send_empty_frags¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_ssl_server_algorithm¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | high |
choice | low |
choice | medium |
choice | custom |
choice | client |
Required: False
choices: [‘high’, ‘low’, ‘medium’, ‘custom’, ‘client’]
dynamic_mapping_ssl_server_max_version¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
choice | client |
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’, ‘client’]
dynamic_mapping_ssl_server_min_version¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | ssl-3.0 |
choice | tls-1.0 |
choice | tls-1.1 |
choice | tls-1.2 |
choice | client |
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’, ‘client’]
dynamic_mapping_ssl_server_session_state_max¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_server_session_state_timeout¶
- Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- Required: False
dynamic_mapping_ssl_server_session_state_type¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | time |
choice | count |
choice | both |
Required: False
choices: [‘disable’, ‘time’, ‘count’, ‘both’]
dynamic_mapping_type¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | static-nat |
choice | load-balance |
choice | server-load-balance |
choice | dns-translation |
choice | fqdn |
Required: False
choices: [‘static-nat’, ‘load-balance’, ‘server-load-balance’, ‘dns-translation’, ‘fqdn’]
dynamic_mapping_weblogic_server¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
dynamic_mapping_websphere_server¶
Description: Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
choice | disable |
choice | enable |
Required: False
choices: [‘disable’, ‘enable’]
extaddr¶
- Description: External FQDN address name.
- Required: False
extintf¶
Description: Interface connected to the source network that receives the packets that will be forwarded to the destination
network.
Required: False
extip¶
Description: IP address or address range on the external interface that you want to map to an address or address range on t
he destination network.
Required: False
extport¶
- Description: Incoming port number range that you want to map to a port number range on the destination network.
- Required: False
gratuitous_arp_interval¶
- Description: Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Required: False
http_cookie_age¶
- Description: Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- Required: False
http_cookie_domain¶
- Description: Domain that HTTP cookie persistence should apply to.
- Required: False
http_cookie_domain_from_host¶
Description: Enable/disable use of HTTP cookie domain from host field in HTTP.
choice | disable | Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting).
choice | enable | Enable use of HTTP cookie domain from host field in HTTP.
Required: False
choices: [‘disable’, ‘enable’]
http_cookie_generation¶
- Description: Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- Required: False
http_cookie_path¶
- Description: Limit HTTP cookie persistence to the specified path.
- Required: False
http_ip_header¶
Description: For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
choice | disable | Disable adding HTTP header.
choice | enable | Enable adding HTTP header.
Required: False
choices: [‘disable’, ‘enable’]
http_ip_header_name¶
Description: For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header.
If empty, X-Forwarded-For is used.
Required: False
http_multiplex¶
Description: Enable/disable HTTP multiplexing.
choice | disable | Disable HTTP session multiplexing.
choice | enable | Enable HTTP session multiplexing.
Required: False
choices: [‘disable’, ‘enable’]
https_cookie_secure¶
Description: Enable/disable verification that inserted HTTPS cookies are secure.
choice | disable | Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection.
choice | enable | Mark inserted cookie as secure, cookie can only be used for HTTPS a connection.
Required: False
choices: [‘disable’, ‘enable’]
ldb_method¶
Description: Method used to distribute sessions to real servers.
choice | static | Distribute to server based on source IP.
choice | round-robin | Distribute to server based round robin order.
choice | weighted | Distribute to server based on weight.
choice | least-session | Distribute to server with lowest session count.
choice | least-rtt | Distribute to server with lowest Round-Trip-Time.
choice | first-alive | Distribute to the first server that is alive.
choice | http-host | Distribute to server based on host field in HTTP header.
Required: False
choices: [‘static’, ‘round-robin’, ‘weighted’, ‘least-session’, ‘least-rtt’, ‘first-alive’, ‘http-host’]
mapped_addr¶
- Description: Mapped FQDN address name.
- Required: False
mappedip¶
- Description: IP address or address range on the destination network to which the external IP address is mapped.
- Required: False
mappedport¶
- Description: Port number range on the destination network to which the external port number range is mapped.
- Required: False
max_embryonic_connections¶
- Description: Maximum number of incomplete connections.
- Required: False
mode¶
Description: Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values
Required: False
default: add
choices: [‘add’, ‘set’, ‘delete’, ‘update’]
monitor¶
- Description: Name of the health check monitor to use when polling to determine a virtual server’s connectivity status.
- Required: False
name¶
- Description: Virtual IP name.
- Required: False
nat_source_vip¶
Description: Enable to prevent unintended servers from using a virtual IP.
Disable to use the actual IP address of the server as the source address.
choice | disable | Do not force to NAT as VIP.
choice | enable | Force to NAT as VIP.
Required: False
choices: [‘disable’, ‘enable’]
outlook_web_access¶
Description: Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
choice | disable | Disable Outlook Web Access support.
choice | enable | Enable Outlook Web Access support.
Required: False
choices: [‘disable’, ‘enable’]
persistence¶
Description: Configure how to make sure that clients connect to the same server every time they make a request that is part
of the same session.
choice | none | None.
choice | http-cookie | HTTP cookie.
choice | ssl-session-id | SSL session ID.
Required: False
choices: [‘none’, ‘http-cookie’, ‘ssl-session-id’]
portforward¶
Description: Enable/disable port forwarding.
choice | disable | Disable port forward.
choice | enable | Enable port forward.
Required: False
choices: [‘disable’, ‘enable’]
portmapping_type¶
Description: Port mapping type.
choice | 1-to-1 | One to one.
choice | m-to-n | Many to many.
Required: False
choices: [‘1-to-1’, ‘m-to-n’]
protocol¶
Description: Protocol to use when forwarding packets.
choice | tcp | TCP.
choice | udp | UDP.
choice | sctp | SCTP.
choice | icmp | ICMP.
Required: False
choices: [‘tcp’, ‘udp’, ‘sctp’, ‘icmp’]
realservers¶
Description: EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
Required: False
realservers_client_ip¶
- Description: Only clients in this IP range can connect to this real server.
- Required: False
realservers_healthcheck¶
Description: Enable to check the responsiveness of the real server before forwarding traffic.
choice | disable | Disable per server health check.
choice | enable | Enable per server health check.
choice | vip | Use health check defined in VIP.
Required: False
choices: [‘disable’, ‘enable’, ‘vip’]
realservers_holddown_interval¶
- Description: Time in seconds that the health check monitor monitors an unresponsive server that should be active.
- Required: False
realservers_http_host¶
- Description: HTTP server domain name in HTTP header.
- Required: False
realservers_ip¶
- Description: IP address of the real server.
- Required: False
realservers_max_connections¶
Description: Max number of active connections that can be directed to the real server. When reached, sessions are sent to
their real servers.
Required: False
realservers_monitor¶
- Description: Name of the health check monitor to use when polling to determine a virtual server’s connectivity status.
- Required: False
realservers_port¶
- Description: Port for communicating with the real server. Required if port forwarding is enabled.
- Required: False
realservers_seq¶
- Description: Real Server Sequence Number
- Required: False
realservers_status¶
Description: Set the status of the real server to active so that it can accept traffic.
Or on standby or disabled so no traffic is sent.
choice | active | Server status active.
choice | standby | Server status standby.
choice | disable | Server status disable.
Required: False
choices: [‘active’, ‘standby’, ‘disable’]
realservers_weight¶
Description: Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more
connections.
Required: False
server_type¶
Description: Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
choice | http | HTTP
choice | https | HTTPS
choice | ssl | SSL
choice | tcp | TCP
choice | udp | UDP
choice | ip | IP
choice | imaps | IMAPS
choice | pop3s | POP3S
choice | smtps | SMTPS
Required: False
choices: [‘http’, ‘https’, ‘ssl’, ‘tcp’, ‘udp’, ‘ip’, ‘imaps’, ‘pop3s’, ‘smtps’]
service¶
- Description: Service name.
- Required: False
src_filter¶
Description: Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y).
Separate addresses with spaces.
Required: False
srcintf_filter¶
- Description: Interfaces to which the VIP applies. Separate the names with spaces.
- Required: False
ssl_algorithm¶
Description: Permitted encryption algorithms for SSL sessions according to encryption strength.
choice | high | High encryption. Allow only AES and ChaCha.
choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
Required: False
choices: [‘high’, ‘medium’, ‘low’, ‘custom’]
ssl_certificate¶
- Description: The name of the SSL certificate to use for SSL acceleration.
- Required: False
ssl_cipher_suites¶
Description: EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
Required: False
ssl_cipher_suites_cipher¶
Description: Cipher suite name.
choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
Required: False
choices: [‘TLS-RSA-WITH-RC4-128-MD5’, ‘TLS-RSA-WITH-RC4-128-SHA’, ‘TLS-RSA-WITH-DES-CBC-SHA’, ‘TLS-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-RSA-WITH-AES-256-CBC-SHA256’, ‘TLS-RSA-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-RSA-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-RSA-WITH-SEED-CBC-SHA’, ‘TLS-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-DHE-RSA-WITH-DES-CBC-SHA’, ‘TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-AES-256-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-SEED-CBC-SHA’, ‘TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-RC4-128-SHA’, ‘TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-DHE-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-DHE-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-DHE-DSS-WITH-AES-128-CBC-SHA’, ‘TLS-DHE-DSS-WITH-AES-256-CBC-SHA’, ‘TLS-DHE-DSS-WITH-AES-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-AES-128-GCM-SHA256’, ‘TLS-DHE-DSS-WITH-AES-256-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-AES-256-GCM-SHA384’, ‘TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384’, ‘TLS-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-SEED-CBC-SHA’, ‘TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA’, ‘TLS-DHE-DSS-WITH-DES-CBC-SHA’]
ssl_cipher_suites_versions¶
Description: SSL/TLS versions that the cipher suite can be used with.
FLAG Based Options. Specify multiple in list form.
flag | ssl-3.0 | SSL 3.0.
flag | tls-1.0 | TLS 1.0.
flag | tls-1.1 | TLS 1.1.
flag | tls-1.2 | TLS 1.2.
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
ssl_client_fallback¶
Description: Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507).
choice | disable | Disable.
choice | enable | Enable.
Required: False
choices: [‘disable’, ‘enable’]
ssl_client_renegotiation¶
Description: Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746.
choice | deny | Abort any client initiated SSL re-negotiation attempt.
choice | allow | Allow a SSL client to renegotiate.
choice | secure | Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746.
Required: False
choices: [‘deny’, ‘allow’, ‘secure’]
ssl_client_session_state_max¶
- Description: Maximum number of client to FortiGate SSL session states to keep.
- Required: False
ssl_client_session_state_timeout¶
- Description: Number of minutes to keep client to FortiGate SSL session state.
- Required: False
ssl_client_session_state_type¶
Description: How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate.
choice | disable | Do not keep session states.
choice | time | Expire session states after this many minutes.
choice | count | Expire session states when this maximum is reached.
choice | both | Expire session states based on time or count, whichever occurs first.
Required: False
choices: [‘disable’, ‘time’, ‘count’, ‘both’]
ssl_dh_bits¶
Description: Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions.
choice | 768 | 768-bit Diffie-Hellman prime.
choice | 1024 | 1024-bit Diffie-Hellman prime.
choice | 1536 | 1536-bit Diffie-Hellman prime.
choice | 2048 | 2048-bit Diffie-Hellman prime.
choice | 3072 | 3072-bit Diffie-Hellman prime.
choice | 4096 | 4096-bit Diffie-Hellman prime.
Required: False
choices: [‘768’, ‘1024’, ‘1536’, ‘2048’, ‘3072’, ‘4096’]
ssl_hpkp¶
Description: Enable/disable including HPKP header in response.
choice | disable | Do not add a HPKP header to each HTTP response.
choice | enable | Add a HPKP header to each a HTTP response.
choice | report-only | Add a HPKP Report-Only header to each HTTP response.
Required: False
choices: [‘disable’, ‘enable’, ‘report-only’]
ssl_hpkp_age¶
- Description: Number of seconds the client should honour the HPKP setting.
- Required: False
ssl_hpkp_backup¶
- Description: Certificate to generate backup HPKP pin from.
- Required: False
ssl_hpkp_include_subdomains¶
Description: Indicate that HPKP header applies to all subdomains.
choice | disable | HPKP header does not apply to subdomains.
choice | enable | HPKP header applies to subdomains.
Required: False
choices: [‘disable’, ‘enable’]
ssl_hpkp_primary¶
- Description: Certificate to generate primary HPKP pin from.
- Required: False
ssl_hpkp_report_uri¶
- Description: URL to report HPKP violations to.
- Required: False
ssl_hsts¶
Description: Enable/disable including HSTS header in response.
choice | disable | Do not add a HSTS header to each a HTTP response.
choice | enable | Add a HSTS header to each HTTP response.
Required: False
choices: [‘disable’, ‘enable’]
ssl_hsts_age¶
- Description: Number of seconds the client should honour the HSTS setting.
- Required: False
ssl_hsts_include_subdomains¶
Description: Indicate that HSTS header applies to all subdomains.
choice | disable | HSTS header does not apply to subdomains.
choice | enable | HSTS header applies to subdomains.
Required: False
choices: [‘disable’, ‘enable’]
ssl_http_location_conversion¶
Description: Enable to replace HTTP with HTTPS in the reply’s Location HTTP header field.
choice | disable | Disable HTTP location conversion.
choice | enable | Enable HTTP location conversion.
Required: False
choices: [‘disable’, ‘enable’]
ssl_http_match_host¶
Description: Enable/disable HTTP host matching for location conversion.
choice | disable | Do not match HTTP host.
choice | enable | Match HTTP host in response header.
Required: False
choices: [‘disable’, ‘enable’]
ssl_max_version¶
Description: Highest SSL/TLS version acceptable from a client.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
ssl_min_version¶
Description: Lowest SSL/TLS version acceptable from a client.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
ssl_mode¶
Description: Apply SSL offloading mode
choice | half | Client to FortiGate SSL.
choice | full | Client to FortiGate and FortiGate to Server SSL.
Required: False
choices: [‘half’, ‘full’]
ssl_pfs¶
Description: Select the cipher suites that can be used for SSL perfect forward secrecy (PFS).
choice | require | Allow only Diffie-Hellman cipher-suites, so PFS is applied.
choice | deny | Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied.
choice | allow | Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite
Required: False
choices: [‘require’, ‘deny’, ‘allow’]
ssl_send_empty_frags¶
Description: Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only).
choice | disable | Do not send empty fragments.
choice | enable | Send empty fragments.
Required: False
choices: [‘disable’, ‘enable’]
ssl_server_algorithm¶
Description: Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength
choice | high | High encryption. Allow only AES and ChaCha.
choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
choice | custom | Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.
choice | client | Use the same encryption algorithms for both client and server sessions.
Required: False
choices: [‘high’, ‘low’, ‘medium’, ‘custom’, ‘client’]
ssl_server_cipher_suites¶
Description: EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
List of multiple child objects to be added. Expects a list of dictionaries.
Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
If submitted, all other prefixed sub-parameters ARE IGNORED.
This object is MUTUALLY EXCLUSIVE with its options.
We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
Required: False
ssl_server_cipher_suites_cipher¶
Description: Cipher suite name.
choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
Required: False
choices: [‘TLS-RSA-WITH-RC4-128-MD5’, ‘TLS-RSA-WITH-RC4-128-SHA’, ‘TLS-RSA-WITH-DES-CBC-SHA’, ‘TLS-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-RSA-WITH-AES-256-CBC-SHA256’, ‘TLS-RSA-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-RSA-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-RSA-WITH-SEED-CBC-SHA’, ‘TLS-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-DHE-RSA-WITH-DES-CBC-SHA’, ‘TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-DHE-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-AES-256-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-SEED-CBC-SHA’, ‘TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-RC4-128-SHA’, ‘TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA’, ‘TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256’, ‘TLS-DHE-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-DHE-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-DHE-DSS-WITH-AES-128-CBC-SHA’, ‘TLS-DHE-DSS-WITH-AES-256-CBC-SHA’, ‘TLS-DHE-DSS-WITH-AES-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-AES-128-GCM-SHA256’, ‘TLS-DHE-DSS-WITH-AES-256-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-AES-256-GCM-SHA384’, ‘TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256’, ‘TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384’, ‘TLS-RSA-WITH-AES-128-GCM-SHA256’, ‘TLS-RSA-WITH-AES-256-GCM-SHA384’, ‘TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA’, ‘TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA’, ‘TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-SEED-CBC-SHA’, ‘TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256’, ‘TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256’, ‘TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384’, ‘TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA’, ‘TLS-DHE-DSS-WITH-DES-CBC-SHA’]
ssl_server_cipher_suites_priority¶
- Description: SSL/TLS cipher suites priority.
- Required: False
ssl_server_cipher_suites_versions¶
Description: SSL/TLS versions that the cipher suite can be used with.
FLAG Based Options. Specify multiple in list form.
flag | ssl-3.0 | SSL 3.0.
flag | tls-1.0 | TLS 1.0.
flag | tls-1.1 | TLS 1.1.
flag | tls-1.2 | TLS 1.2.
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’]
ssl_server_max_version¶
Description: Highest SSL/TLS version acceptable from a server. Use the client setting by default.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
choice | client | Use same value as client configuration.
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’, ‘client’]
ssl_server_min_version¶
Description: Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
choice | ssl-3.0 | SSL 3.0.
choice | tls-1.0 | TLS 1.0.
choice | tls-1.1 | TLS 1.1.
choice | tls-1.2 | TLS 1.2.
choice | client | Use same value as client configuration.
Required: False
choices: [‘ssl-3.0’, ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’, ‘client’]
ssl_server_session_state_max¶
- Description: Maximum number of FortiGate to Server SSL session states to keep.
- Required: False
ssl_server_session_state_timeout¶
- Description: Number of minutes to keep FortiGate to Server SSL session state.
- Required: False
ssl_server_session_state_type¶
Description: How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate.
choice | disable | Do not keep session states.
choice | time | Expire session states after this many minutes.
choice | count | Expire session states when this maximum is reached.
choice | both | Expire session states based on time or count, whichever occurs first.
Required: False
choices: [‘disable’, ‘time’, ‘count’, ‘both’]
type¶
Description: Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
choice | static-nat | Static NAT.
choice | load-balance | Load balance.
choice | server-load-balance | Server load balance.
choice | dns-translation | DNS translation.
choice | fqdn | FQDN Translation
Required: False
choices: [‘static-nat’, ‘load-balance’, ‘server-load-balance’, ‘dns-translation’, ‘fqdn’]
weblogic_server¶
Description: Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
choice | disable | Do not add HTTP header indicating SSL offload for WebLogic server.
choice | enable | Add HTTP header indicating SSL offload for WebLogic server.
Required: False
choices: [‘disable’, ‘enable’]
websphere_server¶
Description: Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
choice | disable | Do not add HTTP header indicating SSL offload for WebSphere server.
choice | enable | Add HTTP header indicating SSL offload for WebSphere server.
Required: False
choices: [‘disable’, ‘enable’]
Functions¶
- fmgr_firewall_vip_modify
def fmgr_firewall_vip_modify(fmgr, paramgram): """ :param fmgr: The fmgr object instance from fortimanager.py :type fmgr: class object :param paramgram: The formatted dictionary of options to process :type paramgram: dict :return: The response from the FortiManager :rtype: dict """ mode = paramgram["mode"] adom = paramgram["adom"] # INIT A BASIC OBJECTS response = DEFAULT_RESULT_OBJ url = "" datagram = {} # EVAL THE MODE PARAMETER FOR SET OR ADD if mode in ['set', 'add', 'update']: url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom) datagram = scrub_dict(prepare_dict(paramgram)) # EVAL THE MODE PARAMETER FOR DELETE elif mode == "delete": # SET THE CORRECT URL FOR DELETE url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"]) datagram = {} response = fmgr.process_request(url, datagram, paramgram["mode"]) return response ############# # END METHODS #############
- main
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), websphere_server=dict(required=False, type="str", choices=["disable", "enable"]), weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]), type=dict(required=False, type="str", choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]), ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), ssl_server_session_state_timeout=dict(required=False, type="int"), ssl_server_session_state_max=dict(required=False, type="int"), ssl_server_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), ssl_server_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]), ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]), ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]), ssl_mode=dict(required=False, type="str", choices=["half", "full"]), ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]), ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hsts_age=dict(required=False, type="int"), ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hpkp_report_uri=dict(required=False, type="str"), ssl_hpkp_primary=dict(required=False, type="str"), ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hpkp_backup=dict(required=False, type="str"), ssl_hpkp_age=dict(required=False, type="int"), ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]), ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]), ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), ssl_client_session_state_timeout=dict(required=False, type="int"), ssl_client_session_state_max=dict(required=False, type="int"), ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]), ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]), ssl_certificate=dict(required=False, type="str"), ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]), srcintf_filter=dict(required=False, type="str"), src_filter=dict(required=False, type="str"), service=dict(required=False, type="str"), server_type=dict(required=False, type="str", choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]), protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]), portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]), portforward=dict(required=False, type="str", choices=["disable", "enable"]), persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]), outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]), nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]), name=dict(required=False, type="str"), monitor=dict(required=False, type="str"), max_embryonic_connections=dict(required=False, type="int"), mappedport=dict(required=False, type="str"), mappedip=dict(required=False, type="str"), mapped_addr=dict(required=False, type="str"), ldb_method=dict(required=False, type="str", choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]), https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]), http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]), http_ip_header_name=dict(required=False, type="str"), http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]), http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]), http_cookie_path=dict(required=False, type="str"), http_cookie_generation=dict(required=False, type="int"), http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]), http_cookie_domain=dict(required=False, type="str"), http_cookie_age=dict(required=False, type="int"), gratuitous_arp_interval=dict(required=False, type="int"), extport=dict(required=False, type="str"), extip=dict(required=False, type="str"), extintf=dict(required=False, type="str"), extaddr=dict(required=False, type="str"), dns_mapping_ttl=dict(required=False, type="int"), comment=dict(required=False, type="str"), color=dict(required=False, type="int"), arp_reply=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping=dict(required=False, type="list"), dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_color=dict(required=False, type="int"), dynamic_mapping_comment=dict(required=False, type="str"), dynamic_mapping_dns_mapping_ttl=dict(required=False, type="int"), dynamic_mapping_extaddr=dict(required=False, type="str"), dynamic_mapping_extintf=dict(required=False, type="str"), dynamic_mapping_extip=dict(required=False, type="str"), dynamic_mapping_extport=dict(required=False, type="str"), dynamic_mapping_gratuitous_arp_interval=dict(required=False, type="int"), dynamic_mapping_http_cookie_age=dict(required=False, type="int"), dynamic_mapping_http_cookie_domain=dict(required=False, type="str"), dynamic_mapping_http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_http_cookie_generation=dict(required=False, type="int"), dynamic_mapping_http_cookie_path=dict(required=False, type="str"), dynamic_mapping_http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]), dynamic_mapping_http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_http_ip_header_name=dict(required=False, type="str"), dynamic_mapping_http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ldb_method=dict(required=False, type="str", choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]), dynamic_mapping_mapped_addr=dict(required=False, type="str"), dynamic_mapping_mappedip=dict(required=False, type="str"), dynamic_mapping_mappedport=dict(required=False, type="str"), dynamic_mapping_max_embryonic_connections=dict(required=False, type="int"), dynamic_mapping_monitor=dict(required=False, type="str"), dynamic_mapping_nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]), dynamic_mapping_portforward=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]), dynamic_mapping_protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]), dynamic_mapping_server_type=dict(required=False, type="str", choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]), dynamic_mapping_service=dict(required=False, type="str"), dynamic_mapping_src_filter=dict(required=False, type="str"), dynamic_mapping_srcintf_filter=dict(required=False, type="str"), dynamic_mapping_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]), dynamic_mapping_ssl_certificate=dict(required=False, type="str"), dynamic_mapping_ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]), dynamic_mapping_ssl_client_session_state_max=dict(required=False, type="int"), dynamic_mapping_ssl_client_session_state_timeout=dict(required=False, type="int"), dynamic_mapping_ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), dynamic_mapping_ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]), dynamic_mapping_ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]), dynamic_mapping_ssl_hpkp_age=dict(required=False, type="int"), dynamic_mapping_ssl_hpkp_backup=dict(required=False, type="str"), dynamic_mapping_ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_hpkp_primary=dict(required=False, type="str"), dynamic_mapping_ssl_hpkp_report_uri=dict(required=False, type="str"), dynamic_mapping_ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_hsts_age=dict(required=False, type="int"), dynamic_mapping_ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), dynamic_mapping_ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), dynamic_mapping_ssl_mode=dict(required=False, type="str", choices=["half", "full"]), dynamic_mapping_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]), dynamic_mapping_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]), dynamic_mapping_ssl_server_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), dynamic_mapping_ssl_server_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), dynamic_mapping_ssl_server_session_state_max=dict(required=False, type="int"), dynamic_mapping_ssl_server_session_state_timeout=dict(required=False, type="int"), dynamic_mapping_ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), dynamic_mapping_type=dict(required=False, type="str", choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]), dynamic_mapping_weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_websphere_server=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_realservers_client_ip=dict(required=False, type="str"), dynamic_mapping_realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]), dynamic_mapping_realservers_holddown_interval=dict(required=False, type="int"), dynamic_mapping_realservers_http_host=dict(required=False, type="str"), dynamic_mapping_realservers_ip=dict(required=False, type="str"), dynamic_mapping_realservers_max_connections=dict(required=False, type="int"), dynamic_mapping_realservers_monitor=dict(required=False, type="str"), dynamic_mapping_realservers_port=dict(required=False, type="int"), dynamic_mapping_realservers_seq=dict(required=False, type="str"), dynamic_mapping_realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]), dynamic_mapping_realservers_weight=dict(required=False, type="int"), dynamic_mapping_ssl_cipher_suites_cipher=dict(required=False, type="str", choices=["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"]), dynamic_mapping_ssl_cipher_suites_versions=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), realservers=dict(required=False, type="list"), realservers_client_ip=dict(required=False, type="str"), realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]), realservers_holddown_interval=dict(required=False, type="int"), realservers_http_host=dict(required=False, type="str"), realservers_ip=dict(required=False, type="str"), realservers_max_connections=dict(required=False, type="int"), realservers_monitor=dict(required=False, type="str"), realservers_port=dict(required=False, type="int"), realservers_seq=dict(required=False, type="str"), realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]), realservers_weight=dict(required=False, type="int"), ssl_cipher_suites=dict(required=False, type="list"), ssl_cipher_suites_cipher=dict(required=False, type="str", choices=["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"]), ssl_cipher_suites_versions=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ssl_server_cipher_suites=dict(required=False, type="list"), ssl_server_cipher_suites_cipher=dict(required=False, type="str", choices=["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"]), ssl_server_cipher_suites_priority=dict(required=False, type="str"), ssl_server_cipher_suites_versions=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "websphere-server": module.params["websphere_server"], "weblogic-server": module.params["weblogic_server"], "type": module.params["type"], "ssl-server-session-state-type": module.params["ssl_server_session_state_type"], "ssl-server-session-state-timeout": module.params["ssl_server_session_state_timeout"], "ssl-server-session-state-max": module.params["ssl_server_session_state_max"], "ssl-server-min-version": module.params["ssl_server_min_version"], "ssl-server-max-version": module.params["ssl_server_max_version"], "ssl-server-algorithm": module.params["ssl_server_algorithm"], "ssl-send-empty-frags": module.params["ssl_send_empty_frags"], "ssl-pfs": module.params["ssl_pfs"], "ssl-mode": module.params["ssl_mode"], "ssl-min-version": module.params["ssl_min_version"], "ssl-max-version": module.params["ssl_max_version"], "ssl-http-match-host": module.params["ssl_http_match_host"], "ssl-http-location-conversion": module.params["ssl_http_location_conversion"], "ssl-hsts-include-subdomains": module.params["ssl_hsts_include_subdomains"], "ssl-hsts-age": module.params["ssl_hsts_age"], "ssl-hsts": module.params["ssl_hsts"], "ssl-hpkp-report-uri": module.params["ssl_hpkp_report_uri"], "ssl-hpkp-primary": module.params["ssl_hpkp_primary"], "ssl-hpkp-include-subdomains": module.params["ssl_hpkp_include_subdomains"], "ssl-hpkp-backup": module.params["ssl_hpkp_backup"], "ssl-hpkp-age": module.params["ssl_hpkp_age"], "ssl-hpkp": module.params["ssl_hpkp"], "ssl-dh-bits": module.params["ssl_dh_bits"], "ssl-client-session-state-type": module.params["ssl_client_session_state_type"], "ssl-client-session-state-timeout": module.params["ssl_client_session_state_timeout"], "ssl-client-session-state-max": module.params["ssl_client_session_state_max"], "ssl-client-renegotiation": module.params["ssl_client_renegotiation"], "ssl-client-fallback": module.params["ssl_client_fallback"], "ssl-certificate": module.params["ssl_certificate"], "ssl-algorithm": module.params["ssl_algorithm"], "srcintf-filter": module.params["srcintf_filter"], "src-filter": module.params["src_filter"], "service": module.params["service"], "server-type": module.params["server_type"], "protocol": module.params["protocol"], "portmapping-type": module.params["portmapping_type"], "portforward": module.params["portforward"], "persistence": module.params["persistence"], "outlook-web-access": module.params["outlook_web_access"], "nat-source-vip": module.params["nat_source_vip"], "name": module.params["name"], "monitor": module.params["monitor"], "max-embryonic-connections": module.params["max_embryonic_connections"], "mappedport": module.params["mappedport"], "mappedip": module.params["mappedip"], "mapped-addr": module.params["mapped_addr"], "ldb-method": module.params["ldb_method"], "https-cookie-secure": module.params["https_cookie_secure"], "http-multiplex": module.params["http_multiplex"], "http-ip-header-name": module.params["http_ip_header_name"], "http-ip-header": module.params["http_ip_header"], "http-cookie-share": module.params["http_cookie_share"], "http-cookie-path": module.params["http_cookie_path"], "http-cookie-generation": module.params["http_cookie_generation"], "http-cookie-domain-from-host": module.params["http_cookie_domain_from_host"], "http-cookie-domain": module.params["http_cookie_domain"], "http-cookie-age": module.params["http_cookie_age"], "gratuitous-arp-interval": module.params["gratuitous_arp_interval"], "extport": module.params["extport"], "extip": module.params["extip"], "extintf": module.params["extintf"], "extaddr": module.params["extaddr"], "dns-mapping-ttl": module.params["dns_mapping_ttl"], "comment": module.params["comment"], "color": module.params["color"], "arp-reply": module.params["arp_reply"], "dynamic_mapping": { "arp-reply": module.params["dynamic_mapping_arp_reply"], "color": module.params["dynamic_mapping_color"], "comment": module.params["dynamic_mapping_comment"], "dns-mapping-ttl": module.params["dynamic_mapping_dns_mapping_ttl"], "extaddr": module.params["dynamic_mapping_extaddr"], "extintf": module.params["dynamic_mapping_extintf"], "extip": module.params["dynamic_mapping_extip"], "extport": module.params["dynamic_mapping_extport"], "gratuitous-arp-interval": module.params["dynamic_mapping_gratuitous_arp_interval"], "http-cookie-age": module.params["dynamic_mapping_http_cookie_age"], "http-cookie-domain": module.params["dynamic_mapping_http_cookie_domain"], "http-cookie-domain-from-host": module.params["dynamic_mapping_http_cookie_domain_from_host"], "http-cookie-generation": module.params["dynamic_mapping_http_cookie_generation"], "http-cookie-path": module.params["dynamic_mapping_http_cookie_path"], "http-cookie-share": module.params["dynamic_mapping_http_cookie_share"], "http-ip-header": module.params["dynamic_mapping_http_ip_header"], "http-ip-header-name": module.params["dynamic_mapping_http_ip_header_name"], "http-multiplex": module.params["dynamic_mapping_http_multiplex"], "https-cookie-secure": module.params["dynamic_mapping_https_cookie_secure"], "ldb-method": module.params["dynamic_mapping_ldb_method"], "mapped-addr": module.params["dynamic_mapping_mapped_addr"], "mappedip": module.params["dynamic_mapping_mappedip"], "mappedport": module.params["dynamic_mapping_mappedport"], "max-embryonic-connections": module.params["dynamic_mapping_max_embryonic_connections"], "monitor": module.params["dynamic_mapping_monitor"], "nat-source-vip": module.params["dynamic_mapping_nat_source_vip"], "outlook-web-access": module.params["dynamic_mapping_outlook_web_access"], "persistence": module.params["dynamic_mapping_persistence"], "portforward": module.params["dynamic_mapping_portforward"], "portmapping-type": module.params["dynamic_mapping_portmapping_type"], "protocol": module.params["dynamic_mapping_protocol"], "server-type": module.params["dynamic_mapping_server_type"], "service": module.params["dynamic_mapping_service"], "src-filter": module.params["dynamic_mapping_src_filter"], "srcintf-filter": module.params["dynamic_mapping_srcintf_filter"], "ssl-algorithm": module.params["dynamic_mapping_ssl_algorithm"], "ssl-certificate": module.params["dynamic_mapping_ssl_certificate"], "ssl-client-fallback": module.params["dynamic_mapping_ssl_client_fallback"], "ssl-client-renegotiation": module.params["dynamic_mapping_ssl_client_renegotiation"], "ssl-client-session-state-max": module.params["dynamic_mapping_ssl_client_session_state_max"], "ssl-client-session-state-timeout": module.params["dynamic_mapping_ssl_client_session_state_timeout"], "ssl-client-session-state-type": module.params["dynamic_mapping_ssl_client_session_state_type"], "ssl-dh-bits": module.params["dynamic_mapping_ssl_dh_bits"], "ssl-hpkp": module.params["dynamic_mapping_ssl_hpkp"], "ssl-hpkp-age": module.params["dynamic_mapping_ssl_hpkp_age"], "ssl-hpkp-backup": module.params["dynamic_mapping_ssl_hpkp_backup"], "ssl-hpkp-include-subdomains": module.params["dynamic_mapping_ssl_hpkp_include_subdomains"], "ssl-hpkp-primary": module.params["dynamic_mapping_ssl_hpkp_primary"], "ssl-hpkp-report-uri": module.params["dynamic_mapping_ssl_hpkp_report_uri"], "ssl-hsts": module.params["dynamic_mapping_ssl_hsts"], "ssl-hsts-age": module.params["dynamic_mapping_ssl_hsts_age"], "ssl-hsts-include-subdomains": module.params["dynamic_mapping_ssl_hsts_include_subdomains"], "ssl-http-location-conversion": module.params["dynamic_mapping_ssl_http_location_conversion"], "ssl-http-match-host": module.params["dynamic_mapping_ssl_http_match_host"], "ssl-max-version": module.params["dynamic_mapping_ssl_max_version"], "ssl-min-version": module.params["dynamic_mapping_ssl_min_version"], "ssl-mode": module.params["dynamic_mapping_ssl_mode"], "ssl-pfs": module.params["dynamic_mapping_ssl_pfs"], "ssl-send-empty-frags": module.params["dynamic_mapping_ssl_send_empty_frags"], "ssl-server-algorithm": module.params["dynamic_mapping_ssl_server_algorithm"], "ssl-server-max-version": module.params["dynamic_mapping_ssl_server_max_version"], "ssl-server-min-version": module.params["dynamic_mapping_ssl_server_min_version"], "ssl-server-session-state-max": module.params["dynamic_mapping_ssl_server_session_state_max"], "ssl-server-session-state-timeout": module.params["dynamic_mapping_ssl_server_session_state_timeout"], "ssl-server-session-state-type": module.params["dynamic_mapping_ssl_server_session_state_type"], "type": module.params["dynamic_mapping_type"], "weblogic-server": module.params["dynamic_mapping_weblogic_server"], "websphere-server": module.params["dynamic_mapping_websphere_server"], "realservers": { "client-ip": module.params["dynamic_mapping_realservers_client_ip"], "healthcheck": module.params["dynamic_mapping_realservers_healthcheck"], "holddown-interval": module.params["dynamic_mapping_realservers_holddown_interval"], "http-host": module.params["dynamic_mapping_realservers_http_host"], "ip": module.params["dynamic_mapping_realservers_ip"], "max-connections": module.params["dynamic_mapping_realservers_max_connections"], "monitor": module.params["dynamic_mapping_realservers_monitor"], "port": module.params["dynamic_mapping_realservers_port"], "seq": module.params["dynamic_mapping_realservers_seq"], "status": module.params["dynamic_mapping_realservers_status"], "weight": module.params["dynamic_mapping_realservers_weight"], }, "ssl-cipher-suites": { "cipher": module.params["dynamic_mapping_ssl_cipher_suites_cipher"], "versions": module.params["dynamic_mapping_ssl_cipher_suites_versions"], }, }, "realservers": { "client-ip": module.params["realservers_client_ip"], "healthcheck": module.params["realservers_healthcheck"], "holddown-interval": module.params["realservers_holddown_interval"], "http-host": module.params["realservers_http_host"], "ip": module.params["realservers_ip"], "max-connections": module.params["realservers_max_connections"], "monitor": module.params["realservers_monitor"], "port": module.params["realservers_port"], "seq": module.params["realservers_seq"], "status": module.params["realservers_status"], "weight": module.params["realservers_weight"], }, "ssl-cipher-suites": { "cipher": module.params["ssl_cipher_suites_cipher"], "versions": module.params["ssl_cipher_suites_versions"], }, "ssl-server-cipher-suites": { "cipher": module.params["ssl_server_cipher_suites_cipher"], "priority": module.params["ssl_server_cipher_suites_priority"], "versions": module.params["ssl_server_cipher_suites_versions"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites'] paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_firewall_vip_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
Module Source Code¶
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'status': ['preview'],
'supported_by': 'community',
'metadata_version': '1.1'}
DOCUMENTATION = '''
---
module: fmgr_fwobj_vip
version_added: "2.8"
notes:
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
author:
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
short_description: Manages Virtual IPs objects in FortiManager
description:
- Manages Virtual IP objects in FortiManager for IPv4
options:
adom:
description:
- The ADOM the configuration should belong to.
required: false
default: root
mode:
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
choices: ['add', 'set', 'delete', 'update']
required: false
default: add
websphere_server:
description:
- Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
- choice | disable | Do not add HTTP header indicating SSL offload for WebSphere server.
- choice | enable | Add HTTP header indicating SSL offload for WebSphere server.
required: false
choices: ["disable", "enable"]
weblogic_server:
description:
- Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
- choice | disable | Do not add HTTP header indicating SSL offload for WebLogic server.
- choice | enable | Add HTTP header indicating SSL offload for WebLogic server.
required: false
choices: ["disable", "enable"]
type:
description:
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- choice | static-nat | Static NAT.
- choice | load-balance | Load balance.
- choice | server-load-balance | Server load balance.
- choice | dns-translation | DNS translation.
- choice | fqdn | FQDN Translation
required: false
choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]
ssl_server_session_state_type:
description:
- How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate.
- choice | disable | Do not keep session states.
- choice | time | Expire session states after this many minutes.
- choice | count | Expire session states when this maximum is reached.
- choice | both | Expire session states based on time or count, whichever occurs first.
required: false
choices: ["disable", "time", "count", "both"]
ssl_server_session_state_timeout:
description:
- Number of minutes to keep FortiGate to Server SSL session state.
required: false
ssl_server_session_state_max:
description:
- Maximum number of FortiGate to Server SSL session states to keep.
required: false
ssl_server_min_version:
description:
- Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
- choice | client | Use same value as client configuration.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
ssl_server_max_version:
description:
- Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
- choice | client | Use same value as client configuration.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
ssl_server_algorithm:
description:
- Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength
- choice | high | High encryption. Allow only AES and ChaCha.
- choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
- choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
- choice | custom | Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.
- choice | client | Use the same encryption algorithms for both client and server sessions.
required: false
choices: ["high", "low", "medium", "custom", "client"]
ssl_send_empty_frags:
description:
- Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only).
- choice | disable | Do not send empty fragments.
- choice | enable | Send empty fragments.
required: false
choices: ["disable", "enable"]
ssl_pfs:
description:
- Select the cipher suites that can be used for SSL perfect forward secrecy (PFS).
- choice | require | Allow only Diffie-Hellman cipher-suites, so PFS is applied.
- choice | deny | Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied.
- choice | allow | Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite
required: false
choices: ["require", "deny", "allow"]
ssl_mode:
description:
- Apply SSL offloading mode
- choice | half | Client to FortiGate SSL.
- choice | full | Client to FortiGate and FortiGate to Server SSL.
required: false
choices: ["half", "full"]
ssl_min_version:
description:
- Lowest SSL/TLS version acceptable from a client.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
ssl_max_version:
description:
- Highest SSL/TLS version acceptable from a client.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
ssl_http_match_host:
description:
- Enable/disable HTTP host matching for location conversion.
- choice | disable | Do not match HTTP host.
- choice | enable | Match HTTP host in response header.
required: false
choices: ["disable", "enable"]
ssl_http_location_conversion:
description:
- Enable to replace HTTP with HTTPS in the reply's Location HTTP header field.
- choice | disable | Disable HTTP location conversion.
- choice | enable | Enable HTTP location conversion.
required: false
choices: ["disable", "enable"]
ssl_hsts_include_subdomains:
description:
- Indicate that HSTS header applies to all subdomains.
- choice | disable | HSTS header does not apply to subdomains.
- choice | enable | HSTS header applies to subdomains.
required: false
choices: ["disable", "enable"]
ssl_hsts_age:
description:
- Number of seconds the client should honour the HSTS setting.
required: false
ssl_hsts:
description:
- Enable/disable including HSTS header in response.
- choice | disable | Do not add a HSTS header to each a HTTP response.
- choice | enable | Add a HSTS header to each HTTP response.
required: false
choices: ["disable", "enable"]
ssl_hpkp_report_uri:
description:
- URL to report HPKP violations to.
required: false
ssl_hpkp_primary:
description:
- Certificate to generate primary HPKP pin from.
required: false
ssl_hpkp_include_subdomains:
description:
- Indicate that HPKP header applies to all subdomains.
- choice | disable | HPKP header does not apply to subdomains.
- choice | enable | HPKP header applies to subdomains.
required: false
choices: ["disable", "enable"]
ssl_hpkp_backup:
description:
- Certificate to generate backup HPKP pin from.
required: false
ssl_hpkp_age:
description:
- Number of seconds the client should honour the HPKP setting.
required: false
ssl_hpkp:
description:
- Enable/disable including HPKP header in response.
- choice | disable | Do not add a HPKP header to each HTTP response.
- choice | enable | Add a HPKP header to each a HTTP response.
- choice | report-only | Add a HPKP Report-Only header to each HTTP response.
required: false
choices: ["disable", "enable", "report-only"]
ssl_dh_bits:
description:
- Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions.
- choice | 768 | 768-bit Diffie-Hellman prime.
- choice | 1024 | 1024-bit Diffie-Hellman prime.
- choice | 1536 | 1536-bit Diffie-Hellman prime.
- choice | 2048 | 2048-bit Diffie-Hellman prime.
- choice | 3072 | 3072-bit Diffie-Hellman prime.
- choice | 4096 | 4096-bit Diffie-Hellman prime.
required: false
choices: ["768", "1024", "1536", "2048", "3072", "4096"]
ssl_client_session_state_type:
description:
- How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate.
- choice | disable | Do not keep session states.
- choice | time | Expire session states after this many minutes.
- choice | count | Expire session states when this maximum is reached.
- choice | both | Expire session states based on time or count, whichever occurs first.
required: false
choices: ["disable", "time", "count", "both"]
ssl_client_session_state_timeout:
description:
- Number of minutes to keep client to FortiGate SSL session state.
required: false
ssl_client_session_state_max:
description:
- Maximum number of client to FortiGate SSL session states to keep.
required: false
ssl_client_renegotiation:
description:
- Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746.
- choice | deny | Abort any client initiated SSL re-negotiation attempt.
- choice | allow | Allow a SSL client to renegotiate.
- choice | secure | Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746.
required: false
choices: ["deny", "allow", "secure"]
ssl_client_fallback:
description:
- Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507).
- choice | disable | Disable.
- choice | enable | Enable.
required: false
choices: ["disable", "enable"]
ssl_certificate:
description:
- The name of the SSL certificate to use for SSL acceleration.
required: false
ssl_algorithm:
description:
- Permitted encryption algorithms for SSL sessions according to encryption strength.
- choice | high | High encryption. Allow only AES and ChaCha.
- choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
- choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
- choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
required: false
choices: ["high", "medium", "low", "custom"]
srcintf_filter:
description:
- Interfaces to which the VIP applies. Separate the names with spaces.
required: false
src_filter:
description:
- Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y).
- Separate addresses with spaces.
required: false
service:
description:
- Service name.
required: false
server_type:
description:
- Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
- choice | http | HTTP
- choice | https | HTTPS
- choice | ssl | SSL
- choice | tcp | TCP
- choice | udp | UDP
- choice | ip | IP
- choice | imaps | IMAPS
- choice | pop3s | POP3S
- choice | smtps | SMTPS
required: false
choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]
protocol:
description:
- Protocol to use when forwarding packets.
- choice | tcp | TCP.
- choice | udp | UDP.
- choice | sctp | SCTP.
- choice | icmp | ICMP.
required: false
choices: ["tcp", "udp", "sctp", "icmp"]
portmapping_type:
description:
- Port mapping type.
- choice | 1-to-1 | One to one.
- choice | m-to-n | Many to many.
required: false
choices: ["1-to-1", "m-to-n"]
portforward:
description:
- Enable/disable port forwarding.
- choice | disable | Disable port forward.
- choice | enable | Enable port forward.
required: false
choices: ["disable", "enable"]
persistence:
description:
- Configure how to make sure that clients connect to the same server every time they make a request that is part
- of the same session.
- choice | none | None.
- choice | http-cookie | HTTP cookie.
- choice | ssl-session-id | SSL session ID.
required: false
choices: ["none", "http-cookie", "ssl-session-id"]
outlook_web_access:
description:
- Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
- choice | disable | Disable Outlook Web Access support.
- choice | enable | Enable Outlook Web Access support.
required: false
choices: ["disable", "enable"]
nat_source_vip:
description:
- Enable to prevent unintended servers from using a virtual IP.
- Disable to use the actual IP address of the server as the source address.
- choice | disable | Do not force to NAT as VIP.
- choice | enable | Force to NAT as VIP.
required: false
choices: ["disable", "enable"]
name:
description:
- Virtual IP name.
required: false
monitor:
description:
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
required: false
max_embryonic_connections:
description:
- Maximum number of incomplete connections.
required: false
mappedport:
description:
- Port number range on the destination network to which the external port number range is mapped.
required: false
mappedip:
description:
- IP address or address range on the destination network to which the external IP address is mapped.
required: false
mapped_addr:
description:
- Mapped FQDN address name.
required: false
ldb_method:
description:
- Method used to distribute sessions to real servers.
- choice | static | Distribute to server based on source IP.
- choice | round-robin | Distribute to server based round robin order.
- choice | weighted | Distribute to server based on weight.
- choice | least-session | Distribute to server with lowest session count.
- choice | least-rtt | Distribute to server with lowest Round-Trip-Time.
- choice | first-alive | Distribute to the first server that is alive.
- choice | http-host | Distribute to server based on host field in HTTP header.
required: false
choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]
https_cookie_secure:
description:
- Enable/disable verification that inserted HTTPS cookies are secure.
- choice | disable | Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection.
- choice | enable | Mark inserted cookie as secure, cookie can only be used for HTTPS a connection.
required: false
choices: ["disable", "enable"]
http_multiplex:
description:
- Enable/disable HTTP multiplexing.
- choice | disable | Disable HTTP session multiplexing.
- choice | enable | Enable HTTP session multiplexing.
required: false
choices: ["disable", "enable"]
http_ip_header_name:
description:
- For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header.
- If empty, X-Forwarded-For is used.
required: false
http_ip_header:
description:
- For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
- choice | disable | Disable adding HTTP header.
- choice | enable | Enable adding HTTP header.
required: false
choices: ["disable", "enable"]
http_cookie_share:
description:
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used
- by another. Disable stops cookie sharing.
- choice | disable | Only allow HTTP cookie to match this virtual server.
- choice | same-ip | Allow HTTP cookie to match any virtual server with same IP.
required: false
choices: ["disable", "same-ip"]
http_cookie_path:
description:
- Limit HTTP cookie persistence to the specified path.
required: false
http_cookie_generation:
description:
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
required: false
http_cookie_domain_from_host:
description:
- Enable/disable use of HTTP cookie domain from host field in HTTP.
- choice | disable | Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting).
- choice | enable | Enable use of HTTP cookie domain from host field in HTTP.
required: false
choices: ["disable", "enable"]
http_cookie_domain:
description:
- Domain that HTTP cookie persistence should apply to.
required: false
http_cookie_age:
description:
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
required: false
gratuitous_arp_interval:
description:
- Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
required: false
extport:
description:
- Incoming port number range that you want to map to a port number range on the destination network.
required: false
extip:
description:
- IP address or address range on the external interface that you want to map to an address or address range on t
- he destination network.
required: false
extintf:
description:
- Interface connected to the source network that receives the packets that will be forwarded to the destination
- network.
required: false
extaddr:
description:
- External FQDN address name.
required: false
dns_mapping_ttl:
description:
- DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
required: false
comment:
description:
- Comment.
required: false
color:
description:
- Color of icon on the GUI.
required: false
arp_reply:
description:
- Enable to respond to ARP requests for this virtual IP address. Enabled by default.
- choice | disable | Disable ARP reply.
- choice | enable | Enable ARP reply.
required: false
choices: ["disable", "enable"]
dynamic_mapping:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
dynamic_mapping_arp_reply:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_color:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_comment:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_dns_mapping_ttl:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extaddr:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extintf:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extport:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_gratuitous_arp_interval:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_age:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_domain:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_domain_from_host:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_http_cookie_generation:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_path:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_share:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | same-ip |
required: false
choices: ["disable", "same-ip"]
dynamic_mapping_http_ip_header:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_http_ip_header_name:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_multiplex:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_https_cookie_secure:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ldb_method:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | static |
- choice | round-robin |
- choice | weighted |
- choice | least-session |
- choice | least-rtt |
- choice | first-alive |
- choice | http-host |
required: false
choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]
dynamic_mapping_mapped_addr:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_mappedip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_mappedport:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_max_embryonic_connections:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_monitor:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_nat_source_vip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_outlook_web_access:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_persistence:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | none |
- choice | http-cookie |
- choice | ssl-session-id |
required: false
choices: ["none", "http-cookie", "ssl-session-id"]
dynamic_mapping_portforward:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_portmapping_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | 1-to-1 |
- choice | m-to-n |
required: false
choices: ["1-to-1", "m-to-n"]
dynamic_mapping_protocol:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | tcp |
- choice | udp |
- choice | sctp |
- choice | icmp |
required: false
choices: ["tcp", "udp", "sctp", "icmp"]
dynamic_mapping_server_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | http |
- choice | https |
- choice | ssl |
- choice | tcp |
- choice | udp |
- choice | ip |
- choice | imaps |
- choice | pop3s |
- choice | smtps |
required: false
choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]
dynamic_mapping_service:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_src_filter:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_srcintf_filter:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_algorithm:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | high |
- choice | medium |
- choice | low |
- choice | custom |
required: false
choices: ["high", "medium", "low", "custom"]
dynamic_mapping_ssl_certificate:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_client_fallback:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_client_renegotiation:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | deny |
- choice | allow |
- choice | secure |
required: false
choices: ["deny", "allow", "secure"]
dynamic_mapping_ssl_client_session_state_max:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_client_session_state_timeout:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_client_session_state_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | time |
- choice | count |
- choice | both |
required: false
choices: ["disable", "time", "count", "both"]
dynamic_mapping_ssl_dh_bits:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | 768 |
- choice | 1024 |
- choice | 1536 |
- choice | 2048 |
- choice | 3072 |
- choice | 4096 |
required: false
choices: ["768", "1024", "1536", "2048", "3072", "4096"]
dynamic_mapping_ssl_hpkp:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
- choice | report-only |
required: false
choices: ["disable", "enable", "report-only"]
dynamic_mapping_ssl_hpkp_age:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hpkp_backup:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hpkp_include_subdomains:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_hpkp_primary:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hpkp_report_uri:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hsts:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_hsts_age:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hsts_include_subdomains:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_http_location_conversion:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_http_match_host:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_max_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
dynamic_mapping_ssl_min_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
dynamic_mapping_ssl_mode:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | half |
- choice | full |
required: false
choices: ["half", "full"]
dynamic_mapping_ssl_pfs:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | require |
- choice | deny |
- choice | allow |
required: false
choices: ["require", "deny", "allow"]
dynamic_mapping_ssl_send_empty_frags:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_server_algorithm:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | high |
- choice | low |
- choice | medium |
- choice | custom |
- choice | client |
required: false
choices: ["high", "low", "medium", "custom", "client"]
dynamic_mapping_ssl_server_max_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
- choice | client |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
dynamic_mapping_ssl_server_min_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
- choice | client |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
dynamic_mapping_ssl_server_session_state_max:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_server_session_state_timeout:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_server_session_state_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | time |
- choice | count |
- choice | both |
required: false
choices: ["disable", "time", "count", "both"]
dynamic_mapping_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | static-nat |
- choice | load-balance |
- choice | server-load-balance |
- choice | dns-translation |
- choice | fqdn |
required: false
choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]
dynamic_mapping_weblogic_server:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_websphere_server:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_realservers_client_ip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_healthcheck:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
- choice | vip |
required: false
choices: ["disable", "enable", "vip"]
dynamic_mapping_realservers_holddown_interval:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_http_host:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_ip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_max_connections:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_monitor:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_port:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_seq:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_status:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | active |
- choice | standby |
- choice | disable |
required: false
choices: ["active", "standby", "disable"]
dynamic_mapping_realservers_weight:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_cipher_suites_cipher:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | TLS-RSA-WITH-RC4-128-MD5 |
- choice | TLS-RSA-WITH-RC4-128-SHA |
- choice | TLS-RSA-WITH-DES-CBC-SHA |
- choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-RSA-WITH-AES-128-CBC-SHA |
- choice | TLS-RSA-WITH-AES-256-CBC-SHA |
- choice | TLS-RSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-RSA-WITH-AES-256-CBC-SHA256 |
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
- choice | TLS-RSA-WITH-SEED-CBC-SHA |
- choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-DHE-RSA-WITH-DES-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
- choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
- choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 |
- choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
- choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-RSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-RSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-DES-CBC-SHA |
required: false
choices: ["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]
dynamic_mapping_ssl_cipher_suites_versions:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- FLAG Based Options. Specify multiple in list form.
- flag | ssl-3.0 |
- flag | tls-1.0 |
- flag | tls-1.1 |
- flag | tls-1.2 |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
realservers:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
realservers_client_ip:
description:
- Only clients in this IP range can connect to this real server.
required: false
realservers_healthcheck:
description:
- Enable to check the responsiveness of the real server before forwarding traffic.
- choice | disable | Disable per server health check.
- choice | enable | Enable per server health check.
- choice | vip | Use health check defined in VIP.
required: false
choices: ["disable", "enable", "vip"]
realservers_holddown_interval:
description:
- Time in seconds that the health check monitor monitors an unresponsive server that should be active.
required: false
realservers_http_host:
description:
- HTTP server domain name in HTTP header.
required: false
realservers_ip:
description:
- IP address of the real server.
required: false
realservers_max_connections:
description:
- Max number of active connections that can be directed to the real server. When reached, sessions are sent to
- their real servers.
required: false
realservers_monitor:
description:
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
required: false
realservers_port:
description:
- Port for communicating with the real server. Required if port forwarding is enabled.
required: false
realservers_seq:
description:
- Real Server Sequence Number
required: false
realservers_status:
description:
- Set the status of the real server to active so that it can accept traffic.
- Or on standby or disabled so no traffic is sent.
- choice | active | Server status active.
- choice | standby | Server status standby.
- choice | disable | Server status disable.
required: false
choices: ["active", "standby", "disable"]
realservers_weight:
description:
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more
- connections.
required: false
ssl_cipher_suites:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
ssl_cipher_suites_cipher:
description:
- Cipher suite name.
- choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
- choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
- choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
- choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
- choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
- choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
required: false
choices: ["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]
ssl_cipher_suites_versions:
description:
- SSL/TLS versions that the cipher suite can be used with.
- FLAG Based Options. Specify multiple in list form.
- flag | ssl-3.0 | SSL 3.0.
- flag | tls-1.0 | TLS 1.0.
- flag | tls-1.1 | TLS 1.1.
- flag | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
ssl_server_cipher_suites:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
ssl_server_cipher_suites_cipher:
description:
- Cipher suite name.
- choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
- choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
- choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
- choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
- choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
- choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
required: false
choices: ["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]
ssl_server_cipher_suites_priority:
description:
- SSL/TLS cipher suites priority.
required: false
ssl_server_cipher_suites_versions:
description:
- SSL/TLS versions that the cipher suite can be used with.
- FLAG Based Options. Specify multiple in list form.
- flag | ssl-3.0 | SSL 3.0.
- flag | tls-1.0 | TLS 1.0.
- flag | tls-1.1 | TLS 1.1.
- flag | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
'''
EXAMPLES = '''
# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
fmgr_fwobj_vip:
name: "Basic StaticNAT Map"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extintf: "any"
mappedip: "10.7.220.25"
comment: "Created by Ansible"
color: "17"
# BASIC PORT PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extport: "10443"
extintf: "any"
portforward: "enable"
protocol: "tcp"
mappedip: "10.7.220.25"
mappedport: "443"
comment: "Created by Ansible"
color: "17"
# BASIC DNS TRANSLATION NAT
- name: EDIT FMGR_FIREWALL_DNST
fmgr_fwobj_vip:
name: "Basic DNS Translation"
mode: "set"
adom: "ansible"
type: "dns-translation"
extip: "192.168.0.1-192.168.0.100"
extintf: "dmz"
mappedip: "3.3.3.0/24, 4.0.0.0/24"
comment: "Created by Ansible"
color: "12"
# BASIC FQDN NAT
- name: EDIT FMGR_FIREWALL_FQDN
fmgr_fwobj_vip:
name: "Basic FQDN Translation"
mode: "set"
adom: "ansible"
type: "fqdn"
mapped_addr: "google-play"
comment: "Created by Ansible"
color: "5"
# DELETE AN ENTRY
- name: DELETE FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "delete"
adom: "ansible"
'''
RETURN = """
api_result:
description: full API response, includes status code and message
returned: always
type: str
"""
from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
from ansible.module_utils.network.fortimanager.common import FMGBaseException
from ansible.module_utils.network.fortimanager.common import FMGRCommon
from ansible.module_utils.network.fortimanager.common import FMGRMethods
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
from ansible.module_utils.network.fortimanager.common import prepare_dict
from ansible.module_utils.network.fortimanager.common import scrub_dict
def fmgr_firewall_vip_modify(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"]
adom = paramgram["adom"]
# INIT A BASIC OBJECTS
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom)
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
# SET THE CORRECT URL FOR DELETE
url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"])
datagram = {}
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
#############
# END METHODS
#############
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]),
type=dict(required=False, type="str",
choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]),
ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]),
ssl_server_session_state_timeout=dict(required=False, type="int"),
ssl_server_session_state_max=dict(required=False, type="int"),
ssl_server_min_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
ssl_server_max_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]),
ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
ssl_mode=dict(required=False, type="str", choices=["half", "full"]),
ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hsts_age=dict(required=False, type="int"),
ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hpkp_report_uri=dict(required=False, type="str"),
ssl_hpkp_primary=dict(required=False, type="str"),
ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hpkp_backup=dict(required=False, type="str"),
ssl_hpkp_age=dict(required=False, type="int"),
ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]),
ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]),
ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]),
ssl_client_session_state_timeout=dict(required=False, type="int"),
ssl_client_session_state_max=dict(required=False, type="int"),
ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]),
ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_certificate=dict(required=False, type="str"),
ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]),
srcintf_filter=dict(required=False, type="str"),
src_filter=dict(required=False, type="str"),
service=dict(required=False, type="str"),
server_type=dict(required=False, type="str",
choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]),
protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]),
portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]),
portforward=dict(required=False, type="str", choices=["disable", "enable"]),
persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]),
outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]),
nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]),
name=dict(required=False, type="str"),
monitor=dict(required=False, type="str"),
max_embryonic_connections=dict(required=False, type="int"),
mappedport=dict(required=False, type="str"),
mappedip=dict(required=False, type="str"),
mapped_addr=dict(required=False, type="str"),
ldb_method=dict(required=False, type="str",
choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive",
"http-host"]),
https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]),
http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]),
http_ip_header_name=dict(required=False, type="str"),
http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]),
http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]),
http_cookie_path=dict(required=False, type="str"),
http_cookie_generation=dict(required=False, type="int"),
http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]),
http_cookie_domain=dict(required=False, type="str"),
http_cookie_age=dict(required=False, type="int"),
gratuitous_arp_interval=dict(required=False, type="int"),
extport=dict(required=False, type="str"),
extip=dict(required=False, type="str"),
extintf=dict(required=False, type="str"),
extaddr=dict(required=False, type="str"),
dns_mapping_ttl=dict(required=False, type="int"),
comment=dict(required=False, type="str"),
color=dict(required=False, type="int"),
arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping=dict(required=False, type="list"),
dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_color=dict(required=False, type="int"),
dynamic_mapping_comment=dict(required=False, type="str"),
dynamic_mapping_dns_mapping_ttl=dict(required=False, type="int"),
dynamic_mapping_extaddr=dict(required=False, type="str"),
dynamic_mapping_extintf=dict(required=False, type="str"),
dynamic_mapping_extip=dict(required=False, type="str"),
dynamic_mapping_extport=dict(required=False, type="str"),
dynamic_mapping_gratuitous_arp_interval=dict(required=False, type="int"),
dynamic_mapping_http_cookie_age=dict(required=False, type="int"),
dynamic_mapping_http_cookie_domain=dict(required=False, type="str"),
dynamic_mapping_http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_http_cookie_generation=dict(required=False, type="int"),
dynamic_mapping_http_cookie_path=dict(required=False, type="str"),
dynamic_mapping_http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]),
dynamic_mapping_http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_http_ip_header_name=dict(required=False, type="str"),
dynamic_mapping_http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ldb_method=dict(required=False, type="str", choices=["static",
"round-robin",
"weighted",
"least-session",
"least-rtt",
"first-alive",
"http-host"]),
dynamic_mapping_mapped_addr=dict(required=False, type="str"),
dynamic_mapping_mappedip=dict(required=False, type="str"),
dynamic_mapping_mappedport=dict(required=False, type="str"),
dynamic_mapping_max_embryonic_connections=dict(required=False, type="int"),
dynamic_mapping_monitor=dict(required=False, type="str"),
dynamic_mapping_nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]),
dynamic_mapping_portforward=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]),
dynamic_mapping_protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]),
dynamic_mapping_server_type=dict(required=False, type="str",
choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s",
"smtps"]),
dynamic_mapping_service=dict(required=False, type="str"),
dynamic_mapping_src_filter=dict(required=False, type="str"),
dynamic_mapping_srcintf_filter=dict(required=False, type="str"),
dynamic_mapping_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]),
dynamic_mapping_ssl_certificate=dict(required=False, type="str"),
dynamic_mapping_ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]),
dynamic_mapping_ssl_client_session_state_max=dict(required=False, type="int"),
dynamic_mapping_ssl_client_session_state_timeout=dict(required=False, type="int"),
dynamic_mapping_ssl_client_session_state_type=dict(required=False, type="str",
choices=["disable", "time", "count", "both"]),
dynamic_mapping_ssl_dh_bits=dict(required=False, type="str",
choices=["768", "1024", "1536", "2048", "3072", "4096"]),
dynamic_mapping_ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]),
dynamic_mapping_ssl_hpkp_age=dict(required=False, type="int"),
dynamic_mapping_ssl_hpkp_backup=dict(required=False, type="str"),
dynamic_mapping_ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_hpkp_primary=dict(required=False, type="str"),
dynamic_mapping_ssl_hpkp_report_uri=dict(required=False, type="str"),
dynamic_mapping_ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_hsts_age=dict(required=False, type="int"),
dynamic_mapping_ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_max_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
dynamic_mapping_ssl_min_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
dynamic_mapping_ssl_mode=dict(required=False, type="str", choices=["half", "full"]),
dynamic_mapping_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
dynamic_mapping_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_server_algorithm=dict(required=False, type="str",
choices=["high", "low", "medium", "custom", "client"]),
dynamic_mapping_ssl_server_max_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
dynamic_mapping_ssl_server_min_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
dynamic_mapping_ssl_server_session_state_max=dict(required=False, type="int"),
dynamic_mapping_ssl_server_session_state_timeout=dict(required=False, type="int"),
dynamic_mapping_ssl_server_session_state_type=dict(required=False, type="str",
choices=["disable", "time", "count", "both"]),
dynamic_mapping_type=dict(required=False, type="str",
choices=["static-nat", "load-balance", "server-load-balance", "dns-translation",
"fqdn"]),
dynamic_mapping_weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_realservers_client_ip=dict(required=False, type="str"),
dynamic_mapping_realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]),
dynamic_mapping_realservers_holddown_interval=dict(required=False, type="int"),
dynamic_mapping_realservers_http_host=dict(required=False, type="str"),
dynamic_mapping_realservers_ip=dict(required=False, type="str"),
dynamic_mapping_realservers_max_connections=dict(required=False, type="int"),
dynamic_mapping_realservers_monitor=dict(required=False, type="str"),
dynamic_mapping_realservers_port=dict(required=False, type="int"),
dynamic_mapping_realservers_seq=dict(required=False, type="str"),
dynamic_mapping_realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]),
dynamic_mapping_realservers_weight=dict(required=False, type="int"),
dynamic_mapping_ssl_cipher_suites_cipher=dict(required=False,
type="str",
choices=["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
dynamic_mapping_ssl_cipher_suites_versions=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
realservers=dict(required=False, type="list"),
realservers_client_ip=dict(required=False, type="str"),
realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]),
realservers_holddown_interval=dict(required=False, type="int"),
realservers_http_host=dict(required=False, type="str"),
realservers_ip=dict(required=False, type="str"),
realservers_max_connections=dict(required=False, type="int"),
realservers_monitor=dict(required=False, type="str"),
realservers_port=dict(required=False, type="int"),
realservers_seq=dict(required=False, type="str"),
realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]),
realservers_weight=dict(required=False, type="int"),
ssl_cipher_suites=dict(required=False, type="list"),
ssl_cipher_suites_cipher=dict(required=False,
type="str",
choices=["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
ssl_cipher_suites_versions=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
ssl_server_cipher_suites=dict(required=False, type="list"),
ssl_server_cipher_suites_cipher=dict(required=False,
type="str",
choices=["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
ssl_server_cipher_suites_priority=dict(required=False, type="str"),
ssl_server_cipher_suites_versions=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"websphere-server": module.params["websphere_server"],
"weblogic-server": module.params["weblogic_server"],
"type": module.params["type"],
"ssl-server-session-state-type": module.params["ssl_server_session_state_type"],
"ssl-server-session-state-timeout": module.params["ssl_server_session_state_timeout"],
"ssl-server-session-state-max": module.params["ssl_server_session_state_max"],
"ssl-server-min-version": module.params["ssl_server_min_version"],
"ssl-server-max-version": module.params["ssl_server_max_version"],
"ssl-server-algorithm": module.params["ssl_server_algorithm"],
"ssl-send-empty-frags": module.params["ssl_send_empty_frags"],
"ssl-pfs": module.params["ssl_pfs"],
"ssl-mode": module.params["ssl_mode"],
"ssl-min-version": module.params["ssl_min_version"],
"ssl-max-version": module.params["ssl_max_version"],
"ssl-http-match-host": module.params["ssl_http_match_host"],
"ssl-http-location-conversion": module.params["ssl_http_location_conversion"],
"ssl-hsts-include-subdomains": module.params["ssl_hsts_include_subdomains"],
"ssl-hsts-age": module.params["ssl_hsts_age"],
"ssl-hsts": module.params["ssl_hsts"],
"ssl-hpkp-report-uri": module.params["ssl_hpkp_report_uri"],
"ssl-hpkp-primary": module.params["ssl_hpkp_primary"],
"ssl-hpkp-include-subdomains": module.params["ssl_hpkp_include_subdomains"],
"ssl-hpkp-backup": module.params["ssl_hpkp_backup"],
"ssl-hpkp-age": module.params["ssl_hpkp_age"],
"ssl-hpkp": module.params["ssl_hpkp"],
"ssl-dh-bits": module.params["ssl_dh_bits"],
"ssl-client-session-state-type": module.params["ssl_client_session_state_type"],
"ssl-client-session-state-timeout": module.params["ssl_client_session_state_timeout"],
"ssl-client-session-state-max": module.params["ssl_client_session_state_max"],
"ssl-client-renegotiation": module.params["ssl_client_renegotiation"],
"ssl-client-fallback": module.params["ssl_client_fallback"],
"ssl-certificate": module.params["ssl_certificate"],
"ssl-algorithm": module.params["ssl_algorithm"],
"srcintf-filter": module.params["srcintf_filter"],
"src-filter": module.params["src_filter"],
"service": module.params["service"],
"server-type": module.params["server_type"],
"protocol": module.params["protocol"],
"portmapping-type": module.params["portmapping_type"],
"portforward": module.params["portforward"],
"persistence": module.params["persistence"],
"outlook-web-access": module.params["outlook_web_access"],
"nat-source-vip": module.params["nat_source_vip"],
"name": module.params["name"],
"monitor": module.params["monitor"],
"max-embryonic-connections": module.params["max_embryonic_connections"],
"mappedport": module.params["mappedport"],
"mappedip": module.params["mappedip"],
"mapped-addr": module.params["mapped_addr"],
"ldb-method": module.params["ldb_method"],
"https-cookie-secure": module.params["https_cookie_secure"],
"http-multiplex": module.params["http_multiplex"],
"http-ip-header-name": module.params["http_ip_header_name"],
"http-ip-header": module.params["http_ip_header"],
"http-cookie-share": module.params["http_cookie_share"],
"http-cookie-path": module.params["http_cookie_path"],
"http-cookie-generation": module.params["http_cookie_generation"],
"http-cookie-domain-from-host": module.params["http_cookie_domain_from_host"],
"http-cookie-domain": module.params["http_cookie_domain"],
"http-cookie-age": module.params["http_cookie_age"],
"gratuitous-arp-interval": module.params["gratuitous_arp_interval"],
"extport": module.params["extport"],
"extip": module.params["extip"],
"extintf": module.params["extintf"],
"extaddr": module.params["extaddr"],
"dns-mapping-ttl": module.params["dns_mapping_ttl"],
"comment": module.params["comment"],
"color": module.params["color"],
"arp-reply": module.params["arp_reply"],
"dynamic_mapping": {
"arp-reply": module.params["dynamic_mapping_arp_reply"],
"color": module.params["dynamic_mapping_color"],
"comment": module.params["dynamic_mapping_comment"],
"dns-mapping-ttl": module.params["dynamic_mapping_dns_mapping_ttl"],
"extaddr": module.params["dynamic_mapping_extaddr"],
"extintf": module.params["dynamic_mapping_extintf"],
"extip": module.params["dynamic_mapping_extip"],
"extport": module.params["dynamic_mapping_extport"],
"gratuitous-arp-interval": module.params["dynamic_mapping_gratuitous_arp_interval"],
"http-cookie-age": module.params["dynamic_mapping_http_cookie_age"],
"http-cookie-domain": module.params["dynamic_mapping_http_cookie_domain"],
"http-cookie-domain-from-host": module.params["dynamic_mapping_http_cookie_domain_from_host"],
"http-cookie-generation": module.params["dynamic_mapping_http_cookie_generation"],
"http-cookie-path": module.params["dynamic_mapping_http_cookie_path"],
"http-cookie-share": module.params["dynamic_mapping_http_cookie_share"],
"http-ip-header": module.params["dynamic_mapping_http_ip_header"],
"http-ip-header-name": module.params["dynamic_mapping_http_ip_header_name"],
"http-multiplex": module.params["dynamic_mapping_http_multiplex"],
"https-cookie-secure": module.params["dynamic_mapping_https_cookie_secure"],
"ldb-method": module.params["dynamic_mapping_ldb_method"],
"mapped-addr": module.params["dynamic_mapping_mapped_addr"],
"mappedip": module.params["dynamic_mapping_mappedip"],
"mappedport": module.params["dynamic_mapping_mappedport"],
"max-embryonic-connections": module.params["dynamic_mapping_max_embryonic_connections"],
"monitor": module.params["dynamic_mapping_monitor"],
"nat-source-vip": module.params["dynamic_mapping_nat_source_vip"],
"outlook-web-access": module.params["dynamic_mapping_outlook_web_access"],
"persistence": module.params["dynamic_mapping_persistence"],
"portforward": module.params["dynamic_mapping_portforward"],
"portmapping-type": module.params["dynamic_mapping_portmapping_type"],
"protocol": module.params["dynamic_mapping_protocol"],
"server-type": module.params["dynamic_mapping_server_type"],
"service": module.params["dynamic_mapping_service"],
"src-filter": module.params["dynamic_mapping_src_filter"],
"srcintf-filter": module.params["dynamic_mapping_srcintf_filter"],
"ssl-algorithm": module.params["dynamic_mapping_ssl_algorithm"],
"ssl-certificate": module.params["dynamic_mapping_ssl_certificate"],
"ssl-client-fallback": module.params["dynamic_mapping_ssl_client_fallback"],
"ssl-client-renegotiation": module.params["dynamic_mapping_ssl_client_renegotiation"],
"ssl-client-session-state-max": module.params["dynamic_mapping_ssl_client_session_state_max"],
"ssl-client-session-state-timeout": module.params["dynamic_mapping_ssl_client_session_state_timeout"],
"ssl-client-session-state-type": module.params["dynamic_mapping_ssl_client_session_state_type"],
"ssl-dh-bits": module.params["dynamic_mapping_ssl_dh_bits"],
"ssl-hpkp": module.params["dynamic_mapping_ssl_hpkp"],
"ssl-hpkp-age": module.params["dynamic_mapping_ssl_hpkp_age"],
"ssl-hpkp-backup": module.params["dynamic_mapping_ssl_hpkp_backup"],
"ssl-hpkp-include-subdomains": module.params["dynamic_mapping_ssl_hpkp_include_subdomains"],
"ssl-hpkp-primary": module.params["dynamic_mapping_ssl_hpkp_primary"],
"ssl-hpkp-report-uri": module.params["dynamic_mapping_ssl_hpkp_report_uri"],
"ssl-hsts": module.params["dynamic_mapping_ssl_hsts"],
"ssl-hsts-age": module.params["dynamic_mapping_ssl_hsts_age"],
"ssl-hsts-include-subdomains": module.params["dynamic_mapping_ssl_hsts_include_subdomains"],
"ssl-http-location-conversion": module.params["dynamic_mapping_ssl_http_location_conversion"],
"ssl-http-match-host": module.params["dynamic_mapping_ssl_http_match_host"],
"ssl-max-version": module.params["dynamic_mapping_ssl_max_version"],
"ssl-min-version": module.params["dynamic_mapping_ssl_min_version"],
"ssl-mode": module.params["dynamic_mapping_ssl_mode"],
"ssl-pfs": module.params["dynamic_mapping_ssl_pfs"],
"ssl-send-empty-frags": module.params["dynamic_mapping_ssl_send_empty_frags"],
"ssl-server-algorithm": module.params["dynamic_mapping_ssl_server_algorithm"],
"ssl-server-max-version": module.params["dynamic_mapping_ssl_server_max_version"],
"ssl-server-min-version": module.params["dynamic_mapping_ssl_server_min_version"],
"ssl-server-session-state-max": module.params["dynamic_mapping_ssl_server_session_state_max"],
"ssl-server-session-state-timeout": module.params["dynamic_mapping_ssl_server_session_state_timeout"],
"ssl-server-session-state-type": module.params["dynamic_mapping_ssl_server_session_state_type"],
"type": module.params["dynamic_mapping_type"],
"weblogic-server": module.params["dynamic_mapping_weblogic_server"],
"websphere-server": module.params["dynamic_mapping_websphere_server"],
"realservers": {
"client-ip": module.params["dynamic_mapping_realservers_client_ip"],
"healthcheck": module.params["dynamic_mapping_realservers_healthcheck"],
"holddown-interval": module.params["dynamic_mapping_realservers_holddown_interval"],
"http-host": module.params["dynamic_mapping_realservers_http_host"],
"ip": module.params["dynamic_mapping_realservers_ip"],
"max-connections": module.params["dynamic_mapping_realservers_max_connections"],
"monitor": module.params["dynamic_mapping_realservers_monitor"],
"port": module.params["dynamic_mapping_realservers_port"],
"seq": module.params["dynamic_mapping_realservers_seq"],
"status": module.params["dynamic_mapping_realservers_status"],
"weight": module.params["dynamic_mapping_realservers_weight"],
},
"ssl-cipher-suites": {
"cipher": module.params["dynamic_mapping_ssl_cipher_suites_cipher"],
"versions": module.params["dynamic_mapping_ssl_cipher_suites_versions"],
},
},
"realservers": {
"client-ip": module.params["realservers_client_ip"],
"healthcheck": module.params["realservers_healthcheck"],
"holddown-interval": module.params["realservers_holddown_interval"],
"http-host": module.params["realservers_http_host"],
"ip": module.params["realservers_ip"],
"max-connections": module.params["realservers_max_connections"],
"monitor": module.params["realservers_monitor"],
"port": module.params["realservers_port"],
"seq": module.params["realservers_seq"],
"status": module.params["realservers_status"],
"weight": module.params["realservers_weight"],
},
"ssl-cipher-suites": {
"cipher": module.params["ssl_cipher_suites_cipher"],
"versions": module.params["ssl_cipher_suites_versions"],
},
"ssl-server-cipher-suites": {
"cipher": module.params["ssl_server_cipher_suites_cipher"],
"priority": module.params["ssl_server_cipher_suites_priority"],
"versions": module.params["ssl_server_cipher_suites_versions"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_vip_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
if __name__ == "__main__":
main()